On Sun, Jan 25, 2009 at 01:03:38PM +0100, Loïc Le Loarer wrote: > On Sunday January 25 2009 at 11:26:13 AM +0200, Henrik K wrote: > > > > The "official" fetch-sanesecurity-sigs script has a possible fault. > > > > cp -v "$db" "$clamd_dbdir/sanesecurity-$db_name" > > > > .. should be something like: > > > > cp -v "$db" "$clamd_dbdir/sanesecurity-$db_name.tmp" && > > mv -f "$clamd_dbdir/sanesecurity-$db_name.tmp" > > "$clamd_dbdir/sanesecurity-$db_name" > > > > It's possible that clamd reads a partial signature file, if cp hasn't > > finished it's job. You must use mv to replace the file atomically. > > This is exactly what I proposed in my previous patch about the timestamp > problem, but I proposed to achieve this with "rsync" instead of "cp -vp". > See attached a patch which makes the installation atomic. This patch > applies to the lastest version of the script > (http://www.retrosnub.co.uk/sanesecurity/script-unstable/fetch-sanesecurity-sigs) > > I'm not sure that it is the cause of the the crash problem, but it isn't > impossible. Ok, I thought I was safe, but I had my first clamd crash now.. :) All my scripts are atomic and nothing was updating signatures at that moment, but clamd died when it noticed fresh signatures. Cheers, Henrik