Clamd and systemd

Bill Shirley bshirley at memphis.apirx.biz
Wed Sep 19 11:36:02 UTC 2012 

On 9/19/2012 5:47 AM, Arthur Dent wrote:
>> "What tells it that it is a "scan" service? That bit of the puzzle seems
>> to be missing..."
>>
>> Whatever is the parameter after the @ and before the dot  becomes %i in
>> the service file.  Look at the service file:
>> [Unit]
>> Description = clamd scanner (%i) daemon
>> After = syslog.target nss-lookup.target network.target
>>
>> [Service]
>> Type = simple
>> ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --nofork=yes
>> Restart = on-failure
>> PrivateTmp = true
>>
>> so clamd at scan.service invokes clamd with the scan.conf file as it's
>> configuration file.
>> This way you can have multiple clamd services each using a different
>> config file.  Just create another config file in
>> /etc/clamd.d/my_config.conf and:
>> ln -s /lib/systemd/system/clamd at .service
>> /etc/systemd/system/clamd at my_config.service
>>
>> You should have the /etc/clamd.d/scan.conf I think:
>>
>> [root at moses shorewall]# rpm -qf /etc/clamd.d/scan.conf
>> clamav-scanner-0.97.5-1700.fc17.noarch
> Thank you Bill for a helpful and, more importantly, informative reply. I
> think this will not only help me to solve my problem but, even better,
> help me to understand where I was going wrong.
>
> As before, I don't have access to the machine right now, so i will try
> when I get home to work through this and get it right.
>
> I will once again report back later...
>
> Thanks again. Your help is much appreciated.
>
> Mark
>
>

You mentioned scanning email.  I run clamav-milter and stop the virus at 
smtp time.  You may find this helpful:

[root at moses clamav]# rpm -qa | grep clam | sort
clamav-data-0.97.5-1700.fc17.noarch
clamav-filesystem-0.97.5-1700.fc17.noarch
clamav-lib-0.97.5-1700.fc17.x86_64
clamav-milter-0.97.5-1700.fc17.x86_64
clamav-milter-systemd-0.97.5-1700.fc17.noarch
clamav-scanner-0.97.5-1700.fc17.noarch
clamav-scanner-systemd-0.97.5-1700.fc17.noarch
clamav-server-0.97.5-1700.fc17.x86_64
clamav-server-systemd-0.97.5-1700.fc17.noarch
clamav-update-0.97.5-1700.fc17.x86_64

For clamav-milter, I had to add clamilt to the postfix group (usermod -a 
-G postfix clamilt):
[root at moses clamav]# egrep 'post|clam' /etc/group
mail:x:12:postfix
postfix:x:89:clamilt
postdrop:x:90:
clamscan:x:987:clamilt
clamilt:x:988:postfix
clamupdate:x:989:


Add to the end of /etc/mail/clamav-milter.conf:
# my stuff
# be sure to comment out above: Example

ClamdSocket             unix:/var/run/clamd.scan/clamd.sock
MilterSocket            /var/run/clamav-milter/clamav-milter.socket
##MilterSocket          inet:3381
# usermod -a -G postfix clamilt
MilterSocketGroup       postfix
MilterSocketMode        660

OnInfected              Reject
AddHeader               Replace

#LogFile                /var/log/clamav-milter.log
#LogFileMaxSize         1M
#LogTime                yes
LogSyslog               yes
LogFacility             LOG_MAIL
#LogVerbose             no
LogClean                Basic
LogInfected             Full

Add to postfix's main.cf:
# usermod -a -G clamilt postfix
smtpd_milters = unix:/var/run/clamav-milter/clamav-milter.socket
#milter_default_action = accept
milter_default_action = tempfail

I can't remember if I had to create the directory, but here is that info:
[root at moses clamav]# ldpz /var/run/clamav-milter/clamav-milter.socket
drwxr-xr-x. root    root    system_u:object_r:var_t:s0       /var
lrwxrwxrwx. root    root    system_u:object_r:var_run_t:s0 /var/run -> 
../run
drwx--x---. clamilt clamilt system_u:object_r:clamd_var_run_t:s0 
/var/run/clamav-milter
srw-rw----. clamilt postfix system_u:object_r:clamd_var_run_t:s0 
/var/run/clamav-milter/clamav-milter.socket


For clamav, to avoid selinux problems issue command:
setsebool -P clamd_use_jit on

Add to end of scan.conf:
# my stuff
# be sure to commend out above: Example

#LogFile                /var/log/clamav/clamd.scan
#LogFacility            LOG_MAIL
LogFacility             LOG_DAEMON
ExtendedDetectionInfo   yes
LocalSocket             /var/run/clamd.scan/clamd.sock
#LocalSocketGroup       virusgroup
#LocalSocketMode        660
FixStaleSocket          yes
CrossFilesystems        no
ExcludePath             ^/proc/
ExcludePath             ^/sys/
ExcludePath             ^/fuse/
ExcludePath             ^/backup/
ExcludePath             ^/bacula/
SelfCheck               3600


And finally freshclam, add to the end of freshclam.conf:
# my stuff
LogFacility LOG_DAEMON
DatabaseMirror db.US.clamav.net
TestDatabases yes


Note in all the clamav configuration file there is a line:
Example
that has to be commented out for the service to run.

Don't forget to systemctl enable these to services:
[root at moses clamav]# systemctl is-active clamav-milter.service
active
[root at moses clamav]# systemctl is-active clamd at scan.service
active

Hope this helps,
Bill

More information about the users mailing list