OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Noctur on September 18, 2017, 07:29:20 pm
-
The new ClamAV service is a winner! Thank you to the team who made this happen.
For those of us running /var in RAM and who need to manually reload ClamAV signatures, is there a way to automate this such that it runs the reload after a reboot?
-
Hi there,
We were aware of the issue, it was documented in the help text and this escalated quickly. 8)
There are a few routes we could take:
o Move the database to the read-write section of the disk / card.
o Backup and restore the database on reboots (or periodically).
o Auto-load on reboots either via option or automatically.
The first one seems to be the most viable long term: it's not backup-worthy data as it is static data from an external provider and auto-loading kind of goes against the manual approach that clamav wants to have for its database. Plus, restoring on boot may affect performance / connectivity.
But I'd leave this for discussion, maybe others have more or other ideas?
Cheers,
Franco
-
Hi Franco,
Thank you for the reply. Yes - I was aware of this behavior from the docs, so no surprise. I thought that someone may have set up a script or another work around for this. I've disabled moving /var to RAM for now. It isn't impacted that much with the SSD and the workload isn't that high. So I'm a happy camper either way.
-
Here's a solution... we can register /var MFS directories per service:
https://github.com/opnsense/core/commit/93c40a5
https://github.com/opnsense/plugins/commit/7adc74285
Needs testing so not for general use yet, but it is very straight-forward for plugin maintainers from the looks of it. :)
Cheers,
Franco
-
Thank you! If the plug-in maintainers pop this in I'll try it and report back.
-
Testing went fine, this will be in the next dev release alongside 17.7.4 early next week...
But for the brave:
# opnsense-patch 93c40a5
# opnsense-patch -c plugins 7adc74285
These days opnsense-patch should be clever enough to set executable permissions on new files it patches, but just to be sure:
# chmod 755 /usr/local/etc/rc.subr.d/var
Cheers,
Franco
-
Looks like the auto reload / restart after reboot didn't make it into the .4 release, but the commands above work and hold after reboot.