clamav
clamav copied to clipboard
freshclam fails to notify clamd via socket, even though it exists (on Kubernetes)
Describe the bug
I am trying to run a Kubernetes pod based on the clamav/clamav-debian
image. I've built my own image based on that one (via FROM clamav/clamav-debian:latest
, and then replacing some config files and the /init
script with a slightly improved one). The issue should not come from my changes to the /init script, as it happened even before I made those changes (and they have to do with graceful shutdown, and not the actual daemon).
The problem is that even though clamd is running, has created a local socket, and that socket exists, when freshclam tries to notify it to reload the virus databases, I get the following error in the freshclam log:
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory
However, the socket file exists, and is owned by the correct user and group.
# ls -l /run/clamav/clamd.sock
srw-rw-rw- 1 clamav clamav 0 May 8 11:21 /run/clamav/clamd.sock
And in fact, I have configured clamd to use that file as a socket, and to use the user clamav
(excerpt from /etc/clamav/clamd.conf
):
LocalSocket /run/clamav/clamd.sock
User clamav
Freshclam is configured to notify clamd (excerpt from /etc/clamav/freshclam.conf
):
NotifyClamd /etc/clamav/clamd.conf
Note that by default the image places the socket in /tmp/clamd.sock
. The /tmp
directory is owned by root, so I changed it to /run/clamav/clamd.sock
, since that directory is owned by clamav
and is mentioned in the /init
script. The issue appeared just the same with the socket in /tmp
(and freshclam then accordingly complained that /tmp/clamd.sock
did not exist, which indicates that it is correctly reading /etc/clamav/clamd.conf
).
Curiously, if I SSH into the image and run freshclam manually, it manages to notify clamd to reload the database correctly (I use the same arguments for freshclam used by the /init
script)! It's only the process started by the init script that fails to do that.
I have no idea what to do as I believe I've followed the documentation and the error message seems to be wrong.
How to reproduce the problem
I don't know how the problem can be reproduced, if you have an idea please let me know and I can present a reproduction.
I can reproduce the problem 100% of the time on my setup. I can provide more information if necessary.
Hi,
I am sorry we missed this issue previously, has it been resolved?
Thanks, Andy
I use the latest docker image (clamav/clamav), and I've got the same warning message:
WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd.sock: No such file or directory
@vienleidl , and you have confirmed that the socket exists?
This just occurred to me -- If we're talking about this happening immediately on startup, after freshclam
updated and before clamd
has finished starting up, then don't worry about it. That's just because clamd
hasn't finished starting. The next time it updates, clamd
will be up and listening and will get the message.
FYI clamd
also checks for database changes automatically. By default I think it checks every 10 minutes. Having freshclam
send a message to clamd
to notify of the change is redundant and just aims to speed up that process.
@ragusaa The issue has not been resolved, although I worked around it by using a TCP socket instead of a local socket, even though both freshclam
and clamav-daemon
are in the same container. That works as expected, although I would say it's important for the local socket to work as well (especially since it's the default).
@micahsnyder thank you for that, I wasn't entirely clear but I am not talking about the update before clamav-daemon
starts up fully, I've seen the error you are talking about but I realized that it was because the daemon had not started yet and I ignored that. The issue definitely occurs after the daemon has started, I've explicitly verified it.
As for clamd checking for database changes automatically: I did not notice anything in the clamd log. In fact I left the container running for several days during my attempt to make it work and saw nothing. If I recall correctly, I also checked that the database had not been updated by looking at the output of clamd -V
as well, which I read prints the database number.
I checked the manpage of clamd.conf
just now, and I assume you're talking about the SelfCheck
option, correct? It is indeed set to nothing in my case, which seems to default to 10 minutes. Does that check the database file on disk, if it's been changed? Or does it simply validate the already loaded database in memory? Or perhaps if it reloads via SelfCheck
, it doesn't log?
Let me know if you'd like me to double-check that SelfCheck
doesn't fix the issue, but I'm pretty sure it didn't.
If you aren't altering the SelfCheck
option, I would expect you to see this in the clamd
log at startup:
Self checking every 600 seconds
Then every 10 minutes, I'd expect one of these two log messages, depending if there is an update:
SelfCheck: Database status OK.
or
SelfCheck: Database modification detected. Forcing reload.
You are actually correct, SelfCheck
did in fact work! I hadn't noticed. This issue is still present, then, but it isn't as important. Thank you!