Mailing List Archive

On 7/31/21 2:03 PM, Micah Snyder (micasnyd) via clamav-users wrote:
> Hi all,
>
> I could use your opinion about a change we'd planned to make in 0.104.
> By request, I'd made this pull request to change the default directory
> for the config files from <prefix>/etc to <prefix>/etc/clamav. The
> purpose being to de-clutter /usr/local/etc:
> https://github.com/Cisco-Talos/clamav/pull/182
> <https://github.com/Cisco-Talos/clamav/pull/182>
>
> I procrastinated merging it for a long time because while it feels
> like a good change it will require a change to our test framework and
> would likely break scripts for other users as well. Some justification
> for the change at this time is that with the build system change to
> cmake, users will likely have to change the same scripts anyhow so we
> don't have any better time.
>
> Unfortunately, I procrastinated it so hard I forgot to merge it before
> the first release candidate. Now, I can't decide if it's right to
> merge it before the second release candidate or throw it away. I would
> like your opinion.
>
> Regards,
> Micah
In the past I already used /etc/clamav for the configuration file, just
for the same reason: avoiding cluttering.
Now, since <prefix>/etc has become the norm, it's only logical - for the
same reason - to use the proposed form of <prefix>/etc/clamav as the
default. I already use it this way.

Regards, Frans.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren "Micah Snyder (micasnyd) via clamav-users"
<clamav-users@lists.clamav.net>:

> Hi all,
>
> I could use your opinion about a change we'd planned to make in
> 0.104. By request, I'd made this pull request to change the default
> directory for the config files from <prefix>/etc to
> <prefix>/etc/clamav. The purpose being to de-clutter /usr/local/etc:
> https://github.com/Cisco-Talos/clamav/pull/182
>
> I procrastinated merging it for a long time because while it feels
> like a good change it will require a change to our test framework
> and would likely break scripts for other users as well. Some
> justification for the change at this time is that with the build
> system change to cmake, users will likely have to change the same
> scripts anyhow so we don't have any better time.
>
> Unfortunately, I procrastinated it so hard I forgot to merge it
> before the first release candidate. Now, I can't decide if it's
> right to merge it before the second release candidate or throw it
> away. I would like your opinion.

Either way is probably fine, there is always the APP_CONFIG_DIRECTORY
option to change the location. As long as this is honored, just
mentioning the change in the changelog should be enough.

What might be useful to add, is an option to set the name of the UNIX
socket (which is hard coded now) through a cmake option. In openSUSE
we patch this to a different name, but this needs to be done in
several files, so a cmake option would help.





_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Sat, 2021-07-31 at 14:47 +0200, Arjen de Korte via clamav-users
wrote:
>
> What might be useful to add, is an option to set the name of the UNIX
> socket (which is hard coded now) through a cmake option. In openSUSE
> we patch this to a different name, but this needs to be done in
> several files, so a cmake option would help.
>

If the configuration files are changed to templates, the line

#LocalSocket /tmp/clamd.socket

(which creates a security vulnerability) could become

#LocalSocket @RUNSTATEDIR@/clamav/clamd.ctl

instead. That's not _completely_ configurable, but it's a secure
setting that could be used by everyone without patching.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi Micah,

On my uBuntu distributions the config files have been in /etc/clamav at
least since uBuntu 10.04 LTS so I see no issue with the change.

It makes /usr/local/etc consistent with /etc which is always a good
thing when you are trying to debug/find/compare things when something
has gone wrong.

Regards
Mark.

On 31/07/2021 13:03, Micah Snyder (micasnyd) via clamav-users wrote:
> Hi all,
>
> I could use your opinion about a change we'd planned to make in 0.104.
> By request, I'd made this pull request to change the default directory
> for the config files from <prefix>/etc to <prefix>/etc/clamav. The
> purpose being to de-clutter /usr/local/etc:
> https://github.com/Cisco-Talos/clamav/pull/182
>
> I procrastinated merging it for a long time because while it feels like
> a good change it will require a change to our test framework and would
> likely break scripts for other users as well. Some justification for the
> change at this time is that with the build system change to cmake, users
> will likely have to change the same scripts anyhow so we don't have any
> better time.
>
> Unfortunately, I procrastinated it so hard I forgot to merge it before
> the first release candidate. Now, I can't decide if it's right to merge
> it before the second release candidate or throw it away. I would like
> your opinion.
>
> Regards,
> Micah
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Sat, 31 Jul 2021 12:03:36 +0000
"Micah Snyder \(micasnyd\) via clamav-users" <clamav-users@lists.clamav.net> wrote:

> Hi all,
>
> I could use your opinion about a change we'd planned to make in 0.104. By request, I'd made this pull request to change the default directory for the config files from <prefix>/etc to <prefix>/etc/clamav. The purpose being to de-clutter /usr/local/etc: https://github.com/Cisco-Talos/clamav/pull/182
>
> I procrastinated merging it for a long time because while it feels like a good change it will require a change to our test framework and would likely break scripts for other users as well. Some justification for the change at this time is that with the build system change to cmake, users will likely have to change the same scripts anyhow so we don't have any better time.
>
> Unfortunately, I procrastinated it so hard I forgot to merge it before the first release candidate. Now, I can't decide if it's right to merge it before the second release candidate or throw it away. I would like your opinion.
>
> Regards,
> Micah


When are started using ClamAV (<= 0.88.4), I built it in "/opt". Since then, it's always in "/opt/clamav.d/clamav.0.major.minor" with a symbolic link like "/opt/clamav -> /opt/clamav.d/clamav.0.103.3". This allows me to keep previous versions easily accessible in case of a problem.

The only real problem I remember having was when the latest version of libclamav wasn't compatible with the current version of HAVP (which I also build from source into "/opt" in the same manner). Fortunately, HAVP was updated soon after, but it allowed me to scan email with the latest ClamAV while keeping HAVP working adequately.

P.S. I tend to think "/opt" is preferable to "/usr" for software like ClamAV, at least until Linux distributors keep them up to date more diligently (as befits security software), so users don't have to build them on their own,

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Sat, 31 Jul 2021, Micah Snyder (micasnyd) via clamav-users wrote:

> ... change the default directory for the config files from
> <prefix>/etc to <prefix>/etc/clamav. ...

This is relatively unimportant.

If it were up to me, I'd look to see if there's already what seems to
be an existing, sane, config directory and, if found, use it. Perhaps
confirm it with the user building it first; you could even ask for it.
If not found, by all means create something in /usr/local/etc/opt/ or
whatever floats your FHS-compliant boat at the time. But please try
not to mess things up for existing users who've had to put up with
quite enough of this kind of thing from package mantainers already.

> Unfortunately, I procrastinated it so hard I forgot to merge it
> before the first release candidate. ... I would like your opinion.

This is very important. Think in terms of, say, trashing the database
for half a million customers.

I've already mentioned privately to Joel that I'm concerned about the
quality control over there. This reinforces the feeling. This is the
kind of thing which could de-orbit the ISS and cannot be excused.

Most people think quality control means testing. It doesn't.

It's mostly about how you design, and document, and implement all your
procedures and processes so that things can *never* get forgotten, or
left out, or put in, by accident. You need to get a very firm grip on
those things now, before you do more or less anything else. It's the
manufacturing equivalent of growing up.

There must be somebody in the Cisco empire who deals with this stuff.
Find him, and spend some quality time with him[*]. It'll be worth it.

--

73,
Ged.
[*] The masculine embraces the feminine where the context permits.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Ever since I started using Linux (RedHat before becoming a commercial
distribution and then Slackware for a total of about 20 years) I have
always installed the antivirus, including ClamAV in /opt with <prefix>.
Configuration files have always been in /opt/clamav/etc
Now they will be in /opt/clamav/etc/clamav whatever ...
I will manage to modify the startup scripts (not systemd, it doesn't exist
in Slackware) but from my point of view it doesn't help me at all!

Hi all,

Thank you all for your input.

What I've gathered is that this change is overall not that important. Even if it is perhaps a "better" design decision overall, it is probably too late now, and is something those who really care can easily achieve by building with:
-D APP_CONFIG_DIRECTORY=etc/clamav

Honestly, most people will probably end up using a distro build that is configured like this aanyways: https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#a-linux-distribution-style-build
Unix from source (v0.104+) - ClamAV Documentation<https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#a-linux-distribution-style-build>
Building ClamAV with CMake (v0.104 and newer) The following are instructions to build ClamAV version 0.104 and newer using CMake.. Tip: If you wish to build ClamAV version 0.103 or older from source, follow these instructions to build ClamAV using Autotools.. Building ClamAV with CMake (v0.104 and newer) Install prerequisites
docs.clamav.net


I think I was right to put off merging this change to think about it and I'm glad I gathered input from the good people on this mailer.

Related: Some day in the future I'd like to see freshclam, and perhaps even clamd, work without requiring a configuration file. Moving the location of the config files now and then making them optional later will doubtless cause some confusion when someone puts the config in the wrong directory and sees it "working" but not using their changes.

So I'm going to go ahead and close the pull request and decline the original request after all.

Thanks again everyone for your feedback.

-Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
Sent: Saturday, July 31, 2021 1:18 PM
To: Micah Snyder (micasnyd) via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] Opinion wanted: Change default config directory usr/clamav

Hi there,

On Sat, 31 Jul 2021, Micah Snyder (micasnyd) via clamav-users wrote:

> ... change the default directory for the config files from
> <prefix>/etc to <prefix>/etc/clamav. ...

This is relatively unimportant.

If it were up to me, I'd look to see if there's already what seems to
be an existing, sane, config directory and, if found, use it. Perhaps
confirm it with the user building it first; you could even ask for it.
If not found, by all means create something in /usr/local/etc/opt/ or
whatever floats your FHS-compliant boat at the time. But please try
not to mess things up for existing users who've had to put up with
quite enough of this kind of thing from package mantainers already.

> Unfortunately, I procrastinated it so hard I forgot to merge it
> before the first release candidate. ... I would like your opinion.

This is very important. Think in terms of, say, trashing the database
for half a million customers.

I've already mentioned privately to Joel that I'm concerned about the
quality control over there. This reinforces the feeling. This is the
kind of thing which could de-orbit the ISS and cannot be excused.

Most people think quality control means testing. It doesn't.

It's mostly about how you design, and document, and implement all your
procedures and processes so that things can *never* get forgotten, or
left out, or put in, by accident. You need to get a very firm grip on
those things now, before you do more or less anything else. It's the
manufacturing equivalent of growing up.

There must be somebody in the Cisco empire who deals with this stuff.
Find him, and spend some quality time with him[*]. It'll be worth it.

--

73,
Ged.
[*] The masculine embraces the feminine where the context permits.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml