Clamd and systemd
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 19 19:21:47 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/19/2012 07:36 AM, Bill Shirley wrote:
>
> On 9/19/2012 5:47 AM, Arthur Dent wrote:
>>> "What tells it that it is a "scan" service? That bit of the puzzle
>>> seems to be missing..."
>>>
>>> Whatever is the parameter after the @ and before the dot becomes %i
>>> in the service file. Look at the service file: [Unit] Description =
>>> clamd scanner (%i) daemon After = syslog.target nss-lookup.target
>>> network.target
>>>
>>> [Service] Type = simple ExecStart = /usr/sbin/clamd -c
>>> /etc/clamd.d/%i.conf --nofork=yes Restart = on-failure PrivateTmp =
>>> true
>>>
>>> so clamd at scan.service invokes clamd with the scan.conf file as it's
>>> configuration file. This way you can have multiple clamd services each
>>> using a different config file. Just create another config file in
>>> /etc/clamd.d/my_config.conf and: ln -s
>>> /lib/systemd/system/clamd at .service
>>> /etc/systemd/system/clamd at my_config.service
>>>
>>> You should have the /etc/clamd.d/scan.conf I think:
>>>
>>> [root at moses shorewall]# rpm -qf /etc/clamd.d/scan.conf
>>> clamav-scanner-0.97.5-1700.fc17.noarch
>> Thank you Bill for a helpful and, more importantly, informative reply. I
>> think this will not only help me to solve my problem but, even better,
>> help me to understand where I was going wrong.
>>
>> As before, I don't have access to the machine right now, so i will try
>> when I get home to work through this and get it right.
>>
>> I will once again report back later...
>>
>> Thanks again. Your help is much appreciated.
>>
>> Mark
>>
>>
>
> You mentioned scanning email. I run clamav-milter and stop the virus at
> smtp time. You may find this helpful:
>
> [root at moses clamav]# rpm -qa | grep clam | sort
> clamav-data-0.97.5-1700.fc17.noarch
> clamav-filesystem-0.97.5-1700.fc17.noarch
> clamav-lib-0.97.5-1700.fc17.x86_64 clamav-milter-0.97.5-1700.fc17.x86_64
> clamav-milter-systemd-0.97.5-1700.fc17.noarch
> clamav-scanner-0.97.5-1700.fc17.noarch
> clamav-scanner-systemd-0.97.5-1700.fc17.noarch
> clamav-server-0.97.5-1700.fc17.x86_64
> clamav-server-systemd-0.97.5-1700.fc17.noarch
> clamav-update-0.97.5-1700.fc17.x86_64
>
> For clamav-milter, I had to add clamilt to the postfix group (usermod -a
> -G postfix clamilt): [root at moses clamav]# egrep 'post|clam' /etc/group
> mail:x:12:postfix postfix:x:89:clamilt postdrop:x:90:
> clamscan:x:987:clamilt clamilt:x:988:postfix clamupdate:x:989:
>
>
> Add to the end of /etc/mail/clamav-milter.conf: # my stuff # be sure to
> comment out above: Example
>
> ClamdSocket unix:/var/run/clamd.scan/clamd.sock MilterSocket
> /var/run/clamav-milter/clamav-milter.socket ##MilterSocket
> inet:3381 # usermod -a -G postfix clamilt MilterSocketGroup postfix
> MilterSocketMode 660
>
> OnInfected Reject AddHeader Replace
>
> #LogFile /var/log/clamav-milter.log #LogFileMaxSize
> 1M #LogTime yes LogSyslog yes LogFacility
> LOG_MAIL #LogVerbose no LogClean Basic
> LogInfected Full
>
> Add to postfix's main.cf: # usermod -a -G clamilt postfix smtpd_milters =
> unix:/var/run/clamav-milter/clamav-milter.socket #milter_default_action =
> accept milter_default_action = tempfail
>
> I can't remember if I had to create the directory, but here is that info:
> [root at moses clamav]# ldpz /var/run/clamav-milter/clamav-milter.socket
> drwxr-xr-x. root root system_u:object_r:var_t:s0 /var
> lrwxrwxrwx. root root system_u:object_r:var_run_t:s0 /var/run ->
> ../run drwx--x---. clamilt clamilt system_u:object_r:clamd_var_run_t:s0
> /var/run/clamav-milter srw-rw----. clamilt postfix
> system_u:object_r:clamd_var_run_t:s0
> /var/run/clamav-milter/clamav-milter.socket
>
>
> For clamav, to avoid selinux problems issue command: setsebool -P
> clamd_use_jit on
>
> Add to end of scan.conf: # my stuff # be sure to commend out above:
> Example
>
> #LogFile /var/log/clamav/clamd.scan #LogFacility
> LOG_MAIL LogFacility LOG_DAEMON ExtendedDetectionInfo yes
> LocalSocket /var/run/clamd.scan/clamd.sock #LocalSocketGroup
> virusgroup #LocalSocketMode 660 FixStaleSocket yes
> CrossFilesystems no ExcludePath ^/proc/ ExcludePath
> ^/sys/ ExcludePath ^/fuse/ ExcludePath ^/backup/
> ExcludePath ^/bacula/ SelfCheck 3600
>
>
> And finally freshclam, add to the end of freshclam.conf: # my stuff
> LogFacility LOG_DAEMON DatabaseMirror db.US.clamav.net TestDatabases yes
>
>
> Note in all the clamav configuration file there is a line: Example that has
> to be commented out for the service to run.
>
> Don't forget to systemctl enable these to services: [root at moses clamav]#
> systemctl is-active clamav-milter.service active [root at moses clamav]#
> systemctl is-active clamd at scan.service active
>
> Hope this helps, Bill
>
>
>
Is this the default setting for clamd now? clamd_use_jit on Should we turn
this on by default?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBaG0sACgkQrlYvE4MpobPBpgCeO3g4C646kE7btcoipQcHR2q5
1vsAoKoQMCzHCCqHS3EgD+sx0cs9QiJZ
=eM1e
-----END PGP SIGNATURE-----
More information about the users
mailing list