I finally built 0.102.2 a few days ago and was rather shocked that it was tightly integrated into systemd. In a point release, converting ClamAV into a mandatory server strikes me as weird, especially since there is no "--without-systemd" option.
I am not philosophically opposed to systemd (its partial ordering of dependencies is actually quite elegant), but I have never used ClamAV in conjunction with systemd (although I might consider it in the future).
Now for some details...
The way I always have built ClamAV is to install each new version in /opt under its version number. This allows me to try out the new version without needing to shut down the running version. Then I switch to the new version almost atomically by changing one symlink (e.g., /opt/clamav -> /opt/clamav.0.102.2) and restarting clamd. So if the new version has some problem, I can switch back (also almost atomically).
Luckily, my procedure was not totally wiped out by the systemd issue due to the fact that (for extra security) I never run "make install" as root. I always create the new ClamAV version directory in /opt owned by the build user and install as that user (followed by "chown -R 0.0" etc.). So the install failed without adding weird stuff to my systemd environment.
I then worked around the problem by studying the "configure" options and found that there was an option "--with-systemdsystemunitdir". So I pointed that to a harmless new directory (/opt/clamav.0.102.2/systemd) and reran "configure", "make", "make check" and "make install", which then all worked, and showed me what the new systemd files contained.
Thus I would strongly recommend adding a "--without-systemd" option to the new "configure". If I hadn't employed my workaround, "make install" (as root) would have added those 3 files to the standard systemd environment. This have totally broken the way I support multiple versions of ClamAV, as those files have *absolute* paths to the new version of ClamAV no matter where installed.
P.S. I run freshclam via cron and my own "getfreshclam" wrapper. This allows me to keep older signature files around in case a new version has a serious problem. (It was also quite useful in investigating the multi-hour out-of-date problem with Cloudflare's BOS mirror.)
Finally, note that simply using systemd and thus freshclam's builtin periodic update mechanism (instead of cron) wouldn't easily allow keeping previous signature files around as backups.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
I am not philosophically opposed to systemd (its partial ordering of dependencies is actually quite elegant), but I have never used ClamAV in conjunction with systemd (although I might consider it in the future).
Now for some details...
The way I always have built ClamAV is to install each new version in /opt under its version number. This allows me to try out the new version without needing to shut down the running version. Then I switch to the new version almost atomically by changing one symlink (e.g., /opt/clamav -> /opt/clamav.0.102.2) and restarting clamd. So if the new version has some problem, I can switch back (also almost atomically).
Luckily, my procedure was not totally wiped out by the systemd issue due to the fact that (for extra security) I never run "make install" as root. I always create the new ClamAV version directory in /opt owned by the build user and install as that user (followed by "chown -R 0.0" etc.). So the install failed without adding weird stuff to my systemd environment.
I then worked around the problem by studying the "configure" options and found that there was an option "--with-systemdsystemunitdir". So I pointed that to a harmless new directory (/opt/clamav.0.102.2/systemd) and reran "configure", "make", "make check" and "make install", which then all worked, and showed me what the new systemd files contained.
Thus I would strongly recommend adding a "--without-systemd" option to the new "configure". If I hadn't employed my workaround, "make install" (as root) would have added those 3 files to the standard systemd environment. This have totally broken the way I support multiple versions of ClamAV, as those files have *absolute* paths to the new version of ClamAV no matter where installed.
P.S. I run freshclam via cron and my own "getfreshclam" wrapper. This allows me to keep older signature files around in case a new version has a serious problem. (It was also quite useful in investigating the multi-hour out-of-date problem with Cloudflare's BOS mirror.)
Finally, note that simply using systemd and thus freshclam's builtin periodic update mechanism (instead of cron) wouldn't easily allow keeping previous signature files around as backups.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml