FS#57669 - [clamav] clamav-daemon socket activation doesn't work
Attached to Project:
Arch Linux
Opened by Neil Darlow (neildarlow) - Tuesday, 27 February 2018, 19:34 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:15 GMT
Opened by Neil Darlow (neildarlow) - Tuesday, 27 February 2018, 19:34 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:15 GMT
|
Details
Description:
The clamav-daemon service is configured with a dependency on a socket activation. This method of operation doesn't work and isn't recommended by the Clamav developers. Additional info: clamav-0.99.3-1 /etc/systemd/system/clamav-daemon.socket.d/override.conf [Socket] BindToDevice=tap0 ListenStream= ListenStream=192.168.1.1:3310 To explain the above. I run clamd to listen on a TUN/TAP interface at address 192.168.1.1. Multiple clients running a clamav-milter instance are on the 192.168.1.x/24 subnet. The BindToInterface assures that clamd only listens on that subnet and forces an After= dependency on the tap0 interface. Examining the clamav-milter logfiles of the clients shows that no clamd servers are available at one minute intervals. Executing a systemctl status clamav-daemon.service returns the daemon being in a dead state due to a failed dependency. clamd does not run. Executing systemctl start clamav-daemon manually results in clamd starting and the clamav-milter clients then successfully connect. Prior to the package update which introduced socket activation my use case worked. After the introduction of socket activation operation is broken. Steps to reproduce: 1) Put the above clamav-daemon.socket drop-in in place 2) Execute systemctl enable clamav-freshclam.service 3) Execute systemctl start clamav-freshclam.service and allow time for the databases to download 4) Execute systemctl enable clamav-daemon.service (which also adds the clamav-daemon.socket symlink) 5) Wait some time and observe that clamav-milter clients cannot connect to clamd and no clamd process is started 6) Execute systemctl start clamav-daemon.service and note that operation proceeds as expected |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:15 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/clamav/issues/1
Saturday, 25 November 2023, 20:15 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/clamav/issues/1
For network sockets the clamav-daemon.socket file requires two additions:
[Socket]
FreeBind=true
ReusePort=true
The first allows reception of data packets on the socket before the associated daemon starts. Without this setting clamd will not start.
The second permits multiple connections to the socket. I have a feeling that even filesystem socket operation will benefit from having this setting.
I will communicate this information upstream.
With ClamAV 1.0.1 I still need to override clamav-daemon.socket with something like:
[Socket]
ListenStream=
ListenStream=/run/clamav/clamd.ctl
ListenStream=127.0.0.1:3310
To get clamd listening at the /etc/clamav/clamd.conf configured TCP port.