According to default config files, init scripts should contain pidfile=/run/clamav/ Actually: # grep pidfile= $(qlist clamav | grep init ) /etc/init.d/clamav-milter:pidfile="/run/${RC_SVCNAME}.pid" /etc/init.d/clamd:pidfile="/run/${RC_SVCNAME}.pid" /etc/init.d/freshclam:pidfile="/run/${RC_SVCNAME}.pid"
No, it shouldn't. That's a security vulnerability, and one that clamav upstream already spent a lot of time fixing. Here's my reply to the change announcement: https://marc.info/?l=clamav-users&m=169117576515342&w=2
In your opinion it is therefore normal to have a different pidfile in the init script and in the configuration. Ok, that's your view, but many will have problems with it.
Can you give an actual reason you want something different here? It's not about preference. And mjo has already asked upstream to fix the "default config files" you reference.
Ok, there is a real problem here, just not the one in the summary. The 1.2.0 ebuild runs, sed -e "s/^#\(PidFile .*\)/\1/" on the config file to uncomment that line. While it used to be OK, now it is not. But the config file should be changed because the upstream commented location is now secure. The init script has it right.
(In reply to Michael Orlitzky from comment #4) > now secure now INsecure
# genlop -n clamav | tail -n1 Fri Oct 27 05:41:19 2023 >>> app-antivirus/clamav-1.2.1 # grep PidFile /etc/clamav/*.sample clamav-milter.conf.sample:#PidFile /run/clamav/clamav-milter.pid clamd.conf.sample:#PidFile /run/clamav/clamd.pid freshclam.conf.sample:#PidFile /run/clamav/freshclam.pid # grep pidfile= $(qlist clamav | grep init ) /etc/init.d/clamav-milter:pidfile="/run/${RC_SVCNAME}.pid" /etc/init.d/clamd:pidfile="/run/${RC_SVCNAME}.pid" /etc/init.d/freshclam:pidfile="/run/${RC_SVCNAME}.pid"
I had forgotten about this and it doesn't look like anyone acted on my mailing list message, so I opened https://github.com/Cisco-Talos/clamav/issues/1076 as a reminder.
