Bug 1583599 - 0.100.0-1 re-packaging stops and disables services
Summary: 0.100.0-1 re-packaging stops and disables services
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: clamav
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Sergio Monteiro Basto
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-29 10:42 UTC by Harald Reindl
Modified: 2018-07-03 12:53 UTC (History)
11 users (show)

Fixed In Version: clamav-0.100.0-2.fc28 clamav-0.100.0-2.fc27 clamav-0.100.0-2.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-11 17:00:17 UTC


Attachments (Terms of Use)

Description Harald Reindl 2018-05-29 10:42:59 UTC
your funny re-packaging and obsoleting/replacing disables and stops services at update which may break seriously setups where a admin don't expect that happening within a point update on a stable release

May 29 12:40:04 testserver systemd[1]: Stopping ClamAV Postfix-Milter...
May 29 12:40:08 testserver systemd[1]: Stopped ClamAV Postfix-Milter.

[root@testserver:~]$ systemctl status clamav-milter.service
  clamav-milter.service - ClamAV Postfix-Milter
   Loaded: loaded (/etc/systemd/system/clamav-milter.service; disabled; vendor preset: disabled)

Comment 1 Harald Reindl 2018-05-29 11:18:09 UTC
and it is idiotic that "clamd" replaces "clamav-scanner" AND "clamav-server" which can run on different machines by proper packaging as before without install useless stuff on one of the machines

"clamav" pulls "clamd"

hell - for clamav-milter or clamdscan no signatures nor clamd is needed on the same machine

clamav                    /usr/bin/clambc
clamav                    /usr/bin/clamconf
clamav                    /usr/bin/clamdscan
clamav                    /usr/bin/clamdtop
clamav                    /usr/bin/clamscan
clamav                    /usr/bin/clamsubmit
clamav                    /usr/bin/sigtool

Comment 2 Harald Reindl 2018-05-29 15:16:30 UTC
an from where comes the god damned "freshclam" on a machine wich is and was not supposed to start that for years? why?

because other of your crap we use a namespaced and hardened service *on one central machine* which then deploy with rsync

JUST DON'T MAKE SUCH INVASIVE CHANGES COMBINED WITH A ROUTINE-UPDATE

May 29 15:23:45 mail-gw freshclam[1447172]: ClamAV update process started at Tue May 29 15:23:45 2018

Comment 3 Harald Reindl 2018-05-29 15:18:20 UTC
to make it clear: freshclam was not instaleld at all on said machine before the update

Comment 4 Robert Scheck 2018-05-29 15:32:53 UTC
To make it very clear: Please get finally rid of your rude wording, otherwise
this is CLOSED/NOTABUG immediately.

Comment 5 Harald Reindl 2018-05-29 15:39:14 UTC
to make it clear: make such invasive changes in Rawhide, that's what Rawhide exists for

Comment 6 Harald Reindl 2018-05-29 15:40:17 UTC
and i personally don't care if you fix THAT BUG because i already wasted my time today and now when you revert the changes you will find out how i sound when i am really rude

Comment 7 Sergio Monteiro Basto 2018-05-29 16:02:53 UTC
clamd have 2 services [1] you may start just one service , don't see your point 
anyway I haven't packages in updates testing 

bye 

[1]
https://koji.fedoraproject.org/koji/rpminfo?rpmID=14127806

Comment 8 Sergio Monteiro Basto 2018-05-29 16:23:31 UTC
(In reply to Harald Reindl from comment #2)
> an from where comes the god damned "freshclam" on a machine wich is and was
> not supposed to start that for years? why?
> 
> because other of your crap we use a namespaced and hardened service *on one
> central machine* which then deploy with rsync
> 
> JUST DON'T MAKE SUCH INVASIVE CHANGES COMBINED WITH A ROUTINE-UPDATE
> 
> May 29 15:23:45 mail-gw freshclam[1447172]: ClamAV update process started at
> Tue May 29 15:23:45 2018

try :

dnf remove clamav-update 


if you want explain what happens in you configuration, I may try help you .
if you problem is install one more binary with 200 kbytes in one machine , I can't help you .

I see that I may have
clamav
clamav-data-empty
clamav-filesystem
clamav-lib

these changes are in F28 since Tue Feb 13 2018 - 0.99.3-7  :
- Remove sub-packages sysvinit, upstart and systemd to be more compatible with el6 . 
- Remove provides/obsoletes for very old sub-packges clamav-milter-core, clamav-milter-sendmail and clamav-milter-core 
- Call server and scanner sub-packages as clamd (el6 compatible and as uppstream call it) 
- clamav-data provides clamav-db (el6 compatible) 
- Explicitly enable-id-check and enable-dns in configure (as in el6).
- Add missing build-time requirement pcre2-devel (it misses in el6 at least)

Comment 9 Orion Poplawski 2018-05-29 16:52:47 UTC
This update breaks existing service configurations based on the services provided by the previous sub-packages.  I believe this is caused by the install scriptlets because this is a removal of the clamav-*-systemd packages and an "initial" install of the clamd package:

clamav-scanner-systemd:
preuninstall scriptlet (using /bin/sh):

if [ $1 -eq 0 ] ; then
        # Package removal, not upgrade
        systemctl --no-reload disable clamd@scan.service > /dev/null 2>&1 || :
        systemctl stop clamd@scan.service > /dev/null 2>&1 || :
fi


clamd:
postinstall scriptlet (using /bin/sh):

if [ $1 -eq 1 ] ; then
        # Initial installation
        systemctl preset clamd@.service >/dev/null 2>&1 || :
fi


if [ $1 -eq 1 ] ; then
        # Initial installation
        systemctl preset clamd@scan.service >/dev/null 2>&1 || :
fi

yum.log:
May 29 07:20:42 Updated: clamav-filesystem-0.100.0-1.el7.noarch
May 29 07:20:43 Updated: clamav-lib-0.100.0-1.el7.x86_64
May 29 07:20:43 Updated: clamav-update-0.100.0-1.el7.x86_64
May 29 07:20:43 Updated: clamav-data-empty-0.100.0-1.el7.noarch
May 29 07:20:44 Installed: clamd-0.100.0-1.el7.x86_64
May 29 07:20:44 Updated: clamav-0.100.0-1.el7.x86_64
May 29 07:20:44 Erased: clamav-scanner-0.99.4-1.el7.noarch
May 29 07:20:45 Erased: clamav-scanner-systemd-0.99.4-1.el7.noarch
May 29 07:20:46 Erased: clamav-server-systemd-0.99.4-1.el7.noarch
May 29 07:20:46 Erased: clamav-server-0.99.4-1.el7.x86_64

So clamd@scan gets stopped and disabled.  Similar with clamav-milter replacing clamav-milter-systemd.

Comment 10 Harald Reindl 2018-05-29 17:01:03 UTC
"try remove clamav-update" is a joke because it was pulled given that the new Requires are insane

[root@mail-gw:~]$ rpm -e clamav-data-empty-0.100.0-1.fc27.noarch
error: Failed dependencies:
        data(clamav) is needed by (installed) clamav-lib-0.100.0-1.fc27.x86_64
        data(clamav) is needed by (installed) clamd-0.100.0-1.fc27.x86_64
        data(clamav) is needed by (installed) clamav-0.100.0-1.fc27.x86_64
[root@mail-gw:~]$ rpm -e clamav-update-0.100.0-1.fc27.x86_64
error: Failed dependencies:
        clamav-update = 0.100.0-1.fc27 is needed by (installed) clamav-data-empty-0.100.0-1.fc27.noarch
____________________________

clamav should be a *optional* meta-package pulling all other subpackages which can be removed as needed
____________________________

i KNOW what happens in my configuration - the changes STOP and DISABLE "clamav-milter.service" as you can see in the inital reporting - this is in general a joke, especially the unexpected stop and you have no business to touch a enabled /etc/systemd/system/clamav-milter.service by disable it  - /etc/systemd/system is admin-area
____________________________

these changes are in F28 since Tue Feb 13 2018

who cares when we talk about F27 as you can see in the fedora release i have assigned - 0.99.4-1.fc27 -> 0.100.0-1.fc27
____________________________

> if you problem is install one more binary with 200 kbytes in one machine

your Requires are crazy, look above!
clamav-milter is talking to a *service* - who the hell told you that client and server are on the same machine?

[root@mail-gw:~]$ rpm -e clamd-0.100.0-1.fc27.x86_64
error: Failed dependencies:
        clamd = 0.100.0-1.fc27 is needed by (installed) clamav-milter-0.100.0-1.fc27.x86_64

Comment 11 Harald Reindl 2018-05-29 17:03:26 UTC
clamav-update = 0.100.0-1.fc27 is needed by (installed) clamav-data-empty-0.100.0-1.fc27.noarch

no, it is *not* needed - in doubt "clamav-data-empty" has only one purpose: create and own the folders - in other packages this subpackages are called "package-filesystem" and have no Requires

Comment 12 Sergio Monteiro Basto 2018-05-29 17:46:43 UTC
(In reply to Harald Reindl from comment #11)
> clamav-update = 0.100.0-1.fc27 is needed by (installed)
> clamav-data-empty-0.100.0-1.fc27.noarch
> 
> no, it is *not* needed - in doubt "clamav-data-empty" has only one purpose:
> create and own the folders - in other packages this subpackages are called
> "package-filesystem" and have no Requires

yes , you need it , clamav-data-empty with clamav-update provides the same of clamav-db 


OK I found one bug [1] line 102, BTW milter also doesn't require /usr/sbin/sendmail ? 

Thanks for testing 

[1] 
https://src.fedoraproject.org/rpms/clamav/c/1977bdfb2137ec56517f4eb780f03ac680b852ec?branch=master

Comment 13 Harald Reindl 2018-05-29 17:51:39 UTC
"clamav-data-empty with clamav-update provides the same of clamav-db" - yeah - but if you have dozens of machines as we do for the sake of mirror servers you typically have *one* machine doing fresh-clam and a rsync job distribute /var/lib/clamav over the LAN

for "/usr/sbin/sendmail": as long as the milter don#t provide anything like "-B spamfilter@example.com" (send a BCC of rejected mails to a specific address) i don't know what it would do with sendmail

Comment 14 Robert Scheck 2018-05-29 18:14:23 UTC
Regarding clamav-data vs. clamav-data-empty vs. clamav-update, I see the 
following valid use-cases:

a) clamav-data provides updates, no need for clamav-update
b) clamav-data-empty together with clamav-update providing updates
c) clamav-data-empty (only) in case of self-handled updates as comment #13

This leads to clamav-data and clamav-data-empty providing both data(clamav)
to be flexible. A scenario that does not make sense is clamav-data with
clamav-update (that could be conflicted maybe). Dropping clamav-data-empty
and making dependency to clamav-data optional will lead to situations where
clamd is installed without any signatures (even that seems to be desired as
part of this report).

Comment 15 Harald Reindl 2018-05-29 18:21:17 UTC
well, that's why https://fedoraproject.org/wiki/Packaging:WeakDependencies exists, for the ordinary user everything is installed, for people knowing what they are doing and hence have "install_weak_deps=0" in /etc/dnf/dnf.conf it's not mandatory just because it may make sense in a typical random single-machine

hence "clamav" itself should only be a meta-package containing weak-deps but is not Required by other sub-packages, so you type "dnf remove clamav" and after that you are able to remove uneeded stuff

having a client/server architecture which requires everything don't make much sense

Comment 16 Robert Scheck 2018-05-29 18:26:56 UTC
I am aware about weak dependencies, but also would like to note that there
is at least EPEL 7 as well, not only Fedora.

Comment 17 Harald Reindl 2018-05-29 18:30:07 UTC
surely, but you should re-consider not using beneficial features for a decade just to save some if-definitions in the spec file or even maintain two spec-files

that's not what Fedora is for and that should have been seriously considered when you completely refactor the spec-file with all the fallout it triggers and then just introduce falloouts without real benefits

Comment 18 Sergio Monteiro Basto 2018-05-29 18:48:51 UTC
we still these bugs to fix [1] in all branches (exception maybe el6) and if we don't organize the specs this will lead to a big confusion (like it was) .

about 
a) clamav-data provides updates, no need for clamav-update yes 

b) clamav-data-empty together with clamav-update providing updates, yes this second option is fairly new if we don't force install clamav-update , end user will have an incomplete setup .

c) expert mode , you may disable freshclam (I think it is the default) , yeah I know you will need 240K bytes of disk space 



[1]
https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&component=clamav&known_name=clamav&list_id=8899597&product=Fedora&product=Fedora%20EPEL&query_based_on=clamav&query_format=advanced

Comment 19 Harald Reindl 2018-05-29 18:52:25 UTC
anyways, don't make such INVASIVE changes in a fucking point update as it is for F27 in the future when you insist in having one spec file to fit them all and please give soem damn about the implications of your Provides/OBsoletes changes

it is at least UNACCEPTABLE that a f**ng update stops and diables a user overriden service - there is not but and if

Comment 20 Harald Reindl 2018-05-29 18:54:39 UTC
and to amke it clear:

a) first update clamav without layout chnages
b) and THEN or even a build BEFORE change the spec-layout

a) should be preferred becaus eyou don#t hold back the update users care about while you restructure the spec file with all the issues

i am working in the IT for 15 years now and it took exactly two years to realize that combine that two tpyes of changes is dumb, introduces damage with no need and trigger pressure on both sides for no good reason

Comment 21 Robert Scheck 2018-05-29 19:43:23 UTC
Harald, as mentioned for another package already before: Co-maintainers
for ClamAV are welcome, same applies for merge requests.

Comment 22 Harald Reindl 2018-05-29 19:49:38 UTC
thats's always the excuse "do it yourself" - well, i do as many as i can do on my own just because to have not ask anybody else on this planet for anything

frankly, either make changes proper or don't fix things which ain't broken

Comment 23 Robert Scheck 2018-05-29 19:56:44 UTC
It's not about "do it yourself", but rather doing things on your own you
could contribute such knowledge and scenarios into enhancement requests.
And there always will be mistakes, so automated test cases would be e.g.
an enhancement (your setup might not be the standard one, so it could be
a good testing scenario). Finally we're not breaking things to keep you
busy and to excuse ourself with "do it yourself" only.

Comment 24 Harald Reindl 2018-05-29 20:02:52 UTC
> Finally we're not breaking things to keep you
> busy and to excuse ourself with "do it yourself" only

i hope so :-)

point of subpackages is t make as much as possible optional and even if you allow someone to shoot himself in the foot after remove the metapackage and any stuff afterwards he needs but don#t realize so

for what i have *zero understanding* are comments like "try: dnf remove clamav-update", somethign similar recently with thask (wireshark without GUI) "try dnf uninstall" - guys try it at least at your own before hit "save changes"

Comment 25 Sergio Monteiro Basto 2018-05-29 23:12:05 UTC
(In reply to Orion Poplawski from comment #9)
> This update breaks existing service configurations based on the services
> provided by the previous sub-packages.  I believe this is caused by the
> install scriptlets because this is a removal of the clamav-*-systemd
> packages and an "initial" install of the clamd package:
> 
> clamav-scanner-systemd:
> preuninstall scriptlet (using /bin/sh):
> 
> if [ $1 -eq 0 ] ; then
>         # Package removal, not upgrade
>         systemctl --no-reload disable clamd@scan.service > /dev/null 2>&1 ||
> :
>         systemctl stop clamd@scan.service > /dev/null 2>&1 || :
> fi
> 
> 
> clamd:
> postinstall scriptlet (using /bin/sh):
> 
> if [ $1 -eq 1 ] ; then
>         # Initial installation
>         systemctl preset clamd@.service >/dev/null 2>&1 || :
> fi
> 
> 
> if [ $1 -eq 1 ] ; then
>         # Initial installation
>         systemctl preset clamd@scan.service >/dev/null 2>&1 || :
> fi
> 
> yum.log:
> May 29 07:20:42 Updated: clamav-filesystem-0.100.0-1.el7.noarch
> May 29 07:20:43 Updated: clamav-lib-0.100.0-1.el7.x86_64
> May 29 07:20:43 Updated: clamav-update-0.100.0-1.el7.x86_64
> May 29 07:20:43 Updated: clamav-data-empty-0.100.0-1.el7.noarch
> May 29 07:20:44 Installed: clamd-0.100.0-1.el7.x86_64
> May 29 07:20:44 Updated: clamav-0.100.0-1.el7.x86_64
> May 29 07:20:44 Erased: clamav-scanner-0.99.4-1.el7.noarch
> May 29 07:20:45 Erased: clamav-scanner-systemd-0.99.4-1.el7.noarch
> May 29 07:20:46 Erased: clamav-server-systemd-0.99.4-1.el7.noarch
> May 29 07:20:46 Erased: clamav-server-0.99.4-1.el7.x86_64
> 
> So clamd@scan gets stopped and disabled.  Similar with clamav-milter
> replacing clamav-milter-systemd.

yeah , good tip , this is the cause, let me see what I can do , meanwhile I may do the release 2, to fix the other bug mention in comment 12 .

Comment 26 Sergio Monteiro Basto 2018-05-30 00:46:12 UTC
Before start fixing the bug "on update stops and disable services" .

Here it is more work on clamav package [1], finally remove all logic of Provides and Requires because we have a lot of sub-packages.

Still the question of if clamv-empty-data should require or recommend clamav-update (AKA freshclam)
 

[1] 
https://src.fedoraproject.org/rpms/clamav/pull-request/4

Comment 27 Harald Reindl 2018-05-30 08:59:12 UTC
"Still the question of if clamv-empty-data should require or recommend clamav-update"

no, just make "clamav" a removeable metapackage just pulling all other stuff and after one decided to remove the metapackage let him do whatever he wants

"if we don't force install clamav-update, end user will have an incomplete setup" is a completly wrong assumption - there are setups which don't use the officical signatures because they have a very low hitrate on mailservers but a unacceptable memory usage while third party signatures in /var/lib/clamav are all which is wanted/needed

i have one of such setups, easily proveable with logs over months that the official signatures don't contribute anything useful and the few cases would have been rejected with spamass-milter anyways

sadly google safebrowsing is part of the offical signatures and no way only download that - however, this get pulled on a central machine which is working in a downloads-folder and with hardlink to prepare rsync to production



[root@buildserver:~]$ ls /var/lib/clamav-download/
insgesamt 405M
-rw-r--r-- 2 clamupdate clamupdate 9,7K 2018-05-26 13:08 foxhole_all.cdb
-rw-r--r-- 2 clamupdate clamupdate 120K 2018-05-25 12:08 foxhole_filename.cdb
-rw-r--r-- 2 clamupdate clamupdate  51K 2018-03-26 15:11 foxhole_generic.cdb
-rw-r--r-- 2 clamupdate clamupdate 3,8K 2017-08-18 19:56 foxhole_js.cdb
-rw-r--r-- 2 clamupdate clamupdate 1,4K 2018-05-26 12:08 foxhole_mail.cdb
-rw-r--r-- 2 clamupdate clamupdate 4,2K 2017-02-16 21:12 thelounge_blocked_extensions.cdb
-rw-r--r-- 2 clamupdate clamupdate 5,5K 2017-02-16 21:12 thelounge_tagged_extensions.cdb
-rw-r--r-- 1 clamupdate clamupdate 749K 2017-12-07 03:25 bytecode.cld
-rw-r--r-- 1 clamupdate clamupdate 135M 2018-05-30 07:25 daily.cld
-rw-r--r-- 2 clamupdate clamupdate 115M 2018-05-30 07:25 safebrowsing.cld
-rw-r--r-- 1 clamupdate clamupdate 113M 2017-06-08 10:41 main.cvd
-rw-r--r-- 1 clamupdate clamupdate  520 2018-05-30 10:58 mirrors.dat
-rw-r--r-- 2 clamupdate clamupdate 2,3K 2018-05-30 10:05 malware.expert.fp
-rw-r--r-- 3 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm
-rw-r--r-- 2 clamupdate clamupdate 104K 2018-05-30 10:03 bofhland_malware_attach.hdb
-rw-r--r-- 2 clamupdate clamupdate   82 2016-07-13 21:44 crdfam.clamav.hdb
-rw-r--r-- 2 clamupdate clamupdate  27K 2018-05-30 10:05 malware.expert.hdb
-rw-r--r-- 1 clamupdate clamupdate 296K 2018-05-30 10:11 rogue.hdb
-rw-r--r-- 2 clamupdate clamupdate 1,4K 2017-04-28 09:56 spamattach.hdb
-rw-r--r-- 2 clamupdate clamupdate  15K 2018-05-17 18:12 spamimg.hdb
-rw-r--r-- 2 clamupdate clamupdate 515K 2018-03-05 09:00 winnow.attachments.hdb
-rw-r--r-- 2 clamupdate clamupdate   66 2018-03-05 09:00 winnow_bad_cw.hdb
-rw-r--r-- 2 clamupdate clamupdate  16K 2018-03-05 09:00 winnow_extended_malware.hdb
-rw-r--r-- 2 clamupdate clamupdate  18K 2018-03-05 09:00 winnow_malware.hdb
-rw-r--r-- 2 clamupdate clamupdate  48K 2015-08-05 09:24 hackingteam.hsb
-rw-r--r-- 2 clamupdate clamupdate  73K 2017-06-29 08:54 malwarehash.hsb
-rw-r--r-- 2 clamupdate clamupdate  31K 2018-05-30 10:01 porcupine.hsb
-rw-r--r-- 3 clamupdate clamupdate  272 2018-05-22 13:13 sigwhitelist.ign2
-rw-r--r-- 3 clamupdate clamupdate  261 2017-03-23 15:09 thelounge_whitelist.ign2
-rw-r--r-- 2 clamupdate clamupdate  21K 2018-05-30 10:05 malware.expert.ldb
-rw-r--r-- 2 clamupdate clamupdate 582K 2018-05-30 10:05 MiscreantPunch099-Low.ldb
-rw-r--r-- 2 clamupdate clamupdate 2,2K 2017-05-03 10:56 shelter.ldb
-rw-r--r-- 2 clamupdate clamupdate  556 2017-05-05 11:56 spam.ldb
-rw-r--r-- 2 clamupdate clamupdate  660 2018-03-05 09:00 winnow.complex.patterns.ldb
-rw-r--r-- 2 clamupdate clamupdate  76K 2018-05-25 11:50 badmacro.ndb
-rw-r--r-- 1 clamupdate clamupdate 3,1M 2018-05-30 10:11 blurl.ndb
-rw-r--r-- 2 clamupdate clamupdate  470 2018-05-30 10:03 bofhland_cracked_URL.ndb
-rw-r--r-- 3 clamupdate clamupdate  330 2018-05-30 10:03 bofhland_malware_URL.ndb
-rw-r--r-- 2 clamupdate clamupdate 3,1K 2018-05-30 10:03 bofhland_phishing_URL.ndb
-rw-r--r-- 2 clamupdate clamupdate 5,7K 2016-11-21 09:55 foxhole_all.ndb
-rw-r--r-- 2 clamupdate clamupdate  230 2016-11-21 09:55 foxhole_js.ndb
-rw-r--r-- 2 clamupdate clamupdate 6,8M 2018-05-29 14:10 junk.ndb
-rw-r--r-- 1 clamupdate clamupdate 229K 2018-05-30 10:11 jurlbla.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,4M 2018-05-30 10:11 jurlbl.ndb
-rw-r--r-- 2 clamupdate clamupdate 240K 2018-04-11 15:10 lott.ndb
-rw-r--r-- 2 clamupdate clamupdate 105K 2018-05-30 10:05 malware.expert.ndb
-rw-r--r-- 2 clamupdate clamupdate 3,9M 2018-05-26 13:08 phish.ndb
-rw-r--r-- 1 clamupdate clamupdate 4,8M 2018-05-30 10:01 phishtank.ndb
-rw-r--r-- 2 clamupdate clamupdate 312K 2018-05-30 10:01 porcupine.ndb
-rw-r--r-- 2 clamupdate clamupdate  14M 2018-05-30 10:00 scamnailer.ndb
-rw-r--r-- 2 clamupdate clamupdate 1,9M 2018-04-23 14:11 scam.ndb
-rw-r--r-- 2 clamupdate clamupdate  41K 2018-05-30 10:11 spearl.ndb
-rw-r--r-- 2 clamupdate clamupdate 2,0M 2018-05-26 01:04 spear.ndb
-rw-r--r-- 3 clamupdate clamupdate   61 2017-02-16 21:12 thelounge_custom_sigs.ndb
-rw-r--r-- 2 clamupdate clamupdate  159 2018-03-05 09:00 winnow_extended_malware_links.ndb
-rw-r--r-- 3 clamupdate clamupdate 490K 2018-03-05 09:00 winnow_malware_links.ndb
-rw-r--r-- 2 clamupdate clamupdate 1,2M 2018-03-05 09:00 winnow_phish_complete.ndb
-rw-r--r-- 2 clamupdate clamupdate 133K 2018-03-05 09:00 winnow_spam_complete.ndb
-rw-r--r-- 2 clamupdate clamupdate 1,5K 2015-07-01 14:54 Sanesecurity_sigtest.yara
-rw-r--r-- 2 clamupdate clamupdate 1,3K 2016-02-22 13:21 Sanesecurity_spam.yara


[root@buildserver:~]$ ls /var/lib/clamav
insgesamt 4,8M
-rw-r--r-- 2 clamupdate clamupdate 120K 2018-05-25 12:08 foxhole_filename.cdb
-rw-r--r-- 2 clamupdate clamupdate  51K 2018-03-26 15:11 foxhole_generic.cdb
-rw-r--r-- 2 clamupdate clamupdate 3,8K 2017-08-18 19:56 foxhole_js.cdb
-rw-r--r-- 2 clamupdate clamupdate 4,2K 2017-02-16 21:12 thelounge_blocked_extensions.cdb
-rw-r--r-- 3 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm
-rw-r--r-- 2 clamupdate clamupdate 104K 2018-05-30 10:03 bofhland_malware_attach.hdb
-rw-r--r-- 2 clamupdate clamupdate   82 2016-07-13 21:44 crdfam.clamav.hdb
-rw-r--r-- 1 clamupdate clamupdate 296K 2018-05-30 06:11 rogue.hdb
-rw-r--r-- 2 clamupdate clamupdate  16K 2018-03-05 09:00 winnow_extended_malware.hdb
-rw-r--r-- 2 clamupdate clamupdate  18K 2018-03-05 09:00 winnow_malware.hdb
-rw-r--r-- 2 clamupdate clamupdate  48K 2015-08-05 09:24 hackingteam.hsb
-rw-r--r-- 2 clamupdate clamupdate  73K 2017-06-29 08:54 malwarehash.hsb
-rw-r--r-- 2 clamupdate clamupdate  31K 2018-05-30 10:01 porcupine.hsb
-rw-r--r-- 3 clamupdate clamupdate  272 2018-05-22 13:13 sigwhitelist.ign2
-rw-r--r-- 3 clamupdate clamupdate  261 2017-03-23 15:09 thelounge_whitelist.ign2
-rw-r--r-- 2 clamupdate clamupdate  76K 2018-05-25 11:50 badmacro.ndb
-rw-r--r-- 2 clamupdate clamupdate 3,1M 2018-05-30 09:10 blurl.ndb
-rw-r--r-- 3 clamupdate clamupdate  330 2018-05-30 10:03 bofhland_malware_URL.ndb
-rw-r--r-- 2 clamupdate clamupdate  230 2016-11-21 09:55 foxhole_js.ndb
-rw-r--r-- 2 clamupdate clamupdate 312K 2018-05-30 10:01 porcupine.ndb
-rw-r--r-- 3 clamupdate clamupdate   61 2017-02-16 21:12 thelounge_custom_sigs.ndb
-rw-r--r-- 3 clamupdate clamupdate 490K 2018-03-05 09:00 winnow_malware_links.ndb


[root@buildserver:~]$ ls /var/lib/clamav-spam/
insgesamt 156M
-rw-r--r-- 2 clamupdate clamupdate 9,7K 2018-05-26 13:08 foxhole_all.cdb
-rw-r--r-- 2 clamupdate clamupdate 1,4K 2018-05-26 12:08 foxhole_mail.cdb
-rw-r--r-- 2 clamupdate clamupdate 5,5K 2017-02-16 21:12 thelounge_tagged_extensions.cdb
-rw-r--r-- 2 clamupdate clamupdate 115M 2018-05-30 07:25 safebrowsing.cld
-rw-r--r-- 2 clamupdate clamupdate 2,3K 2018-05-30 10:05 malware.expert.fp
-rw-r--r-- 3 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm
-rw-r--r-- 2 clamupdate clamupdate  27K 2018-05-30 10:05 malware.expert.hdb
-rw-r--r-- 2 clamupdate clamupdate 1,4K 2017-04-28 09:56 spamattach.hdb
-rw-r--r-- 2 clamupdate clamupdate  15K 2018-05-17 18:12 spamimg.hdb
-rw-r--r-- 2 clamupdate clamupdate 515K 2018-03-05 09:00 winnow.attachments.hdb
-rw-r--r-- 2 clamupdate clamupdate   66 2018-03-05 09:00 winnow_bad_cw.hdb
-rw-r--r-- 3 clamupdate clamupdate  272 2018-05-22 13:13 sigwhitelist.ign2
-rw-r--r-- 3 clamupdate clamupdate  261 2017-03-23 15:09 thelounge_whitelist.ign2
-rw-r--r-- 2 clamupdate clamupdate  21K 2018-05-30 10:05 malware.expert.ldb
-rw-r--r-- 2 clamupdate clamupdate 582K 2018-05-30 10:05 MiscreantPunch099-Low.ldb
-rw-r--r-- 2 clamupdate clamupdate 2,2K 2017-05-03 10:56 shelter.ldb
-rw-r--r-- 2 clamupdate clamupdate  556 2017-05-05 11:56 spam.ldb
-rw-r--r-- 2 clamupdate clamupdate  660 2018-03-05 09:00 winnow.complex.patterns.ldb
-rw-r--r-- 2 clamupdate clamupdate 3,1M 2018-05-30 09:10 blurl.ndb
-rw-r--r-- 2 clamupdate clamupdate  470 2018-05-30 10:03 bofhland_cracked_URL.ndb
-rw-r--r-- 3 clamupdate clamupdate  330 2018-05-30 10:03 bofhland_malware_URL.ndb
-rw-r--r-- 2 clamupdate clamupdate 3,1K 2018-05-30 10:03 bofhland_phishing_URL.ndb
-rw-r--r-- 2 clamupdate clamupdate 5,7K 2016-11-21 09:55 foxhole_all.ndb
-rw-r--r-- 2 clamupdate clamupdate 6,8M 2018-05-29 14:10 junk.ndb
-rw-r--r-- 1 clamupdate clamupdate 229K 2018-05-30 09:10 jurlbla.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,4M 2018-05-30 09:10 jurlbl.ndb
-rw-r--r-- 2 clamupdate clamupdate 240K 2018-04-11 15:10 lott.ndb
-rw-r--r-- 2 clamupdate clamupdate 105K 2018-05-30 10:05 malware.expert.ndb
-rw-r--r-- 2 clamupdate clamupdate 3,9M 2018-05-26 13:08 phish.ndb
-rw-r--r-- 1 clamupdate clamupdate 4,8M 2018-05-30 09:01 phishtank.ndb
-rw-r--r-- 2 clamupdate clamupdate  14M 2018-05-30 10:00 scamnailer.ndb
-rw-r--r-- 2 clamupdate clamupdate 1,9M 2018-04-23 14:11 scam.ndb
-rw-r--r-- 2 clamupdate clamupdate  41K 2018-05-30 10:11 spearl.ndb
-rw-r--r-- 2 clamupdate clamupdate 2,0M 2018-05-26 01:04 spear.ndb
-rw-r--r-- 3 clamupdate clamupdate   61 2017-02-16 21:12 thelounge_custom_sigs.ndb
-rw-r--r-- 2 clamupdate clamupdate  159 2018-03-05 09:00 winnow_extended_malware_links.ndb
-rw-r--r-- 3 clamupdate clamupdate 490K 2018-03-05 09:00 winnow_malware_links.ndb
-rw-r--r-- 2 clamupdate clamupdate 1,2M 2018-03-05 09:00 winnow_phish_complete.ndb
-rw-r--r-- 2 clamupdate clamupdate 133K 2018-03-05 09:00 winnow_spam_complete.ndb
-rw-r--r-- 2 clamupdate clamupdate 1,5K 2015-07-01 14:54 Sanesecurity_sigtest.yara
-rw-r--r-- 2 clamupdate clamupdate 1,3K 2016-02-22 13:21 Sanesecurity_spam.yara

Comment 28 Sergio Monteiro Basto 2018-05-30 21:23:23 UTC
(In reply to Harald Reindl from comment #27)
> "Still the question of if clamv-empty-data should require or recommend
> clamav-update"
> 
> no, just make "clamav" a removeable metapackage just pulling all other stuff
> and after one decided to remove the metapackage let him do whatever he wants

clamav is not a metapackage is a packages with bins

> "if we don't force install clamav-update, end user will have an incomplete
> setup" is a completly wrong assumption - there are setups which don't use
> the officical signatures because they have a very low hitrate on mailservers
> but a unacceptable memory usage while third party signatures in
> /var/lib/clamav are all which is wanted/needed

Men for that you not enable freshclam, why I should bother with that, I have to focus on one out of box solution . 
 
> i have one of such setups, easily proveable with logs over months that the
> official signatures don't contribute anything useful and the few cases would
> have been rejected with spamass-milter anyways
> 
> sadly google safebrowsing is part of the offical signatures and no way only
> download that - however, this get pulled on a central machine which is
> working in a downloads-folder and with hardlink to prepare rsync to
> production


anyway if you do a pull request or a patch demonstrate what you want , I may consider , for now I don't understand what you like to have , and please don't write another extensive explanation , just show me the code .

Comment 29 Sergio Monteiro Basto 2018-06-03 01:24:08 UTC
OK I propose https://src.fedoraproject.org/rpms/clamav/pull-request/5 to mitigate this bug , I'm building clamav on my copr repo [1] to test it 


Back to reasons to remove clamav-scanner, clamav-scanner-systemd and clamav-server-systemd [2] , why anyone would install only theses packages on one server ? or not install it  if you install clamd ? 



[1] https://copr.fedorainfracloud.org/coprs/sergiomb/builds_for_Stable_Releases/builds/

[2]
rpm -ql clamav-scanner 
/etc/clamd.d/scan.conf
/run/clamd.scan
/run/clamd.scan/clamd.sock
/usr/lib/tmpfiles.d/clamd.scan.conf

rpm -ql clamav-scanner-systemd
/usr/lib/systemd/system/clamd@scan.service

pm -ql clamav-server-systemd
/usr/lib/systemd/system/clamd@.service

Comment 30 Gerald Cox 2018-06-03 02:21:34 UTC
FWIW, my clam daemon is now broken.  Getting message:
ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: No such file or directory

My clam-freshclam.service is still working fine however.

Also, now receiving:
WARNING: Ignoring deprecated option AllowSupplementaryGroups at line 199

Apparently this is been deprecated for a while now, but now throwing out warnings.   It's in /etc/clamd.conf - prolly should be removed or commented out.

It was a complete pain to setup and get working and it's one of those things you do then forget what you did to get it working.  ;-)

Kudos to you for trying to clean it up.  It's been in need of TLC for a long time.

Comment 31 Gerald Cox 2018-06-03 02:50:31 UTC
OK, got it back working again.  I restarted clamd@scan.service and made sure that --foreground=yes was not in the ExecStart statement of clamd@.service

not sure what happened.  You helped me this before here:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e5ec6ca2

In any event, working now.  Thanks again for trying to clean all this up.

Comment 32 Sergio Monteiro Basto 2018-06-03 03:53:23 UTC
Hi, 
Thanks for the feedback .

I have updated the PR [1], and if no one complains, I will start build new clamav packages tomorrow. 

Best regards.

[1] 
https://src.fedoraproject.org/rpms/clamav/pull-request/5

Comment 33 Fedora Update System 2018-06-03 14:02:54 UTC
clamav-0.100.0-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b46f881c86

Comment 34 Fedora Update System 2018-06-03 14:03:28 UTC
clamav-0.100.0-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b5afbce392

Comment 35 Fedora Update System 2018-06-03 14:03:44 UTC
clamav-0.100.0-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7d6dc8227a

Comment 36 Fedora Update System 2018-06-03 19:38:23 UTC
clamav-0.100.0-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b5afbce392

Comment 37 Fedora Update System 2018-06-03 19:41:15 UTC
clamav-0.100.0-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7d6dc8227a

Comment 38 Fedora Update System 2018-06-03 20:54:12 UTC
clamav-0.100.0-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b46f881c86

Comment 39 Orion Poplawski 2018-06-05 16:03:25 UTC
0.100.0-2 does not appear to affect clamav-milter and clamd@scan services.  Thanks.

Comment 40 Fedora Update System 2018-06-11 17:00:17 UTC
clamav-0.100.0-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 41 Fedora Update System 2018-06-13 21:33:34 UTC
clamav-0.100.0-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 42 Fedora Update System 2018-07-03 12:53:05 UTC
clamav-0.100.0-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.