Thank you for your reply. On Tue, 20 Feb 2018 16:23:16 -0700 Gregory Nowak <g...@gregn.net> wrote: > Is there a specific reason why you're not wanting dpkg to handle the > configuration automatically? Because 1) the clamd.conf defaults installed automatically configure it for systemd; and 2) i want to change some of the default settings for more stringent ones >If no, then I would suggest letting dpkg > do exactly that. the selection of 'no' at the dpkg-reconfigure prompt triggers a tui interface that allows stepwise configuration of the clamd.conf file > If yes, then you'll need to configure clamd.conf by > hand, and start the clamd service. Doing that is going to require a > heck of a lot more than just commenting out the example line. After running into these systemd uncertainties, i tried to apt-get remove --purge clamav-daemon, but the operation failed because clamd.conf was not configured. I uncommented the example line and this allowed the removal to proceed. But following your advice and letting dpkg handle the intallation automatically generates this clamd.conf:
#Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default with environment variables TMPDIR/TMP/TEMP possible User clamav ScanMail true ScanArchive true ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 LogSyslog false LogRotate true LogFacility LOG_LOCAL6 LogClean false LogVerbose false DatabaseDirectory /var/lib/clamav OfficialDatabaseOnly false SelfCheck 3600 Foreground false Debug false ScanPE true MaxEmbeddedPE 10M ScanOLE2 true ScanPDF true ScanHTML true MaxHTMLNormalize 10M MaxHTMLNoTags 2M MaxScriptNormalize 5M MaxZipTypeRcg 1M ScanSWF true DetectBrokenExecutables false ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 CrossFilesystems true PhishingSignatures true PhishingScanURLs true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false PartitionIntersection false DetectPUA false ScanPartialMessages false HeuristicScanPrecedence false StructuredDataDetection false CommandReadTimeout 5 SendBufTimeout 200 MaxQueue 100 ExtendedDetectionInfo true OLE2BlockMacros false ScanOnAccess false AllowAllMatchScan true ForceToDisk false DisableCertCheck false DisableCache false MaxScanSize 100M MaxFileSize 25M MaxRecursion 16 MaxFiles 10000 MaxPartitions 50 MaxIconsPE 100 PCREMatchLimit 10000 PCRERecMatchLimit 5000 PCREMaxFileSize 25M ScanXMLDOCS true ScanHWP3 true MaxRecHWP3 16 StatsEnabled false StatsPEDisabled true StatsHostID auto StatsTimeout 10 StreamMaxLength 25M LogFile /var/log/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 Bytecode true BytecodeSecurity TrustSigned BytecodeTimeout 60000 But when I try to dpkg-reconfigure clamd.conf (line2) #dpkg-reconfigure clamav-daemon [ ok ] Stopping ClamAV daemon: clamd. Configuring clamav-daemon ------------------------- Some options must be configured for clamav-daemon. The ClamAV suite won't work if it isn't configured. If you do not configure it automatically, you'll have to configure /etc/clamav/clamd.conf manually or run 'dpkg-reconfigure clamav-daemon' later. In any case, manual changes in [More] /etc/clamav/clamd.conf will be respected. Handle the configuration file automatically? [yes/no] no Replacing config file /etc/clamav/clamd.conf with new version Disabling old systemd service override options for clamav-daemon Disabling old logrotate script for clamav-daemon [FAIL] Clamav is not configured. ... failed! [FAIL] Please edit /etc/clamav/clamd.conf and run '/etc/init.d/clamav-daemon start' ... failed! invoke-rc.d: initscript clamav-daemon, action "start" failed. # dpkg-reconfigure clamav-daemon [FAIL] Clamav is not configured. ... failed! [FAIL] Please edit /etc/clamav/clamd.conf and run '/etc/init.d/clamav-daemon start' ... failed! invoke-rc.d: initscript clamav-daemon, action "stop" failed. # apt-get remove --purge clamav-daemon Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: clamdscan Use 'apt autoremove' to remove it. The following packages will be REMOVED: clamav-daemon* 0 upgraded, 0 newly installed, 1 to remove and 5 not upgraded. After this operation, 1,094 kB disk space will be freed. Do you want to continue? [Y/n] y (Reading database ... 147099 files and directories currently installed.) Removing clamav-daemon (0.99.2+dfsg-6+deb9u1) ... [FAIL] Clamav is not configured. ... failed! [FAIL] Please edit /etc/clamav/clamd.conf and run '/etc/init.d/clamav-daemon start' ... failed! invoke-rc.d: initscript clamav-daemon, action "stop" failed. dpkg: error processing package clamav-daemon (--remove): subprocess installed pre-removal script returned error exit status 6 Errors were encountered while processing: clamav-daemon E: Sub-process /usr/bin/dpkg returned an error code (1) I can apt-get remove --purge clamav-daemon if I overwrite any dpkg-reconfigured clamd.conf with the above systemd defaults. And, as you say, configure clamd.conf by hand. My concerns are therefore not so much about the clamd.conf file itself, but more about the apparent systemd (pseudo-)dependency and the nature of the systemd patch in ClamAV 0.99.2 (point 2 in OP) and above output (line 2 after the dpkg-reconfigure 'no' command) "Disabling old systemd service override options for clamav-daemon" and by extension, whether the ClamAV package needs to be examined for any cryptic systemd dependencies. Forgive me for cheap point scoring, but as some see systemd as falling on the pua/virus continuum, is it prudent to allow a 'systemd service override' to block its own removal? Many thanks, and again sorry for the long post. leloft _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
