On Mon, Jun 16, 2008 at 11:51 AM, David F. Skoll <[EMAIL PROTECTED]> wrote:
> Aecio Neto wrote: > > > Due to a network issue, freshclam was not able to connect to update > > site. Then, freshclam set virus db as locked and clamd was not > > possible to read it and exit. This happened twice this week. > > We've been hit by this a lot. :-( It's really nasty because clamd removes > the pid file when it exits, so our (old) monitoring script did not restart > it (assuming that the admin had stopped it.) > > You do *not* want to hold a lock while waiting for the network. The > proper freshclam algorithm would be something like this. (File names > are illustrative only.) > Agree. Freshclam should only lock virus db when it is *really* performing updates it grabbed out there. > > 1) Hold a lock on /var/lock/freshclam.lock to avoid concurrent freshclams. > > 2) Copy the entire current database directory to a temporary directory. > > 3) Attempt to update the database in the temporary directory. During this > potentially time-consuming step, the main database is NOT locked and clamd > continues happily on its way. > > 4) If step (3) succeeded: Lock /var/lock/clam-db.lock. This lock > applies to both clamd and freshclam. Then rename the current database > directory to old, and the temporary one to current. Then release > /var/lock/clam-db.lock. Because the renaming is likely to be very > quick, clamd won't be locked out of the database directory for very > long. The lock-holding time certainly won't depend on network > conditions. > > 5) If step (4) succeeded: Delete the old database directory. > > 6) Release /var/lock/freshclam.lock > David, is this a change I have to do in my system or is this a proposal for a new code? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
