Project

General

Profile

Bug #669

WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:40

Added by Pierre-Louis Bonicoli 4 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Category:
-
Start date:
2019-08-24
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
allow_to_force_rendering_clamd
Entity:
DuckCorp
Security:
No
Help Needed:

Description

This warning is received on dc-admins mailing list every hour:

[DC-Admins] Cron <clamav@Toushirou> [ -x /usr/sbin/clamav-unofficial-sigs ] && /usr/sbin/clamav-unofficial-sigs
WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:40

History

#1

Updated by Pierre-Louis Bonicoli 4 months ago

  • Branch set to allow_to_force_rendering_clamd

allow_to_force_rendering_clamd branch proposes a way to allow to force rendering of /etc/clamav/clamd.conf, using the following command:

ansible-playbook playbooks/tenants/duckcorp/security.yml -edc_antivirus_force_clamd_rendering=yes

This has been applied on Toushirou only, not the whole av_servers Ansible group.

Note that isn't the only updated DetectBrokenExecutables configuration directive:

diff -Naur clamd.conf /etc/clamav/clamd.conf
--- clamd.conf    2019-08-24 11:47:53.162937058 +0200
+++ /etc/clamav/clamd.conf    2019-08-24 11:48:07.875061000 +0200
@@ -22,6 +22,8 @@
 LogFacility LOG_LOCAL6
 LogClean false
 LogVerbose false
+PreludeEnable no
+PreludeAnalyzerName ClamAV
 DatabaseDirectory /var/lib/clamav
 OfficialDatabaseOnly false
 SelfCheck 3600
@@ -37,7 +39,6 @@
 MaxScriptNormalize 5M
 MaxZipTypeRcg 1M
 ScanSWF true
-DetectBrokenExecutables false
 ExitOnOOM true
 LeaveTemporaryFiles false
 AlgorithmicDetection true
@@ -53,7 +54,7 @@
 ScanPartialMessages false
 HeuristicScanPrecedence true
 StructuredDataDetection false
-CommandReadTimeout 5
+CommandReadTimeout 30
 SendBufTimeout 200
 MaxQueue 100
 ExtendedDetectionInfo true

#2

Updated by Marc Dequènes 4 months ago

lgtm

I just wondered why you use a listen directive instead of setting it in the name as the topic is clearly fully handled by this role only.

#3

Updated by Pierre-Louis Bonicoli 2 months ago

Marc Dequènes wrote:

I just wondered why you use a listen directive instead of setting it in the name as the topic is clearly fully handled by this role only.

Updated (listen directive removed) & merged & applied:


$ ANSIBLE_DISPLAY_OK_HOSTS=0 ANSIBLE_DISPLAY_SKIPPED_HOSTS=0 ansible-playbook playbooks/tenants/duckcorp/security.yml -u root -edc_antivirus_force_clamd_rendering=yes

PLAY [av_servers] *

TASK [Gathering Facts] *
fatal: [Elwing]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"Elwing\". Make sure this host can be reached over ssh: ssh: Could not resolve hostname elwing: Name or service not known\r\n", "unreachable": true}

TASK [dc-antivirus : debug] *
changed: [Orfeo] => {
    "msg": "Force rendering of clamd.conf configuration file" 
}
changed: [Toushirou] => {
    "msg": "Force rendering of clamd.conf configuration file" 
}
included: /srv/share/src/duckcorp/duckcorp-infra.git/ansible/roles/dc-antivirus/tasks/generate_clamd_conf.yml for Orfeo, Toushirou

RUNNING HANDLER [dc-antivirus : Delete clamd.conf file] *
changed: [Toushirou]
changed: [Orfeo]

RUNNING HANDLER [dc-antivirus : Run dpkg-reconfigure for clamav-daemon] *
changed: [Toushirou]
changed: [Orfeo]

RUNNING HANDLER [dc-antivirus : Enable ExitOnOOM] *
changed: [Orfeo]
changed: [Toushirou]

RUNNING HANDLER [dc-antivirus : Enable HeuristicScanPrecedence] *
changed: [Toushirou]
changed: [Orfeo]

RUNNING HANDLER [dc-antivirus : Restart ClamAV daemon] *
changed: [Toushirou]
changed: [Orfeo]

PLAY RECAP *
Elwing                     : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   
Orfeo                      : ok=15   changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
Toushirou                  : ok=15   changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

#4

Updated by Pierre-Louis Bonicoli 2 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF