The app-antivirus/clamav-1.2.1 OpenRC initscript specifies the wrong path for the daemon's pid file Details of the clamav package installed: meshedgedx /home/fitzcarraldo # eix -I clamav [I] acct-group/clamav Available versions: 0-r2 Installed versions: 0-r2(03:58:28 04/08/23) Description: System group: clamav [I] acct-user/clamav Available versions: 0-r2 Installed versions: 0-r2(04:06:23 04/08/23) Description: System user: clamav [I] app-antivirus/clamav Available versions: 0.103.8(0/lts)^t (~)0.103.11(0/lts)^t (~)1.0.3(0/lts)^t 1.1.0(0/sts)^t (~)1.1.3(0/sts)^t (~)1.2.1(0/sts)^t {bzip2 +clamapp clamdtop clamonacc clamsubmit debug doc experimental iconv ipv6 jit libclamav-only metadata-analysis-api milter rar selinux +system-mspack systemd test xml} Installed versions: 1.2.1(0/sts)^t(12:16:37 30/12/23)(clamapp rar system-mspack -clamonacc -debug -doc -experimental -jit -libclamav-only -milter -selinux -systemd -test) Homepage: https://www.clamav.net/ Description: Clam Anti-Virus Scanner Found 3 matches rc-status reports that clamd has crashed: meshedgedx /home/fitzcarraldo # /etc/init.d/clamd status * status: crashed However, the clamav daemon appears to be running: meshedgedx /home/fitzcarraldo # ps -ef | grep clam clamav 4885 1 0 12:04 ? 00:00:00 /usr/bin/freshclam -p /run/freshclam.pid --daemon clamav 12813 1 4 12:55 ? 00:00:55 /usr/sbin/clamd root 24382 6591 0 13:14 pts/1 00:00:00 grep --colour=auto clam I looked in /etc/init.d/clamd and noticed the line: pidfile="/run/${RC_SVCNAME}.pid" However, for this version of clamav (and any earlier versions after upstream changed the pid file location) it should be: pidfile="/run/clamav/${RC_SVCNAME}.pid" I edited /etc/init.d/clamd and changed the line as shown above, then restarted clamd: meshedgedx /home/fitzcarraldo # nano /etc/init.d/clamd meshedgedx /home/fitzcarraldo # rc-service clamd restart * Caching service dependencies ... [ ok ] * Stopping clamd ... [ ok ] * Starting clamd ... [ ok ] meshedgedx /home/fitzcarraldo # /etc/init.d/clamd status * status: started Problem solved. Reproducible: Always Steps to Reproduce: 1. Install app-antivirus/clamav-1.2.1 in Gentoo Testing 2. Reboot or restart clamd 3. Check service status
(In reply to Fitzcarraldo from comment #0) > > I looked in /etc/init.d/clamd and noticed the line: > > pidfile="/run/${RC_SVCNAME}.pid" > > However, for this version of clamav (and any earlier versions after upstream > changed the pid file location) it should be: > > pidfile="/run/clamav/${RC_SVCNAME}.pid" > > I edited /etc/init.d/clamd and changed the line as shown above, then > restarted clamd: Upstream didn't change the default, they only changed a comment in config file -- the Gentoo ebuild uncomments it. But, the new (commented) location is insecure: https://github.com/Cisco-Talos/clamav/issues/1076 The old value of /run/${RC_SVCNAME}.pid is correct. The newer ebuilds should be tweaked to use it rather than the commented-out line from upstream.
Same issue with app-antivirus/clamav-1.2.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b99345bb35e9a6a208a3aa3cd6660b4d606cdb3 commit 7b99345bb35e9a6a208a3aa3cd6660b4d606cdb3 Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-06-24 10:24:55 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-06-24 11:04:15 +0000 app-antivirus/clamav: package maintenance revbump 1.3.1 with the following fixes: - add postinst message for 'clamonacc' - fix x32 builds - fix PID paths - drop py310; add py313 Bug: https://github.com/Cisco-Talos/clamav/issues/1076 Bug: https://bugs.gentoo.org/921088 Bug: https://bugs.gentoo.org/916147 Bug: https://bugs.gentoo.org/787233 Closes: https://bugs.gentoo.org/927214 Signed-off-by: Matt Jolly <kangie@gentoo.org> app-antivirus/clamav/clamav-1.3.1-r1.ebuild | 409 +++++++++++++++++++++ .../clamav/files/clamav-1.3.1-onenote-rs.patch | 30 ++ 2 files changed, 439 insertions(+)
This should be fixed in 1.3.1-r1 - could you please let me know how it goes?
(In reply to Matt Jolly from comment #4) > This should be fixed in 1.3.1-r1 - could you please let me know how it goes? I merged 1.3.1-r2 today (1.3.1-r1 is no longer in the tree) in my ~amd64 installation. The ebuild didn't overwrite the existing /etc/init.d/clamd which still had pidfile="/run/clamav/${RC_SVCNAME}.pid" in it, so I had to manually edit that to pidfile="/run/${RC_SVCNAME}.pid". The file /var/db/repos/gentoo/app-antivirus/clamav/files/clamd.initd does have pidfile="/run/${RC_SVCNAME}.pid" in it. And /etc/clamav/clamd.conf does have PidFile /run/clamd.pid in it. Why doesn't the ebuild overwrite an existing /etc/init.d/clamd file, but does overwrite an existing /etc/clamav/clamd.conf?
(In reply to Fitzcarraldo from comment #5) > > Why doesn't the ebuild overwrite an existing > /etc/init.d/clamd file, but does overwrite an existing > /etc/clamav/clamd.conf? How sure are you that there's not a new init.d file there waiting to be replaced with etc-update? If the original file is still there, portage will just replace it. But if you've modified it, etc-update is necessary.
(In reply to Michael Orlitzky from comment #6) > (In reply to Fitzcarraldo from comment #5) > > > > Why doesn't the ebuild overwrite an existing > > /etc/init.d/clamd file, but does overwrite an existing > > /etc/clamav/clamd.conf? > > How sure are you that there's not a new init.d file there waiting to be > replaced with etc-update? > > If the original file is still there, portage will just replace it. But if > you've modified it, etc-update is necessary. I thought etc-update updates config files, not init files? Also, doesn't Portage normally display a message when etc-update or dispatch-conf are required? But it didn't when I merged app-antivirus/clamav-1.3.1-r2. I looked in /etc/init.d/ to see if there is a new init file in there waiting to be used, but there is only the original init file that I had previously edited (and then re-edited after merging 1.3.1-r2 as per my previous comment): # ls -la /etc/init.d/*clamd* -rwxr-xr-x 1 root root 918 Jul 13 00:33 /etc/init.d/clamd
(In reply to Fitzcarraldo from comment #7) > > I thought etc-update updates config files, not init files? Also, doesn't > Portage normally display a message when etc-update or dispatch-conf are > required? But it didn't when I merged app-antivirus/clamav-1.3.1-r2. I > looked in /etc/init.d/ to see if there is a new init file in there waiting > to be used, but there is only the original init file that I had previously > edited (and then re-edited after merging 1.3.1-r2 as per my previous > comment): Portage doesn't really know what is and is not a config file. It uses the variables CONFIG_PROTECT (which includes all of /etc) and CONFIG_PROTECT_MASK (an exclusion list) to determine what should be protected from updates. I would expect /etc/init.d to be protected as part of /etc, but you can check the values of those variables with emerge --info. > # ls -la /etc/init.d/*clamd* > -rwxr-xr-x 1 root root 918 Jul 13 00:33 /etc/init.d/clamd Yeah, I dunno :)
(In reply to Michael Orlitzky from comment #8) > > > # ls -la /etc/init.d/*clamd* > > -rwxr-xr-x 1 root root 918 Jul 13 00:33 /etc/init.d/clamd > > Yeah, I dunno :) Actually, the shell globs there might be hiding dotfiles. Try ls -la /etc/init.d/ instead.
(In reply to Michael Orlitzky from comment #9) > (In reply to Michael Orlitzky from comment #8) > > > > > # ls -la /etc/init.d/*clamd* > > > -rwxr-xr-x 1 root root 918 Jul 13 00:33 /etc/init.d/clamd > > > > Yeah, I dunno :) > > Actually, the shell globs there might be hiding dotfiles. Try > > ls -la /etc/init.d/ > > instead. Still no dotfiles, unfortunately. ¯\_(ツ)_/¯ Anyway, I hope 1.3.1-r2 has fixed the original problem.
