[Pkg-clamav-devel] Initial start of clamav-daemon

Dilyan Palauzov dilyan.palauzov at aegee.org
Fri Apr 22 16:31:10 UTC 2016 

Hello,

on a fresh installed Debian Jessie with systemd and all packages 
updated, I call "apt-get install clamav-daemon".  Then systemctl status 
clamav-daemon.socket shows:

● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
    Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)
   Drop-In: /etc/systemd/system/clamav-daemon.socket.d
            └─extend.conf
    Active: inactive (dead)
            start condition failed at Fri 2016-04-22 17:00:29 CEST; 
16min ago
      Docs: man:clamd(8)
            man:clamd.conf(5)
            http://www.clamav.net/lang/en/doc/
    Listen: /var/run/clamav/clamd.ctl (Stream)

and systemctl status clamav-daemon.service prints:
● clamav-daemon.service - Clam AntiVirus userspace daemon
    Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
    Active: inactive (dead)
            start condition failed at Fri 2016-04-22 17:00:23 CEST; 
16min ago
      Docs: man:clamd(8)
            man:clamd.conf(5)
            http://www.clamav.net/lang/en/doc/

systemctl show clamav-daemon.socket emits
   ListenStream=/var/run/clamav/clamd.ctl

The directory /var/run/clamav does not exist, despite systemd.socket.xml 
in systemd v215, coming with Jessie, states under DirectoryMode= that if 
listening on a file system socket the parent directories are 
automatically created if needed.

Restarting the system and calling the show commands above, adds after 
"start condition failed" the text 
"ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not 
met".  Indeed, freshclam has not downloaded yet the signatures and the 
CondtionPathExistsGlob is added by 
clamav_0.99+dfsg-0+deb8u2.debian.tar.xz:debian/patches/Add-upstream-systemd-support.patch 
.

Reinstalling the system again, waiting for freshclam to download all the 
signatures, issuing the two show commands prints still the text above: 
(unnamed) start condition failed.  After restarting the system, 
following successful download of all the signatures by freshclam, 
everything works as expected.

My understanding is that during service start ConditionPathExistsGlob is 
checked once and if it fails, it is not retried, contrary to something 
like ExecStartPre=/bin/bash -c 'while ! [ -s /var/lib/clamav/main.inc -o 
-s /var/lib/clamav/main.cvd -o -s /var/lib/clamav/main.cld ) -a  ( -s 
/var/lib/clamav/daily.inc -o -s /var/lib/clamav/daily.cvs -o -s 
/var/lib/clamav/daily.cld ] ; do sleep 1 ; done ' .

For the mentioned reasons with the current configuration clamd is not 
going to start automatically, once freshclam has downloaded all the files.

I propose removing the ConditionPathExistsGlob from 
clamav-daemon.s(ervice,ocket). Then, once freshclam is ready, it will 
notify clamd over the socket, systemd will start clamd because of 
clamav-daemon.socket  and everything is fine.  If somebody tries to 
contact the socket before freshclam is ready, and clamd starts and fails 
due to missing databases, we have the current situation: in order to 
start clamd, it has to be restarted manually, once the databases have 
been downloaded.  So removing ConditionPathExistsGlob is an improvement, 
as it boots the system correctly in more cases, than now.

Greetings
   Dilian

More information about the Pkg-clamav-devel mailing list