Package: clamav-daemon Version: 0.99+dfsg-0+deb8u2 Severity: important Dear Maintainer,
It seems that clamav-daemon does not start with thes sames options when using systemd or sysvinit. This leads to problem with clamsmtp / clamd communication breaking mail checking systeme. when using sysv ## check sysv # pidof /sbin/init 1 # pidof systemd zsh: exit 1 pidof systemd clamd process is started with those default options : # ps -ef |grep clam clamav 6673 1 0 16:53 ? 00:00:00 /usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf --pid=/run/clamav/freshclam.pid clamav 8357 1 0 16:57 ? 00:00:00 /usr/sbin/clamd -c /etc/clamav/clamd.conf --pid=/run/clamav/clamd.pid clamsmtp 8409 1 0 16:58 ? 00:00:00 /usr/sbin/clamsmtpd root 8430 4011 0 16:58 pts/0 00:00:00 grep clam and communication between clamsmtp and clamd works (extract from mail.info) : Apr 24 16:59:47 pc251270 postfix/pickup[3311]: 39761221B8E: uid=0 from=<root> Apr 24 16:59:47 pc251270 postfix/cleanup[8443]: 39761221B8E: message-id=<20160424145947.39761221...@pc251270.valfontenay.ratp> Apr 24 16:59:47 pc251270 postfix/qmgr[3312]: 39761221B8E: from=<r...@pc251270.valfontenay.ratp>, size=459, nrcpt=1 (queue active) Apr 24 16:59:47 pc251270 clamsmtpd: 100000: accepted connection from: 127.0.0.1 Apr 24 16:59:47 pc251270 postfix/smtpd[8447]: connect from localhost[127.0.0.1] Apr 24 16:59:47 pc251270 postfix/smtpd[8447]: 4956C221DD1: client=localhost[127.0.0.1] Apr 24 16:59:47 pc251270 postfix/cleanup[8443]: 4956C221DD1: message-id=<20160424145947.39761221...@pc251270.valfontenay.ratp> switching to systemd (and rebooting ;-)) ) ## check systemd # pidof systemd 1188 # pidof /sbin/init 1190 1188 1 ## it seems that clamav-daemon is no more start with good options # ps -ef |grep clam clamav 678 1 0 17:11 ? 00:00:00 /usr/bin/freshclam -d --foreground=true clamsmtp 747 1 0 17:11 ? 00:00:00 /usr/sbin/clamsmtpd clamav 791 1 7 17:11 ? 00:00:07 /usr/sbin/clamd --foreground=true root 1996 1733 0 17:12 pts/0 00:00:00 grep clam Communication beetween clamsmtp and clamd is now failing Apr 24 17:14:02 pc251270 postfix/pickup[1163]: 3CC4F221B8E: uid=1000 from=<xquost> Apr 24 17:14:02 pc251270 postfix/cleanup[2006]: 3CC4F221B8E: message-id=<20160424151402.3cc4f221...@pc251270.valfontenay.ratp> Apr 24 17:14:02 pc251270 postfix/qmgr[1164]: 3CC4F221B8E: from=<xqu...@pc251270.valfontenay.ratp>, size=473, nrcpt=1 (queue active) Apr 24 17:14:02 pc251270 clamsmtpd: 100000: accepted connection from: 127.0.0.1 Apr 24 17:14:02 pc251270 postfix/smtpd[2010]: connect from localhost[127.0.0.1] Apr 24 17:14:02 pc251270 postfix/smtpd[2010]: 535FA221DD1: client=localhost[127.0.0.1] Apr 24 17:14:02 pc251270 clamsmtpd: 100000: clamav error: /var/spool/clamsmtp/clamsmtpd.9g7gF4: lstat() failed: Permission denied. ERROR Apr 24 17:14:02 pc251270 clamsmtpd: 100000: from=xqu...@pc251270.valfontenay.ratp, to=xquost@localhost, status=CLAMAV-ERROR Thanks, best regards XQ Clamsmtp configuration file : # ------------------------------------------------------------------------------ # SAMPLE CLAMSMTPD CONFIG FILE # ------------------------------------------------------------------------------ # # - Comments are a line that starts with a # # - All the options are found below with their defaults commented out # The address to send scanned mail to. # This option is required unless TransparentProxy is enabled OutAddress: 10026 # The maximum number of connection allowed at once. # Be sure that clamd can also handle this many connections #MaxConnections: 64 # Amount of time (in seconds) to wait on network IO #TimeOut: 180 # Address to listen on (defaults to all local addresses on port 10025) Listen: 127.0.0.1:10025 # The address clamd is listening on ClamAddress: /var/run/clamav/clamd.ctl # A header to add to all scanned email #Header: X-AV-Checked: ClamAV using ClamSMTP # Directory for temporary files TempDirectory: /var/spool/clamsmtp # PidFile: location of PID file PidFile: /var/run/clamsmtp/clamsmtpd.pid # Whether or not to bounce email (default is to silently drop) #Bounce: off # Whether or not to keep virus files #Quarantine: off # Enable transparent proxy support #TransparentProxy: off # User to run as User: clamsmtp # Virus actions: There's an option to run a script every time a # virus is found. Read the man page for clamsmtpd.conf for details. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- LogFile = "/var/log/clamav/clamav.log" StatsHostID = "auto" StatsEnabled disabled StatsPEDisabled = "yes" StatsTimeout = "10" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" PCREMatchLimit = "10000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- StatsHostID disabled StatsEnabled disabled StatsTimeout disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SubmitDetectionStats disabled DetectionStatsCountry disabled DetectionStatsHostID disabled SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.99 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT Database information -------------------- Database directory: /var/lib/clamav daily.cvd: version 21504, sigs: 86604, built on Sun Apr 24 04:36:52 2016 bytecode.cld: version 277, sigs: 47, built on Fri Apr 15 20:57:09 2016 main.cvd: version 57, sigs: 4218790, built on Thu Mar 17 00:17:06 2016 Total number of signatures: 4305441 Platform information -------------------- uname: Linux 4.4.0-0.bpo.1-amd64 #1 SMP Debian 4.4.6-1~bpo8+1 (2016-03-20) x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Debian GNU/Linux 8.4 (jessie) zlib version: 1.2.8 (1.2.8), compile flags: a9 Triple: x86_64-pc-linux-gnu CPU: core-avx2, Little-endian platform id: 0x0a2151510804090201040902 Build information ----------------- GNU C: 4.9.2 (4.9.2) GNU C++: 4.9.2 (4.9.2) CPPFLAGS: -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CXXFLAGS: LDFLAGS: -Wl,-z,relro -Wl,--as-needed -lpcre Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' sizeof(void*) = 8 Engine flevel: 81, dconf: 81 --- data dir --- total 109188 -rw-r--r-- 1 clamav clamav 378368 Apr 24 08:32 bytecode.cld -rw-r--r-- 1 clamav clamav 2273725 Apr 24 16:57 daily.cvd -rw-r--r-- 1 clamav clamav 109143933 Apr 24 16:57 main.cvd -rw------- 1 clamav clamav 52 Apr 24 17:11 mirrors.dat -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages clamav-daemon depends on: ii adduser 3.113+nmu3 ii clamav-base 0.99+dfsg-0+deb8u2 ii clamav-freshclam [clamav-data] 0.99+dfsg-0+deb8u2 ii debconf [debconf-2.0] 1.5.56 ii dpkg 1.17.26 ii init-system-helpers 1.22 ii libc6 2.19-18+deb8u4 ii libclamav7 0.99+dfsg-0+deb8u2 ii libncurses5 5.9+20140913-1+b1 ii libssl1.0.0 1.0.1k-3+deb8u4 ii libsystemd0 215-17+deb8u4 ii libtinfo5 5.9+20140913-1+b1 ii lsb-base 4.1+Debian13+nmu1 ii procps 2:3.3.9-9 ii ucf 3.0030 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages clamav-daemon recommends: ii clamdscan 0.99+dfsg-0+deb8u2 Versions of packages clamav-daemon suggests: pn apparmor <none> pn clamav-docs <none> pn daemon <none> -- debconf information: clamav-daemon/StatsHostID: auto clamav-daemon/LogRotate: true clamav-daemon/FollowDirectorySymlinks: false clamav-daemon/MaxEmbeddedPE: 10M clamav-daemon/MaxHTMLNoTags: 2M clamav-daemon/LogSyslog: false clamav-daemon/AllowAllMatchScan: true clamav-daemon/debconf: true clamav-daemon/SelfCheck: 3600 clamav-daemon/MaxConnectionQueueLength: 15 clamav-daemon/Bytecode: true clamav-daemon/MaxScriptNormalize: 5M clamav-daemon/StatsTimeout: 10 clamav-daemon/FollowFileSymlinks: false clamav-daemon/MaxThreads: 12 clamav-daemon/FixStaleSocket: true clamav-daemon/AddGroups: clamav-daemon/LogFile: /var/log/clamav/clamav.log clamav-daemon/StreamMaxLength: 25 clamav-daemon/ScanMail: true clamav-daemon/ScanOnAccess: false clamav-daemon/BytecodeTimeout: 60000 clamav-daemon/MaxZipTypeRcg: 1M clamav-daemon/TCPSocket: 3310 clamav-daemon/LocalSocketGroup: clamav clamav-daemon/LocalSocketMode: 666 clamav-daemon/MaxHTMLNormalize: 10M clamav-daemon/TCPAddr: any clamav-daemon/MaxDirectoryRecursion: 0 clamav-daemon/StatsPEDisabled: true clamav-daemon/ScanSWF: true clamav-daemon/DisableCertCheck: false clamav-daemon/User: clamav clamav-daemon/BytecodeSecurity: TrustSigned clamav-daemon/TcpOrLocal: UNIX clamav-daemon/ScanArchive: true clamav-daemon/LogTime: true clamav-daemon/ForceToDisk: false clamav-daemon/OnAccessMaxFileSize: 5M clamav-daemon/ReadTimeout: 180 clamav-daemon/StatsEnabled: false clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl _______________________________________________ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel