Package: clamav-daemon Version: 0.102.4+dfsg-0+deb10u1 Severity: normal Dear Maintainer
clamd occasionaly runs in an out of memory situation and is killed on my system. So it would be nice to have it automatically restarted. With Bugfix: #250008 the init file has been adapted for clamd to run under 'daemon' supervision. The README.Debian also describes this fact. Unfortunately I didn't manage to get clamd started under daemon supervision. I fear that this is due that since then, debian moved to systemd and the .service file is starting clamd directly. Please advise how the systemd config has to be changed to achieve the same result. I believe systemd can directly supervise a daemon, but I don't know where to find that switch. -Benoit- -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName = "ClamAV" LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground = "yes" Debug disabled LeaveTemporaryFiles disabled User = "clamav" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail disabled ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertEncrypted disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime = "120000" MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled OnAccessCurlTimeout = "5000" OnAccessMaxThreads = "5" OnAccessRetryAttempts disabled OnAccessDenyOnError disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled AlgorithmicDetection = "yes" BlockMax disabled PhishingAlwaysBlockSSLMismatch disabled PhishingAlwaysBlockCloak disabled PartitionIntersection disabled OLE2BlockMacros disabled ArchiveBlockEncrypted disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav/" Foreground disabled Debug disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled ExcludeDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.102.4 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information -------------------- Database directory: /var/lib/clamav/ WARNING: freshclam.conf and clamd.conf point to different database directories daily.cld: version 25910, sigs: 4051268, built on Tue Aug 25 15:15:49 2020 main.cld: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019 bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019 Total number of signatures: 8616264 Platform information -------------------- uname: Linux 4.19.0-9-686-pae #1 SMP Debian 4.19.118-2 (2020-04-29) i686 OS: linux-gnu, ARCH: i386, CPU: i686 Full OS version: Debian GNU/Linux 10 (buster) zlib version: 1.2.11 (1.2.11), compile flags: 55 platform id: 0x0a1173730400000000080300 Build information ----------------- GNU C: 8.3.0 (8.3.0) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=i686-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/i386-linux-gnu' '--libexecdir=/usr/lib/i386-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=i686-linux-gnu' 'OBJCFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security' sizeof(void*) = 4 Engine flevel: 115, dconf: 115 --- data dir --- total 615628 -rw-r--r-- 1 clamav clamav 1458176 Sep 19 2019 bytecode.cld -rw-r--r-- 1 clamav clamav 321527808 Aug 25 16:00 daily.cld -rw-r--r-- 1 clamav clamav 307403264 Nov 25 2019 main.cld -rw------- 1 clamav clamav 1300 Feb 9 2020 mirrors.dat -- System Information: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.19.0-9-686-pae (SMP w/2 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=de_CH:de_DE:de:en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages clamav-daemon depends on: ii adduser 3.118 ii clamav-base 0.102.4+dfsg-0+deb10u1 ii clamav-freshclam [clamav-data] 0.102.4+dfsg-0+deb10u1 ii debconf [debconf-2.0] 1.5.71 ii dpkg 1.19.7 ii libc6 2.28-10 ii libclamav9 0.102.4+dfsg-0+deb10u1 ii libcurl4 7.64.0-4+deb10u1 ii libncurses6 6.1+20181013-2+deb10u2 ii libssl1.1 1.1.1d-0+deb10u3 ii libsystemd0 241-7~deb10u4 ii libtinfo6 6.1+20181013-2+deb10u2 ii lsb-base 10.2019051400 ii procps 2:3.3.15-2 ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages clamav-daemon recommends: ii clamdscan 0.102.4+dfsg-0+deb10u1 Versions of packages clamav-daemon suggests: ii apparmor 2.13.2-10 pn clamav-docs <none> ii daemon 0.6.4-1+b2 pn libclamunrar <none> -- debconf information: * clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl clamav-daemon/MaxHTMLNoTags: 2M clamav-daemon/StatsHostID: auto clamav-daemon/ScanOnAccess: false clamav-daemon/FollowDirectorySymlinks: false * clamav-daemon/MaxThreads: 12 * clamav-daemon/FollowFileSymlinks: false clamav-daemon/OnAccessMaxFileSize: 5M * clamav-daemon/BytecodeSecurity: TrustSigned * clamav-daemon/MaxDirectoryRecursion: 15 * clamav-daemon/MaxConnectionQueueLength: 15 * clamav-daemon/ScanArchive: true * clamav-daemon/BytecodeTimeout: 60000 clamav-daemon/MaxScriptNormalize: 5M clamav-daemon/StatsTimeout: 10 * clamav-daemon/LogSyslog: false * clamav-daemon/LocalSocketGroup: clamav * clamav-daemon/FixStaleSocket: true * clamav-daemon/LogRotate: true clamav-daemon/MaxZipTypeRcg: 1M * clamav-daemon/SelfCheck: 600 clamav-daemon/ForceToDisk: false * clamav-daemon/ReadTimeout: 180 * clamav-daemon/TcpOrLocal: UNIX clamav-daemon/TCPSocket: 3310 clamav-daemon/StatsEnabled: false * clamav-daemon/LogFile: /var/log/clamav/clamav.log * clamav-daemon/LocalSocketMode: 666 * clamav-daemon/AddGroups: clamav-daemon/DisableCertCheck: false clamav-daemon/ScanSWF: true * clamav-daemon/User: clamav clamav-daemon/StatsPEDisabled: true * clamav-daemon/ScanMail: false * clamav-daemon/debconf: true * clamav-daemon/Bytecode: true clamav-daemon/AllowAllMatchScan: true * clamav-daemon/LogTime: true clamav-daemon/TCPAddr: any * clamav-daemon/StreamMaxLength: 25 clamav-daemon/MaxEmbeddedPE: 10M clamav-daemon/MaxHTMLNormalize: 10M
