CONCRETE SUGGESTION FOR CLAMAV DEVELOPERS (and anyone else with
minimal script writing skills):
CLAMWATCH service.
Either as cron job, or constantly running monitor daemon.
- Checks if clamd service is running (if enabled in startup files)
- Tests clamdscan with simple clean file and ICAR test
- Tests clamscan with simple clean file and ICAR test
Failure of any of these conditions results in notification
via e-mail to frequently monitored admin account.
A "watchdog" would not only detect failed startup, but also any possible
random failures, including errors I've seen in previous versions where the
daemon continues to 'run', but returns an error code to clamdscan.
A lot of people seem to think it is 'proper' for a mis-configured server
to just "die" or fail to start. This makes sense when the server has an
*obvious* function/effect and its failure will be noted by interruptions
in end-user performance/service. But when a mail filter 'fails', mail
goes through UNFILTERED, and UNNOTICED. This is just WRONG. Sorry, it is.
On Fri, 3 Oct 2008, David F. Skoll wrote:
> What if some poor user puts this in the ClamAV file:
> BlockAllZips yes
> and expects it to work?
If a USER puts in a bad parameter, then they better be in the habit of
TESTING their changes. 'Nuff said. The situation under discussion HERE
is where a previously TESTED and WORKING config becomes "bad" because
of deprecation in the software updates. In this case, clamav should indeed
recognize 'old valid config items' and CONTINUE RUNNING, and again, not
just write errors to infrequently checked logs, but generate an e-mail to
admins. How much trouble would it be to add such a feature to 'freshclam',
so that it 'watchdogs' and notify's admins?
> The principle of least surprise says ClamAV should reject that.
The principle of least surprise says "something that worked should
continue to work". If the end user cannot be notified in a timely fashion,
then the software should do its best job to function as closely as
possible to the desired configuration. So in the absence (or even *with*)
a watchdog, the filter should do a minimal job, even if it cannot parse
all parameters.
Thanks.
- Charles, HWCN
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
