Debian 12:无法让 ClamAV 监听 TCP 3310

Debian 12:无法让 ClamAV 监听 TCP 3310

ClamAV 似乎在 Debian 12(bookworm)上有一个错误,导致它很难在 TCP 3310 上监听。

我尝试了

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042377

毫无效果。我也试过

https://bbs.archlinux.org/viewtopic.php?id=233951

然后跑了

dpkg-reconfigure clamav-daemon

就像建议的那样

Debian 8:无法让 ClamAV 监听 TCP 3310

有什么想法吗?谢谢。这是我的配置文件、clamav 日志文件以及重新启动服务和检查 clamd 监听位置的命令。

/etc/systemd/system/clamav-daemon.service.d/tcp-socket.conf

[Socket]
ListenStream=3310

/etc/clamav/clamd.conf

#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
TCPSocket 3310
TCPAddr 127.0.0.1
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail false
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 50M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M

/var/log/clamav/clamav.log

Sat Dec 16 01:23:16 2023 -> +++ Started at Sat Dec 16 01:23:16 2023
Sat Dec 16 01:23:16 2023 -> Received 1 file descriptor(s) from systemd.
Sat Dec 16 01:23:16 2023 -> clamd daemon 1.0.3 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Sat Dec 16 01:23:16 2023 -> Log file size limited to 4294967295 bytes.
Sat Dec 16 01:23:16 2023 -> Reading databases from /var/lib/clamav
Sat Dec 16 01:23:16 2023 -> Not loading PUA signatures.
Sat Dec 16 01:23:16 2023 -> Bytecode: Security mode set to "TrustSigned".
Sat Dec 16 01:23:27 2023 -> Loaded 8680737 signatures.
Sat Dec 16 01:23:29 2023 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Sat Dec 16 01:23:29 2023 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
Sat Dec 16 01:23:29 2023 -> Limits: Global time limit set to 120000 milliseconds.
Sat Dec 16 01:23:29 2023 -> Limits: Global size limit set to 104857600 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: File size limit set to 26214400 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: Recursion level limit set to 16.
Sat Dec 16 01:23:29 2023 -> Limits: Files limit set to 10000.
Sat Dec 16 01:23:29 2023 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sat Dec 16 01:23:29 2023 -> Limits: MaxPartitions limit set to 50.
Sat Dec 16 01:23:29 2023 -> Limits: MaxIconsPE limit set to 100.
Sat Dec 16 01:23:29 2023 -> Limits: MaxRecHWP3 limit set to 16.
Sat Dec 16 01:23:29 2023 -> Limits: PCREMatchLimit limit set to 10000.
Sat Dec 16 01:23:29 2023 -> Limits: PCRERecMatchLimit limit set to 5000.
Sat Dec 16 01:23:29 2023 -> Limits: PCREMaxFileSize limit set to 26214400.
Sat Dec 16 01:23:29 2023 -> Archive support enabled.
Sat Dec 16 01:23:29 2023 -> AlertExceedsMax heuristic detection disabled.
Sat Dec 16 01:23:29 2023 -> Heuristic alerts enabled.
Sat Dec 16 01:23:29 2023 -> Portable Executable support enabled.
Sat Dec 16 01:23:29 2023 -> ELF support enabled.
Sat Dec 16 01:23:29 2023 -> Mail files support disabled.
Sat Dec 16 01:23:29 2023 -> OLE2 support enabled.
Sat Dec 16 01:23:29 2023 -> PDF support enabled.
Sat Dec 16 01:23:29 2023 -> SWF support enabled.
Sat Dec 16 01:23:29 2023 -> HTML support enabled.
Sat Dec 16 01:23:29 2023 -> XMLDOCS support enabled.
Sat Dec 16 01:23:29 2023 -> HWP3 support enabled.
Sat Dec 16 01:23:29 2023 -> Self checking every 3600 seconds.

命令和输出:

# systemctl stop clamav-daemon.socket
# systemctl stop clamav-daemon.service
# systemctl daemon-reload
# systemctl start clamav-daemon.service
# systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/clamav-daemon.service.d
             └─extend.conf, tcp-socket.conf
     Active: active (running) since Sat 2023-12-16 01:31:15 CET; 8s ago
TriggeredBy: ● clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
    Process: 2741989 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
    Process: 2741990 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
   Main PID: 2741991 (clamd)
      Tasks: 1 (limit: 76845)
     Memory: 1.0G
        CPU: 8.734s
     CGroup: /system.slice/clamav-daemon.service
             └─2741991 /usr/sbin/clamd --foreground=true

systemd[1]: Starting clamav-daemon.service - Clam AntiVirus userspace daemon...
systemd[1]: Started clamav-daemon.service - Clam AntiVirus userspace daemon.

# netstat -anp | grep -E "(Active|State|clam|3310)"
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  3      [ ]         STREAM     CONNECTED     7558837  2741991/clamd
unix  3      [ ]         STREAM     CONNECTED     7472325  2675419/freshclam
unix  2      [ ACC ]     STREAM     LISTENING     7562309  1/systemd            /run/clamav/clamd.ctl

答案1

我刚刚自己发现了错误:

tcp-socket.conf包含的文件

[Socket]
ListenStream=3310

必须存储在

/etc/systemd/system/clamav-daemon.socket.d而不是在

/etc/systemd/system/clamav-daemon.service.d

现在它正常工作了!我发现使用

journalctl -u clamav-daemon

其中包括警告

/etc/systemd/system/clamav-daemon.service.d/tcp-socket.conf:1: Unknown section 'Socket'. Ignoring.

答案2

实际上我发现编辑起来更容易/etc/systemd/system/sockets.target.wants/clamav-daemon.socket。已经有[Socket]部分内容,你只需要删除或注释掉以下行

ListenStream=/run/clamav/clamd.ctl

并取消注释下一ListenStream行,可选择将端口更改为 3310。

还有一件至关重要的事情:完成更改后,你必须使用以下命令重新加载 systemd 配置

systemctl daemon-reload

然后重新启动clamav-daemon,一切就设置好了。

请注意,如果不重新加载 systemd 配置,ClamAV 将看不到新的套接字配置,并且仍将绑定到本地套接字。我花了一些时间才弄清楚。

完整的/etc/systemd/system/sockets.target.wants/clamav-daemon.socket文件看起来应该像这样:

[Unit]
Description=Socket for Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Socket]
#ListenStream=/run/clamav/clamd.ctl
ListenStream=3310
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True

[Install]
WantedBy=sockets.target

相关内容