Mailing List Archive

[clamav-users] is there a kill signal to have freshclam do an update check?
Is there a command that can make a running freshclam daemon do an update request instantly?




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] is there a kill signal to have freshclam do an update check? [ In reply to ]
Hi there,

On Wed, 9 Feb 2022, Marc wrote:

> Is there a command that can make a running freshclam daemon do an update request instantly?

SIGUSR1, assuming it's compiled with it enabled.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] is there a kill signal to have freshclam do an update check? [ In reply to ]
On Wed, 9 Feb 2022, Marc wrote:

> Is there a command that can make a running freshclam daemon do an update request instantly?

sudo service clamav-freshclam restart
works on Ubuntu.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] is there a kill signal to have freshclam do an update check? [ In reply to ]
>
> > Is there a command that can make a running freshclam daemon do an update
> request instantly?
>
> SIGUSR1, assuming it's compiled with it enabled.
>

Yes thanks, I was already trying with this command

kill -s SIGUSR1 $(pidof freshclam)

However it gets the wrong pid from the container environment where I have these processes listed

clam 4051769 4051758 0 16:27 ? 00:00:00 [freshclam] <defunct>
clam 4051770 1 0 16:27 ? 00:00:04 freshclam -d

If I start freshclam -d in the docker testing environment I do not have this first proces '[freshclam] <defunct>'. Any idea what this can be?

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] is there a kill signal to have freshclam do an update check? [ In reply to ]
Hi there,

On Sun, 13 Feb 2022, Marc wrote:
> On Wed, 9 Feb 2022, G.W. Haywood wrote:
>> On Wed, 9 Feb 2022, Marc wrote:
>>> Is there a command that can make a running freshclam daemon do an update
>> request instantly?
>>
>> SIGUSR1, assuming it's compiled with it enabled.
>
> Yes thanks, I was already trying with this command
>
> kill -s SIGUSR1 $(pidof freshclam)
>
> However it gets the wrong pid from the container environment where I have these processes listed
>
> clam 4051769 4051758 0 16:27 ? 00:00:00 [freshclam] <defunct>
> clam 4051770 1 0 16:27 ? 00:00:04 freshclam -d
>
> If I start freshclam -d in the docker testing environment I do not have this first proces '[freshclam] <defunct>'. Any idea what this can be?

Often what happens when a daemon starts up is that the parent forks a
child with the right permissions etc. and the parent then exits. This
can leave a defunct process until it's cleaned up. There's no need to
worry about it. The PPID (parent process ID) of the child will be the
PID of the parent until the parent exits, but after that the PPID of
the child is the PID of the 'init' process (or whatever passes for the
'init' process on your system - systemd?) which will usually be PID 1.

I have no experience with managing processes in Docker, but there's an
optional 'PidFile' directive in the freshclam configuration file from
which you might get the number you need if you configure freshclam to
write it there.

Alternatively, as Mr. Aitchison suggested, you could start freshclam
whenever you want it to update and let it terminate. So instead of
running it as a daemon you might for example want to run it from cron.

Why do you need to do this? Most people seem to be happy enough with
a couple of updates per day, and if you hit the CDN too hard you could
easily find yourself blacklisted. I recommend that you let freshclam
do what it's designed to do. It's pretty good at it.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] is there a kill signal to have freshclam do an update check? [ In reply to ]
> >>> Is there a command that can make a running freshclam daemon do an
> update
> >> request instantly?
> >>
> >> SIGUSR1, assuming it's compiled with it enabled.
> >
> > Yes thanks, I was already trying with this command
> >
> > kill -s SIGUSR1 $(pidof freshclam)
> >
> > However it gets the wrong pid from the container environment where I
> have these processes listed
> >
> > clam 4051769 4051758 0 16:27 ? 00:00:00 [freshclam]
> <defunct>
> > clam 4051770 1 0 16:27 ? 00:00:04 freshclam -d
> >
> > If I start freshclam -d in the docker testing environment I do not have
> this first proces '[freshclam] <defunct>'. Any idea what this can be?
>
> Often what happens when a daemon starts up is that the parent forks a
> child with the right permissions etc. and the parent then exits.

Ok so maybe this code is a bit buggy currently? Because I am using freshclam as unpriviledged user.

> This
> can leave a defunct process until it's cleaned up. There's no need to
> worry about it. The PPID (parent process ID) of the child will be the
> PID of the parent until the parent exits, but after that the PPID of
> the child is the PID of the 'init' process (or whatever passes for the
> 'init' process on your system - systemd?) which will usually be PID 1.

Thanks for explaining :) It is just a bit annoying when it is there and pidof is not working, nothing more.

> I have no experience with managing processes in Docker, but there's an
> optional 'PidFile' directive in the freshclam configuration file from
> which you might get the number you need if you configure freshclam to
> write it there.
>
> Alternatively, as Mr. Aitchison suggested, you could start freshclam
> whenever you want it to update and let it terminate. So instead of
> running it as a daemon you might for example want to run it from cron.

I prefer to stick as close as possible to one process per container and have as little processes as possible. Having to execute systemd run level commands means I need to get a container shell, and I am just to lazy to do that. ;)

> Why do you need to do this? Most people seem to be happy enough with
> a couple of updates per day, and if you hit the CDN too hard you could
> easily find yourself blacklisted. I recommend that you let freshclam
> do what it's designed to do. It's pretty good at it.
>

I am just testing the proxy access when the ip address has changed when the task is restarted. It is fine for production. Although the defunct could generate a false positive on monitoring.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] is there a kill signal to have freshclam do an update check? [ In reply to ]
Hi there,

On Sun, 13 Feb 2022, Marc wrote:
> On Sun, 13 Feb 2022, G.W. Haywood wrote:
>> ... the parent forks a child with the right permissions etc. ...
>
> Ok so maybe this code is a bit buggy currently? ...

The freshclam utility has been around for donkey's years. I know of no
serious problems with it when run on bare metal or VMs. After all, it's
used by at least hundreds of thousands of machines all over the planet.

Containers could well be a different story. As I said, I have absolutely
no experience with ClamAV and Docker, but, based on experience that I do
have, it wouldn't surprise me if there were things to learn about using
them together.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml