Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1042377: clamav-daemon does not listen on TCP port
1,211 views
Skip to first unread message
Thomas Walter
Jul 27, 2023, 4:40:06 AM7/27/23
to
Package: clamav-daemon
Version: 1.0.1+dfsg-2
Severity: normal
Dear Maintainer,
I've been trying to get clamav-daemon to listen on a TCP port on
Bookworm.
To do so I did `dpkg-reconfigure clamav-daemon` and selected `TCP` when
asked for the `Socket type`. Everything else was kept default.
Neither `sudo systemctl daemon-reload`, `sudo systemctl restart
clamav-daemon` or a reboot helped.
`clamav.log` reports the following:
```
Thu Jul 27 09:27:50 2023 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Thu Jul 27 09:27:50 2023 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
```
This makes me think the package is missing some configuration for
systemd to be able to listen on a TCP port instead of a local socket.
Since it worked this way on Debian 11 it might also result in problems
when people do dist-upgrades?
Regards,
Balu
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket disabled
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 1.0.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023
daily.cvd: version 26981, sigs: 2039385, built on Wed Jul 26 09:29:13 2023
Total number of signatures: 8686903
Platform information
--------------------
uname: Linux 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1 (2023-07-14) x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 12 (bookworm)
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a1a108000000000c0200
Build information
-----------------
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 161, dconf: 161
--- data dir ---
total 226988
-rw-r--r-- 1 clamav clamav 291965 Jul 27 09:23 bytecode.cvd
-rw-r--r-- 1 clamav clamav 61649992 Jul 27 09:23 daily.cvd
-rw-r--r-- 1 clamav clamav 69 Jul 27 09:23 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Jul 27 09:23 main.cvd
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.134
ii clamav-base 1.0.1+dfsg-2
ii clamav-freshclam [clamav-data] 1.0.1+dfsg-2
ii debconf [debconf-2.0] 1.5.82
ii dpkg 1.21.22
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u1
ii libclamav11 1.0.1+dfsg-2
ii libcurl4 7.88.1-10+deb12u1
ii libncurses6 6.4-4
ii libsystemd0 252.12-1~deb12u1
ii libtinfo6 6.4-4
ii procps 2:4.0.2-3
ii ucf 3.0043+nmu1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 1.0.1+dfsg-2
Versions of packages clamav-daemon suggests:
ii apparmor 3.0.8-3
pn clamav-docs <none>
pn daemon <none>
pn libclamunrar <none>
-- debconf information:
* clamav-daemon/StreamMaxLength: 25
* clamav-daemon/MaxConnectionQueueLength: 15
clamav-daemon/DisableCertCheck: false
* clamav-daemon/AddGroups:
* clamav-daemon/FollowFileSymlinks: false
clamav-daemon/MaxScriptNormalize: 5M
* clamav-daemon/debconf: true
* clamav-daemon/TCPAddr: any
* clamav-daemon/LogTime: true
* clamav-daemon/MaxThreads: 12
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/ScanSWF: true
clamav-daemon/LocalSocketGroup: clamav
* clamav-daemon/SelfCheck: 3600
clamav-daemon/MaxEmbeddedPE: 10M
* clamav-daemon/User: clamav
clamav-daemon/AllowAllMatchScan: true
* clamav-daemon/MaxDirectoryRecursion: 15
* clamav-daemon/LogFile: /var/log/clamav/clamav.log
* clamav-daemon/TCPSocket: 3310
clamav-daemon/ForceToDisk: false
* clamav-daemon/ReadTimeout: 180
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/LocalSocketMode: 666
* clamav-daemon/BytecodeSecurity: TrustSigned
* clamav-daemon/LogSyslog: false
clamav-daemon/FixStaleSocket: true
* clamav-daemon/LogRotate: true
* clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/OnAccessMaxFileSize: 5M
clamav-daemon/MaxHTMLNormalize: 10M
* clamav-daemon/ScanArchive: true
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
* clamav-daemon/Bytecode: true
* clamav-daemon/TcpOrLocal: TCP
* clamav-daemon/ScanMail: true
Version: 1.0.1+dfsg-2
Severity: normal
Dear Maintainer,
I've been trying to get clamav-daemon to listen on a TCP port on
Bookworm.
To do so I did `dpkg-reconfigure clamav-daemon` and selected `TCP` when
asked for the `Socket type`. Everything else was kept default.
Neither `sudo systemctl daemon-reload`, `sudo systemctl restart
clamav-daemon` or a reboot helped.
`clamav.log` reports the following:
```
Thu Jul 27 09:27:50 2023 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Thu Jul 27 09:27:50 2023 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
```
This makes me think the package is missing some configuration for
systemd to be able to listen on a TCP port instead of a local socket.
Since it worked this way on Debian 11 it might also result in problems
when people do dist-upgrades?
Regards,
Balu
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket disabled
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 1.0.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023
daily.cvd: version 26981, sigs: 2039385, built on Wed Jul 26 09:29:13 2023
Total number of signatures: 8686903
Platform information
--------------------
uname: Linux 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1 (2023-07-14) x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 12 (bookworm)
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a1a108000000000c0200
Build information
-----------------
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 161, dconf: 161
--- data dir ---
total 226988
-rw-r--r-- 1 clamav clamav 291965 Jul 27 09:23 bytecode.cvd
-rw-r--r-- 1 clamav clamav 61649992 Jul 27 09:23 daily.cvd
-rw-r--r-- 1 clamav clamav 69 Jul 27 09:23 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Jul 27 09:23 main.cvd
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.134
ii clamav-base 1.0.1+dfsg-2
ii clamav-freshclam [clamav-data] 1.0.1+dfsg-2
ii debconf [debconf-2.0] 1.5.82
ii dpkg 1.21.22
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u1
ii libclamav11 1.0.1+dfsg-2
ii libcurl4 7.88.1-10+deb12u1
ii libncurses6 6.4-4
ii libsystemd0 252.12-1~deb12u1
ii libtinfo6 6.4-4
ii procps 2:4.0.2-3
ii ucf 3.0043+nmu1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 1.0.1+dfsg-2
Versions of packages clamav-daemon suggests:
ii apparmor 3.0.8-3
pn clamav-docs <none>
pn daemon <none>
pn libclamunrar <none>
-- debconf information:
* clamav-daemon/StreamMaxLength: 25
* clamav-daemon/MaxConnectionQueueLength: 15
clamav-daemon/DisableCertCheck: false
* clamav-daemon/AddGroups:
* clamav-daemon/FollowFileSymlinks: false
clamav-daemon/MaxScriptNormalize: 5M
* clamav-daemon/debconf: true
* clamav-daemon/TCPAddr: any
* clamav-daemon/LogTime: true
* clamav-daemon/MaxThreads: 12
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/ScanSWF: true
clamav-daemon/LocalSocketGroup: clamav
* clamav-daemon/SelfCheck: 3600
clamav-daemon/MaxEmbeddedPE: 10M
* clamav-daemon/User: clamav
clamav-daemon/AllowAllMatchScan: true
* clamav-daemon/MaxDirectoryRecursion: 15
* clamav-daemon/LogFile: /var/log/clamav/clamav.log
* clamav-daemon/TCPSocket: 3310
clamav-daemon/ForceToDisk: false
* clamav-daemon/ReadTimeout: 180
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/LocalSocketMode: 666
* clamav-daemon/BytecodeSecurity: TrustSigned
* clamav-daemon/LogSyslog: false
clamav-daemon/FixStaleSocket: true
* clamav-daemon/LogRotate: true
* clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/OnAccessMaxFileSize: 5M
clamav-daemon/MaxHTMLNormalize: 10M
* clamav-daemon/ScanArchive: true
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
* clamav-daemon/Bytecode: true
* clamav-daemon/TcpOrLocal: TCP
* clamav-daemon/ScanMail: true
corubba
Sep 16, 2023, 1:10:05 PM9/16/23
to
Hello,
since v0.99.2 (more specifically commit b68375fd [0]) clamd supports using sockets it gets passed as file descriptors. If it gets passed at least one socket this way, only those are used and all LocalSocket and TCPSocket statements from the config file are ignored. Unfortunately there seems to be no mention of this behaviour anywhere in the docs, I found it only by looking at the source code.
In bullseye [1] the clamav-daemon package only contains a clamav-daemon.service unit-file, in bookworm in addition to the service unit-file it also contains a clamav-daemon.socket unit-file. According to the systemd.service man-page [3] a service process automatically gets passed the sockets from all same-named socket units. Because in bullseye there was no socket unit, clamd didn't get passed any sockets from systemd and the statements from the config file were used. In bookworm clamd always gets passed a local socket from systemd because of the socket unit, and the config statements are ignored.
The workaround/solution I found is to create a drop-in for the socket unit (see below), letting systemd open the tcp socket and pass it to clamd. In fact, the socket unit-file from upstream [4] already contains a commented-out version of this. See the respective man-page [5] for more details about the syntax and e.g. how to bind to a specific ip address. I would also recommend to removed any socket configuration from clamd.conf to avoid confusion.
/etc/systemd/system/clamav-daemon.socket.d/tcp-socket.conf
```
[Socket]
ListenStream=3310
```
Alternatively you can mask the socket unit (and remove the Requires= from the service unit), which bypasses the whole systemd-socket-business and makes clamd behave like in bullseye, opening its own sockets according to its config file.
[0] https://github.com/Cisco-Talos/clamav/commit/b68375fdbb173b7652bf3b58b5e801906f587a25
[1] https://packages.debian.org/bullseye/amd64/clamav-daemon/filelist
[2] https://packages.debian.org/bookworm/amd64/clamav-daemon/filelist
[3] https://www.freedesktop.org/software/systemd/man/systemd.service.html#Sockets=
[4] https://github.com/Cisco-Talos/clamav/blob/clamav-1.0.1/clamd/clamav-daemon.socket.in#L10
[5] https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=
---
Greetings
Corubba
since v0.99.2 (more specifically commit b68375fd [0]) clamd supports using sockets it gets passed as file descriptors. If it gets passed at least one socket this way, only those are used and all LocalSocket and TCPSocket statements from the config file are ignored. Unfortunately there seems to be no mention of this behaviour anywhere in the docs, I found it only by looking at the source code.
In bullseye [1] the clamav-daemon package only contains a clamav-daemon.service unit-file, in bookworm in addition to the service unit-file it also contains a clamav-daemon.socket unit-file. According to the systemd.service man-page [3] a service process automatically gets passed the sockets from all same-named socket units. Because in bullseye there was no socket unit, clamd didn't get passed any sockets from systemd and the statements from the config file were used. In bookworm clamd always gets passed a local socket from systemd because of the socket unit, and the config statements are ignored.
The workaround/solution I found is to create a drop-in for the socket unit (see below), letting systemd open the tcp socket and pass it to clamd. In fact, the socket unit-file from upstream [4] already contains a commented-out version of this. See the respective man-page [5] for more details about the syntax and e.g. how to bind to a specific ip address. I would also recommend to removed any socket configuration from clamd.conf to avoid confusion.
/etc/systemd/system/clamav-daemon.socket.d/tcp-socket.conf
```
[Socket]
ListenStream=3310
```
Alternatively you can mask the socket unit (and remove the Requires= from the service unit), which bypasses the whole systemd-socket-business and makes clamd behave like in bullseye, opening its own sockets according to its config file.
[0] https://github.com/Cisco-Talos/clamav/commit/b68375fdbb173b7652bf3b58b5e801906f587a25
[1] https://packages.debian.org/bullseye/amd64/clamav-daemon/filelist
[2] https://packages.debian.org/bookworm/amd64/clamav-daemon/filelist
[3] https://www.freedesktop.org/software/systemd/man/systemd.service.html#Sockets=
[4] https://github.com/Cisco-Talos/clamav/blob/clamav-1.0.1/clamd/clamav-daemon.socket.in#L10
[5] https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=
---
Greetings
Corubba
0 new messages