169561 2007-03-06 02:08 0000 app-antivirus/clamav - clamav-milter with "--external" doesn't start up correctly from clamd init script 2007-04-10 20:14:26 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All Linux RESOLVED FIXED P2 normal --- 1 dean@bullock.net antivirus@gentoo.org net-mail@gentoo.org dean@bullock.net 2007-03-06 02:08:33 0000 The /etc/init.d/clamd script tries to start clamav-milter before the clamd socket (/var/run/clamav/clamd.sock) is available and hence fails to start. Reproducible: Always Steps to Reproduce: 1. Add --external to MILTER_OPTS in /etc/conf.d/clamd 2. /etc/init/clamd start 3. A patch for /etc/init.d/clamd that waits for the socket when --external is in MILTER_OPTS. --- clamd.orig 2007-03-05 17:03:48.000000000 -0800 +++ clamd 2007-03-05 17:02:45.000000000 -0800 @@ -45,6 +45,25 @@ chown ${clamav_user} ${logfile} fi + if [[ ${MILTER_OPTS} == *--external* ]]; then + local clamd_socket_wait_count=0 + local clamd_socket_wait_max=10 + local clamd_socket_wait_result=-1 + ebegin "Waiting for clamd to create ${clamd_socket}" + while [[ clamd_socket_wait < clamd_socket_wait_max ]]; do + if [ -S "${clamd_socket:-/tmp/clamd}" ]; then + clamd_socket_wait_result=0 + break + else + echo -n " ." + let clamd_socket_wait++ + sleep 1 + fi + done + echo + eend $clamd_socket_wait_result "Timeout waiting for ${clamd_socket}" + fi + dean@bullock.net 2007-03-06 02:10:09 0000 Created an attachment (id=112237) patch for /etc/init.d/clamd ticho@gentoo.org 2007-03-08 17:00:38 0000 Initscript changed as you suggested. Thanks! steeeeeveee@gmx.net 2007-03-09 13:55:45 0000 Sorry for writing into this closed bug report. But I have a problem with the way the new init.d script is implemented. According to the documentation the --external does not check LocalSocket or TCPSocket but in the new Gentoo init.d script the startup is delayed because it waits for the socket to be created (wich never happens in my case since I don't use LocalSocket but use the TCPSocket option. From the man output of clamav-milter: -e, --external Usually clamav-milter scans the emails itself without the use of an external program. The --external option informs clamav-milter ter to use an external program such as clamd(8) running either on the local server or other server(s) to perform the scanning. The setting in clamd.conf for LocalSocket or TCPSocket is ignored. So can any one explain me what the point is in waiting for a non existent socket? I would much more like the init.d script to chmod the ${MILTER_SOCKET} with 0777 then this waiting thing (should I send a patch for that?). ticho@gentoo.org 2007-03-09 15:32:21 0000 Ok, initscript change reverted. This is something we haven't thought about, and I certainly misunderstood nature of --external option. Sorry about that. Any suggestions on how to solve the original problem? dean@bullock.net 2007-03-12 20:53:53 0000 I didn't read about the TCPSocket feature when using --external. I apologize for leaving TCPSocket users out of my original patch. However.... The man page for clamav-milter states that clamav-milter will terminate at start up if it cannot communicate with the external clamd. It also specifies (under the --server argument) that all servers must be up when clamav-milter starts. I think that it is valid to delay the clamav-milter startup when we know that the server is unavailable, which is the case where we are using LocalSocket with the --external flag and we are starting clamd in the same startup script. I think that my mistake was to leave out the TCPSocket possibility. I have never used TCPSocket with clamav-milter. Am I correct in thinking that one must list a set of one or more servers on the command line with the --servers argument? It appears that if --external is used without --servers then clamav-milter will try the LocalSocket and if --external is used with --servers then clamav-milter will try to contact all of the servers listed via the TCP socket specified by TCPSocket (in /etc/clamd.conf). I think there are a few options. 1) Add the logic to my patch that allows for the (--external && --servers) logic such that no wait will occur when both --external and --servers are present in MILTER_OPTS. Only delay when --external is present without --servers. 2) Add a line to /etc/conf.d/clamd that would force an explicit wait without any automatic logic. It could be MILTER_START_DELAY which would default to zero. This option forces the someone like myself to understand that a delay is needed when using --external and LocalSocket. 3) Add a line to /etc/conf.d/clamd that the user can set to "turn on" --external over LocalSocket which would add the needed delay and --external to the clamav-milter invocation. I think that option two is the least advisable in that it forces the end user to learn why clamav-milter failed to start after the user adds --external to the MILTER_OPTS. Option three is better, but I think that it is just option one (1) poorly implemented. I like the automation of option one. By the way, on my system the delay is always four seconds. If the decision is to go ahead with a solution to this issue and my option one is picked, I will provide the code. dean@bullock.net 2007-03-12 23:30:10 0000 Created an attachment (id=113117) new patch that takes into account --server This new patch will delay only if --external is in MILTER_OPTS and --server is not. Getopt is used so that MILTER_OPTS can be searched for -e, -s, --external and/or --server using the getopt logic. Also fixes a bug in the count down where the [[ operator was used instead of the (( operator. ticho@gentoo.org 2007-04-10 20:14:26 0000 Looks good, patch applied. Thanks, and sorry for the delay! 112237 2007-03-06 02:10 0000 patch for /etc/init.d/clamd clamd.patch text/plain LS0tIGNsYW1kLm9yaWcJMjAwNy0wMy0wNSAxNzowMzo0OC4wMDAwMDAwMDAgLTA4MDAKKysrIGNs YW1kCTIwMDctMDMtMDUgMTc6MDI6NDUuMDAwMDAwMDAwIC0wODAwCkBAIC00NSw2ICs0NSwyNSBA QAogCQljaG93biAke2NsYW1hdl91c2VyfSAke2xvZ2ZpbGV9CiAJCWZpCQogCisJCWlmIFtbICR7 TUlMVEVSX09QVFN9ID09ICotLWV4dGVybmFsKiBdXTsgdGhlbgorCQkJbG9jYWwgY2xhbWRfc29j a2V0X3dhaXRfY291bnQ9MAorCQkJbG9jYWwgY2xhbWRfc29ja2V0X3dhaXRfbWF4PTEwCisJCQls b2NhbCBjbGFtZF9zb2NrZXRfd2FpdF9yZXN1bHQ9LTEKKwkJCWViZWdpbiAiV2FpdGluZyBmb3Ig Y2xhbWQgdG8gY3JlYXRlICR7Y2xhbWRfc29ja2V0fSIKKwkJCXdoaWxlIFtbIGNsYW1kX3NvY2tl dF93YWl0IDwgY2xhbWRfc29ja2V0X3dhaXRfbWF4IF1dOyBkbworCQkJCWlmIFsgLVMgIiR7Y2xh bWRfc29ja2V0Oi0vdG1wL2NsYW1kfSIgXTsgdGhlbgorCQkJCQljbGFtZF9zb2NrZXRfd2FpdF9y ZXN1bHQ9MAorCQkJCQlicmVhaworCQkJCWVsc2UKKwkJCQkJZWNobyAtbiAiIC4iCisJCQkJCWxl dCBjbGFtZF9zb2NrZXRfd2FpdCsrCisJCQkJCXNsZWVwIDEKKwkJCQlmaQorCQkJZG9uZQorCQkJ ZWNobworCQkJZWVuZCAkY2xhbWRfc29ja2V0X3dhaXRfcmVzdWx0ICJUaW1lb3V0IHdhaXRpbmcg Zm9yICR7Y2xhbWRfc29ja2V0fSIKKwkJZmkKKwkJCQogCQllYmVnaW4gIlN0YXJ0aW5nIGNsYW1h di1taWx0ZXIiCiAJCXN0YXJ0LXN0b3AtZGFlbW9uIC0tc3RhcnQgLS1xdWlldCBcCiAJCQktLWV4 ZWMgL3Vzci9zYmluL2NsYW1hdi1taWx0ZXIgLS0gJHtNSUxURVJfT1BUU30gJHtNSUxURVJfU09D S0VUfQo= 113117 2007-03-12 23:30 0000 new patch that takes into account --server clamd.patch text/plain LS0tIGNsYW1kLm9yaWcJMjAwNy0wMy0wNSAxNzowMzo0OC4wMDAwMDAwMDAgLTA4MDAKKysrIGNs YW1kCTIwMDctMDMtMTIgMTY6MjU6NTkuMDAwMDAwMDAwIC0wNzAwCkBAIC00NSw2ICs0NSw0NyBA QAogCQljaG93biAke2NsYW1hdl91c2VyfSAke2xvZ2ZpbGV9CiAJCWZpCQogCisKKwkJbG9jYWwg bWlsdGVyX2V4dD1ubworCQlsb2NhbCBtaWx0ZXJfc3ZyPW5vCisJCWFyZ3M9YGdldG9wdCAtcSAt LW9wdGlvbnMgImVzIiAtLWxvbmdvcHRpb25zICJleHRlcm5hbCxzZXJ2ZXIiIC0tICAkTUlMVEVS X09QVFNgCisJCWZvciBhcmcgaW4gJGFyZ3M7IGRvCisKKwkJCWNhc2UgIiRhcmciIGluCisKKwkJ CS1lIHwgLS1leHRlcm5hbCkKKwkJCQltaWx0ZXJfZXh0PXllczsKKwkJCQlzaGlmdDs7CisKKwkJ CS1zIHwgLS1zZXJ2ZXIpCisJCQkJbWlsdGVyX3N2cj15ZXM7CisJCQkJc2hpZnQ7OworCisJCQkt LSkKKwkJCQlzaGlmdDsKKwkJCQlicmVhazs7CisJCQllc2FjCisJCWRvbmUKKworCQlpZiBbWyAk bWlsdGVyX2V4dCA9PSB5ZXMgJiYgJG1pbHRlcl9zdnIgPT0gbm8gXV07IHRoZW4KKwkJCWxvY2Fs IGNsYW1kX3NvY2tldF93YWl0X2NvdW50PTAKKwkJCWxvY2FsIGNsYW1kX3NvY2tldF93YWl0X21h eD0xMAorCQkJbG9jYWwgY2xhbWRfc29ja2V0X3dhaXRfcmVzdWx0PS0xCisJCQllYmVnaW4gIldh aXRpbmcgZm9yIGNsYW1kIHRvIGNyZWF0ZSAke2NsYW1kX3NvY2tldH0iCisJCQl3aGlsZSAoKCBj bGFtZF9zb2NrZXRfd2FpdCA8IGNsYW1kX3NvY2tldF93YWl0X21heCApKTsgZG8KKwkJCQlpZiBb IC1TICIke2NsYW1kX3NvY2tldDotL3RtcC9jbGFtZH0iIF07IHRoZW4KKwkJCQkJY2xhbWRfc29j a2V0X3dhaXRfcmVzdWx0PTAKKwkJCQkJYnJlYWsKKwkJCQllbHNlCisJCQkJCWVjaG8gLW4gIiAu IgorCQkJCQlsZXQgY2xhbWRfc29ja2V0X3dhaXQrKworCQkJCQlzbGVlcCAxCisJCQkJZmkKKwkJ CWRvbmUKKwkJCWVjaG8KKwkJCWVlbmQgJGNsYW1kX3NvY2tldF93YWl0X3Jlc3VsdCAiVGltZW91 dCB3YWl0aW5nIGZvciAke2NsYW1kX3NvY2tldH0iCisJCWZpCisJCQkKIAkJZWJlZ2luICJTdGFy dGluZyBjbGFtYXYtbWlsdGVyIgogCQlzdGFydC1zdG9wLWRhZW1vbiAtLXN0YXJ0IC0tcXVpZXQg XAogCQkJLS1leGVjIC91c3Ivc2Jpbi9jbGFtYXYtbWlsdGVyIC0tICR7TUlMVEVSX09QVFN9ICR7 TUlMVEVSX1NPQ0tFVH0K