/var/run/clamav missing in brand-new installation on LXC

[jsabater]

Hello everyone!

I just installed PMG 7.2 on a LXC with the Debian 11 Bulllseye template in my 4-node Proxmox cluster by using the following command:

apt install libclamunrar p7zip-rar proxmox-mailgateway-container

Then I configured a number of aspects via the Configuration: Mail proxy and Configuration: Certificates menu options in the WebGUI and everything was working fine: the LXC across my cluster were able to send emails through PMG.

Days later I was browsing through the options in the WebGUI and I came across the Administration: Services option and realised that both ClamAV services were stopped:

• clamav-daemon: dead
• clamav-freshclam: failed

So I went to the console and found out this:

~# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/clamav-daemon.service.d
             └─extend.conf
     Active: inactive (dead)
  Condition: start condition failed at Sun 2022-12-11 12:47:02 UTC; 6min ago
             └─ ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} was not met
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/

Dec 11 12:31:13 pmg1 systemd[1]: Condition check resulted in Clam AntiVirus userspace daemon bein/usr/bin/freshclam -d --foreground=trueg skipped.

I checked and systemd is kind of right, the file is not there:

~# ls -lh /var/lib/clamav/
total 58M
-rw-r--r-- 1 clamav clamav 287K Dec 11 12:32 bytecode.cvd
-rw-r--r-- 1 clamav clamav  58M Dec 11 12:31 daily.cvd
-rw-r--r-- 1 clamav clamav   69 Dec 11 12:32 freshclam.dat
drwxr-xr-x 2 clamav clamav 4.0K Dec 11 12:28 tmp.e379d15a85

You will notice the results of a failed attempt at freshclam -v, as suggested in this thread.

This error means that ClamAV wasn't able to download any anti-virus signatures, as far as I've been able to find on the Internet. Then I also checked clamav-freshclam:

~# systemctl status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sun 2022-12-11 12:31:13 UTC; 27min ago
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://docs.clamav.net/
   Main PID: 322 (code=exited, status=2)
        CPU: 9ms

Dec 11 12:31:13 pmg1 systemd[1]: Started ClamAV virus database updater.
Dec 11 12:31:13 pmg1 freshclam[322]: ERROR: Can't save PID to file /var/run/clamav/freshclam.pid: No such file or directory
Dec 11 12:31:13 pmg1 freshclam[322]: Can't save PID to file /var/run/clamav/freshclam.pid: No such file or directory
Dec 11 12:31:13 pmg1 systemd[1]: clamav-freshclam.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Dec 11 12:31:13 pmg1 systemd[1]: clamav-freshclam.service: Failed with result 'exit-code'.

I am not sure who started the fire, but it seems that the configuration directives in the /etc/systemd/system/clamav-daemon.service.d/extend.conf file are not being executed:

[Service]
ExecStartPre=-/bin/mkdir -p /run/clamav
ExecStartPre=/bin/chown clamav /run/clamav

I tried the following solution:

~# systemctl stop clamav-freshclam
~# /usr/bin/freshclam -d --foreground=true
ERROR: Can't save PID to file /var/run/clamav/freshclam.pid: No such file or directory

Then I realised that the first directive in the /etc/systemd/system/clamav-daemon.service.d/extend.conf file has a minus sign after the equals sign, which according to the systemd documentation shouldn't be a problem, but it kept me wondering.

Questions:

1. Is this a problem of the ClamAV Debian packages, so the bug report should be filed there?
2. Which is the recommended course of action?

I've solved the issue by manually running the commands that are present in the /etc/systemd/system/clamav-daemon.service.d/extend.conf and restarting clamav-freshclam. Now I am waiting for the cool-down for the database update and I'll be able to see whether the file /var/lib/clamav/main.cvd has been generated.

I still don't know why the /var/run/clamav folder is not created during runtime, though.

 

[tom]

Please update the clamAV database via GUI (Configuration/Virus detector/ClamAV), afterwards activate incremental download and start the ClamAV service.

Just to note, we also provide a LXC template for the Proxmox Mail Gateway.

 

[jsabater]

Sorry for not getting back earlier (was fighting the Ansible Wars). I tried using the WebGUI but I got this error:

ClamAV update process started at Thu Dec 29 08:13:58 2022
daily database available for update (local version: 26752, remote version: 26764)
Testing database: '/var/lib/clamav//tmp.835c85610e/clamav-74e0358a61356b592d6fe3d4746d6861.tmp-daily.cld' ...
ERROR: Database load killed by signal 9
ERROR: Database test FAILED.
ERROR: Unexpected error when attempting to update daily: Test failed
ERROR: Database update process failed: Test failed
ERROR: Update failed.
TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 8

It is not a huge problem for me right now because we only use this PMG as relayhost (no incoming email), but I will give the LXC template for PMG provided by you guys a try as soon as possible.

Thanks anyway for your help and happy new year!