Hi,
As this question comes back now and then (from me in the past as well), I have
a proposal IF
you have enough RAM. On reload:
- start a second instance with a slightly different config file containing
"LocalSocket
.../clamd.sock.new"
- wait in the logs for "Database correctly reloaded"
- stop the first instance
- mv .../clamd.sock.new .../clamd.sock
I see some possible issues though:
- Other programs are connected to the original socket, but I suppose the socket
will be
deleted when the first instance stops, so the other parties will try to
reconnect and then
communicate with the new instance.
- The log file that would be opened and updated by both instances. The
LogFileUnlock option
might be necessary but then the messages from one might overwrite those from
the other.
So, if possible, the syslog could be used instead. Without the syslog I think
it would be better
to define a clamd.log.new for the second instance and rotate the log file after
the first
instance is stopped (clamd.log -> clamd.log.prev, clamd.log.new -> clamd.log,
clamd.log.prev
-> clamd.log.new). The LogRotate might need to be disabled in the conf file and
done outside
of clamd.
- The PidFile should be disabled (both instance would be killed at service
stop). Anyway on
my system the service stop procedure uses a "pkill -x $prog", that means it
would not stop
the "clamd --config ...clamd.conf.new" if it is running...
- If the database is not reloaded correctly both instances might remain up, we
should wait for
the message with a timeout.
- It would not work in TCPSocket mode, only in LocalSocket mode.
Do you think this would work? Of course you would need temporarily an
additional ~1GB of
RAM...
Somehow I must say I don't much like this procedure: it's a bit tricky. I would
prefer to have 2
real service instances, each with its own configuration file, one persistently
enabled, the other
not as it would be enabled temporarily during a db reload. But then I guess I
would need 2
different socket, log and pid files.
As I'm using mimedefang to connect to the socket I could maybe make it failover
to the
second socket in case the first one is not responding... I think it is a matter
of updating
mimedefang-filter:
< my($code, $category, $action) = message_contains_virus();
--
> $ClamdSock = /...first.sock;
> my($code, $category, $action) = message_contains_virus();
> if ($action eq "tempfail") {
> $ClamdSock = /...second.sock;
> my($code, $category, $action) = message_contains_virus();
> }
The on reload procedure would do:
- start a second service instance with its different config (socket, log, pid)
- wait in the log for "Database correctly reloaded"
- reload the first instance
- wait in the log for "Database correctly reloaded"
- stop the second instance
Thanks,
Pierre
On 20 Nov 2016 at 17:24, Charles Sprickman wrote:
Hi all,
I have two VMs running clamav and I monitor both with a simple nagios check (it
sends,
PING, waits for PONG). I have been getting quite a few notifications lately
after adding sane
security and other 3rd party AV rulesets. Looking at the logs, I see that my
timeouts line up
with the reloading messages:
Nov 20 16:39:02 spam-a clamd[1417]: Reading databases from /var/db/clamav
Nov 20 16:41:14 spam-a clamd[1417]: Database correctly reloaded (7986341
signatures)
I do have two servers, so if this is expected behavior, I´ll just make nagios
less touchy and let
the mail server just fail over to the other box. If not, what can be done to
maintain availability
while the db reloads? I currently reload every hour (based on clamd.conf),
occasionally more
often if there are new rules detected by clamav-unofficial-sigs.
Thanks,
Charles
--
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet www.bway.net
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml