Package: clamav-daemon
Version: 0.102.4+dfsg-0+deb10u1
Severity: normal
Hi,
when I install clamav-daemon for the first time, the daemon fails to
start. This is intentional, as per the systemd unit file (see below),
but I think the logic is wrong:
The logic is that if there is no database file, clamav-daemon should not
run. However, on first start, there can be no database file, so as a
side effect, while eg. (in my case) clamav-freshclam is trying to fetch
a database, the service just exits and doesn't come back automatically.
In my opinion, this is highly counterintuitive. Instead, the daemon
should start and tell everyone that it can't scan anything, due to the
lack of a database, but automatically resume normal operation as soon as
clamav-freshclam has done it's job and installed a virus database,
instead of requiring (manual?) intervention to start the service.
The offending lines in
/etc/system/multi-user.target.wants/clamav-daemon.service
are:
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
While I am at it, maybe some "restart on failure" mechanism should also
be included?
Thanks,
Toni
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.102.4
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2
LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 17:12:33 2019
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 13:56:15 2019
daily.cld: version 26036, sigs: 4294776, built on Sat Jan 2 12:37:26 2021
Total number of signatures: 8859772
Platform information
--------------------
uname: Linux 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 10 (buster)
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a2173730800000000080300
Build information
-----------------
GNU C: 8.3.0 (8.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=/usr/include' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu'
'--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run'
'--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2
-fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g
-O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed'
'--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav'
'--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson'
'--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld'
'--with-systemdsystemunitdir=/lib/systemd/system'
'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2
-fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=.
-fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 8
Engine flevel: 115, dconf: 115
--- data dir ---
total 639944
-rw-r--r-- 1 clamav clamav 1458176 Sep 21 2019 bytecode.cld
drwxr-xr-x 1 clamav clamav 0 Dec 28 2018
clamav-ab0b535c5c083663f78086a52d36ee5e.tmp
-rw-r--r-- 1 clamav clamav 346435072 Jan 2 13:41 daily.cld
-rw-r--r-- 1 clamav clamav 307403264 Nov 25 2019 main.cld
-rw------- 1 clamav clamav 384 Feb 8 2020 mirrors.dat
-- System Information:
Debian Release: 10.7
APT prefers stable
APT policy: (990, 'stable'), (500, 'proposed-updates'), (90, 'testing'), (70,
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-13-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.118
ii clamav-base 0.102.4+dfsg-0+deb10u1
ii clamav-freshclam [clamav-data] 0.102.4+dfsg-0+deb10u1
ii debconf [debconf-2.0] 1.5.71
ii dpkg 1.19.7
ii libc6 2.28-10
ii libclamav9 0.102.4+dfsg-0+deb10u1
ii libcurl4 7.64.0-4+deb10u1
ii libncurses6 6.1+20181013-2+deb10u2
ii libssl1.1 1.1.1d-0+deb10u4
ii libsystemd0 241-7~deb10u5
ii libtinfo6 6.1+20181013-2+deb10u2
ii lsb-base 10.2019051400
ii procps 2:3.3.15-2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 0.102.4+dfsg-0+deb10u1
Versions of packages clamav-daemon suggests:
ii apparmor 2.13.2-10
pn clamav-docs <none>
ii daemon 0.6.4-1+b2
pn libclamunrar <none>
-- debconf information excluded
