FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > EPEL Development

 
 
LinkBack Thread Tools
 
Old 03-15-2011, 04:00 PM
Kevin Fenzi
 
Default Clamav-status Was: Meeting summary/minutes from today's EPEL sig meeting (2011-03-14)

On Tue, 15 Mar 2011 15:34:04 +0100
Jan-Frode Myklebust <janfrode@tanso.net> wrote:

First let me say thanks for taking this on.

> OK, so now we have a working clamav for RHEL5/6 (I have no RHEL4
> systems to test on),

I have a centos4 virt instance here you are welcome to use for testing.
ping me on irc (nick: nirik) to get access to it.

> but I'm not 100% satisfied with it.. Issues when
> upgrading from clamav-0.95 on RHEL5:
>
> 1 - /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew
> 2 - /etc/sysconfig/freshclam saved
> as /etc/sysconfig/freshclam.rpmsave 3 - /etc/cron.d/clamav-update
> saved as /etc/cron.d/clamav-update.rpmsave Not much effect to rename
> a file under cron.d, will still be active. But this is probably part
> of the old packages' uninstall, so I don't know if new packaging can
> fix it.

Yeah, I am not sure there is any easy way to fix those other than
announcing the change loud and being ready to tell people to fix it. ;(

> 4 - Some files below /var/lib/clamav/ are still owned by old
> clamav-user after the upgrade, so freshclam is unable to write to
> these. Problem at least for mirrors.dat.

Perhaps we could do a %post that chowns them? Or a %pre that rm's them?

> 5 - clamd service is enabled by default, I don't think it should be.
> Not sure how to avoid it..

Modify the init script...

> 6 - Some minor milter issues. I fixed the broken options, but didn't
> touch the already installed clamav-milter.conf with wrong
> username.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=579370#c13
>
> Not sure which needs to be fixed, and which can be manually handled on
> upgrades. I'm pushing clamav-0.97-9 to testing in bodhi now...

Thanks.

kevin
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 
Old 03-15-2011, 06:18 PM
Jan-Frode Myklebust
 
Default Clamav-status Was: Meeting summary/minutes from today's EPEL sig meeting (2011-03-14)

On 2011-03-15, Kevin Fenzi <kevin@scrye.com> wrote:
>
>> OK, so now we have a working clamav for RHEL5/6 (I have no RHEL4
>> systems to test on),=20
>
> I have a centos4 virt instance here you are welcome to use for testing.=20
> ping me on irc (nick: nirik) to get access to it.=20

Thanks for the offer, but I woun't need it. I have access to virtual
machines at work, and can easily install RHEL4 there, but what I meant
was that I have no production mail-servers running RHEL4, so the
testing there will be quite limited -- and getting our full mailserver
setup configured for RHEL4 is probably more effort than I'm willing to
put into this. Hope we can get some whoever still run RHEL4 mailservers
to test the clamav upgrade if they're interested.

>
>> 4 - Some files below /var/lib/clamav/ are still owned by old
>> clamav-user after the upgrade, so freshclam is unable to write to
>> these. Problem at least for mirrors.dat.
>
> Perhaps we could do a %post that chowns them? Or a %pre that rm's them?=20
>

I'll double check this problem on the next mailserver I upgrade, so that
I know exactly what files it was..

>> 5 - clamd service is enabled by default, I don't think it should be.
>> Not sure how to avoid it..
>
> Modify the init script...

Fixed in git, but not built..



-jf

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 
Old 03-16-2011, 09:28 AM
Jan-Frode Myklebust
 
Default Clamav-status Was: Meeting summary/minutes from today's EPEL sig meeting (2011-03-14)

On 2011-03-15, Kevin Fenzi <kevin@scrye.com> wrote:
>
>> 4 - Some files below /var/lib/clamav/ are still owned by old
>> clamav-user after the upgrade, so freshclam is unable to write to
>> these. Problem at least for mirrors.dat.
>
> Perhaps we could do a %post that chowns them? Or a %pre that rm's them?=20

It was only the /var/lib/clamav/mirrors.dat that was causing problems
being owned by numeric id (old clamav user) and only readable by this
user. Guess %ghost should fix this, right ?

%defattr(0644, clam, clam, 0755)
%ghost %{_localstatedir}/lib/clamav/mirrors.dat




-jf

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 
Old 03-16-2011, 09:32 PM
Kevin Fenzi
 
Default Clamav-status Was: Meeting summary/minutes from today's EPEL sig meeting (2011-03-14)

On Wed, 16 Mar 2011 11:28:07 +0100
Jan-Frode Myklebust <janfrode@tanso.net> wrote:

> On 2011-03-15, Kevin Fenzi <kevin@scrye.com> wrote:
> >
> >> 4 - Some files below /var/lib/clamav/ are still owned by old
> >> clamav-user after the upgrade, so freshclam is unable to write to
> >> these. Problem at least for mirrors.dat.
> >
> > Perhaps we could do a %post that chowns them? Or a %pre that rm's
> > them?=20
>
> It was only the /var/lib/clamav/mirrors.dat that was causing problems
> being owned by numeric id (old clamav user) and only readable by this
> user. Guess %ghost should fix this, right ?
>
> %defattr(0644, clam, clam, 0755)
> %ghost %{_localstatedir}/lib/clamav/mirrors.dat

I think that would only work if they installed the new version and then
did a --setowner on it. ;(

I think you may need a %pre that removes the old mirrors.dat or I
wonder, could it do that in the freshclam process? Probibly too
difficult to add.

kevin
_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 
Old 03-17-2011, 10:37 AM
Jan-Frode Myklebust
 
Default Clamav-status Was: Meeting summary/minutes from today's EPEL sig meeting (2011-03-14)

On 2011-03-16, Kevin Fenzi <kevin@scrye.com> wrote:
>> It was only the /var/lib/clamav/mirrors.dat that was causing problems
>> being owned by numeric id (old clamav user) and only readable by this
>> user. Guess %ghost should fix this, right ?
>>=20
>> %defattr(0644, clam, clam, 0755)
>> %ghost %{_localstatedir}/lib/clamav/mirrors.dat
>
> I think that would only work if they installed the new version and then
> did a --setowner on it. ;(=20
>
> I think you may need a %pre that removes the old mirrors.dat or I
> wonder,

Crap, you were right... Strangely it seems to only be a problem
the first time i run freshclam. The first time it complains multiple
times about:

ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing

but later runs doesn't complain at all. Maybe it's only when
the db's changes that it need to write to mirrors.dat... and
it will complain again at a later point.

> could it do that in the freshclam process? Probibly too
> difficult to add.=20

I could of course fix it in /etc/cron.daily/freshclam, if it
see it doesn't have write access to this file:

if test -f /var/lib/clamav/mirrors.dat
-a ! -w /var/lib/clamav/mirrors.dat
then
chown clam /var/lib/clamav/mirrors.dat
chmod u+rw /var/lib/clamav/mirrors.dat
fi

but it's ugly and opens up race conditions that user clam
could conceivably abuse.. (ln -s /etc/passwd mirrors.dat in
the middle of the "test").

Maybe it's not that important to fix.. Updates are working,
and sysadmin should be able to fix it manually if/when he get the
errors from cron.


-jf

_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list
 

Thread Tools




All times are GMT. The time now is 02:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org