[Pkg-clamav-devel] Bug#840331: Bug#840331: clamav autoconfiguring a Proxy based on Apt settings

Tue Jun 6 11:27:21 UTC 2017

TLDR LLF: Not sure where the problem originated from.  Cannot
immediately recreate it, although I have shown it remains without
intervention in a reconfigure. 

> since you don't have this set here, is it possible that it was at the
> installation time?
Highly unlikely.  /etc/apt/apt.conf.d/02proxy is the only place I have
ever set this.  To do so I did not use an environment variable.  It is
plausible that some script running as part of `apt-get upgrade` could
have set such a variable without my knowledge and that an update to
clamav happened while it was set. 

If the scripts that are retained on my system after an upgrade has
completed I might see those on a rgrep of my system, but it sounds like
you were kind enough to do that already for me. 

> You can drop it by calling
> 	dpkg-reconfigure clamav-freshclam
> and then it should not come back.
I shall try that now under sudo.  I have confirmed that the environment
is still not set for me or root (via sudo).  `echo $http_proxy` and
`sudo echo $http_proxy` return blanks. 

I'll now try running `sudo dpkg-reconfigure clamav-freshclam`. 
I am presented with a set of options for choosing how virus updates are
performed.  Daemon, ifup.d, cron or manual.  The first option
(presumably the default) is daemon.  My log error messages are from
"freshclam" and not CRON so I guess I was using daemon before and will
choose that now. 
After that I am asked to choose the closest mirror site.  There is a
db.gb.clamav.net (United Kingdom) listed so I will choose that option. 
The next window is titled "Configuring clamav-freshclam" and contains
the text:
"If you need to use an HTTP proxy to access the outside world, enter the
proxy information here.  Otherwise, leave this blank. 
Please use URL syntax ("http://host[:port]") here.
HTTP proxy information (leave blank for none):"
Then in the variable box I can see that http://warden.pt.local:3142/ is
listed.  I guess this might be being pulled from the existing
/etc/clamav/freshclam.conf file at this stage.  Although I had already
commented out the lines relating to warden being the HTTPProxyServer.  I
had not restarted any services or deamons, so perhaps it is being
fetched from one of those?  That or it must be reading another
configuration file from somewhere, such as the
/etc/apt/apt.conf.d/02proxy that currently has such a proxy setup. 

I shall manually remove the warden config from the prompt in the
reconfiguration window.  That should "fix" the imediate problem but not
explain where the idea of the incorrect config came from.  I will do a
further test on that shortly. 

After hitting next I am prompted to enter the "Number of freshclam
updates per day:" which is presently set to 24. I shall leave it set as
such and hit OK.
Then I am asked for "confirm whether clamd should be notified to reload
the database after successful updates."  I am warned that there could be
a significant delay (6 hours by default) in updates happening if I do
not do this.  As I am months, or years, behind at present I am not that
worried, so I shall leave it set to "No" for the moment. 
"Do you want to enable support for Google Safe Browsing?" currently the
prompt highlights "No" so will keep it set to that. 
"Do you want to download the bytecode database?" currently the prompt
highlights "Yes" so I will choose that option. 
"Private mirror for freshclam:"  There is nothing set for the private
mirror part at present, I do not have one to setup so I shall leave it
blank. 
"Do you want to enable log rotation?" highlights "Yes" and I would like
it set, so choosing that option. 
Now I am being told there is "A new version
(/var/lib/clamav/freshclam.conf) of configration file
/etc/clamav/freshclam.conf is available, but the version installed
currently has been locally modified."  When I look at the differences
between the versions I can see that an extra DatabaseMirror of
"db.gb.clamav.net" is in the var version, whereas there is a commented
out set of proxy config in the etc one.  I shall choose to "install the
package maintainer's version". 

Now the config is complete and I see no mention of an HTTP proxy in the
freshclam.conf file.  In my syslog I can at long last see:

Jun  6 12:21:39 thorne-ul-dt freshclam[651]: ClamAV update process
started at Tue Jun  6 12:21:39 2017
Jun  6 12:21:39 thorne-ul-dt freshclam[651]: main.cvd is up to date
(version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Jun  6 12:21:39 thorne-ul-dt freshclam[651]: daily.cvd is up to date
(version: 23450, sigs: 2082405, f-level: 63, builder: neo)
Jun  6 12:21:39 thorne-ul-dt freshclam[651]: bytecode.cld is up to date
(version: 301, sigs: 58, f-level: 63, builder: anvilleg)

If I repeat the reconfigure, I do not see the proxy stuff re-appear. 

Now I am unsure how to recreate the issue.  Would having the working apt
proxy setup, purging clamav and then reinstalling it be a worthwhile test? 

Regards, Thomas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20170606/203d39e0/attachment.sig>