when starting clamav-daemon clamd.socket is not created per the clamd.conf file

Again, as with some other issues this has just started since upgrading from 14.04.4LTS to 16.04.1LTS. Maybe by asking this as a question instead of submitting a bug I'll get some assistance. When starting clamav this is shown in the log

Aug 22 15:30:23 localhost clamd[22222]: TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Aug 22 15:30:23 localhost clamd[22222]: LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd

In July of this year, still running 14.04LTS when clamav started this was noted in the log

Thu Jul 14 20:12:52 2016 -> TCP: Bound to [127.0.0.1]:3310
Thu Jul 14 20:12:52 2016 -> TCP: Setting connection queue length to 200
Thu Jul 14 20:12:52 2016 -> LOCAL: Unix socket file /var/lib/clamav/clamd.socket

All folder permissions are as they were under 14.04 I have changed nothing manually.

Portion of my /etc/clamav/clamd.conf dealing with this

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/lib/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /var/lib/clamav/tmp
# TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav

# Only load the official signatures published by the ClamAV project.
# Default: no
OfficialDatabaseOnly no

# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd.socket

# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
# LocalSocketGroup virusgroup
# LocalSocketGroup clamav

# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660

# Remove stale socket after unclean shutdown.
# Default: yes
FixStaleSocket yes

# TCP port address.
# Default: no
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
TCPAddr 127.0.0.1

Additional information - by starting clamav like this:

sudo /usr/sbin/clamd -c /etc/clamav/clamd.conf

The socket and pid file are both created as they should be. However, that's not the way it's called to be started on boot:

#! /bin/sh
# Written by Miquel van Smoorenburg <email address hidden>.
# Modified for Debian GNU/Linux
# by Ian Murdock <email address hidden>.
# Clamav version by Magnus Ekdahl <email address hidden>
# Heavily reworked by Stephen Gran <email address hidden>
#
### BEGIN INIT INFO
# Provides: clamav-daemon
# Required-Start: $remote_fs $syslog
# Should-Start:
# Required-Stop: $remote_fs $syslog
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: ClamAV daemon
# Description: Clam AntiVirus userspace daemon
### END INIT INFO

# The exit status codes should comply with LSB.
# https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/clamd
NAME="clamd"
DESC="ClamAV daemon"
CLAMAVCONF=/etc/clamav/clamd.conf
SUPERVISOR=/usr/bin/daemon
SUPERVISORNAME=daemon
SUPERVISORPIDFILE="/var/run/clamav/daemon-clamd.pid"
SUPERVISORARGS="--name=$NAME --respawn $DAEMON -F $SUPERVISORPIDFILE"
DATABASEDIR="/var/lib/clamav"

# required by Debian policy 9.3.2
[ -x "$DAEMON" ] || exit 0
[ -r /etc/default/clamav-daemon ] && . /etc/default/clamav-daemon

to_lower()
{
  word="$1"
  lcword=$(echo "$word" | tr A-Z a-z)
  echo "$lcword"
}

is_true()
{
  var="$1"
  lcvar=$(to_lower "$var")
  [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ]
  return $?
}

is_false()
{
  var="$1"
  lcvar=$(to_lower "$var")
  [ 'false' = "$lcvar" ] || [ 'no' = "$lcvar" ] || [ 0 = "$lcvar" ]
  return $?
}

ucf_cleanup()
{
  # This only does something if I've fucked up before
  # Not entirely impossible :(

  configfile=$1

  if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then
    grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp
    grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp
    mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile
  fi
}

add_to_ucf()
{
  configfile=$1
  ucffile=$2

  if ! grep -q "$configfile" /var/lib/ucf/hashfile; then
    md5sum $configfile >> /var/lib/ucf/hashfile
    cp $configfile $ucffile
  fi
}

ucf_upgrade_check()
{
  configfile=$1
  sourcefile=$2
  ucffile=$3

  if [ -f "$configfile" ]; then
    add_to_ucf $configfile $ucffile
    ucf --three-way --debconf-ok "$sourcefile" "$configfile"
  else
    [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache
    pathfind restorecon && restorecon /var/lib/ucf/cache
    cp $sourcefile $configfile
    add_to_ucf $configfile $ucffile
  fi
}

slurp_config()
{
  CLAMAVCONF="$1"

  if [ -e "$CLAMAVCONF" ]; then
    for variable in `egrep -a -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do
      case "$variable" in
        DatabaseMirror)
        if [ -z "$DatabaseMirror" ]; then
          for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
            value="$value $i"
          done
        else
          continue
        fi
        ;;
        DatabaseCustomURL)
        if [ -z "$DatabaseCustomURL" ]; then
          for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
            value="$value $i"
          done
        else
          continue
        fi
        ;;
        IncludePUA)
        if [ -z "$IncludePUA" ]; then
          for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
            value="$i $value"
          done
        else
          continue
        fi
        ;;
        ExcludePUA)
        if [ -z "$ExcludePUA" ]; then
          for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
            value="$i $value"
          done
        else
          continue
        fi
        ;;
        ExtraDatabase)
        if [ -z "$ExtraDatabase" ]; then
          for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do
            value="$value $i"
          done
        else
          continue
        fi
        ;;
        VirusEvent|OnUpdateExecute|OnErrorExecute|RejectMsg)
        value=`grep -a ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //`
        ;;
        *)
        value=`grep -a "^$variable[[:space:]]" $CLAMAVCONF | head -n1 | awk '{print $2}'`
        ;;
      esac
      if [ -z "$value" ]; then
        export "$variable"="true"
      elif [ "$value" != "$variable" ]; then
        export "$variable"="$value"
      else
        export "$variable"="true"
      fi
      unset value
    done
  fi
}

pathfind() {
  OLDIFS="$IFS"
  IFS=:
  for p in $PATH; do
    if [ -x "$p/$*" ]; then
      IFS="$OLDIFS"
      return 0
    fi
  done
  IFS="$OLDIFS"
  return 1
}

set_debconf_value()
{
prog=$1
name=$2
eval variable="\$${name}"
if [ -n "$variable" ]; then
  db_set clamav-$prog/$name "$variable" || true
fi
}

make_dir()
{
  DIR=$1
  if [ -d "$DIR" ]; then
    return 0;
  fi
  [ -n "$User" ] || User=clamav
  mkdir -p -m 0755 "$DIR"
  chown "$User" "$DIR"
  pathfind restorecon && restorecon "$DIR"
}

# Debconf Functions

isdigit ()
{
  case $1 in
    [[:digit:]]*)
    ISDIGIT=1
    ;;
    *)
    ISDIGIT=0
    ;;
  esac
}

inputdigit ()
{
  ISDIGIT=0
  while [ "$ISDIGIT" = '0' ]; do
    db_input "$1" "$2" || true
    if ! db_go; then
      return 30
    fi
    db_get $2 || true
    isdigit $RET
    if [ "$ISDIGIT" = '0' ]; then
      db_input critical clamav-base/numinfo || true
      db_go
    fi
  done
  return 0
}

StateGeneric()
{
  PRIO=$1
  QUESTION=$2
  NEXT=$3
  LAST=$4

  db_input $PRIO $QUESTION || true
  if db_go; then
    STATE=$NEXT
  else
    STATE=$LAST
  fi
}

StateGenericDigit()
{
  PRIO=$1
  QUESTION=$2
  NEXT=$3
  LAST=$4

  inputdigit $PRIO $QUESTION || true
  if db_go; then
    STATE=$NEXT
  else
    STATE=$LAST
  fi
}

. /lib/lsb/init-functions

if [ ! -f "$CLAMAVCONF" ]; then
  log_failure_msg "There is no configuration file for Clamav."
  log_failure_msg "Please either dpkg-reconfigure $DESC, or copy the example from"
  log_failure_msg "/usr/share/doc/clamav-base/examples/ to $CLAMAVCONF and run"
  log_failure_msg "'/etc/init.d/clamav-daemon start'"
  if [ "$1" = "status" ]; then
    # program or service status is unknown
    exit 4;
  else
    # program is not configured
    exit 6;
  fi
fi

slurp_config "$CLAMAVCONF"

if [ -n "$Example" ]; then
  log_failure_msg "Clamav is not configured."
  log_failure_msg "Please edit $CLAMAVCONF and run '/etc/init.d/clamav-daemon start'"
  if [ "$1" = "status" ]; then
    # program or service status is unknown
    exit 4;
  else
    # program is not configured
    exit 6;
  fi
fi

if is_true "$Foreground"; then
  if [ ! -x "$SUPERVISOR" ] ; then
     log_failure_msg "Foreground specified, but $SUPERVISORNAME not found"
    if [ "$1" = "status" ]; then
      # program or service status is unknown
      exit 4;
    else
      # program is not configured correctly
      exit 6;
    fi
  else
     RUN_SUPERVISED=1
  fi
fi

[ -n "$User" ] || User=clamav
[ -n "$DataBaseDirectory" ] || DataBaseDirectory=/var/lib/clamav

make_dir "$DataBaseDirectory"
make_dir $(dirname "$SUPERVISORPIDFILE")

if [ -z "$RUN_SUPERVISED" ]; then
 THEPIDFILE="$PidFile"
 THEDAEMON="$NAME"
 RELOAD="1"
else
 THEPIDFILE="$SUPERVISORPIDFILE"
 THEDAEMON="$SUPERVISORNAME"
 RELOAD="0"
fi

if [ -z "$THEPIDFILE" ]
then
  # Set the default PidFile.
# THEPIDFILE='/run/clamav/clamd.pid'
   THEPIDFILE='/var/lib/clamav/clamd.pid
fi

make_dir $(dirname "$THEPIDFILE")
chown $User $(dirname "$THEPIDFILE")

case "$1" in
  start)
  # Check for database existance (start will fail if it's missing)
  for db in main daily; do
    if [ ! -e "$DATABASEDIR"/"$db".cvd ] && [ ! -d "$DATABASEDIR"/"$db".inc ] && [ ! -e "$DATABASEDIR"/"$db".cld ]; then
      log_failure_msg "Clamav signatures not found in $DATABASEDIR"
      log_failure_msg "Please retrieve them using freshclam"
      log_failure_msg "Then run '/etc/init.d/clamav-daemon start'"
      # this is expected on a fresh installation
      exit 0
    fi
  done
  if [ -z "$RUN_SUPERVISED" ] ; then
    log_daemon_msg "Starting $DESC" "$NAME "
    start-stop-daemon --start --oknodo -c $User --exec $DAEMON --pidfile $THEPIDFILE -- -c $CLAMAVCONF --pid=$THEPIDFILE
    ret=$?
  else
    log_daemon_msg "Starting $DESC" "$NAME (supervised) "
    $SUPERVISOR $SUPERVISORARGS
    ret=$?
  fi
  log_end_msg $ret
  ;;
  stop)
  log_daemon_msg "Stopping $DESC" "$NAME"
  start-stop-daemon --stop --oknodo --name $THEDAEMON --pidfile $THEPIDFILE --retry TERM/30/KILL/5
  log_end_msg $?
  ;;
  status)
  start-stop-daemon --status --name $THEDAEMON --pidfile $THEPIDFILE
  # start-stop-daemon returns LSB compliant exit status codes
  ret=$?
  if [ "$ret" = 0 ]; then
      log_success_msg "$NAME is running"
  else
      log_failure_msg "$NAME is not running"
      exit "$ret"
  fi
  ;;
  restart|force-reload)
  $0 stop
  $0 start
  ;;
  reload-database)
  if [ "$RELOAD" = "1" ]; then
    log_daemon_msg "Reloading database for $DESC" "$NAME"
    pkill -USR2 -F $THEPIDFILE $THEDAEMON 2>/dev/null
    log_end_msg $?
  else
    log_failure_msg "reload-database does not work in supervised mode."
    # unimplemented feature
    exit 3
  fi
  ;;
  reload-log)
  if [ "$RELOAD" = "1" ]; then
    log_daemon_msg "Reloading log file for $DESC" "$NAME"
    pkill -HUP -F $THEPIDFILE $THEDAEMON 2>/dev/null
  else
    log_failure_msg "reload-log does not work in supervised mode."
    # unimplemented feature
    exit 3
  fi
  log_end_msg $?
  ;;
  *)
  log_action_msg "Usage: $0 {start|stop|restart|force-reload|reload-log|reload-database|status}" >&2
  # invalid arguments
  exit 2
  ;;
esac

exit 0

Should I manually make a change in the /etc/init.d/clamav-daemon file?

I am facing a very similar if not identical problem. Detailed here:

http://serverfault.com/questions/798587/debian-8-cant-get-clamav-to-listen-on-tcp-3310

except that I only get /var/run/clamav/clamd.ctl and no pid file.

Relevant config from clamd.conf is:

TCPSocket 3310
TCPAddr localhost
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666

I can get it started using:

/usr/sbin/clamd -c /etc/clamav/clamd.conf

if I comment out the following in /etc/clamd/clamd.conf:

#LocalSocket /var/run/clamav/clamd.ctl
#FixStaleSocket true

but it fails when using:

service clamav-daemon start

I'm experiencing the same issue on a brand new install of 16.04.

I had to add directly to clamav-daemon.socket
[Socket]
ListenStream=/run/clamav/clamd.ctl
ListenStream=xx.xx.xx.xx:3310
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True

This did not work when i added it to extend.conf

Here is what I've discovered I have to do to get SA and Clamd running after a restart:

1) sudo /etc/init.d/spamassassin restart
2) sudo service clamav-daemon stop
3) sudo /usr/sbin/clamd -c /etc/clamav/clamd.conf

That will write the clamd.pid and the clamd.socket file to /var/lib/clamav which is what I have set in my clamd.conf file

5 Aug 31 17:19 clamd.pid
0 Aug 31 17:19 clamd.socket

When starting at boot you have these lines:

Aug 31 17:01:45 localhost clamd[2224]: TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Aug 31 17:01:45 localhost clamd[2224]: LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.

However when shutting the service down and starting as I've shown above you have:

Aug 31 17:19:10 localhost systemd[1]: Stopping Clam AntiVirus userspace daemon...
Aug 31 17:19:10 localhost clamd[2224]: Waiting for all threads to finish
Aug 31 17:19:10 localhost clamd[2224]: Waiting for all threads to finish
Aug 31 17:19:11 localhost clamd[2224]: Pid file removed.
Aug 31 17:19:11 localhost clamd[2224]: --- Stopped at Wed Aug 31 17:19:11 2016
Aug 31 17:19:11 localhost clamd[2224]: Pid file removed.
Aug 31 17:19:11 localhost clamd[2224]: --- Stopped at Wed Aug 31 17:19:11 2016
Aug 31 17:19:11 localhost systemd[1]: Stopped Clam AntiVirus userspace daemon.
Aug 31 17:19:11 localhost systemd[1]: Closed Socket for Clam AntiVirus userspace daemon.
Aug 31 17:19:11 localhost systemd[1]: Stopped Clam AntiVirus userspace daemon.

Aug 31 17:19:30 localhost clamd[8003]: Received 0 file descriptor(s) from systemd.
Aug 31 17:19:30 localhost clamd[8003]: clamd daemon 0.99 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Aug 31 17:19:30 localhost clamd[8003]: Running as user clamav (UID 121, GID 130)
Aug 31 17:19:30 localhost clamd[8003]: Log file size limited to 2097152bytes.
Aug 31 17:19:30 localhost clamd[8003]: Reading databases from /var/lib/clamav
Aug 31 17:19:30 localhost clamd[8003]: Bytecode: Security mode set to "TrustSigned".
Aug 31 17:19:43 localhost clamd[8003]: Loaded 5014512 signatures.
Aug 31 17:19:44 localhost clamd[8003]: TCP: Bound to [127.0.0.1]:3310
Aug 31 17:19:44 localhost clamd[8003]: TCP: Setting connection queue length to 200
Aug 31 17:19:44 localhost clamd[8003]: LOCAL: Removing stale socket file /var/lib/clamav/clamd.socket
Aug 31 17:19:44 localhost clamd[8003]: LOCAL: Unix socket file /var/lib/clamav/clamd.socket

My conclusion is that something is wrong with the init files that start SA and Clamd on boot

I have this issue too, which didn't seem to affect the functionality of clamav, however, the recent upgrade of the daemon fails consistently as it cannot stop or start the daemon. I have submitted a request for help and reported the upgrade bug.

FWIW, sorry i should not have clicked answer. This problem still exists
for me, the suggesting has worked as a workaround for a couple server
installs and is now my default hack, but IMO, this is still an issue as
reported above.

Jeff

On Mon, Sep 5, 2016 at 9:08 AM, Alan <email address hidden>
wrote:

> Question #357500 on clamav in Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/clamav/+question/357500
>
> Alan posted a new comment:
> I have this issue too, which didn't seem to affect the functionality of
> clamav, however, the recent upgrade of the daemon fails consistently as
> it cannot stop or start the daemon. I have submitted a request for help
> and reported the upgrade bug.
>
> --
> You received this question notification because you are subscribed to
> the question.
>

was this fix with the latest upgrades for anyone, i took the new configs and it is running after an apt-get dist-upgrade and taking the maintainers configurations over my previously edited ones.

Hi jd,

Not entirely sure of the context of your question - I took the latest upgrade to clamd on the upgrade release date, and it crashed as above description from that point on.

It still crashes on every attempt to perform apt-get upgrade, apt-get dist-upgrade, apt-get autoclean or apt-get autoremove.

cheers
Alan

Thanks Alan, it was not a question exactly other than, did the upgrade work for others? As it seemed to clean up my issues. i'll have to check my configs and report if any of the changes are still there.

Thanks,
Jeff

More data.

I've been working around the issues of the clamav-daemon start issue, which seems to be involved in this issue.

I tried this:

Wed Sep 07 18:09 /home/alan => sudo service clamav-daemon start
Failed to start clamav-daemon.socket: Unit clamav-daemon.socket is not loaded properly: Invalid argument.
See system logs and 'systemctl status clamav-daemon.socket' for details.
Failed to start clamav-daemon.service: Unit clamav-daemon.socket is not loaded properly: Invalid argument.
See system logs and 'systemctl status clamav-daemon.service' for details.

Si I tried this:

Wed Sep 07 18:10 /home/alan => systemctl status clamav-daemon.socket
● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
   Loaded: error (Reason: Invalid argument)
  Drop-In: /etc/systemd/system/clamav-daemon.socket.d
           └─extend.conf
   Active: inactive (dead)
     Docs: man:clamd(8)
           man:clamd.conf(5)
           http://www.clamav.net/lang/en/doc/

Sep 07 17:54:31 DALEK-UB systemd[1]: [/etc/systemd/system/clamav-daemon.socket.d/extend.conf:4] Failed to parse address value, i
Sep 07 17:54:31 DALEK-UB systemd[1]: clamav-daemon.socket: Unit lacks Listen setting. Refusing.
Sep 07 17:54:32 DALEK-UB systemd[1]: [/etc/systemd/system/clamav-daemon.socket.d/extend.conf:4] Failed to parse address value, i
Sep 07 17:54:32 DALEK-UB systemd[1]: clamav-daemon.socket: Unit lacks Listen setting. Refusing.
lines 1-13/13 (END)

Does this information shed any light?

No after the upgrade on the 1st of Sept it still does not work. I did a restart after the upgrade to test this:

2016-09-01 07:45:28 was the update time

Sep 1 08:12:24 localhost clamd[2222]: Loaded 4992081 signatures.
Sep 1 08:12:27 localhost gnome-session[3483]: openConnection: connect: No such file or directory
Sep 1 08:12:27 localhost gnome-session[3483]: cannot connect to brltty at :0
Sep 1 08:12:28 localhost clamd[2222]: TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd. <------------
Sep 1 08:12:28 localhost clamd[2222]: LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd. <----------------
Sep 1 08:12:28 localhost clamd[2222]: Limits: Global size limit set to 52428800 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: File size limit set to 26214400 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Recursion level limit set to 16.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Files limit set to 10000.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Core-dump limit is 0.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxPartitions limit set to 50.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxIconsPE limit set to 100.
Sep 1 08:12:28 localhost clamd[2222]: Limits: PCREMatchLimit limit set to 10000.
Sep 1 08:12:28 localhost clamd[2222]: Limits: PCRERecMatchLimit limit set to 5000.
Sep 1 08:12:28 localhost clamd[2222]: Limits: PCREMaxFileSize limit set to 26214400.
Sep 1 08:12:28 localhost clamd[2222]: Archive support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Algorithmic detection enabled.
Sep 1 08:12:28 localhost clamd[2222]: Portable Executable support enabled.
Sep 1 08:12:28 localhost clamd[2222]: ELF support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Mail files support enabled.
Sep 1 08:12:28 localhost clamd[2222]: OLE2 support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Global size limit set to 52428800 bytes.
Sep 1 08:12:28 localhost clamd[2222]: PDF support enabled.
Sep 1 08:12:28 localhost clamd[2222]: SWF support enabled.
Sep 1 08:12:28 localhost clamd[2222]: HTML support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Heuristic: precedence enabled
Sep 1 08:12:28 localhost clamd[2222]: Self checking every 600 seconds.
Sep 1 08:12:28 localhost clamd[2222]: Limits: File size limit set to 26214400 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Recursion level limit set to 16.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Files limit set to 10000.
Sep 1 08:12:28 localhost clamd[2222]: Limits: Core-dump limit is 0.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxPartitions limit set to 50.
Sep 1 08:12:28 localhost clamd[2222]: Limits: MaxIconsPE limit set to 100.
Sep 1 08:12:28 localhost clamd[2222]: Limits: PCREMatchLimit limit set to 10000.
Sep 1 08:12:28 localhost clamd[2222]: Limits: PCRERecMatchLimit limit set to 5000.
Sep 1 08:12:28 localhost clamd[2222]: Limits: PCREMaxFileSize limit set to 26214400.
Sep 1 08:12:28 localhost clamd[2222]: Archive support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Algorithmic detection enabled.
Sep 1 08:12:28 localhost clamd[2222]: Portable Executable support enabled.
Sep 1 08:12:28 localhost clamd[2222]: ELF support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Mail files support enabled.
Sep 1 08:12:28 localhost clamd[2222]: OLE2 support enabled.
Sep 1 08:12:28 localhost clamd[2222]: PDF support enabled.
Sep 1 08:12:28 localhost clamd[2222]: SWF support enabled.
Sep 1 08:12:28 localhost clamd[2222]: HTML support enabled.
Sep 1 08:12:28 localhost clamd[2222]: Heuristic: precedence enabled
Sep 1 08:12:28 localhost clamd[2222]: Self checking every 600 seconds.
Sep 1 08:12:28 localhost clamd[2222]: Listening daemon: PID: 2222
Sep 1 08:12:28 localhost clamd[2222]: MaxQueue set to: 100
Sep 1 08:12:28 localhost clamd[2222]: Listening daemon: PID: 2222
Sep 1 08:12:28 localhost clamd[2222]: MaxQueue set to: 100

Not only does clamd not start on boot but neither does spamassassin which on my machine calls clam to scan each message. For instance a portion of a message header between the above time and the below time shows neither is running

Return-path: <email address hidden>
X_cmae_category: , ,

However, after stopping and restarting clamav by these two command

sudo service clamav-daemon stop
sudo /usr/sbin/clamd -c /etc/clamav/clamd.conf

You can see it now works. I also have to do a sudo /etc/init.d/spamassassin restart because it's also not started on boot

Return-path: <email address hidden>
X-spam-checker-version: SpamAssassin 3.4.1 (2015-04-28) on localhost
X-spam-level: *
X-spam-virus: No

Sep 1 09:46:20 localhost clamd[19600]: Received 0 file descriptor(s) from systemd.
Sep 1 09:46:20 localhost clamd[19600]: clamd daemon 0.99 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 1 09:46:20 localhost clamd[19600]: Running as user clamav (UID 121, GID 130)
Sep 1 09:46:20 localhost clamd[19600]: Log file size limited to 2097152bytes.
Sep 1 09:46:20 localhost clamd[19600]: Reading databases from /var/lib/clamav
Sep 1 09:46:20 localhost clamd[19600]: Bytecode: Security mode set to "TrustSigned".
Sep 1 09:46:34 localhost clamd[19600]: Loaded 4992081 signatures.
Sep 1 09:46:38 localhost clamd[19600]: TCP: Bound to [127.0.0.1]:3310
Sep 1 09:46:38 localhost clamd[19600]: TCP: Setting connection queue length to 200
Sep 1 09:46:38 localhost clamd[19600]: LOCAL: Unix socket file /var/lib/clamav/clamd.socket
Sep 1 09:46:38 localhost clamd[19600]: LOCAL: Setting connection queue length to 200
Sep 1 09:46:38 localhost clamd[19613]: Limits: Global size limit set to 52428800 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: File size limit set to 26214400 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: Recursion level limit set to 16.
Sep 1 09:46:38 localhost clamd[19613]: Limits: Files limit set to 10000.
Sep 1 09:46:38 localhost clamd[19613]: Limits: Core-dump limit is 0.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxPartitions limit set to 50.
Sep 1 09:46:38 localhost clamd[19613]: Limits: MaxIconsPE limit set to 100.
Sep 1 09:46:38 localhost clamd[19613]: Limits: PCREMatchLimit limit set to 10000.
Sep 1 09:46:38 localhost clamd[19613]: Limits: PCRERecMatchLimit limit set to 5000.
Sep 1 09:46:38 localhost clamd[19613]: Limits: PCREMaxFileSize limit set to 26214400.
Sep 1 09:46:38 localhost clamd[19613]: Archive support enabled.
Sep 1 09:46:38 localhost clamd[19613]: Algorithmic detection enabled.
Sep 1 09:46:38 localhost clamd[19613]: Portable Executable support enabled.
Sep 1 09:46:38 localhost clamd[19613]: ELF support enabled.
Sep 1 09:46:38 localhost clamd[19613]: Mail files support enabled.
Sep 1 09:46:38 localhost clamd[19613]: OLE2 support enabled.
Sep 1 09:46:38 localhost clamd[19613]: PDF support enabled.
Sep 1 09:46:38 localhost clamd[19613]: SWF support enabled.
Sep 1 09:46:38 localhost clamd[19613]: HTML support enabled.
Sep 1 09:46:38 localhost clamd[19613]: Heuristic: precedence enabled
Sep 1 09:46:38 localhost clamd[19613]: Self checking every 600 seconds.
Sep 1 09:46:38 localhost clamd[19613]: Listening daemon: PID: 19613
Sep 1 09:46:38 localhost clamd[19613]: MaxQueue set to: 100

Hi,

I finally bit the bullet on this one and resolv4ed the issue using brute force and ignorance - i.e. using Synaptic package manager I removed everything related to Clamav, including all configuration files.

Following reboot, again using Synaptic Package manager I reinstalled the Clam system, carefully checking that dependencies and package issues were resolved before installation.
I then reconfigured the ClamAV daemon using:

sudo dpkg-reconfigure clamav-daemon

and accepted all defaults EXCEPT I specified TCP sockets rather than UNIX sockets.

My clam system is now fully working, including scanning of emails and attachments.

I hope this helps.

Hello,

As much as i wanted to avoid this, on one server I completely removed the clam as @Alan mentioned and reinstalled on the second server i simply ran the sudo dpkg-reconfigure clamav-daemon (which i could have sworn i did in the past) and wiped out any configuration i had that was different than it was about to install, when prompted, both solutions worked.

I don't think this is the solution to the problem, but can likely get folks around the issues they are having. As i would still like to be able to rebuild this with salt on new machines. For now, i'm going to copy the configs to my pillars and hope/see if it works on the next one.

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

closing this due to expiration is unfortunate, b/c the fix is "the apt-get install is not good enough...sometimes, so clean, restart and try again"

It is unfortunate since the problem has never been fixed. However, my work around is that on boot this is run as a cronjob:

sudo /etc/init.d/spamassassin restart && sudo service clamav-daemon stop && sudo /usr/sbin/clamd -c /etc/clamav/clamd.conf && sudo service clamav-freshclam start

I'm not sure if the last command is needed but I leave nothing to chance. Haven't had any issues with it being started this way and it beats having to do the commands manually.

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Just set up a new laptop with Ubuntu 16.04.3 and had this same issue.
I didn't need the socket, but did need TCP so emails could be checked.
The solution was to remove the ip/host from ListenStream in /etc/systemd/system/clamav-daemon.socket.d/extend.conf
After removing the ip it looks like this:

[Socket]
ListenStream=
SocketUser=clamav
ListenStream=3310

Then adjust systemd to load the changes:

systemctl daemon-reload

Then start clamd:

service clamav-daemon start