Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clamav official signatures uploaded even if disabled on old installations #6113

Closed
lucagasparini opened this issue Apr 7, 2020 · 4 comments
Closed

Clamav official signatures uploaded even if disabled on old installations #6113

lucagasparini opened this issue Apr 7, 2020 · 4 comments
Labels
bug A defect of the software verified All test cases were verified successfully

Comments

@lucagasparini
Copy link

On old installations the presence of the clamav-data package does not make the disabling of the official clamd signatures definitive.
Even if the official signatures are disabled, the first time they are updated, they are reloaded again.

Steps to reproduce

  • Verify that the clamav-data package is installed: rpm -q clamav-data
  • disable official signatures:
config setprop clamd OfficialSignatures disabled
signal-event nethserver-antivirus-update

Verify that these files are no longer present:

/var/lib/clamav/main.cvd
/var/lib/clamav/daily.cvd
/var/lib/clamav/bytecode.cvd
  • yum update clamav-data if present or alternatively yum reinstall clamav-data

Expected behavior

The files main.cvd , daily.cvd and bytecode.cvd are not restored

Actual behavior

The files main.cvd , daily.cvd and bytecode.cvd are restored and at the next reload of the service the signatures are loaded into RAM.

Current workaround:

yum remove clamav-data
systemctl reload clamd@rspamd

Components

nethserver-antivirus-1.4.2-1.ns7.noarch
clamav-data.noarch 0:0.102.2-4.el7

See also
We suggest adding an Obsoletes: clamav-data to the nethserver-antivirus package
@lucagasparini lucagasparini added the bug A defect of the software label Apr 7, 2020
@gsanchietti gsanchietti mentioned this issue Apr 7, 2020
Merged
gsanchietti added a commit to NethServer/nethserver-antivirus that referenced this issue Apr 7, 2020
@gsanchietti
Obsoletes clamav-data (#12)
f936d44 
On old installations, where clamav-data is present, yum updates
reinstall official signatures (main.cvd,daily.cvd,bytecode.cvd)
even if the prop OfficialSignatures is set to disabled.

By removing the clamav-data package, all installations
will no longer receive updates on OfficialSignatures.

NethServer/dev#6113
@nethbot
Copy link
Member

nethbot commented Apr 7, 2020

in 7.7.1908/testing:

@gsanchietti
Copy link
Member

Test case 1

  • Upgrade a machine where clamav-data is already installed
  • Check the official signatures are gone
  • Force clamav reload with systemctl reload clamd@*

Test case 2

  • Install on a clean machine
  • Check official signatures are not downloaded at all

@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Apr 7, 2020
@lucagasparini
Copy link
Author

Test case 1: VERIFIED
Test case 2: VERIFIED

@lucagasparini lucagasparini added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Apr 8, 2020
@nethbot
Copy link
Member

nethbot commented Apr 8, 2020

in 7.7.1908/updates:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A defect of the software verified All test cases were verified successfully
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gsanchietti @lucagasparini @nethbot