# clamav-milter (0.95) won't start [SOLVED]

## Robert S

I've just upgraded clamav to the very latest clamav - taking into account Bug #264408.

I've had to make a few changes to config files (clamav-milter no longer accepts most command-line options), need to be added to /etc/clamav-milter.conf.  Now I get 

 * Starting clamd ... [ ok ]

 * Starting freshclam ... [ ok ]

 * Starting clamav-milter ...

 * Failed to start clamav-milter [ !! ]

The socket file /var/run/clamav/clmilter.sock is created, but clamav-milter does not appear in the process list.

/var/log/messages is unrevealing:

Apr  3 22:11:41 mypc clamd[2300]: clamd daemon 0.95 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Apr  3 22:11:41 mypc clamd[2300]: Running as user clamav (UID 101, GID 407)

Apr  3 22:11:41 mypc clamd[2300]: Log file size limited to 1048576 bytes.

Apr  3 22:11:41 mypc clamd[2300]: Reading databases from /var/lib/clamav

Apr  3 22:11:45 mypc clamd[2300]: Loaded 1029070 signatures.

Apr  3 22:11:45 mypc clamd[2300]: LOCAL: Unix socket file /var/run/clamav/clamd.sock

Apr  3 22:11:45 mypc clamd[2300]: LOCAL: Setting connection queue length to 15

Apr  3 22:11:45 mypc clamd[2302]: Limits: Global size limit set to 104857600 bytes.

Apr  3 22:11:45 mypc clamd[2302]: Limits: File size limit set to 26214400 bytes.

Apr  3 22:11:45 mypc clamd[2302]: Limits: Recursion level limit set to 16.

Apr  3 22:11:45 mypc clamd[2302]: Limits: Files limit set to 10000.

Apr  3 22:11:45 mypc clamd[2302]: Archive support enabled.

Apr  3 22:11:45 mypc clamd[2302]: Algorithmic detection enabled.

Apr  3 22:11:45 mypc clamd[2302]: Portable Executable support enabled.

Apr  3 22:11:45 mypc clamd[2302]: ELF support enabled.

Apr  3 22:11:45 mypc clamd[2302]: Mail files support enabled.

Apr  3 22:11:45 mypc clamd[2302]: OLE2 support enabled.

Apr  3 22:11:45 mypc clamd[2302]: PDF support enabled.

Apr  3 22:11:45 mypc clamd[2302]: HTML support enabled.

Apr  3 22:11:45 mypc clamd[2302]: Self checking every 600 seconds.

Apr  3 22:11:47 mypc rc-scripts: Failed to start clamav-milter

There doesn't seem to be a way of getting more debug output.

/etc/clamd.conf:

LogTime yes

PidFile /var/run/clamav/clamd.pid

LocalSocket /var/run/clamav/clamd.sock

User clamav

AllowSupplementaryGroups yes

TemporaryDirectory /tmp

LogSyslog yes

ScanPDF yes

DetectPUA yes

/etc/clamav-milter.conf:

MilterSocket /var/run/clamav/clmilter.sock

PidFile /var/run/clamav/clamav-milter.pid

# equery uses clamav

[ Searching for packages matching clamav... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for app-antivirus/clamav-0.95 ]

 U I

 + + bzip2    : Use the bzlib compression library

 - - clamdtop : A Top like tool which shows what clamd is currently scanning amongst other things

 + + crypt    : Add support for encryption -- using mcrypt or gpg where applicable

 + + iconv    : Enable support for the iconv character set conversion library

 - - ipv6     : Adds support for IP version 6

 + + milter   : Adds sendmail mail filter (milter) support

 - - selinux  : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occurLast edited by Robert S on Wed Apr 08, 2009 11:03 am; edited 1 time in total

----------

## Robert S

I've fixed this by adding the following to /etc/clamav-milter.conf:

MilterSocket /var/run/clamav/clmilter.sock

ClamdSocket unix:/var/run/clamav/clamd.sock

User clamav

LogVerbose yes

LogSyslog yes

Looks like ClamdSocket is now compulsory.  I've filed a bug on this at https://bugs.gentoo.org/show_bug.cgi?id=264952

----------

## Moriah

I just hit the same problem.  After getting over the aggrivation of a totally new configuration file with no warning messsages during the emerge to that effect, and after editing that file, when I try to start the mail system, I get:

```

eli ~ # /etc/init.d/sendmail start

 * Starting clamd ...                                                                                             [ ok ]

 * Starting freshclam ...                                                                                         [ ok ]

 * Starting clamav-milter ...

WARNING: Ignoring option /var/run/clamav/clmilter.sock                                                            [ ok ]

 * Starting sendmail ...                                                                                          [ ok ]

eli ~ # 

```

Here is my /etc/clamav-milter.conf file:

```

##

## Example config file for clamav-milter

##

# Comment or remove the line below.

#Example

##

## Main options

##

# Define the interface through which we communicate with sendmail

# This option is mandatory! Possible formats are:

# [[unix|local]:]/path/to/file - to specify a unix domain socket

# inet:port@[hostname|ip-address] - to specify an ipv4 socket

# inet6:port@[hostname|ip-address] - to specify an ipv6 socket

#

# Default: no default

#MilterSocket /tmp/clamav-milter.socket

#MilterSocket inet:7357

MilterSocket unix:/var/run/clamav/clmilter.sock

# Remove stale socket after unclean shutdown.

#

# Default: yes

#FixStaleSocket yes

# Run as another user (clamav-milter must be started by root for this option to work)

#

# Default: unset (don't drop privileges)

User clamav

# Initialize supplementary group access (clamav-milter must be started by root).

#

# Default: no

#AllowSupplementaryGroups no

# Waiting for data from clamd will timeout after this time (seconds).

# Value of 0 disables the timeout.

#

# Default: 120

#ReadTimeout 300

# Don't fork into background.

#

# Default: no

#Foreground yes

# Chroot to the specified directory.

# Chrooting is performed just after reading the config file and before dropping privileges.

#

# Default: unset (don't chroot)

#Chroot /newroot

# This option allows you to save a process identifier of the listening

# daemon (main thread).

#

# Default: disabled

#PidFile /var/run/clamav-milter.pid

# Optional path to the global temporary directory.

# Default: system specific (usually /tmp or /var/tmp).

#

#TemporaryDirectory /var/tmp

##

## Clamd options

##

# Define the clamd socket to connect to for scanning.

# This option is mandatory! Syntax:

# ClamdSocket unix:path

# ClamdSocket tcp:host:port

# The first syntax specifies a local unix socket (needs an absolute path) e.g.:

#     ClamdSocket unix:/var/run/clamd/clamd.socket

# The second syntax specifies a tcp local or remote tcp socket: the

# host can be a hostname or an ip address; the ":port" field is only required

# for IPv6 addresses, otherwise it defaults to 3310

#     ClamdSocket tcp:192.168.0.1

#

# This option can be repeated several times with different sockets or even

# with the same socket: clamd servers will be selected in a round-robin fashion.

#

# Default: no default

#ClamdSocket tcp:scanner.mydomain:7357

ClamdSocket unix:/var/run/clamav/clamd.socket

##

## Exclusions

##

# Messages originating from these hosts/networks will not be scanned

# This option takes a host(name)/mask pair in CIRD notation and can be

# repeated several times. If "/mask" is omitted, a host is assumed.

# To specify a locally orignated, non-smtp, email use the keyword "local"

#

# Default: unset (scan everything regardless of the origin)

#LocalNet local

#LocalNet 192.168.0.0/24

#LocalNet 1111:2222:3333::/48

# This option specifies a file which contains a list of basic POSIX regular

# expressions. Addresses (sent to or from - see below) matching these regexes

# will not be scanned.  Optionally each line can start with the string "From:"

# or "To:" (note: no whitespace after the colon) indicating if it is, 

# respectively, the sender or recipient that is to be whitelisted.

# If the field is missing, "To:" is assumed.

# Lines starting with #, : or ! are ignored.

#

# Default unset (no exclusion applied)

#Whitelist /etc/whitelisted_addresses

# Messages from authenticated SMTP users matching this extended POSIX

# regular expression (egrep-like) will not be scanned.

# Note: this is the AUTH login name!

#

# Default: unset (no whitelisting based on SMTP auth)

#SkipAuthenticated ^(tom|dick|henry)$

##

## Actions

##

# The following group of options controls the delievery process under

# different circumstances.

# The following actions are available:

# - Accept

#   The message is accepted for delievery

# - Reject

#   Immediately refuse delievery (a 5xx error is returned to the peer)

# - Defer

#   Return a temporary failure message (4xx) to the peer

# - Blackhole (not available for OnFail)

#   Like accept but the message is sent to oblivion

# - Quarantine (not available for OnFail)

#   Like accept but message is quarantined instead of being delivered

#   In sendmail the quarantine queue can be examined via mailq -qQ

#   For Postfix this causes the message to be accepted but placed on hold

# 

# Action to be performed on clean messages (mostly useful for testing)

# Default Accept

#OnClean Accept

# Action to be performed on infected messages

# Default: Quarantine

#OnInfected Quarantine

# Action to be performed on error conditions (this includes failure to

# allocate data structures, no scanners available, network timeouts,

# unknown scanner replies and the like)

# Default Defer

#OnFail Defer

# This option allows to set a specific rejection reason for infected messages

# and it's therefore only useful together with "OnInfected Reject"

# The string "%v", if present, will be replaced with the virus name.

# Default: MTA specific

#RejectMsg 

# If this option is set to Yes, an "X-Virus-Scanned" and an "X-Virus-Status"

# headers will be attached to each processed message, possibly replacing

# existing headers. 

# Default: No

AddHeader Yes

##

## Logging options

##

# Uncomment this option to enable logging.

# LogFile must be writable for the user running daemon.

# A full path is required.

#

# Default: disabled

#LogFile /tmp/clamav-milter.log

LogFile /var/log/clamav/clamav-milter.log

# By default the log file is locked for writing - the lock protects against

# running clamav-milter multiple times.

# This option disables log file locking.

#

# Default: no

#LogFileUnlock yes

# Maximum size of the log file.

# Value of 0 disables the limit.

# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)

# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size

# in bytes just don't use modifiers.

#

# Default: 1M

#LogFileMaxSize 2M

LogFileMaxSize 200M

# Log time with each message.

#

# Default: no

LogTime yes

# Use system logger (can work together with LogFile).

#

# Default: no

#LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'

# for facility names.

#

# Default: LOG_LOCAL6

#LogFacility LOG_MAIL

# Enable verbose logging.

#

# Default: no

LogVerbose yes

# This option allows to tune what is logged when a message is infected.

# Possible values are Off (the default - nothing is logged),

# Basic (minimal info logged), Full (verbose info logged)

#

# Default: disabled

#LogInfected Basic

LogInfected Full

##

## Limits

##

# Messages larger than this value won't be scanned.

# Make sure this value is lower or equal than StreamMaxLength in clamd.conf

#

# Default: 25M

MaxFileSize 10M

```

If I do not get a resolution to this by this afternoon, I will have to regress to the earlier version, as you did.

Any ideas what else to do?    :Sad: 

----------

## Robert S

I reverted back to the old version - see https://bugs.gentoo.org/show_bug.cgi?id=264952#c5  After getting it to work, I discovered (after about a week) that the sendmail filter doesn't actually process messages!  I haven't found a resolution.  I think more work is required here.

----------

## Moriah

I too reverted back to the older version, by the following in my /etc/portage/package.mask:

```

# ----------------------------------------------------------------

# clam is broken for 0.95.* see:

# http://forums.gentoo.org/viewtopic-t-752435-highlight-.html?sid=dd52097967116fda916f9c0d1cd42d61

# http://bugs.gentoo.org/show_bug.cgi?id=264952

~app-antivirus/clamav-0.95

~app-antivirus/clamav-0.95.1

# ----------------------------------------------------------------

```

But what do you mean by:  *Quote:*   

> the sendmail filter doesn't actually process messages!

  I got the mail running again, and the signatures are being updated, but I haven't seen a virus intercept since the update.  Of course, I haven't seen a virus intercept since last Wednesday:

```

Wed Apr 15 11:33:23 2009 -> /tmp/clamav-9c60dfcba2bcdab7d9709964be61a6d9/msg.sqWml3: HTML.Iframe-2 FOUND

Wed Apr 15 11:33:23 2009 -> n3FFXLac013851: /tmp/clamav-9c60dfcba2bcdab7d9709964be61a6d9/msg.sqWml3: HTML.Iframe-2 Intercepted virus from "lili" <xnbcnmcxb@gmai

```

Some days it like that -- no intercepts; others, there are tons of hits.    :Confused: 

----------

