[Pkg-clamav-devel] Bug#925475: clamav-freshclam.service is "inactive (dead)" after logrotate postrotate script execution

Nils Fahldieck - Profihost AG n.fahldieck at profihost.ag
Mon Mar 25 15:39:42 GMT 2019 

Package: clamav-freshclam
Version: 0.100.2+dfsg-0+deb9u1
Severity: important

libc6 Version: 2.24-11+deb9u4
systemd Version: 232-25+deb9u9
Debian Version: Debian GNU/Linux 9 (stretch)

The `postrotate` script in `/etc/logrotate.d/clamav-freshclam` executes
this code if systemd is used:

$ cat /etc/logrotate.d/clamav-freshclam
     postrotate
     if [ -d /run/systemd/system ]; then
         systemctl -q is-active clamav-freshclam && systemctl kill
--signal=SIGHUP clamav-freshclam || true

Whenever logrotate rotates freshclam's logfile, the service is inactive
(dead) afterwards.

Reproducer:

$ systemctl is-active clamav-freshclam
active
$ systemctl -q is-active clamav-freshclam && systemctl kill
--signal=SIGHUP clamav-freshclam || true
$ systemctl is-active clamav-freshclam
inactive
$ systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service;
enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-freshclam.service.d
           └─limits.conf
   Active: inactive (dead) since Mon 2019-03-25 16:28:25 CET; 2s ago
     Docs: man:freshclam(1)
           man:freshclam.conf(5)
           https://www.clamav.net/documents
  Process: 15231 ExecStart=/usr/bin/cpulimit -f -l 5 --
/usr/bin/freshclam -d --foreground=true (code=killed, signal=HUP)
 Main PID: 15231 (code=killed, signal=HUP)
      CPU: 57ms

Logrotate for freshclam runs once every week at 06:25. This run was on
2019-03-17, two days later at 2019-03-19 I used my config management to
ensure a highstate. During that run freshclam was started - as defined
in my states:

$ journalctl -x -u clamav-freshclam.service --since 2019-03-16
Mär 17 06:26:06 hostname cpulimit[8290]: Sun Mar 17 06:26:06 2019 ->
Update process terminated
Mär 19 06:22:52 hostname systemd[1]: Started ClamAV virus database updater.
-- Subject: Unit clamav-freshclam.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Unit clamav-freshclam.service has finished starting up.
-- 
-- The start-up result is done.
Mär 19 06:22:53 hostname cpulimit[29197]: Tue Mar 19 06:22:53 2019 ->
ClamAV update process started at Tue Mar 19 06:22:53 2019


I can just guess, that SIGHUP might be the wrong signal to tell
freshclam to re-open its log file.

This bug is in so far dangerous, as freshclam will not update clamav's
virus definitions anymore. Also clamav-freshclam.service is not failed.

Thank you, Nils

More information about the Pkg-clamav-devel mailing list