Bug#1030171: clamav-daemon: clamav-clamonacc.service fails to start
Ben Goodwin
Version: 1.0.0+dfsg-6
Severity: normal
X-Debbugs-Cc: vbgoo...@gmail.com
systemctl reports that clamav-clamonacc.service failed to start.
Attempting to start the service results in failure.
I have never enabled On-Access Scanning, but systemctl has never
reported that clamav-clamonacc.service failed to start before.
systemctl reports the status as follows:
clamav-clamonacc.service - ClamAV On-Access Scanner
Loaded: loaded (/lib/systemd/system/clamav-clamonacc.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Tue 2023-01-31 13:35:23 CST; 39min ago
Duration: 16ms
Docs: man:clamonacc(8)
man:clamd.conf(5)
https://docs.clamav.net/
Process: 3031 ExecStartPre=/bin/bash -c while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done (code=exited, status=0/SUCCESS)
Process: 3032 ExecStart=/usr/sbin/clamonacc -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine (code=exited, status=2)
Main PID: 3032 (code=exited, status=2)
CPU: 17ms
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 1.0.0
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
daily.cld: version 26798, sigs: 2018894, built on Tue Jan 31 02:21:25 2023
main.cld: version 62, sigs: 6647427, built on Thu Sep 16 07:32:42 2021
bytecode.cld: version 333, sigs: 92, built on Mon Mar 8 09:21:51 2021
Total number of signatures: 8666413
Platform information
--------------------
uname: Linux 6.1.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.7-1 (2023-01-18) x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux bookworm/sid
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a0a008000000000c0200
Build information
-----------------
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 160, dconf: 160
--- data dir ---
total 641720
-rw-r--r-- 1 clamav clamav 1438720 Mar 8 2021 bytecode.cld
drwxr-xr-x 2 clamav clamav 4096 Aug 12 2018 clamav-1421505f1d54b9bef49b2ff6150c0a40.tmp
drwxr-xr-x 3 clamav clamav 4096 Mar 21 2017 clamav-177173eb124a0339326d90d5114f58a4.tmp
drwxr-xr-x 2 clamav clamav 4096 Aug 12 2018 clamav-46cc997dbbb8ccbef72e8b605cb6f13d.tmp
-rw-r--r-- 1 clamav clamav 191598592 Jan 31 03:19 daily.cld
-rw-r--r-- 1 clamav clamav 69 Sep 5 2021 freshclam.dat
-rw-r--r-- 1 clamav clamav 464053248 Sep 16 2021 main.cld
-rw------- 1 clamav clamav 69 Apr 26 2021 mirrors.dat
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.130
ii clamav-base 1.0.0+dfsg-6
ii clamav-freshclam [clamav-data] 1.0.0+dfsg-6
ii debconf [debconf-2.0] 1.5.82
ii dpkg 1.21.19
ii init-system-helpers 1.65.2
ii libc6 2.36-8
ii libclamav11 1.0.0+dfsg-6
ii libcurl4 7.87.0-2
ii libncurses6 6.4-2
ii libsystemd0 252.4-2
ii libtinfo6 6.4-2
ii procps 2:4.0.2-3
ii ucf 3.0043
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 1.0.0+dfsg-6
Versions of packages clamav-daemon suggests:
ii apparmor 3.0.8-2
pn clamav-docs <none>
pn daemon <none>
pn libclamunrar <none>
-- debconf information:
clamav-daemon/Bytecode: true
clamav-daemon/LogFile: /var/log/clamav/clamav.log
clamav-daemon/LogRotate: true
clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/ReadTimeout: 180
clamav-daemon/LogSyslog: false
clamav-daemon/MaxThreads: 12
clamav-daemon/BytecodeSecurity: TrustSigned
clamav-daemon/ScanArchive: true
clamav-daemon/ScanSWF: true
clamav-daemon/FixStaleSocket: true
clamav-daemon/LogTime: true
clamav-daemon/MaxScriptNormalize: 5M
clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
clamav-daemon/TCPAddr: any
clamav-daemon/SelfCheck: 3600
clamav-daemon/StatsEnabled: false
clamav-daemon/LocalSocketMode: 666
clamav-daemon/AddGroups:
clamav-daemon/ForceToDisk: false
clamav-daemon/MaxHTMLNormalize: 10M
clamav-daemon/TCPSocket: 3310
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/StreamMaxLength: 25
clamav-daemon/StatsHostID: auto
clamav-daemon/LocalSocketGroup: clamav
clamav-daemon/MaxConnectionQueueLength: 15
clamav-daemon/MaxEmbeddedPE: 10M
clamav-daemon/ScanMail: true
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/User: clamav
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/MaxDirectoryRecursion: 15
clamav-daemon/OnAccessMaxFileSize: 5M
clamav-daemon/StatsPEDisabled: true
clamav-daemon/ScanOnAccess: false
clamav-daemon/FollowFileSymlinks: false
clamav-daemon/DisableCertCheck: false
clamav-daemon/TcpOrLocal: UNIX
clamav-daemon/AllowAllMatchScan: true
clamav-daemon/debconf: true
clamav-daemon/StatsTimeout: 10
Martin-Éric Racine
Version: 1.0.1+dfsg-2
Followup-For: Bug #1030171
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I bumped into this one after upgrading from Bullseye to Bookworm.
x clamav-clamonacc.service - ClamAV On-Access Scanner
Loaded: loaded (/lib/systemd/system/clamav-clamonacc.service; enabled; preset: enabled)
Active: failed (Result: timeout) since Wed 2023-05-24 07:48:22 EEST; 18min ago
Docs: man:clamonacc(8)
man:clamd.conf(5)
https://docs.clamav.net/
CPU: 131ms
May 24 07:46:52 p8h61 systemd[1]: Starting clamav-clamonacc.service - ClamAV On-Access Scanner...
May 24 07:48:22 p8h61 systemd[1]: clamav-clamonacc.service: start-pre operation timed out. Terminating.
May 24 07:48:22 p8h61 systemd[1]: clamav-clamonacc.service: Control process exited, code=killed, status=15/TERM
May 24 07:48:22 p8h61 systemd[1]: clamav-clamonacc.service: Failed with result 'timeout'.
May 24 07:48:22 p8h61 systemd[1]: Failed to start clamav-clamonacc.service - ClamAV On-Access Scanner.
This REALLY needs to be fixed now, before Bookworm is released.
Martin-Éric
- -- Package-specific info:
- --- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
- -----------------------
CommandReadTimeout = "30"
Config file: freshclam.conf
- ---------------------------
ReceiveTimeout disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
- -----------------
Version: 1.0.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
- --------------------
Database directory: /var/lib/clamav
bytecode.cld: version 334, sigs: 91, built on Wed Feb 22 23:33:21 2023
main.cld: version 62, sigs: 6647427, built on Thu Sep 16 15:32:42 2021
daily.cld: version 26916, sigs: 2035172, built on Tue May 23 10:22:39 2023
Total number of signatures: 8682690
Platform information
- --------------------
uname: Linux 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 12 (bookworm)
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a1a108000000000c0200
Build information
- -----------------
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 161, dconf: 161
- --- data dir ---
total 644256
- -rw-r--r-- 1 clamav clamav 1430528 Feb 23 00:28 bytecode.cld
- -rw-r--r-- 1 clamav clamav 194210304 May 23 11:01 daily.cld
- -rw-r--r-- 1 clamav clamav 69 Sep 19 2021 freshclam.dat
- -rw-r--r-- 1 clamav clamav 464053248 Sep 16 2021 main.cld
- -rw-r--r-- 1 root root 69 Aug 16 2021 mirrors.dat
- -- System Information:
Debian Release: 12.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.133
ii clamav-base 1.0.1+dfsg-2
ii clamav-freshclam [clamav-data] 1.0.1+dfsg-2
ii debconf [debconf-2.0] 1.5.82
ii dpkg 1.21.22
ii init-system-helpers 1.65.2
ii libc6 2.36-9
ii libclamav11 1.0.1+dfsg-2
ii libcurl4 7.88.1-9
ii libncurses6 6.4-4
ii libsystemd0 252.6-1
ii libtinfo6 6.4-4
ii procps 2:4.0.2-3
ii ucf 3.0043+nmu1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 1.0.1+dfsg-2
Versions of packages clamav-daemon suggests:
ii apparmor 3.0.8-3
pn clamav-docs <none>
pn daemon <none>
pn libclamunrar <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmRtm+YACgkQrh+Cd8S0
17Y34xAAtt2LHtzcsbGPD+ikb6RUcirUwgVJHrY2M98hhoFMGb2e8HNgACQeUq2R
bxIojbxTW5efap5IKsbq2ieHNss3udnxVCQQW80HT+EsEljW2pGOlTf2LnYTE4xf
LrS9B6bm7qGrK6VqZpjZtlLJRFHvyrVveJP1K7uru/3YR/8IrY513whVB+35mA4w
wZejQcQWxAg2gHrHTZOkujm1w9P4w0R6KAJfLoJZkd+GVvuwKo1L8HQo2Y9kSrLk
6yhvA7k9ml3WTikBEq/3BmsJWT6XBuTkRTM1s0seGVatdWFmX8bu12PYg2rWmMCn
UiXsO/hQ3elDIhkAKxqunh/zwtdkldaqqQek9G05SG5klLUH4IrL7YNL4EqYQ5Q1
pgarxDepe867XmYk0xdmbvD+maqJWk1Tpi09SgFFBBtqNoJPMTpQYEoDU+QwXPSB
Zj7yDW2i9z0XwNUInT2D20O0KcUT3GYdhH7kc4weBn17G5r54oUyol1cKQy9J5QQ
D9XQ207miXNlijYiNrVbBHQfUyjCHJjbwGTpS5efBd2MjBbwmZK70AfSMRmyk/4A
jxGIk7Wge4BwmoEPtgXrKAj8pGJDLZlojoZAnHbT87I3r/kO2xThbPoZbTr5UmBw
sgx+QhvBOhiAIMig5F0U83Lye17xWEuXd/3irnvbbt0WwIIfCAg=
=orAD
-----END PGP SIGNATURE-----
Martin-Éric Racine
Version: 1.0.1+dfsg-2
Followup-For: Bug #1030171
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Syslog already suggests what the fix should be:
$ grep Clamonacc /var/log/syslog
2023-06-12T08:33:40.562184+03:00 p8h61 clamonacc[248359]: ERROR: Clamonacc: at least one of OnAccessExcludeUID, OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it is recommended you exclude the clamd instance UID or uname to prevent infinite event scanning loops
When will this get implemented?
Martin-Éric
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmSGr6kACgkQrh+Cd8S0
17a4zA/9FK57U30pAvn/cOV7gqsOU676lJaPBdyA7Ovrc5m7/xeIFnHIIG1krDfq
3r5VLSy4PQivA4i4ztIYH2p57fvUlVsDG3jLHzWdFjlEurjNWS0AKp0Zo5OxIwcv
lTbXnzfEcUEOu85tLBk3bEvPgqZvqearxnpbosSDM3Q0qsDrf/SM7MaNl+4cfq2h
q57SFGRsOfa3AGWftqc8nY+WzChaj1DWAxZyuEs/K5bbaB2uerOPs59f8zods3qh
nluhlbcH4x7P+n5e5QcDvONmj4LmUKdd1PNzerUoqiKsqs5Z1uJcIV9j39Vx26tF
uh3CsnjvkuN4k1Zp1Xc+9MmmahvufT+fLctcV9FnldOoaY95X5wbAAFZbeyyJ/8K
qkG2iMESRwFCkQpmISAp+lafpj1lcxaBTdz5JxF/SW3BPDRTf/f2QyMM7f0YkqBl
gzYWf1oIUu6y/klTCSBsNDDDd9CUOaVTt/83lt2hp4uk+UFyNRq2xsriD/lsFJxi
bCmMpQeKJIieFupk4Kc1+QG7Sqz1N9BlqBs6u1AJsmnxX4h0pxsY0Q2KKFPlfJeq
myqD+prIbQSlulvlRWTck26azjMca8Ieakutyd4V3xZ3uBZ/+9G7v0kOXlkgXyL1
npj247uI28XBC99JSI0HUTxNG+Nx0hVQ7twLqoEyNeeCtKxmJHM=
=DE++
-----END PGP SIGNATURE-----
Sebastian Andrzej Siewior
> Syslog already suggests what the fix should be:
>
> $ grep Clamonacc /var/log/syslog
> 2023-06-12T08:33:40.562184+03:00 p8h61 clamonacc[248359]: ERROR:
> Clamonacc: at least one of OnAccessExcludeUID, OnAccessExcludeUname,
> or OnAccessExcludeRootUID must be specified ... it is recommended you
> exclude the clamd instance UID or uname to prevent infinite event
> scanning loops
>
> When will this get implemented?
agreed on not have it running by default. These option are not set in
the default config file shipped by upstream.
> Martin-Éric
Sebastian