The logrotate script for clamd contains this (and a similar line for freshclamd): /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true This uses /var/run, which is deprecated and should be /run. Furthermore the 2>/dev/null and || true seem odd to me and I wonder what motivates it. It seems this would cause all problems to be hidden. When one of these commands throws an error or returns false the admin should probably know about this.
Thanks, I already noticed the PID file location (in $URL, but it's restricted), but we need an upstream fix before I start messing with the PID file locations. The current path is a security risk, because in the logrotate script, that's root calling `kill` on the contents of a file that is owned by an unprivileged user. In my opinion clamd/freshclam should create the PID files as root, and then we can put them in e.g. /run/clamd.pid where they belong. As for the error handling: you're probably right. I'll remove it from the logrotate script on our MX and see if anything bad happens.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76622421052176c051df0c19a518d6c064aa5e5e commit 76622421052176c051df0c19a518d6c064aa5e5e Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-09-22 13:24:36 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-09-23 03:23:24 +0000 app-antivirus/clamav: new logrotate files for v0.103.0. Now that each ClamAV daemon has its own OpenRC service, we separate the logrotate entries as well. This fixes an old bug where we relied on the service manager being OpenRC. Closes: https://bugs.gentoo.org/508520 Closes: https://bugs.gentoo.org/709780 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> app-antivirus/clamav/clamav-0.103.0.ebuild | 5 ++++- app-antivirus/clamav/files/clamav-milter.logrotate | 25 ++++++++++++++++++++++ app-antivirus/clamav/files/clamd.logrotate | 17 +++++++++++++++ app-antivirus/clamav/files/freshclam.logrotate | 17 +++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-)