Description of problem: On a working CentOS 7 system, using yum update to update from clamav-0.99.1-1 to clamav-0.99.2-1 fails to update /usr/lib/systemd/system/clamd@.service file. This file previously contained the paramater "--nofork=yes". This functionality in the clamd daemon has been replaced with "--foreground=yes", so without updating this file, clamd fails on restart. Version-Release number of selected component (if applicable): clamav-0.99.2-1 How reproducible: Very. Another user on the CentOS forums was able to install the package on a clean system (as opposed to my upgrade) and reported the installation was broken out of the box: https://www.centos.org/forums/viewtopic.php?f=48&t=58763&e=1&view=unread#p248134 Steps to Reproduce: 1. yum install clamav 2. systemctl start clamd@amavisd Actual results: Aug 4 13:32:45 colo1 systemd: Starting clamd scanner (amavisd) daemon... Aug 4 13:32:45 colo1 clamd: /usr/sbin/clamd: unrecognized option `--nofork=yes' Aug 4 13:32:45 colo1 clamd: ERROR: Unknown option passed Aug 4 13:32:45 colo1 clamd: ERROR: Can't parse command line options Aug 4 13:32:45 colo1 systemd: clamd: main process exited, code=exited, status=1/FAILURE Expected results: Aug 4 14:59:35 colo1 systemd: Starting clamd scanner (amavisd) daemon... Aug 4 14:59:35 colo1 systemd: Started clamd scanner (amavisd) daemon. Additional info: CentOS forum discussion about this issue: https://www.centos.org/forums/viewtopic.php?f=48&t=58763 Marking as urgent because this bug can leave production email servers without antivirus protection, and the symptoms may not manifest until a reboot/service restart... i.e. there may very well be thousands of Internet-facing mail servers with this configuration error in production right now without admin knowledge, as mine was, that will become unprotected upon next restart. (Yikes.)
Current workaround is to manually edit /usr/lib/systemd/system/clamd@.service and replace "--nofork=yes" with "--foreground=yes", or add as an override in /etc/systemd/system/clamd@.service.
I cannot reproduce the /usr/lib/systemd/system/clamd@.service file not getting updated. However, I could see custom clamd@blah service files not getting updated. Looks like you are using clamd@amavisd. However, you should really be doing something like this, if possible: # cat /usr/lib/systemd/system/clamd .include /lib/systemd/system/clamd@.service [Unit] Description = Generic clamav scanner daemon [Install] WantedBy = multi-user.target Or simply enabling clamd@amavisd and starting it. systemd will handle the rest with symlinks. What is the contents of your clamd file?
Jeff, can you please provide the information requested in comment #2?
(In reply to Robert Scheck from comment #3) > Jeff, can you please provide the information requested in comment #2? Sorry for the delay, it was more than 6 months ago and sort of fell off my radar. I do not seem to have a clamd file, only a clamd@.service file. This is a production system that I apply updates to monthly, so something may have changed since I filed this bug report. I will spin up a CentOS 7 VM and try to reproduce again and report back shortly. Sorry again for the delay.
Sorry, I spoke too soon. I located clamd in /etc/systemd/system/multi-user.target.wants, however it is just a symlink to /usr/lib/systemd/system/clamd@.service, which is the file that I reported not getting updated. That was why I didn't see it a moment ago: ls -l /etc/systemd/system/multi-user.target.wants/clamd lrwxrwxrwx 1 root root 38 Feb 29 2016 /etc/systemd/system/multi-user.target.wants/clamd -> /usr/lib/systemd/system/clamd@.service I'm fairly certain I did not set things up this way myself, rather it was set up this way by yum as part of the default installation of the amavisd-new package. Based on the logs I kept when setting up this server, the following is the list of packages I installed via yum. I do not recall making any changes to any systemd files (other than the changes I mentioned above as a workaround to change --nofork=yes to --foreground=yes): yum install dovecot dovecot-mysql dovecot-pigeonhole spamassassin amavisd-new clamav perl-Razor-Agent opendkim crypto-utils mod_ssl clamav-update lrzip lzop lz4 arj unzoo cabextract p7zip php-mcrypt Here are the contents of the file that you requested, although again this is the clamd@.service file, clamd is just a symlink to this on my system: cat /etc/systemd/system/multi-user.target.wants/clamd [Unit] Description = clamd scanner (%i) daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target Based on this new info, perhaps I should have filed this bug under the amavisd-new package rather than clamav? Perhaps the amavisd-new package updated clamd file because of the symlink, overwriting the clamav package's changes, rather than clamav not updating it as I reported? Please let me know what else I can provide or do to help out. I can still spin up a new VM and try to reproduce if helpful.
(In reply to Jeff Morris from comment #5) I also can't reproduced , clamd@.service already have "--foreground=yes" . I'm going to close as "works for me", feel free to reopen it, if you have more information. Thanks for the report.