[clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

OS: openSUSE Tumbleweed I have found (like others) that the ClamAV 0.103.0-rc service doesn't start. When running the binary in a console, it doesn't daemonize, but keeps running. PID file and socket are created however. I bisected this problem and found the commit bb12435: Create PID

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

Citeren Arjen de Korte via clamav-users : OS: openSUSE Tumbleweed I have found (like others) that the ClamAV 0.103.0-rc service doesn't start. When running the binary in a console, it doesn't daemonize, but keeps running. PID file and socket are created however. That should have read the

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

On 2020-08-21 04:45, Arjen de Korte via clamav-users wrote: > > It is not clear to me what problem this patch intends to solve (for a > systemd service it is absolute not required from a security point of > view). The PIDFile should be writable by vscan user only anyway. > With a Type=forkin

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

Citeren Michael Orlitzky via clamav-users : On 2020-08-21 04:45, Arjen de Korte via clamav-users wrote: It is not clear to me what problem this patch intends to solve (for a systemd service it is absolute not required from a security point of view). The PIDFile should be writable by vscan user

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote: > Citeren Michael Orlitzky via clamav-users : > >> On 2020-08-21 04:45, Arjen de Korte via clamav-users wrote: >>> >>> It is not clear to me what problem this patch intends to solve (for a >>> systemd service it is absolute not required f

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote: > > Not unconditionally. See the following from 'man 5 systemd.service': > > "The PID file does not need to be owned by a privileged user, but if it > is owned by an unprivileged user additional safety restrictions are > en

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

Citeren Michael Orlitzky via clamav-users : On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote: Citeren Michael Orlitzky via clamav-users : On 2020-08-21 04:45, Arjen de Korte via clamav-users wrote: It is not clear to me what problem this patch intends to solve (for a systemd servi

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

Citeren Michael Orlitzky via clamav-users : On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote: Not unconditionally. See the following from 'man 5 systemd.service': "The PID file does not need to be owned by a privileged user, but if it is owned by an unprivileged user additi

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

On 2020-08-21 09:38, Arjen de Korte via clamav-users wrote: >> >> However, systemd isn't the only service manager, and the problem still >> exists in all of the other ones. Systemd is able to avail itself of >> platform-specific features in brand-new Linux kernels. SysV init, >> OpenRC, and others

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

Citeren Michael Orlitzky via clamav-users : Well empirically that's not true, because it isn't working. Add PIDFile entries to your service files when using Type=forking, and synchronize them with the PidFile lines in clamd.conf and freshclam.conf. Makes no difference at all. Even without usin

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

On 2020-08-21 11:29, Arjen de Korte via clamav-users wrote: > >> # ps ax | grep clamd >> 7436 ?Ssl0:25 sbin/clamd > > # ps ax | grep clamd > 7840 pts/2S+ 0:00 /usr/sbin/clamd --debug > 7841 ?Ssl0:38 /usr/sbin/clamd --debug > > Previously I've wa

Re: [clamav-users] on-access scan /media folder

Hi there, Sorry again for the delay. I've attached a small patch which provides a bit deeper (and possibly excessive) error reporting for clamonacc. Please give it a try and let us know what errors pop up so we can better figure out the problem. Thanks, Mickey On 2020-08-17 18:41:49-04:00 clam

Re: [clamav-users] [External] Re: ClamAV 0.103.0 release candidate - systemd service start fails

NOTE: I can't speak to systemd intricacies but I can relay this information Centos 6.6 & 6.10 (current) which is a current, in maintenance period OS systemd script worked for 0.102.4 and before. script at http://talonator.pccc.com/clamav/ systemd script does NOT work for 0.103.0-rc on either 6.6

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

On Fri, 21 Aug 2020, Michael Orlitzky via clamav-users wrote: > Date: Fri, 21 Aug 2020 10:18:42 -0400 > From: Michael Orlitzky via clamav-users > To: clamav-users@lists.clamav.net > Cc: Michael Orlitzky > Subject: Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd > service start

Re: [clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails

I have reproduced this error, and am currently working on a fix. See https://bugzilla.clamav.net/show_bug.cgi?id=12597. We made a change to create PID files before dropping privileges so that an unprivileged user cannot change the PID file and have the service manager kill the wrong process.