Hi Noel,

> On Feb 22, 2018, at 10:23 AM, Noel Jones <njo...@megan.vbhcs.org> wrote:
>> On 2/22/2018 8:29 AM, J Doe wrote:
>>> Hello,
>>> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and 
>>> utilize it as a milter for Postfix v. 3.1.0.
>>> When freshclam runs according to its’ cron job and successfully downloads 
>>> an update, it leaves the following note in the freshclam log:
>>> WARNING: clamd was NOT notified:  Can’t connect to clamd through 
>>> /var/spool/postfix/var/run/clamav/clamd.sock
>>> My initial thought was a simple permissions error, so I checked the 
>>> permissions to the clamd.sock socket:
>>> drwxr-xr-x    clamav clamav    /var/spool/postfix/var/run/clamav
>>> srw-rw-rw    clamav clamav    /var/spool/postfix/var/run/clamd.sock 
> This path doesn't match the error message above.
>>> $ sudo -u clamav namei -m /var/spool/postfix/var/run/clamav/clamd.sock
> Yet this path does.
>>> I’m pretty sure this is a minor mistake on my part; can anyone suggest a 
>>> solution ?
> Check your paths in clamd.conf and freshclam.conf carefully. It's
> likely they don't match.
>  -- Noel Jones

Oops.  You’re right - those paths did not match.

/etc/clamav/freshclam.conf is set to read clamd’s configuration file when a 
update is successfully downloaded for the signature database.

When I check the path in /etc/clamav/clamd.conf it points to the correct path 
to the socket:


I verified that freshclam runs as clamav via ps aux, so performing the namei 
test again works:

$ sudo -u clamav namei -m /var/spool/postfix/var/run/clamav/clamd.sock

The file permissions on the socket are:

drwxr-xr-x    clamav clamav /var/spool/postfix/var/run/clamav/
srw-rw-rw    clamav clamav /var/spool/postfix/var/run/clamav/clamd.sock

I note though that man 5 freshclam.conf states that clamd is *NOT* set to 
update by default, however when I installed the package on Ubuntu 16.04.03 LTS, 
it has put in 3600 for an update frequency.

That said, if freshclam does not notify clamd by default, does that mean if I 
don’t get the socket problem sorted out that clamd (and more importantly 
clamav-milter), will still use the most recently downloaded signatures when 
scanning ?  Or does clamd and clamav-milter have to receive an update message 
via the socket to use the most recent signatures ?


- J
clamav-users mailing list

Help us build a comprehensive ClamAV guide:


Reply via email to