Re: [Pkg-clamav-devel] Initial start of clamav-daemon

2016-05-07 Thread Sebastian Andrzej Siewior 
On 2016-04-22 18:31:10 [+0200], Dilyan Palauzov wrote:
> Hello,
Hi,

> My understanding is that during service start ConditionPathExistsGlob is
> checked once and if it fails, it is not retried, contrary to something like
> ExecStartPre=/bin/bash -c 'while ! [ -s /var/lib/clamav/main.inc -o -s
> /var/lib/clamav/main.cvd -o -s /var/lib/clamav/main.cld ) -a  ( -s
> /var/lib/clamav/daily.inc -o -s /var/lib/clamav/daily.cvs -o -s
> /var/lib/clamav/daily.cld ] ; do sleep 1 ; done ' .

I kind of don't like this.

> For the mentioned reasons with the current configuration clamd is not going
> to start automatically, once freshclam has downloaded all the files.
> 
> I propose removing the ConditionPathExistsGlob from
> clamav-daemon.s(ervice,ocket). Then, once freshclam is ready, it will notify
> clamd over the socket, systemd will start clamd because of
> clamav-daemon.socket  and everything is fine.  If somebody tries to contact
> the socket before freshclam is ready, and clamd starts and fails due to
> missing databases, we have the current situation: in order to start clamd,
> it has to be restarted manually, once the databases have been downloaded.
> So removing ConditionPathExistsGlob is an improvement, as it boots the
> system correctly in more cases, than now.

Now that I had the time to look at this. Removing the glob from socket
could bring #775458. Not sure if we get the same behaviour if we remove
the glob from both.
I just tried this on my Jessie VM and I don't see the problem:
install both, start the daemon:
|root@deb8i386:~# systemctl status clamav-daemon.service
|● clamav-daemon.service - Clam AntiVirus userspace daemon
|   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
|   Active: inactive (dead) since Sat 2016-05-07 16:04:03 CEST; 2min 3s ago
|   start condition failed at Sat 2016-05-07 16:04:29 CEST; 1min 37s ago
|   ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not 
met
| Docs: man:clamd(8)
|   man:clamd.conf(5)
|   http://www.clamav.net/lang/en/doc/
|  Process: 1919 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, 
status=0/SUCCESS)
| Main PID: 1919 (code=exited, status=0/SUCCESS)

does not work yet. Wait for freshclam. Try start again and then:
|root@deb8i386:~# systemctl status clamav-daemon.service
|● clamav-daemon.service - Clam AntiVirus userspace daemon
|   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
|   Active: active (running) since Sat 2016-05-07 16:06:09 CEST; 1s ago
| Docs: man:clamd(8)
|   man:clamd.conf(5)
|   http://www.clamav.net/lang/en/doc/
| Main PID: 1972 (clamd)
|   CGroup: /system.slice/clamav-daemon.service
|   └─1972 /usr/sbin/clamd --foreground=true

This problem of manual start is only there after a fresh install. On
SystemV we print a warning/error message so the user does a manual start.
Maybe we should do the same for SystemD or document it better.

Now you have just the pain start it manually once freshclam is done.
If we would allow to start clamd with an empty database then you would
have your auto trigger from freshclam. And what about exim/postfix
asking for the socket to scan something? I *think* we could reject them
until the dabase is available. After all the system is not yet properly
setup. All requested for the socket would be rejected anyway.

> Greetings
>   Dilian

Sebastian

___
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel

Re: [Pkg-clamav-devel] Initial start of clamav-daemon

2016-04-27 Thread Dilyan Palauzov 

Hello,

if there is nothing in /var/lib/clamav this happens:

root@debian-vm:/var/lib/clamav# clamd
LibClamAV Error: cli_loaddbdir(): No supported database files found in 
/var/lib/clamav

ERROR: Can't open file or directory


and clamd 0.99 is not forked.

Anyway, there is no difference between "not starting clamd because 
ConditionPathExistsGlob said so" and "not starting clamd because 
/var/lib/clamav is emtpy", except that in the latter case using socket 
activation, freshclam can start clamd by writing to the common socket.




On 04/24/16 20:59, Scott Kitterman wrote:

On April 24, 2016 1:59:24 PM EDT, Sebastian Andrzej Siewior 
 wrote:

On 2016-04-22 18:31:10 [+0200], Dilyan Palauzov wrote:

Hello,

Hi,


I propose removing the ConditionPathExistsGlob from
clamav-daemon.s(ervice,ocket). Then, once freshclam is ready, it will

notify

clamd over the socket, systemd will start clamd because of
clamav-daemon.socket  and everything is fine.  If somebody tries to

contact

the socket before freshclam is ready, and clamd starts and fails due

to

missing databases, we have the current situation: in order to start

clamd,

it has to be restarted manually, once the databases have been

downloaded.

So removing ConditionPathExistsGlob is an improvement, as it boots

the

system correctly in more cases, than now.

This does not sound that bad. I am not sure at the time of writting but
I
*think* that we could start clamd without signatures (which is what you
suggests).

I don't believe we can.  If libclamav doesn't find signatures when initialized, 
my recollection is that it errors out.

Scott K



___
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel

Re: [Pkg-clamav-devel] Initial start of clamav-daemon

2016-04-24 Thread Scott Kitterman 
On April 24, 2016 1:59:24 PM EDT, Sebastian Andrzej Siewior 
 wrote:
>On 2016-04-22 18:31:10 [+0200], Dilyan Palauzov wrote:
>> Hello,
>Hi,
>
>> I propose removing the ConditionPathExistsGlob from
>> clamav-daemon.s(ervice,ocket). Then, once freshclam is ready, it will
>notify
>> clamd over the socket, systemd will start clamd because of
>> clamav-daemon.socket  and everything is fine.  If somebody tries to
>contact
>> the socket before freshclam is ready, and clamd starts and fails due
>to
>> missing databases, we have the current situation: in order to start
>clamd,
>> it has to be restarted manually, once the databases have been
>downloaded.
>> So removing ConditionPathExistsGlob is an improvement, as it boots
>the
>> system correctly in more cases, than now.
>
>This does not sound that bad. I am not sure at the time of writting but
>I
>*think* that we could start clamd without signatures (which is what you
>suggests).

I don't believe we can.  If libclamav doesn't find signatures when initialized, 
my recollection is that it errors out.

Scott K

___
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel

Re: [Pkg-clamav-devel] Initial start of clamav-daemon

2016-04-24 Thread Sebastian Andrzej Siewior 
On 2016-04-22 18:31:10 [+0200], Dilyan Palauzov wrote:
> Hello,
Hi,

> I propose removing the ConditionPathExistsGlob from
> clamav-daemon.s(ervice,ocket). Then, once freshclam is ready, it will notify
> clamd over the socket, systemd will start clamd because of
> clamav-daemon.socket  and everything is fine.  If somebody tries to contact
> the socket before freshclam is ready, and clamd starts and fails due to
> missing databases, we have the current situation: in order to start clamd,
> it has to be restarted manually, once the databases have been downloaded.
> So removing ConditionPathExistsGlob is an improvement, as it boots the
> system correctly in more cases, than now.

This does not sound that bad. I am not sure at the time of writting but I
*think* that we could start clamd without signatures (which is what you
suggests).
Unless Andreas comes up with something different / better I would try your
way.
I am traveling the next week so I don't when I get to it. Am I assuming
correct that this affects stable+?

> Greetings
>   Dilian

Sebastian

___
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel

[Pkg-clamav-devel] Initial start of clamav-daemon

2016-04-22 Thread Dilyan Palauzov 

Hello,

on a fresh installed Debian Jessie with systemd and all packages 
updated, I call "apt-get install clamav-daemon".  Then systemctl status 
clamav-daemon.socket shows:


● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.socket.d
   └─extend.conf
   Active: inactive (dead)
   start condition failed at Fri 2016-04-22 17:00:29 CEST; 
16min ago

 Docs: man:clamd(8)
   man:clamd.conf(5)
   http://www.clamav.net/lang/en/doc/
   Listen: /var/run/clamav/clamd.ctl (Stream)

and systemctl status clamav-daemon.service prints:
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
   Active: inactive (dead)
   start condition failed at Fri 2016-04-22 17:00:23 CEST; 
16min ago

 Docs: man:clamd(8)
   man:clamd.conf(5)
   http://www.clamav.net/lang/en/doc/

systemctl show clamav-daemon.socket emits
  ListenStream=/var/run/clamav/clamd.ctl

The directory /var/run/clamav does not exist, despite systemd.socket.xml 
in systemd v215, coming with Jessie, states under DirectoryMode= that if 
listening on a file system socket the parent directories are 
automatically created if needed.


Restarting the system and calling the show commands above, adds after 
"start condition failed" the text 
"ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not 
met".  Indeed, freshclam has not downloaded yet the signatures and the 
CondtionPathExistsGlob is added by 
clamav_0.99+dfsg-0+deb8u2.debian.tar.xz:debian/patches/Add-upstream-systemd-support.patch 
.


Reinstalling the system again, waiting for freshclam to download all the 
signatures, issuing the two show commands prints still the text above: 
(unnamed) start condition failed.  After restarting the system, 
following successful download of all the signatures by freshclam, 
everything works as expected.


My understanding is that during service start ConditionPathExistsGlob is 
checked once and if it fails, it is not retried, contrary to something 
like ExecStartPre=/bin/bash -c 'while ! [ -s /var/lib/clamav/main.inc -o 
-s /var/lib/clamav/main.cvd -o -s /var/lib/clamav/main.cld ) -a  ( -s 
/var/lib/clamav/daily.inc -o -s /var/lib/clamav/daily.cvs -o -s 
/var/lib/clamav/daily.cld ] ; do sleep 1 ; done ' .


For the mentioned reasons with the current configuration clamd is not 
going to start automatically, once freshclam has downloaded all the files.


I propose removing the ConditionPathExistsGlob from 
clamav-daemon.s(ervice,ocket). Then, once freshclam is ready, it will 
notify clamd over the socket, systemd will start clamd because of 
clamav-daemon.socket  and everything is fine.  If somebody tries to 
contact the socket before freshclam is ready, and clamd starts and fails 
due to missing databases, we have the current situation: in order to 
start clamd, it has to be restarted manually, once the databases have 
been downloaded.  So removing ConditionPathExistsGlob is an improvement, 
as it boots the system correctly in more cases, than now.


Greetings
  Dilian

___
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel