[sanesecurity] Re: clamd stability & fetch-sanesecurity-sigs
- From: Loïc Le Loarer <lll+sane@xxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Sun, 25 Jan 2009 13:03:38 +0100
On Sunday January 25 2009 at 11:26:13 AM +0200, Henrik K wrote:
>
> The "official" fetch-sanesecurity-sigs script has a possible fault.
>
> cp -v "$db" "$clamd_dbdir/sanesecurity-$db_name"
>
> .. should be something like:
>
> cp -v "$db" "$clamd_dbdir/sanesecurity-$db_name.tmp" &&
> mv -f "$clamd_dbdir/sanesecurity-$db_name.tmp"
> "$clamd_dbdir/sanesecurity-$db_name"
>
> It's possible that clamd reads a partial signature file, if cp hasn't
> finished it's job. You must use mv to replace the file atomically.
This is exactly what I proposed in my previous patch about the timestamp
problem, but I proposed to achieve this with "rsync" instead of "cp -vp".
See attached a patch which makes the installation atomic. This patch
applies to the lastest version of the script
(http://www.retrosnub.co.uk/sanesecurity/script-unstable/fetch-sanesecurity-sigs)
I'm not sure that it is the cause of the the crash problem, but it isn't
impossible.
Best regards
--
Loïc
--- fetch-sanesecurity-sigs.orig 2009-01-25 13:00:36.000000000 +0100
+++ fetch-sanesecurity-sigs 2009-01-25 13:02:00.000000000 +0100
@@ -4,8 +4,8 @@
# by Malcolm Scott, Retrosnub Internet Services
# <malcolm at retrosnub dot co dot uk>
#
-# $Revision: 352 $
-# $Date: 2009-01-23 00:50:08 +0000 (Fri, 23 Jan 2009) $
+# $Revision:$
+# $Date:$
#
# -----------------------------------------------------------------------------
# Copyright (C) 2009 Malcolm Scott
@@ -214,7 +214,7 @@
# Now we can actually install this database
echo "Installing $db_name into $clamd_dbdir/sanesecurity-$db_name"
- if cp -p "$db" "$clamd_dbdir/sanesecurity-$db_name"
+ if rsync --perms --times "$db" "$clamd_dbdir/sanesecurity-$db_name"
then
installed=$((installed+1))
Other related posts:
