[Pkg-clamav-devel] Bug#1042377: Investigation results

corubba corubba at gmx.de
Sat Sep 16 18:06:48 BST 2023 

Hello,

since v0.99.2 (more specifically commit b68375fd [0]) clamd supports using sockets it gets passed as file descriptors. If it gets passed at least one socket this way, only those are used and all LocalSocket and TCPSocket statements from the config file are ignored. Unfortunately there seems to be no mention of this behaviour anywhere in the docs, I found it only by looking at the source code.

In bullseye [1] the clamav-daemon package only contains a clamav-daemon.service unit-file, in bookworm in addition to the service unit-file it also contains a clamav-daemon.socket unit-file. According to the systemd.service man-page [3] a service process automatically gets passed the sockets from all same-named socket units. Because in bullseye there was no socket unit, clamd didn't get passed any sockets from systemd and the statements from the config file were used. In bookworm clamd always gets passed a local socket from systemd because of the socket unit, and the config statements are ignored.

The workaround/solution I found is to create a drop-in for the socket unit (see below), letting systemd open the tcp socket and pass it to clamd. In fact, the socket unit-file from upstream [4] already contains a commented-out version of this. See the respective man-page [5] for more details about the syntax and e.g. how to bind to a specific ip address. I would also recommend to removed any socket configuration from clamd.conf to avoid confusion.

/etc/systemd/system/clamav-daemon.socket.d/tcp-socket.conf
```
[Socket]
ListenStream=3310
```

Alternatively you can mask the socket unit (and remove the Requires= from the service unit), which bypasses the whole systemd-socket-business and makes clamd behave like in bullseye, opening its own sockets according to its config file.


[0] https://github.com/Cisco-Talos/clamav/commit/b68375fdbb173b7652bf3b58b5e801906f587a25
[1] https://packages.debian.org/bullseye/amd64/clamav-daemon/filelist
[2] https://packages.debian.org/bookworm/amd64/clamav-daemon/filelist
[3] https://www.freedesktop.org/software/systemd/man/systemd.service.html#Sockets=
[4] https://github.com/Cisco-Talos/clamav/blob/clamav-1.0.1/clamd/clamav-daemon.socket.in#L10
[5] https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=


---
Greetings

Corubba

More information about the Pkg-clamav-devel mailing list