|
|
@@ -24,3 +24,32 @@ See `salt/fileroots/internal_splunk_forwarder/files/TA-clamav/default/inputs.con
|
|
|
|
|
|
See also: [AV-Exceptions in our Github](https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki/AV-Exceptions)
|
|
|
|
|
|
+## 2022-07-15 - ClamAV not running on Ubuntu systems
|
|
|
+
|
|
|
+```
|
|
|
+ Jul 15 18:46:46 vmray-server.pvt.xdr.accenturefederalcyber.com clamd[428814]: Fri Jul 15 18:46:46 2022 -> !LOCAL: Socket file /var/run/clamav/clamd.ctl could not be bound: Permission denied
|
|
|
+```
|
|
|
+(Note: Path may have been `/var/run/clam.d` or something else)
|
|
|
+
|
|
|
+Fixed via:
|
|
|
+```
|
|
|
+sudo apt purge clamav-base clamav-daemon clamav-docs clamav-freshclam clamav clamdscan libclamav9
|
|
|
+sudo userdel --remove clamav
|
|
|
+sudo groupdel clamav
|
|
|
+
|
|
|
+sudo rm -rf /var/log/clamav
|
|
|
+sudo rm -rf /var/lib/clamav
|
|
|
+sudo rm -rf /var/run/clamd.scan
|
|
|
+sudo rm -rf /var/run/{clamav,clamd.scan}
|
|
|
+
|
|
|
+sudo groupadd --system clamav
|
|
|
+sudo useradd --home-dir /var/lib/clamav --inactive -1 -g clamav --no-create-home --no-user-group --system --shell /bin/false clamav
|
|
|
+
|
|
|
+sudo apt install clamav-base clamav-daemon clamav-docs clamav-freshclam clamav clamdscan libclamav9
|
|
|
+```
|
|
|
+
|
|
|
+and then rerun salt state:
|
|
|
+```
|
|
|
+salt vmray\* state.sls clam --output-diff
|
|
|
+```
|
|
|
+
|
Fred Damstra [afs macbook]