[clamav-users] about clamd boot sequence on Linux system.
Hi, all. Let me know about the clamd process boot sequence on Linux. There are two processes temporarily at clamd startup, is this a specification? Is this going to be three or more? On my system, after booting, it is in a state of following a few seconds. ps -aux root 75687 100 44.2 944120 899844 ? RN 00:00 0:27 /usr/lib/clamav/clamd --config-file=/etc/clamav/clamd.conf root 75856 0.0 44.0 1017852 895532 ? SNsl 00:00 0:00 /usr/lib/clamav/clamd --config-file=/etc/clamav/clamd.conf This was not the case on systems with a lot of memory. Best regards, T.O ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.102.2 needs a "--without-systemd" option
Paul, You should be able to use `--with-systemdsystemunitdir=no` to make it so that `make install` won't try to register clamd as a systemd service -Andrew On Sun, Apr 19, 2020 at 1:26 PM Paul Kosinski via clamav-users < clamav-users@lists.clamav.net> wrote: > I finally built 0.102.2 a few days ago and was rather shocked that it was > tightly integrated into systemd. In a point release, converting ClamAV into > a mandatory server strikes me as weird, especially since there is no > "--without-systemd" option. > > I am not philosophically opposed to systemd (its partial ordering of > dependencies is actually quite elegant), but I have never used ClamAV in > conjunction with systemd (although I might consider it in the future). > > Now for some details... > > The way I always have built ClamAV is to install each new version in /opt > under its version number. This allows me to try out the new version without > needing to shut down the running version. Then I switch to the new version > almost atomically by changing one symlink (e.g., /opt/clamav -> > /opt/clamav.0.102.2) and restarting clamd. So if the new version has some > problem, I can switch back (also almost atomically). > > Luckily, my procedure was not totally wiped out by the systemd issue due > to the fact that (for extra security) I never run "make install" as root. I > always create the new ClamAV version directory in /opt owned by the build > user and install as that user (followed by "chown -R 0.0" etc.). So the > install failed without adding weird stuff to my systemd environment. > > I then worked around the problem by studying the "configure" options and > found that there was an option "--with-systemdsystemunitdir". So I pointed > that to a harmless new directory (/opt/clamav.0.102.2/systemd) and reran > "configure", "make", "make check" and "make install", which then all > worked, and showed me what the new systemd files contained. > > Thus I would strongly recommend adding a "--without-systemd" option to the > new "configure". If I hadn't employed my workaround, "make install" (as > root) would have added those 3 files to the standard systemd environment. > This have totally broken the way I support multiple versions of ClamAV, as > those files have *absolute* paths to the new version of ClamAV no matter > where installed. > > P.S. I run freshclam via cron and my own "getfreshclam" wrapper. This > allows me to keep older signature files around in case a new version has a > serious problem. (It was also quite useful in investigating the multi-hour > out-of-date problem with Cloudflare's BOS mirror.) > > Finally, note that simply using systemd and thus freshclam's builtin > periodic update mechanism (instead of cron) wouldn't easily allow keeping > previous signature files around as backups. > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] ClamAV 0.102.2 needs a "--without-systemd" option
I finally built 0.102.2 a few days ago and was rather shocked that it was tightly integrated into systemd. In a point release, converting ClamAV into a mandatory server strikes me as weird, especially since there is no "--without-systemd" option. I am not philosophically opposed to systemd (its partial ordering of dependencies is actually quite elegant), but I have never used ClamAV in conjunction with systemd (although I might consider it in the future). Now for some details... The way I always have built ClamAV is to install each new version in /opt under its version number. This allows me to try out the new version without needing to shut down the running version. Then I switch to the new version almost atomically by changing one symlink (e.g., /opt/clamav -> /opt/clamav.0.102.2) and restarting clamd. So if the new version has some problem, I can switch back (also almost atomically). Luckily, my procedure was not totally wiped out by the systemd issue due to the fact that (for extra security) I never run "make install" as root. I always create the new ClamAV version directory in /opt owned by the build user and install as that user (followed by "chown -R 0.0" etc.). So the install failed without adding weird stuff to my systemd environment. I then worked around the problem by studying the "configure" options and found that there was an option "--with-systemdsystemunitdir". So I pointed that to a harmless new directory (/opt/clamav.0.102.2/systemd) and reran "configure", "make", "make check" and "make install", which then all worked, and showed me what the new systemd files contained. Thus I would strongly recommend adding a "--without-systemd" option to the new "configure". If I hadn't employed my workaround, "make install" (as root) would have added those 3 files to the standard systemd environment. This have totally broken the way I support multiple versions of ClamAV, as those files have *absolute* paths to the new version of ClamAV no matter where installed. P.S. I run freshclam via cron and my own "getfreshclam" wrapper. This allows me to keep older signature files around in case a new version has a serious problem. (It was also quite useful in investigating the multi-hour out-of-date problem with Cloudflare's BOS mirror.) Finally, note that simply using systemd and thus freshclam's builtin periodic update mechanism (instead of cron) wouldn't easily allow keeping previous signature files around as backups. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml