Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)
UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory)
Earlier this past week I upgraded from 14.04.4LTS -> 16.04.1LTS. The upgrade went smoothly and quickly however the system is so unstable that it's going to take many questions here to ask about all of them.
My first question/problem is about ClamAV. I have it being called by Spamassassin. It was working after the upgrade until yesterday at 11:31am when SA suddenly quit running for some reason. I didn't realize this until around 4:20pm yesterday and restarted SA. From then on in my SA message headers I get X-spam-virus: Error (Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory). My /etc/mail/spamassassin/local.cf is set to call clamav:
Code:
# ClamAV support: no need to scan viruses/malware
priority CLAMAV -900
shortcircuit CLAMAV on
score CLAMAV 20
Doing a stop and start of clamav-daemon - sudo service clamav-daemon stop/sudo service clamav-daemon start shows in the /var/log/clamav/clamd.log:
Code:
Sun Aug 7 16:10:16 2016 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pidAug 7 12:11:00 localhost kernel: [56133.949029] audit: type=1400 audit(1470589859.979:32): apparmor="ALLOWED" operation="mknod" profile="/usr/sbin/clamd" name="/run/clamd.socket" pid=8890 comm="clamd" requested_mask="c" denied_mask="c" fsuid=121 ouid=121
Sun Aug 7 16:10:16 2016 -> --- Stopped at Sun Aug 7 16:10:16 2016
Sun Aug 7 16:10:23 2016 -> +++ Started at Sun Aug 7 16:10:23 2016
Sun Aug 7 16:10:23 2016 -> Received 1 file descriptor(s) from systemd.
Sun Aug 7 16:10:23 2016 -> clamd daemon 0.99 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sun Aug 7 16:10:23 2016 -> Running as user clamav (UID 121, GID 130)
Sun Aug 7 16:10:23 2016 -> Log file size limited to 4294967295bytes.
Sun Aug 7 16:10:23 2016 -> Reading databases from /var/lib/clamav
Sun Aug 7 16:10:23 2016 -> Bytecode: Security mode set to "TrustSigned".
Sun Aug 7 16:10:54 2016 -> Loaded 4921428 signatures.
Sun Aug 7 16:10:58 2016 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Sun Aug 7 16:10:58 2016 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
Sun Aug 7 16:10:58 2016 -> Limits: Global size limit set to 52428800 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: File size limit set to 26214400 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: Recursion level limit set to 16.
Sun Aug 7 16:10:58 2016 -> Limits: Files limit set to 10000.
Sun Aug 7 16:10:58 2016 -> Limits: Core-dump limit is 0.
Sun Aug 7 16:10:58 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sun Aug 7 16:10:58 2016 -> Limits: MaxPartitions limit set to 50.
Sun Aug 7 16:10:58 2016 -> Limits: MaxIconsPE limit set to 100.
Sun Aug 7 16:10:58 2016 -> Limits: PCREMatchLimit limit set to 10000.
Sun Aug 7 16:10:58 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
Sun Aug 7 16:10:58 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
Sun Aug 7 16:10:58 2016 -> Archive support enabled.
Sun Aug 7 16:10:58 2016 -> Algorithmic detection enabled.
Sun Aug 7 16:10:58 2016 -> Portable Executable support enabled.
Sun Aug 7 16:10:58 2016 -> ELF support enabled.
Sun Aug 7 16:10:58 2016 -> Mail files support enabled.
Sun Aug 7 16:10:58 2016 -> OLE2 support enabled.
Sun Aug 7 16:10:58 2016 -> PDF support enabled.
Sun Aug 7 16:10:58 2016 -> SWF support enabled.
Sun Aug 7 16:10:58 2016 -> HTML support enabled.
Sun Aug 7 16:10:58 2016 -> Heuristic: precedence enabled
Sun Aug 7 16:10:58 2016 -> Self checking every 600 seconds.
Sun Aug 7 16:10:58 2016 -> ERROR: Can't save PID in file /var/run/clamav/clamd.pid
Sun Aug 7 16:10:58 2016 -> Listening daemon: PID: 22545
Sun Aug 7 16:10:58 2016 -> MaxQueue set to: 100
My /etc/clamav/clamd.comf file:
Code:
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
# rotation (the LogRotate option) will always be enabled.
# Default: 1M
LogFileMaxSize 0
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
LogVerbose yes
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
#LogRotate yes
# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
ExtendedDetectionInfo yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /var/tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Only load the official signatures published by the ClamAV project.
# Default: no
OfficialDatabaseOnly no
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd.socket
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
#LocalSocketGroup virusgroup
# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660
# Remove stale socket after unclean shutdown.
# Default: yes
FixStaleSocket yes
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
MaxThreads 10
# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
ReadTimeout 300
# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
#
# Default: 500
SendBufTimeout 200
# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
#
# Default: 100
MaxQueue 100
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Scan files and directories on other filesystems.
# Default: yes
#CrossFilesystems yes
# Perform a database check.
# Default: 600 (10 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
# any ALLMATCHSCAN command as invalid.
# Default: yes
#AllowAllMatchScan no
# Detect Possibly Unwanted Applications.
# Default: no
DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
# the complete list of PUA categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool
# Only include a specific PUA category. This directive can be used multiple
# times.
# Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
AlgorithmicDetection yes
# This option causes memory or nested map scans to dump the content to disk.
# If you turn on this option, more data is written to disk and is available
# when the LeaveTemporaryFiles option is enabled.
#ForceToDisk yes
# This option allows you to disable the caching feature of the engine. By
# default, the engine will store an MD5 in a cache of any files that are
# not flagged as virus or that hit limits checks. Disabling the cache will
# have a negative performance impact on large scans.
# Default: no
#DisableCache yes
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite. If you turn off this option, the original files will still be
# scanned, but without additional processing.
# Default: yes
ScanPE yes
# Certain PE files contain an authenticode signature. By default, we check
# the signature chain in the PE file against a database of trusted and
# revoked certificates if the file being scanned is marked as a virus.
# If any certificate in the chain validates against any trusted root, but
# does not match any revoked certificate, the file is marked as whitelisted.
# If the file does match a revoked certificate, the file is marked as virus.
# The following setting completely turns off authenticode verification.
# Default: no
#DisableCertCheck yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
##
## Documents
##
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
ScanOLE2 yes
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros no
# This option enables scanning within PDF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
ScanPDF yes
# This option enables scanning within SWF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanSWF yes
##
## Mail files
##
# Enable internal e-mail scanner.
# If you turn off this option, the original files will still be scanned, but
# without parsing individual messages/attachments.
# Default: yes
ScanMail yes
# Scan RFC1341 messages split over many emails.
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#ScanPartialMessages yes
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
PhishingScanURLs yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockCloak no
# Detect partition intersections in raw disk images using heuristics.
# Default: no
#PartitionIntersection no
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be reported only at
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
#
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
#
# Default: no
HeuristicScanPrecedence yes
##
## Data Loss Prevention (DLP)
##
# Enable the DLP module
# Default: No
StructuredDataDetection no
# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5
# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
StructuredMinSSNCount 9
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
# StructuredSSNFormatNormal no
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
# StructuredSSNFormatStripped no
##
## HTML
##
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
ScanHTML yes
##
## Archives
##
# ClamAV can scan within archives and compressed files.
# If you turn off this option, the original files will still be scanned, but
# without unpacking and additional processing.
# Default: yes
ScanArchive yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
##
## Limits
##
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
MaxScanSize 50M
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: setting this limit too high may result in severe damage to the system.
# Default: 16
#MaxRecursion 10
# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000
# Maximum size of a file to check for embedded PE. Files larger than this value
# will skip the additional analysis step.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10M
#MaxEmbeddedPE 10M
# Maximum size of a HTML file to normalize. HTML files larger than this value
# will not be normalized or scanned.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10M
#MaxHTMLNormalize 10M
# Maximum size of a normalized HTML file to scan. HTML files larger than this
# value after normalization will not be scanned.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 2M
#MaxHTMLNoTags 2M
# Maximum size of a script file to normalize. Script content larger than this
# value will not be normalized or scanned.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 5M
#MaxScriptNormalize 5M
# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
# than this value will skip the step to potentially reanalyze as PE.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 1M
#MaxZipTypeRcg 1M
# This option sets the maximum number of partitions of a raw disk image to be scanned.
# Raw disk images with more partitions than this value will have up to the value number
# partitions scanned. Negative values are not allowed.
# Note: setting this limit too high may result in severe damage or impact performance.
# Default: 50
#MaxPartitions 128
# This option sets the maximum number of icons within a PE to be scanned.
# PE files with more icons than this value will have up to the value number icons scanned.
# Negative values are not allowed.
# WARNING: setting this limit too high may result in severe damage or impact performance.
# Default: 100
#MaxIconsPE 200
##
## On-access Scan Settings
##
# Enable on-access scanning. Currently, this is supported via fanotify.
# Clamuko/Dazuko support has been deprecated.
# Default: no
#ScanOnAccess yes
# Don't scan files larger than OnAccessMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#OnAccessMaxFileSize 10M
# Set the include paths (all files inside them will be scanned). You can have
# multiple OnAccessIncludePath directives but each directory must be added
# in a separate line. (On-access scan only)
# Default: disabled
#OnAccessIncludePath /home
#OnAccessIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# (On-access scan only)
# Default: disabled
#OnAccessExcludePath /home/bofh
# With this option you can whitelist specific UIDs. Processes with these UIDs
# will be able to access all files.
# This option can be used multiple times (one per line).
# Default: disabled
#OnAccessExcludeUID 0
##
## Bytecode
##
# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
# Default: yes
Bytecode yes
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
# This value is only available if clamav was built with --enable-debug!
# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
# Note that by default only signed bytecode is loaded, currently you can only
# load unsigned bytecode in --enable-debug mode.
#
# Default: TrustSigned
BytecodeSecurity TrustSigned
# Set bytecode timeout in miliseconds.
#
# Default: 5000
# BytecodeTimeout 1000
##
## Statistics gathering and submitting
##
# Enable statistical reporting.
# Default: no
# StatsEnabled yes
# Disable submission of individual PE sections for files flagged as malware.
# Default: no
#StatsPEDisabled yes
# HostID in the form of an UUID to use when submitting statistical information.
# Default: auto
#StatsHostID auto
# Time in seconds to wait for the stats server to come back with a response
# Default: 10
#StatsTimeout 10
I've not made any changes path wise or permission wise. I've got through my config file over and over again and checked permissions. I looked at the backup I made prior to the upgrade everything is the same as in 14.04LTS. Any ideas pointing me in the right direction would be appreciated.
**UPDATE** I was looking through /var/log/kern.log just now and noticed this:
I was really hoping someone could give me some advice on this. Prior to my upgrade to 16.04 SA and Clamav were working together perfectly. The clamd.socket file was being created in /var/lib/clamav as my clamd.conf file says it should be. My clamav.pm file in /etc/mail/spamassassin is configured the same as it was before the upgrade. It's now even complaining about creating the
Code:
package ClamAV;
use strict;
# version 2.0, 2010-01-07
# - use SA public interface set_tag() and add_header, instead of
# pushing a header field directly into $conf->{headers_spam}
# our $CLAMD_SOCK = 3310; # for TCP-based usage
# our $CLAMD_SOCK = "/var/run/clamd.basic/clamd.sock"; # change me
#our $CLAMD_SOCK = "/var/lib/clamav/clamd.socket";
our $CLAMD_SOCK = "/var/lib/clamav/clamd.socket";
use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use Mail::SpamAssassin::Logger;
use File::Scan::ClamAV;
our @ISA = qw(Mail::SpamAssassin::Plugin);
sub new {
my ($class, $mailsa) = @_;
$class = ref($class) || $class;
my $self = $class->SUPER::new($mailsa);
bless($self, $class);
$self->register_eval_rule("check_clamav");
return $self;
}
sub check_clamav {
Wed Aug 10 17:50:00 2016 -> --- Stopped at Wed Aug 10 17:50:00 2016
Wed Aug 10 17:50:00 2016 -> +++ Started at Wed Aug 10 17:50:00 2016
Wed Aug 10 17:50:00 2016 -> Received 1 file descriptor(s) from systemd.
Wed Aug 10 17:50:00 2016 -> clamd daemon 0.99 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Wed Aug 10 17:50:00 2016 -> Running as user clamav (UID 121, GID 130)
Wed Aug 10 17:50:00 2016 -> Log file size limited to 2097152bytes.
Wed Aug 10 17:50:00 2016 -> Reading databases from /var/lib/clamav
Wed Aug 10 17:50:00 2016 -> Bytecode: Security mode set to "TrustSigned".
Wed Aug 10 17:50:13 2016 -> Loaded 4931393 signatures.
Wed Aug 10 17:50:14 2016 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Wed Aug 10 17:50:14 2016 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
Wed Aug 10 17:50:14 2016 -> Limits: Global size limit set to 52428800 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: File size limit set to 26214400 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: Recursion level limit set to 16.
Wed Aug 10 17:50:14 2016 -> Limits: Files limit set to 10000.
Wed Aug 10 17:50:14 2016 -> Limits: Core-dump limit is 0.
Wed Aug 10 17:50:14 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Wed Aug 10 17:50:14 2016 -> Limits: MaxPartitions limit set to 50.
Wed Aug 10 17:50:14 2016 -> Limits: MaxIconsPE limit set to 100.
Wed Aug 10 17:50:14 2016 -> Limits: PCREMatchLimit limit set to 10000.
Wed Aug 10 17:50:14 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
Wed Aug 10 17:50:14 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
Wed Aug 10 17:50:14 2016 -> Archive support enabled.
Wed Aug 10 17:50:14 2016 -> Algorithmic detection enabled.
Wed Aug 10 17:50:14 2016 -> Portable Executable support enabled.
Wed Aug 10 17:50:14 2016 -> ELF support enabled.
Wed Aug 10 17:50:14 2016 -> Mail files support enabled.
Wed Aug 10 17:50:14 2016 -> OLE2 support enabled.
Wed Aug 10 17:50:14 2016 -> PDF support enabled.
Wed Aug 10 17:50:14 2016 -> SWF support enabled.
Wed Aug 10 17:50:14 2016 -> HTML support enabled.
Wed Aug 10 17:50:14 2016 -> Heuristic: precedence enabled
Wed Aug 10 17:50:14 2016 -> Self checking every 600 seconds.
Wed Aug 10 17:50:14 2016 -> ERROR: Can't save PID in file /var/run/clamav/clamd.pid
Wed Aug 10 17:50:14 2016 -> Listening daemon: PID: 6785
Wed Aug 10 17:50:14 2016 -> MaxQueue set to: 100
I have no idea why the .pid file can't be created nor why the /var/lib/clamav/clamd.socket can't be created as prior to the upgrade.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
