** Description changed: [IMPACT] clamav-daemon won't listen on TCP sockets when reconfiguring the package. This is not an upstream clamav bug, it is a packaging one. When `sudo dpkg-reconfigure clamav-daemon` is run, the postinst script correctly updates the main configuration file (clamd.conf). In Ubuntu, clamav-daemon is integrated as a systemd service. Whether clamav listens to a unix file of a TCP socket is configured in clamd.conf (upstream bit). In Ubuntu this is passed to systemd service by making the service depend on a systemd socket: root@jammy:/usr/lib/systemd/system# cat clamav-daemon.socket [Unit] Description=Socket for Clam AntiVirus userspace daemon Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ # Check for database existence ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} [Socket] ListenStream=/run/clamav/clamd.ctl #ListenStream=1024 SocketUser=clamav SocketGroup=clamav RemoveOnStop=True [Install] WantedBy=sockets.target The problem is that when reconfiguring the package to make clamav listen to a TCP socket, this change is never reflected in the systemd socket file which keeps the old config (unix file). To address this I can think of 2 ways: a) Modify the postinst script to also update the systemd socket file. b) Modify the systemd service to read its configuration directly from clamd.conf, making the socket file's configuration redundant. + [Description of the Proposed Changes] + + * Add systemd socket generator for clamav-daemon (LP: #2129160) + - debian/clamav-daemon-socket-generator: Implement + clamav-daemon-socket-generator to align clamav-daemon.socket with + clamd.conf. + - debian/clamav-daemon.postinst.in: Execute daemon-reload to regenerate + configuration. + - debian/clamav-daemon.install: Install clamav-daemon-socket-generator + + The socket generator allows for configurability of both LocalSocket and + TCPSocket (IPv4 or IPv6) ListenStreams, as well as configurability over + the LocalSocketMode and LocalSocketGroup. + + [Benefits of the proposed change] + + This will fix a packaging issue that prevents customization and + reconfiguration of clamav. + [TEST CASE] Run "sudo apt install clamav-daemon" Run "sudo dpkg-reconfigure clamav-daemon" Select "Socket type" as "TCP" Leave everything else as defaults and finish the config setup Run "sudo systemctl restart clamav-daemon" Check for the daemon running on a TCP socket (it won't be): sudo ss -pln | grep 3310 + [Testing Against Devel Release] + + The above test plan has been executed with the proposed changes on + Resolute to verify the changes work as intended (service is listening on + the expected port, and or local socket) + + The package builds on all architectures against -updates [1] and + -proposed [2] + + [1] https://launchpad.net/~bryanfraschetti/+archive/ubuntu/lp2129160-updates + [2] https://launchpad.net/~bryanfraschetti/+archive/ubuntu/lp2129160-proposed + + The package successfully upgrades from 1.4.3+dfsg-2ubuntu2 (the current + version in Resolute) + [Where problems could occur] - TBD + - While the proposed changes resolve all problems that we identified + such as the inability to reconfigure the package, set the port, IPv4 or + IPv6 address on which the clamav-daemon listens, or the local socket + path, it is possible that this is not a comprehensive list of the + upstream features. That is to say, there may be additional + configurability not yet captured in the generator. + + - Given the current broken behaviour, users may have defined systemd + overrides and workarounds in place and should be careful when + reconfiguring the package to avoid conflicting configurations. For + example, they may want to remove custom overrides before or after + upgrading [Other] Upstream related bug: https://github.com/Cisco-Talos/clamav/issues/1464
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2129160 Title: [FFe] dpkg-reconfigure clamav-daemon does not respect TCP configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2129160/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
