ClamAV 1.0.7: clamd on Ubuntu 24.04.1 (LTS) ignores own clamd settings

[MarkyMarkDE]

It seems that clamd-deamon don't accept my settings and loads always it's defaults.
Only some own changes will have effect.
When i use some settings from your own clamd.example, which is not implemented in my Clam Version, the whole Process breaks down or never start. This is not really nice handling for such cases. If the user use an obsolete setting, you do logging and ignore it, that's great, but why not if an option isn't included in the current Version of the User?

[MarkyMarkDE]

as you can see and compare:

My clamd(-daemon).log:

Sun Oct 27 20:15:29 2024 -> +++ Started at Sun Oct 27 20:15:29 2024
Sun Oct 27 20:15:29 2024 -> Received 0 file descriptor(s) from systemd.
Sun Oct 27 20:15:29 2024 -> clamd daemon 1.0.7 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Sun Oct 27 20:15:29 2024 -> Log file size limited to 4294967295 bytes.
Sun Oct 27 20:15:29 2024 -> Reading databases from /var/lib/clamav
Sun Oct 27 20:15:29 2024 -> Not loading PUA signatures.
Sun Oct 27 20:15:29 2024 -> Bytecode: Security mode set to "TrustSigned".
Sun Oct 27 20:15:41 2024 -> Loaded 8699177 signatures.
Sun Oct 27 20:15:44 2024 -> TCP: Bound to [127.0.0.1]:3310
Sun Oct 27 20:15:44 2024 -> TCP: Setting connection queue length to 200
Sun Oct 27 20:15:44 2024 -> LOCAL: Unix socket file /tmp/clamd.sock
Sun Oct 27 20:15:44 2024 -> LOCAL: Setting connection queue length to 200
Sun Oct 27 20:15:44 2024 -> Limits: Global time limit set to 120000 milliseconds.
Sun Oct 27 20:15:44 2024 -> Limits: Global size limit set to 2097152000 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: File size limit set to 2097152000 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: Recursion level limit set to 17.
Sun Oct 27 20:15:44 2024 -> Limits: Files limit set to 10000.
Sun Oct 27 20:15:44 2024 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sun Oct 27 20:15:44 2024 -> Limits: MaxPartitions limit set to 50.
Sun Oct 27 20:15:44 2024 -> Limits: MaxIconsPE limit set to 100.
Sun Oct 27 20:15:44 2024 -> Limits: MaxRecHWP3 limit set to 16.
Sun Oct 27 20:15:44 2024 -> Limits: PCREMatchLimit limit set to 100000.
Sun Oct 27 20:15:44 2024 -> Limits: PCRERecMatchLimit limit set to 2000.
Sun Oct 27 20:15:44 2024 -> Limits: PCREMaxFileSize limit set to 104857600.
Sun Oct 27 20:15:44 2024 -> Archive support enabled.
Sun Oct 27 20:15:44 2024 -> AlertExceedsMax heuristic detection disabled.
Sun Oct 27 20:15:44 2024 -> Heuristic alerts enabled.
Sun Oct 27 20:15:44 2024 -> Portable Executable support enabled.
Sun Oct 27 20:15:44 2024 -> ELF support enabled.
Sun Oct 27 20:15:44 2024 -> Mail files support enabled.
Sun Oct 27 20:15:44 2024 -> OLE2 support enabled.
Sun Oct 27 20:15:44 2024 -> PDF support enabled.
Sun Oct 27 20:15:44 2024 -> SWF support enabled.
Sun Oct 27 20:15:44 2024 -> HTML support enabled.
Sun Oct 27 20:15:44 2024 -> XMLDOCS support enabled.
Sun Oct 27 20:15:44 2024 -> HWP3 support enabled.
Sun Oct 27 20:15:44 2024 -> Self checking every 600 seconds.

My clamd.conf:

LogFileUnlock yes
LogVerbose no
LogSyslog no
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate no
LogTime yes
LogClean no
ExtendedDetectionInfo no
Foreground no
Debug no
ReadTimeout 300
CommandReadTimeout 30
SendBufTimeout 200
IdleTimeout 60
FollowDirectorySymlinks no
FollowFileSymlinks no
CrossFilesystems yes
ConcurrentDatabaseReload yes
LeaveTemporaryFiles no
AllowAllMatchScan yes
ScanMail yes
MaxThreads 20
MaxQueue 200
MaxScanSize 2000M
MaxFileSize 2000M
SelfCheck 600
LogFile /var/log/clamav/clamd-daemon.log

User clamav
DatabaseDirectory /var/lib/clamav
Bytecode yes
BytecodeSecurity TrustSigned
BytecodeTimeout 10000
OfficialDatabaseOnly no

TCPAddr 127.0.0.1
TCPSocket 3310

TemporaryDirectory /tmp
PidFile /tmp/clamd.pid

LocalSocketGroup clamav
LocalSocket /tmp/clamd.sock
MaxConnectionQueueLength 200
FixStaleSocket yes

You see, a lot of my settings are not in the log-file, not sure if it will have effect then.

[micahsnyder]

Depending on how you install clamav, the config path and database paths will be different.

If you're installing clamav from a linux package distribution, (e.g "apt install") then you will also get a default clamd config and the paths will be like:

• config path /etc/clamav/clamd.conf
• database path /var/lib/clamav/

If you install from source, or use the clamav team provided RPM or DEB packages to install, then you won't get a default config and the paths will be like:

• config path /usr/local/etc/clamd.conf
• database path /usr/local/share/clamav/

So if you install with apt-get, and then go put a config file in the other place, the apt-get installed clamd won't find it.

[micahsnyder]

Run clamconf -n It will show both your config options and the path of those config files. That way you can see where it's looking.

[MarkyMarkDE]

here the log of clamconf -n

$ clamconf -n
Checking configuration files in /etc/clamav

Config file: clamd.conf

LogFile = "/var/log/clamav/clamd-daemon.log"
LogFileUnlock = "yes"
LogFileMaxSize = "4294967295"
LogTime = "yes"
PidFile = "/tmp/clamd.pid"
TemporaryDirectory = "/tmp"
LocalSocket = "/tmp/clamd.sock"
LocalSocketGroup = "clamav"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
MaxThreads = "20"
ReadTimeout = "300"
SendBufTimeout = "200"
MaxQueue = "200"
IdleTimeout = "60"
User = "clamav"
MaxScanSize = "2097152000"
MaxFileSize = "2097152000"

Config file: freshclam.conf

LogFileMaxSize = "4294967295"
LogTime = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
Checks = "24"
DatabaseMirror = "db.local.clamav.net", "db.de.ipv6.clamav.net", "db.dk.ipv6.clamav.net", "db.pl.ipv6.clamav.net", "db.cz.ipv6.clamav.net", "db.at.ipv6.clamav.net", "db.ch.ipv6.clamav.net", "db.fr.ipv6.clamav.net", "db.lu.ipv6.clamav.net", "db.be.ipv6.clamav.net", "db.nl.ipv6.clamav.net", "db.us.ipv6.clamav.net", "database.clamav.net"
MaxAttempts = "12"
DatabaseCustomURL = "file:///var/lib/clamav/whitelist.wdb"
ConnectTimeout = "60"
ReceiveTimeout = "300"

clamav-milter.conf not found

Software settings

Version: 1.0.7
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information

Database directory: /var/lib/clamav
[3rd Party] whitelist.wdb: 7 sigs
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 16:37:24 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
daily.cld: version 27441, sigs: 2067383, built on Mon Oct 28 09:32:07 2024
Total number of signatures: 8714903

Platform information

uname: Linux 6.8.0-47-generic #47-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 21:40:26 UTC 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: No LSB modules are available.
Ubuntu 24.04.1 LTS
zlib version: 1.3 (1.3), compile flags: a9
platform id: 0x0a21a7a708000000000d0200

Build information

GNU C: 13.2.0 (13.2.0)
sizeof(void*) = 8
Engine flevel: 167, dconf: 167

[MarkyMarkDE]

okay when i see this right, clamd takes my settings but the default log prints wrong settings, right?
Then we can maybe discuss which settings should be logged by clamd, the default ones or the user ones, my opinion would be the user settings, they are much more important as the default ones I think.