ClamAV 似乎在 Debian 12(bookworm)上有一个错误,导致它很难在 TCP 3310 上监听。
我尝试了
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042377
毫无效果。我也试过
https://bbs.archlinux.org/viewtopic.php?id=233951
然后跑了
dpkg-reconfigure clamav-daemon
就像建议的那样
Debian 8:无法让 ClamAV 监听 TCP 3310
有什么想法吗?谢谢。这是我的配置文件、clamav 日志文件以及重新启动服务和检查 clamd 监听位置的命令。
/etc/systemd/system/clamav-daemon.service.d/tcp-socket.conf
[Socket]
ListenStream=3310
/etc/clamav/clamd.conf
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
TCPSocket 3310
TCPAddr 127.0.0.1
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail false
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 50M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M
/var/log/clamav/clamav.log
Sat Dec 16 01:23:16 2023 -> +++ Started at Sat Dec 16 01:23:16 2023
Sat Dec 16 01:23:16 2023 -> Received 1 file descriptor(s) from systemd.
Sat Dec 16 01:23:16 2023 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Sat Dec 16 01:23:16 2023 -> Log file size limited to 4294967295 bytes.
Sat Dec 16 01:23:16 2023 -> Reading databases from /var/lib/clamav
Sat Dec 16 01:23:16 2023 -> Not loading PUA signatures.
Sat Dec 16 01:23:16 2023 -> Bytecode: Security mode set to "TrustSigned".
Sat Dec 16 01:23:27 2023 -> Loaded 8680737 signatures.
Sat Dec 16 01:23:29 2023 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Sat Dec 16 01:23:29 2023 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
Sat Dec 16 01:23:29 2023 -> Limits: Global time limit set to 120000 milliseconds.
Sat Dec 16 01:23:29 2023 -> Limits: Global size limit set to 104857600 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: File size limit set to 26214400 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: Recursion level limit set to 16.
Sat Dec 16 01:23:29 2023 -> Limits: Files limit set to 10000.
Sat Dec 16 01:23:29 2023 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxPartitions limit set to 50.
Sat Dec 16 01:23:29 2023 -> Limits: MaxIconsPE limit set to 100.
Sat Dec 16 01:23:29 2023 -> Limits: MaxRecHWP3 limit set to 16.
Sat Dec 16 01:23:29 2023 -> Limits: PCREMatchLimit limit set to 10000.
Sat Dec 16 01:23:29 2023 -> Limits: PCRERecMatchLimit limit set to 5000.
Sat Dec 16 01:23:29 2023 -> Limits: PCREMaxFileSize limit set to 26214400.
Sat Dec 16 01:23:29 2023 -> Archive support enabled.
Sat Dec 16 01:23:29 2023 -> AlertExceedsMax heuristic detection disabled.
Sat Dec 16 01:23:29 2023 -> Heuristic alerts enabled.
Sat Dec 16 01:23:29 2023 -> Portable Executable support enabled.
Sat Dec 16 01:23:29 2023 -> ELF support enabled.
Sat Dec 16 01:23:29 2023 -> Mail files support disabled.
Sat Dec 16 01:23:29 2023 -> OLE2 support enabled.
Sat Dec 16 01:23:29 2023 -> PDF support enabled.
Sat Dec 16 01:23:29 2023 -> SWF support enabled.
Sat Dec 16 01:23:29 2023 -> HTML support enabled.
Sat Dec 16 01:23:29 2023 -> XMLDOCS support enabled.
Sat Dec 16 01:23:29 2023 -> HWP3 support enabled.
Sat Dec 16 01:23:29 2023 -> Self checking every 3600 seconds.
命令和输出:
# systemctl stop clamav-daemon.socket
# systemctl stop clamav-daemon.service
# systemctl daemon-reload
# systemctl start clamav-daemon.service
# systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf, tcp-socket.conf
Active: active (running) since Sat 2023-12-16 01:31:15 CET; 8s ago
TriggeredBy: ● clamav-daemon.socket
Docs: man:clamd(8)
man:clamd.conf(5)
https://docs.clamav.net/
Process: 2741989 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
Process: 2741990 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
Main PID: 2741991 (clamd)
Tasks: 1 (limit: 76845)
Memory: 1.0G
CPU: 8.734s
CGroup: /system.slice/clamav-daemon.service
└─2741991 /usr/sbin/clamd --foreground=true
systemd[1]: Starting clamav-daemon.service - Clam AntiVirus userspace daemon...
systemd[1]: Started clamav-daemon.service - Clam AntiVirus userspace daemon.
# netstat -anp | grep -E "(Active|State|clam|3310)"
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 3 [ ] STREAM CONNECTED 7558837 2741991/clamd
unix 3 [ ] STREAM CONNECTED 7472325 2675419/freshclam
unix 2 [ ACC ] STREAM LISTENING 7562309 1/systemd /run/clamav/clamd.ctl
答案1
我刚刚自己发现了错误:
tcp-socket.conf包含的文件
[Socket]
ListenStream=3310
必须存储在
/etc/systemd/system/clamav-daemon.socket.d而不是在
/etc/systemd/system/clamav-daemon.service.d
现在它正常工作了!我发现使用
journalctl -u clamav-daemon
其中包括警告
/etc/systemd/system/clamav-daemon.service.d/tcp-socket.conf:1: Unknown section 'Socket'. Ignoring.
答案2
实际上我发现编辑起来更容易/etc/systemd/system/sockets.target.wants/clamav-daemon.socket。已经有[Socket]部分内容,你只需要删除或注释掉以下行
ListenStream=/run/clamav/clamd.ctl
并取消注释下一ListenStream行,可选择将端口更改为 3310。
还有一件至关重要的事情:完成更改后,你必须使用以下命令重新加载 systemd 配置
systemctl daemon-reload
然后重新启动clamav-daemon,一切就设置好了。
请注意,如果不重新加载 systemd 配置,ClamAV 将看不到新的套接字配置,并且仍将绑定到本地套接字。我花了一些时间才弄清楚。
完整的/etc/systemd/system/sockets.target.wants/clamav-daemon.socket文件看起来应该像这样:
[Unit]
Description=Socket for Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
[Socket]
#ListenStream=/run/clamav/clamd.ctl
ListenStream=3310
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True
[Install]
WantedBy=sockets.target