ERROR: Can't parse clamd configuration file /etc/clamd.conf

stephdl · January 19, 2017, 8:35pm

Playing on NS7 with /usr/bin/clamav-unofficial-sigs.sh I saw that it looks after /etc/clamd.conf when updates are found

Indeed this file is missing

[root@NS7DEV ~]# /usr/bin/clamav-unofficial-sigs.sh

======================================================================
Sanesecurity Database & GPG Signature File Updates
======================================================================

Sanesecurity mirror site used: spamexperts3-mirror.sanesecurity.com 185.95.29.15

Number of files: 52
Number of files transferred: 8
Total file size: 19509836 bytes
Total transferred file size: 3975020 bytes
Literal data: 49451 bytes
Matched data: 3925569 bytes
File list size: 1719
File list generation time: 0.254 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 16417
Total bytes received: 13646

sent 16417 bytes  received 13646 bytes  8589.43 bytes/sec
total size is 19509836  speedup is 648.97

Testing updated Sanesecurity database file: blurl.ndb
Sanesecurity GPG Signature tested good on blurl.ndb database
Clamscan reports Sanesecurity blurl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: blurl.ndb

Testing updated Sanesecurity database file: jurlbl.ndb
Sanesecurity GPG Signature tested good on jurlbl.ndb database
Clamscan reports Sanesecurity jurlbl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: jurlbl.ndb

Testing updated Sanesecurity database file: phishtank.ndb
Sanesecurity GPG Signature tested good on phishtank.ndb database
Clamscan reports Sanesecurity phishtank.ndb database integrity tested good
Successfully updated Sanesecurity production database file: phishtank.ndb

Testing updated Sanesecurity database file: porcupine.hsb
Sanesecurity GPG Signature tested good on porcupine.hsb database
Clamscan reports Sanesecurity porcupine.hsb database integrity tested good
Successfully updated Sanesecurity production database file: porcupine.hsb

=================================================
= Update(s) detected, reloaded ClamAV databases =
=================================================
ERROR: Can't parse clamd configuration file /etc/clamd.conf

m.traeumner · January 20, 2017, 1:39pm

At Github is an example for the file. Perhaps you can try it.

filippo_carletti · January 20, 2017, 3:06pm

AFAIK, /etc/clamd.conf is parsed to find clamd control socket, which is used to signal clamav to reload new rules just downloaded. Failing to find the socket, clamd will automatically reload new rules after a few minutes.

The problem is that clamd is not running in every possible setup, so that message is harmless.
It comes from:
reload_opt="clamdscan --reload"

We could set
reload_dbs="no"

What do you think?

stephdl · January 20, 2017, 6:28pm

I’m not sure to avoid the database reload is good. I can see a lot of tutorials where they ask to turn it on, not the inverse…but from start it is set to no when we install the epel’s rpm

my concern is how clamd reload the database, if it is once a day, we miss a lot of interesting feature of unofficial-sigs

stephdl · January 21, 2017, 12:00pm

looking further in it, I ask myself if there is not an upstream bug here. WHY ?

in the el7 clamav rpm you don’t have /etc/clamd.conf
the systemd clamav service is a template, ready to launch several instances of clamav

/lib/systemd/system/clamd\@.service

when you enable a custom template, the configuration is written to /etc/clamd.d
systemctl enable clamd@toto.service
vim /etc/clamd.d/toto.conf

:-?

filippo_carletti · January 22, 2017, 6:55pm

Every 30 minutes by default.