Bug #669
WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:40
Start date:
2019-08-24
Due date:
% Done:
100%
Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
allow_to_force_rendering_clamd
Entity:
DuckCorp
Security:
No
Help Needed:
Description
This warning is received on dc-admins mailing list every hour:
[DC-Admins] Cron <clamav@Toushirou> [ -x /usr/sbin/clamav-unofficial-sigs ] && /usr/sbin/clamav-unofficial-sigs WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:40
History
Updated by Pierre-Louis Bonicoli almost 4 years ago
Updated by - Branch set to allow_to_force_rendering_clamd
allow_to_force_rendering_clamd branch proposes a way to allow to force rendering of /etc/clamav/clamd.conf, using the following command:
ansible-playbook playbooks/tenants/duckcorp/security.yml -edc_antivirus_force_clamd_rendering=yes
This has been applied on Toushirou only, not the whole av_servers Ansible group.
Note that isn't the only updated DetectBrokenExecutables configuration directive:
diff -Naur clamd.conf /etc/clamav/clamd.conf --- clamd.conf 2019-08-24 11:47:53.162937058 +0200 +++ /etc/clamav/clamd.conf 2019-08-24 11:48:07.875061000 +0200 @@ -22,6 +22,8 @@ LogFacility LOG_LOCAL6 LogClean false LogVerbose false +PreludeEnable no +PreludeAnalyzerName ClamAV DatabaseDirectory /var/lib/clamav OfficialDatabaseOnly false SelfCheck 3600 @@ -37,7 +39,6 @@ MaxScriptNormalize 5M MaxZipTypeRcg 1M ScanSWF true -DetectBrokenExecutables false ExitOnOOM true LeaveTemporaryFiles false AlgorithmicDetection true @@ -53,7 +54,7 @@ ScanPartialMessages false HeuristicScanPrecedence true StructuredDataDetection false -CommandReadTimeout 5 +CommandReadTimeout 30 SendBufTimeout 200 MaxQueue 100 ExtendedDetectionInfo true
Updated by Marc Dequènes almost 4 years ago
Updated by lgtm
I just wondered why you use a listen directive instead of setting it in the name as the topic is clearly fully handled by this role only.
Updated by Pierre-Louis Bonicoli over 3 years ago
Marc Dequènes wrote:
I just wondered why you use a
listendirective instead of setting it in thenameas the topic is clearly fully handled by this role only.
Updated (listen directive removed) & merged & applied:
$ ANSIBLE_DISPLAY_OK_HOSTS=0 ANSIBLE_DISPLAY_SKIPPED_HOSTS=0 ansible-playbook playbooks/tenants/duckcorp/security.yml -u root -edc_antivirus_force_clamd_rendering=yes
PLAY [av_servers] *
TASK [Gathering Facts] *
fatal: [Elwing]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"Elwing\". Make sure this host can be reached over ssh: ssh: Could not resolve hostname elwing: Name or service not known\r\n", "unreachable": true}
TASK [dc-antivirus : debug] *
changed: [Orfeo] => {
"msg": "Force rendering of clamd.conf configuration file"
}
changed: [Toushirou] => {
"msg": "Force rendering of clamd.conf configuration file"
}
included: /srv/share/src/duckcorp/duckcorp-infra.git/ansible/roles/dc-antivirus/tasks/generate_clamd_conf.yml for Orfeo, Toushirou
RUNNING HANDLER [dc-antivirus : Delete clamd.conf file] *
changed: [Toushirou]
changed: [Orfeo]
RUNNING HANDLER [dc-antivirus : Run dpkg-reconfigure for clamav-daemon] *
changed: [Toushirou]
changed: [Orfeo]
RUNNING HANDLER [dc-antivirus : Enable ExitOnOOM] *
changed: [Orfeo]
changed: [Toushirou]
RUNNING HANDLER [dc-antivirus : Enable HeuristicScanPrecedence] *
changed: [Toushirou]
changed: [Orfeo]
RUNNING HANDLER [dc-antivirus : Restart ClamAV daemon] *
changed: [Toushirou]
changed: [Orfeo]
PLAY RECAP *
Elwing : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
Orfeo : ok=15 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Toushirou : ok=15 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Updated by Pierre-Louis Bonicoli over 3 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100