That is suspicious that /run/clamav/clamd.ctl socket has no permissions. Do Code: sudo chmod a+rw /run/clamav/clamd.ctl Then test if clamav runs. See in the logs.
/etc/apt/sources.list Code: # deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted # deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted # deb http://security.ubuntu.com/ubuntu bionic-security main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ bionic universe # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic universe deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://us.archive.ubuntu.com/ubuntu/ bionic multiverse # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic multiverse deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu bionic partner # deb-src http://archive.canonical.com/ubuntu bionic partner deb http://security.ubuntu.com/ubuntu bionic-security main restricted # deb-src http://security.ubuntu.com/ubuntu bionic-security main restricted deb http://security.ubuntu.com/ubuntu bionic-security universe # deb-src http://security.ubuntu.com/ubuntu bionic-security universe deb http://security.ubuntu.com/ubuntu bionic-security multiverse # deb-src http://security.ubuntu.com/ubuntu bionic-security multiverse ls -la /etc/apt/sources.list.d/ total 8 drwxr-xr-x 2 root root 4096 Apr 20 2018 . drwxr-xr-x 6 root root 4096 Nov 4 21:15 ..
apt-cache policy clamav clamav: Installed: 0.100.2+dfsg-1ubuntu0.18.04.1 Candidate: 0.100.2+dfsg-1ubuntu0.18.04.1 Version table: *** 0.100.2+dfsg-1ubuntu0.18.04.1 500 500 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 100 /var/lib/dpkg/status 0.99.4+addedllvm-0ubuntu1 500 500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
I have also run sudo chmod a+rw /run/clamav/clamd.ctl but still the problem looks like the same. Code: Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d `-extend.conf Active: active (running) since Sun 2018-11-04 21:18:09 IST; 3s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 17697 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 17696 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE) Main PID: 17698 (clamd) Tasks: 1 (limit: 4915) CGroup: /system.slice/clamav-daemon.service `-17698 /usr/sbin/clamd --foreground=true Nov 04 21:18:09 server2 systemd[1]: Starting Clam AntiVirus userspace daemon... Nov 04 21:18:09 server2 mkdir[17696]: /bin/mkdir: cannot create directory '/run/clamav': File exists Nov 04 21:18:09 server2 systemd[1]: Started Clam AntiVirus userspace daemon.
You did not say what you have installed from bionic-backports. My quess is stuff installed from there has broken something. Unless you have modified clamav settings yourself?
chmod a+rw /run/clamav/clamd.ctl root@server2:/# systemctl restart clamav-daemon root@server2:/# service clamav-daemon status * clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d `-extend.conf Active: failed (Result: exit-code) since Sun 2018-11-04 23:28:55 IST; 2s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 25487 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE) Process: 25486 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 25485 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE) Main PID: 25487 (code=exited, status=1/FAILURE) Nov 04 23:28:36 server2 systemd[1]: Starting Clam AntiVirus userspace daemon... Nov 04 23:28:36 server2 mkdir[25485]: /bin/mkdir: cannot create directory '/run/clamav': File exists Nov 04 23:28:36 server2 systemd[1]: Started Clam AntiVirus userspace daemon. Nov 04 23:28:55 server2 clamd[25487]: Sun Nov 4 23:28:55 2018 -> !Failed to change socket ownership to group clamav Nov 04 23:28:55 server2 systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE Nov 04 23:28:55 server2 systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.
I read elsewhere that it could be the /etc/password issue the passwd entry in the file looks like this: cat /etc/passwd | grep 'clam' clamav:x:113:121::/var/lib/clamav:/bin/false so is the entry above okay or it needs change?
Tried after removing systemctl restart clamav-daemon systemctl status clamav-daemon.service * clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d `-extend.conf Active: failed (Result: exit-code) since Mon 2018-11-05 00:18:45 IST; 48s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 3578 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE) Process: 3577 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 3576 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS) Main PID: 3578 (code=exited, status=1/FAILURE) Nov 05 00:18:26 server2 systemd[1]: Starting Clam AntiVirus userspace daemon... Nov 05 00:18:26 server2 systemd[1]: Started Clam AntiVirus userspace daemon. Nov 05 00:18:45 server2 clamd[3578]: Mon Nov 5 00:18:45 2018 -> !Failed to change socket ownership to group clamav Nov 05 00:18:45 server2 systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE Nov 05 00:18:45 server2 systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.
What have you done in addition to the Perfect Server Guide? What did you install from backports? What settings have you altered?
No sure Taleman, I am not that expert to answer what you mean. but yes I have build some custom php like 7.0.32 and 5.4.45 which I have installed, besides that I have installed a package policyd-rate-limit but I am still trying to make it work. I don't remember anything besides this.
Are you still working on this? I think you should reconfigure clamav, seems it is somehow messed up now. Try Code: sudo dpkg-reconfigure clamav-daemon Then test like before and look at file /var/log/clamav/clamav.log. If this does not help, increase log verbosity in /etc/clamav/clamd.conf, change the line Code: LogVerbose false to Code: LogVerbose true
Hi Taleman, I have run the command as below: apt-get purge clamav-daemon apt-get -y install clamav-daemon sudo dpkg-reconfigure clamav-daemon - accepted all default values. updated /etc/clamav/clamd.conf - LogVerbose true The logs are like this: Code: Mon Nov 5 17:16:05 2018 -> Received 0 file descriptor(s) from systemd. Mon Nov 5 17:16:05 2018 -> clamd daemon 0.100.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Nov 5 17:16:05 2018 -> Running as user clamav (UID 113, GID 121) Mon Nov 5 17:16:05 2018 -> Log file size limited to 4294967295 bytes. Mon Nov 5 17:16:05 2018 -> Reading databases from /var/lib/clamav Mon Nov 5 17:16:05 2018 -> Not loading PUA signatures. Mon Nov 5 17:16:05 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Nov 5 17:16:22 2018 -> Loaded 6701352 signatures. Mon Nov 5 17:16:25 2018 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Mon Nov 5 17:16:25 2018 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Mon Nov 5 17:16:25 2018 -> LOCAL: Setting connection queue length to 15 Mon Nov 5 17:16:25 2018 -> ERROR: Failed to change socket ownership to group clamav Mon Nov 5 17:17:40 2018 -> +++ Started at Mon Nov 5 17:17:40 2018 Mon Nov 5 17:17:40 2018 -> Received 0 file descriptor(s) from systemd. Mon Nov 5 17:17:40 2018 -> clamd daemon 0.100.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Nov 5 17:17:40 2018 -> Running as user clamav (UID 113, GID 121) Mon Nov 5 17:17:40 2018 -> Log file size limited to 4294967295 bytes. Mon Nov 5 17:17:40 2018 -> Reading databases from /var/lib/clamav Mon Nov 5 17:17:40 2018 -> Not loading PUA signatures. Mon Nov 5 17:17:40 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Nov 5 17:17:57 2018 -> Loaded 6701352 signatures. Mon Nov 5 17:17:59 2018 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Mon Nov 5 17:17:59 2018 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Mon Nov 5 17:17:59 2018 -> LOCAL: Setting connection queue length to 15 Mon Nov 5 17:17:59 2018 -> ERROR: Failed to change socket ownership to group clamav Mon Nov 5 17:17:59 2018 -> Closing the main socket.
The log shows clamav-daemoin runs as user clamav group 121, and gid 121 is dovecot (on your host). I don't know why the groups are messed up like this. Try adding clamav user to group clamav. That might fix this. Did you copy /etc/passwd or /etc/groups from some other host?
Thanks Till and Taleman, I think the issue is resolved now. Run the command usermod -a -G clamav clamav and now it looks like working fine the command service clamav-daemon status show like this: Code: * clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d `-extend.conf Active: active (running) since Mon 2018-11-05 18:12:26 IST; 2min 38s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 31093 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 31092 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS) Main PID: 31094 (clamd) Tasks: 2 (limit: 4915) CGroup: /system.slice/clamav-daemon.service `-31094 /usr/sbin/clamd --foreground=true Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> Mail files support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> OLE2 support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> PDF support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> SWF support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> HTML support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> XMLDOCS support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> HWP3 support enabled. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> Self checking every 3600 seconds. Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> *Listening daemon: PID: 31094 Nov 05 18:12:45 server2 clamd[31094]: Mon Nov 5 18:12:45 2018 -> *MaxQueue set to: 100