clamonacc

Hi,
I have been learning how to get realtime scanning using ClamAV. The official website gives a simple tutorial which I followed and got working. The only problem is that I need to run a command as root at boot time “/usr/bin/clamonacc” as well as the clamd service. I am struggling to find out how to start clamonacc with every boot.

Could some one please point me in the right direction?

Thanks

Are you realy sure you want to use an anti-virus program on Linux? And what for?

Hi yes, I am sure. It is for a SMB share. Rather capture the problem at source than rely on Windows to catch a problem.

OK, I understand. Using Linux to help your poor Windows users ;).

Hi and welcome to the Forum :slight_smile:
It should be configured to start with clamav (Use Case 0x0)?

Hi,
This is the tutorial I followed and as you can see you need to rum clamonacc. Without this command the on access checking does not happen. Hence my request.

So how do I start a root command during a reboot ?

Hi
Create a systemd service in /etc/systemd/system something like;

# /etc/systemd/system/clamonacc.service
#

[Unit]
Description=Clamav on-access
After=clamav-daemon.service
Wants=clamav-daemon.service
BindsTo=clamav-daemon.service

[Service]
EnvironmentFile=-/etc/default/clamav-onaccess
ExecStartPre=-/sbin/sysctl fs.inotify.max_user_watches=524288
ExecStart=/usr/bin/clamonacc ${CLAMONACC_OPTIONS}

[Install]
WantedBy=multi-user.target

Hi Malcom,
Many thanks for the help, but it didn’t work.
Firstly I changed clamav-daemon.service to clamd.service, as I believe this is the correct service.

The script says it succeeded, but there is no clamonacc running.

This is the report from systemctl status clamonacc.service

clamonacc.service - ClamAV on-access
     Loaded: loaded (/etc/systemd/system/clamonacc.service; enabled; vendor preset: disabled)
     Active: inactive (dead) since Sun 2020-04-26 09:13:58 BST; 5min ago
    Process: 10759 ExecStartPre=/sbin/sysctl fs.inotify.max_user_watches=524288 (code=exited, status=0/SUCCESS)
    Process: 10769 ExecStart=/usr/bin/clamonacc ${CLAMONACC_OPTIONS} (code=exited, status=0/SUCCESS)
   Main PID: 10769 (code=exited, status=0/SUCCESS)

Apr 26 09:13:58 Venus systemd[1]: Starting ClamAV on-access...
Apr 26 09:13:58 Venus sysctl[10759]: fs.inotify.max_user_watches = 524288
Apr 26 09:13:58 Venus systemd[1]: Started ClamAV on-access.
Apr 26 09:13:58 Venus systemd[1]: clamonacc.service: Succeeded.

It seems to load it but the application is dead
This is the output of ps -A | grep clam after reboot


3093 ?        00:00:00 fresh**clam**
8850 ?        00:00:01 **clam**d

When I run clamonacc from the command line I get

 
3093 ?        00:00:00 fresh**clam**
8850 ?        00:00:01 **clam**d
12957 ?        00:00:00 **clam**onacc

and all is well.

I don’t understand a few of the options in your service definition, but will read up a bit more. (eg Environment file and ExecStartPre)

Again thanks for your help.

Hi
The sysctl command was mention in the documentation, is there no environment file in /etc/default/clamav-onaccess or is it in a different location and called something else?

In the service add Type=forking and run systemctl daemon-reload and restart the service. Sounds like it will need some more tweaking…

Hi Malcolm,
I did more digging and did try Type - Forking - no luck.

I don’t think it is a timing issue as if I run the service from the command line after reboot - no luck
But if I run it as just a simple > /usr/bin/clamonacc then it works fine.

I will keep digging.

If I get an answer - I will come back here.:good:

Regards and many thanks

John

Maybe it helps to avoid misunderstandings on what you exactly have when you post the systemd files you use as they are now.

Also, you may be able to catch error messages by adding a 2>/tmp/clamerr to the statement and then see if there is something there.

Hi
By default it will go to the journal, so you could follow that, else just systemctl status will show information as well, then there is the ability to send output in a service file with StandardOutput=

Hi Gents,
I checked the journal


journalctl -e -u clamonacc.service

and I get


Apr 28 10:27:24 Venus systemd[1]: Starting ClamAV on-access...
Apr 28 10:27:24 Venus systemd[1]: Started ClamAV on-access.
Apr 28 10:27:24 Venus sysctl[13240]: fs.inotify.max_user_watches = 524288
Apr 28 10:27:24 Venus systemd[1]: clamonacc.service: Succeeded.

but the clamonacc service does not start…:frowning:

Thanks

Gents,
SOLVED :)lol!

I did more digging and found someone had used service to start clamonacc but they added a -F after the command


ExecStart =/usr/bin/clamonacc -F

When I did this it loads and works as expected.
It looks a bit counter intuitive as running the -F flag indicates an interactive mode to me? :\


**Venus:/etc/systemd/system #** clamonacc --help

           ClamAV: On Access Scanning Application and Client 0.102.2
           By The ClamAV Team: https://www.clamav.net/about.html#credits
           (C) 2020 Cisco Systems, Inc.

    clamonacc [options] [file/directory/-]

    --help                 -h          Show this help
    --version              -V          Print version number and exit
    --verbose              -v          Be verbose
    --log=FILE             -l FILE     Save scanning output to FILE
    --foreground           -F          Output to foreground and do not daemonize
    --watch-list=FILE      -w FILE     Watch directories from FILE
    --exclude-list=FILE   -e FILE     Exclude directories from FILE
    --remove                           Remove infected files. Be careful!
    --move=DIRECTORY                   Move infected files into DIRECTORY
    --copy=DIRECTORY                   Copy infected files into DIRECTORY
    --config-file=FILE                 Read configuration from FILE.
    --allmatch             -z          Continue scanning within file after finding a match.
    --fdpass                           Pass filedescriptor to clamd (useful if clamd is running as a different user)
    --stream                           Force streaming files to clamd (for debugging and unit testing)

**Venus:/etc/systemd/system #** 

Many thanks for your help - I learned quite bit about service.

Regards

The effect is that its parent process (presumably “systemd”) can easily monitor whether it stops/crashes/etc, and can perhaps restart it. I’ve noticed that “systemd” likes to run some services that way.

I know this is an old thread, but as of November 2021 this worked for the current version, which was done thanks to this thread:

[Unit]
Description=Clamav on-access
After=clamd.service
Wants=clamav-onaccess.service
BindsTo=clamav-onaccess.service

[Service]
EnvironmentFile=-/usr/sbin/clamonacc
ExecStart=/usr/sbin/clamonacc
Type=forking
[Install]
WantedBy=multi-user.target