When the clamd service gets started, it uses 100% CPU and doesn't start up completely with: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: No such file or directory ERROR: Can't unlink the socket file /var/run/clamav/clamd.sock If /var/run/clamav/ is being created manually, it gets deleted during a system reboot (using CentOS 7) and the same error occures again which prevents clamd from starting. OS: CentOS 7 Packages: clamav-data-0.99-2.el7.noarch, clamav-lib-0.99-2.el7.x86_64, clamav-filesystem-0.99-2.el7.noarch, clamav-server-0.99-2.el7.x86_64, clamav-update-0.99-2.el7.x86_64 Fix: The issue can be resolved by creating the required folders via ExecStartPre by modifying the SystemD script in /lib/systemd/system/clamd.service. So the SystemD script bundled with your clamav packages should be updated to the below: [Unit] Description = clamd scanner (clamd) daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStartPre = /usr/bin/mkdir /var/run/clamav ExecStartPre = /usr/bin/chown -R clam.clam /var/run/clamav ExecStart = /usr/sbin/clamd -c /etc/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Update: Sorry, to prevent startup errors complaining that /var/run/clamav already exists, the SystemD script has look like below: [Unit] Description = clamd scanner (clamd) daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStartPre = /usr/bin/mkdir /var/run/clamav ExecStartPre = /usr/bin/chown -R clam.clam /var/run/clamav ExecStart = /usr/sbin/clamd -c /etc/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Wrong copy & paste, damn it. Here you go. Note the "-p" for mkdir. [Unit] Description = clamd scanner (clamd) daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStartPre = /usr/bin/mkdir -p /var/run/clamav ExecStartPre = /usr/bin/chown -R clam.clam /var/run/clamav ExecStart = /usr/sbin/clamd -c /etc/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Fast fix this issue: Run: systemctl edit clamd.service And paste: [Service] ExecStartPre = /bin/install -m 755 -o clam -g clam -d /var/run/clamav Not shure about mode 755, but it work 100%.
FWIW - clamav-scanner ships a working clamd-server configuration. If you want /var/run/clamav created at boot, create a /etc/tmpfiles.d/clamav.conf file with: d /var/run/clamav 0710 clam clam
@Orion Poplawski, this doesn't work, it results in a permission error. I tried using 0755 in /etc/tmpfiles.d/clamav.conf to create the /var/run/clamav directory at startup, but even though this resolves the permission error we're back to square one with: clamd: unable to connect to UNIX socket (/var/run/clamav/clamd.sock): No such file or directory .. it still doesn't create the socket file this way. I tested this with several reboots.
Ok the latest issue was actually caused by the removal of --nofork option with the latest RHEL7 package. That's how it works now: 1.) Make sure that there's no "--nofork=yes" option set in /lib/systemd/system/clamd.service 2.) Create a /etc/tmpfiles.d/clamav.conf file with the below content: d /var/run/clamav 0755 clam clam 3.) Reboot. It would be appreciated if the responsible package maintainers could look into this. I reported this bug a while ago and there's still no proper fix for it. I can hardly use clamd in production because it breaks after literally every package update.