[sanesecurity] Re: clamd stability & fetch-sanesecurity-sigs
- From: Henrik K <hege@xxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Sun, 25 Jan 2009 22:50:20 +0200
On Sun, Jan 25, 2009 at 01:03:38PM +0100, Loïc Le Loarer wrote:
> On Sunday January 25 2009 at 11:26:13 AM +0200, Henrik K wrote:
> >
> > The "official" fetch-sanesecurity-sigs script has a possible fault.
> >
> > cp -v "$db" "$clamd_dbdir/sanesecurity-$db_name"
> >
> > .. should be something like:
> >
> > cp -v "$db" "$clamd_dbdir/sanesecurity-$db_name.tmp" &&
> > mv -f "$clamd_dbdir/sanesecurity-$db_name.tmp"
> > "$clamd_dbdir/sanesecurity-$db_name"
> >
> > It's possible that clamd reads a partial signature file, if cp hasn't
> > finished it's job. You must use mv to replace the file atomically.
>
> This is exactly what I proposed in my previous patch about the timestamp
> problem, but I proposed to achieve this with "rsync" instead of "cp -vp".
> See attached a patch which makes the installation atomic. This patch
> applies to the lastest version of the script
> (http://www.retrosnub.co.uk/sanesecurity/script-unstable/fetch-sanesecurity-sigs)
>
> I'm not sure that it is the cause of the the crash problem, but it isn't
> impossible.
Ok, I thought I was safe, but I had my first clamd crash now.. :)
All my scripts are atomic and nothing was updating signatures at that
moment, but clamd died when it noticed fresh signatures.
Cheers,
Henrik
Other related posts:
