Package: clamav-daemon
Version: 0.99.2+dfsg-0+deb8u1
Severity: important
Dear Maintainer,
I just upgraded three Debian exim mail servers from clamav 0.99 to clamav
0.99.2 and now all three mail servers are broken. That is, I have LocalSocket
defined in /etc/clamav/clamd.conf as follows:
LocalSocket /var/run/clamav/clamd.ctl
However, the /var/run/clamav/clamd.ctl socket is never created on any of the
three systems. Furthermore, the /var/run/clamav directory is never created at
boot time either. So, could this be a systemd issue? The bottom line is that
clamav is now totally broken which has subsequently broken exim's virus
checking as well. freshclam reports the following in /var/log/freshclam.log:
WARNING: Clamd was NOT notified: Can't connect to clamd through
/var/run/clamav/clamd.ctl: No such file or directory
This problem breaks my exim servers' mail processing whereby exim issues
temporary rejections when any external mail delivery is attempted since the
clamav socket cannot be accessed. The exim logs reports the following in
/var/log/exim4/mainlog:
2016-07-02 09:53:12 1bJLM8-0001oO-6m malware acl condition: clamd: unable
to connect to UNIX socket (/var/run/clamav/clamd.ctl): No such file or directory
2016-07-02 09:53:12 1bJLM8-0001oO-6m H=mail-it0-f41.google.com
[209.85.214.41] X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 F=<anyu...@gmail.com>
temporarily rejected after DATA
Therefore, I had to disable the clamav virus checks by exim in order to get the
mail processed but obviously without virus checking.
clamav 0.99 was working perfectly with my configuration prior to this upgrade
and I have not changed anything otherwise.
How do I get clamav 0.99.2 to play nicely with exim on Debian? Is this a
regression in Debian's clamav 0.99.2 or systemd? I have another server running
FreeBSD with clamav 0.99.2 and exim configured almost identically and working
perfectly without these problems. So, this is most certainly a Debian Clamav
issue (or systemd related) and not an upstream clamav issue.
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
StatsHostID = "auto"
StatsEnabled disabled
StatsPEDisabled = "yes"
StatsTimeout = "10"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/lib/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent = "/bin/echo `date +%F_%T`" - clamAV rejection: %v" >>
/var/log/clamav/virusrejects_today.log"
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "10"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
Config file: freshclam.conf
---------------------------
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.99.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2
LIBXML2 PCRE ICONV JSON JIT
Database information
--------------------
Database directory: /var/lib/clamav
bytecode.cld: version 283, sigs: 53, built on Thu Jun 23 11:01:37 2016
daily.cld: version 21841, sigs: 382998, built on Mon Jul 4 06:30:17 2016
main.cvd: version 57, sigs: 4218790, built on Wed Mar 16 19:17:06 2016
Total number of signatures: 4601841
Platform information
--------------------
uname: Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02)
x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 8.5 (jessie)
zlib version: 1.2.8 (1.2.8), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: core-avx-i, Little-endian
platform id: 0x0a2152520804090201040902
Build information
-----------------
GNU C: 4.9.2 (4.9.2)
GNU C++: 4.9.2 (4.9.2)
CPPFLAGS: -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security
-Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE
CXXFLAGS:
LDFLAGS: -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=/usr/include' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode'
'--disable-dependency-tracking' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64'
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-fPIE
-pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav'
'--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar'
'--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld'
'-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic'
'--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu'
sizeof(void*) = 8
Engine flevel: 82, dconf: 82
--- data dir ---
total 132332
-rw-r--r-- 1 clamav clamav 446464 Jun 23 11:31 bytecode.cld
-rw-rw-r-- 1 clamav clamav 5 Jul 4 10:21 clamd.pid
-rw-r--r-- 1 clamav clamav 25905152 Jul 4 07:29 daily.cld
-rw-r--r-- 1 clamav clamav 109143933 Mar 17 09:21 main.cvd
-rw------- 1 clamav clamav 1092 Jul 4 10:12 mirrors.dat
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages clamav-daemon depends on:
ii adduser 3.113+nmu3
ii clamav-base 0.99.2+dfsg-0+deb8u1
ii clamav-freshclam [clamav-data] 0.99.2+dfsg-0+deb8u1
ii debconf [debconf-2.0] 1.5.56
ii dpkg 1.17.27
ii init-system-helpers 1.22
ii libc6 2.19-18+deb8u4
ii libclamav7 0.99.2+dfsg-0+deb8u1
ii libncurses5 5.9+20140913-1+b1
ii libssl1.0.0 1.0.1t-1+deb8u2
ii libsystemd0 215-17+deb8u4
ii libtinfo5 5.9+20140913-1+b1
ii lsb-base 4.1+Debian13+nmu1
ii procps 2:3.3.9-9
ii ucf 3.0030
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages clamav-daemon recommends:
ii clamdscan 0.99.2+dfsg-0+deb8u1
Versions of packages clamav-daemon suggests:
pn apparmor <none>
pn clamav-docs <none>
pn daemon <none>
-- debconf information:
clamav-daemon/LocalSocketMode: 666
clamav-daemon/LogRotate: true
clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/LogFile: /var/log/clamav/clamav.log
clamav-daemon/ScanOnAccess: false
clamav-daemon/BytecodeSecurity: TrustSigned
clamav-daemon/TCPAddr: any
clamav-daemon/ScanArchive: true
clamav-daemon/AddGroups: Debian-exim
clamav-daemon/StatsTimeout: 10
clamav-daemon/LogTime: true
clamav-daemon/DisableCertCheck: false
clamav-daemon/LocalSocket: unix:/var/run/clamav/clamd.ctl
clamav-daemon/MaxDirectoryRecursion: 15
clamav-daemon/AllowAllMatchScan: true
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/StatsHostID: auto
clamav-daemon/StreamMaxLength: 25
clamav-daemon/ForceToDisk: false
clamav-daemon/User: clamav
clamav-daemon/LocalSocketGroup: clamav
clamav-daemon/ScanMail: true
clamav-daemon/LogSyslog: false
clamav-daemon/FollowFileSymlinks: false
clamav-daemon/MaxConnectionQueueLength: 15
clamav-daemon/ScanSWF: true
clamav-daemon/MaxScriptNormalize: 5M
clamav-daemon/MaxHTMLNormalize: 10M
clamav-daemon/StatsEnabled: false
clamav-daemon/SelfCheck: 3600
clamav-daemon/TCPSocket: 3310
clamav-daemon/FixStaleSocket: true
clamav-daemon/ReadTimeout: 180
clamav-daemon/TcpOrLocal: TCP
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/OnAccessMaxFileSize: 5M
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/MaxEmbeddedPE: 10M
clamav-daemon/MaxThreads: 12
clamav-daemon/StatsPEDisabled: true
clamav-daemon/Bytecode: true
clamav-daemon/debconf: true
