ClamAV AutoUpdate after Reboot for /var in RAM?

Started by Noctur, September 18, 2017, 07:29:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2017, 07:29:20 PM
The new ClamAV service is a winner! Thank you to the team who made this happen.

For those of us running /var in RAM and who need to manually reload ClamAV signatures, is there a way to automate this such that it runs the reload after a reboot?
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
September 18, 2017, 08:11:57 PM #1
Hi there,

We were aware of the issue, it was documented in the help text and this escalated quickly. 8)

There are a few routes we could take:

o Move the database to the read-write section of the disk / card.
o Backup and restore the database on reboots (or periodically).
o Auto-load on reboots either via option or automatically.

The first one seems to be the most viable long term: it's not backup-worthy data as it is static data from an external provider and auto-loading kind of goes against the manual approach that clamav wants to have for its database. Plus, restoring on boot may affect performance / connectivity.

But I'd leave this for discussion, maybe others have more or other ideas?


Cheers,
Franco
September 19, 2017, 04:59:17 AM #2
Hi Franco,

Thank you for the reply. Yes - I was aware of this behavior from the docs, so no surprise. I thought that someone may have set up a script or another work around for this. I've disabled moving /var to RAM for now. It isn't impacted that much with the SSD and the workload isn't that high. So I'm a happy camper either way.
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
September 19, 2017, 08:46:25 AM #3
Here's a solution... we can register /var MFS directories per service:

https://github.com/opnsense/core/commit/93c40a5
https://github.com/opnsense/plugins/commit/7adc74285

Needs testing so not for general use yet, but it is very straight-forward for plugin maintainers from the looks of it. :)


Cheers,
Franco
September 21, 2017, 11:25:22 PM #4
Thank you! If the plug-in maintainers pop this in I'll try it and report back.
overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
September 22, 2017, 12:03:38 AM #5
Testing went fine, this will be in the next dev release alongside 17.7.4 early next week...

But for the brave:

# opnsense-patch 93c40a5
# opnsense-patch -c plugins 7adc74285

These days opnsense-patch should be clever enough to set executable permissions on new files it patches, but just to be sure:

# chmod 755 /usr/local/etc/rc.subr.d/var


Cheers,
Franco
September 29, 2017, 05:33:18 PM #6
Looks like the auto reload / restart after reboot didn't make it into the .4 release, but the commands above work and hold after reboot.

overkill: Dell SFF i5, 16gb, 120gb SSD, 4x gb NICs
OPNsense 21.1.x
Print
Go Up Pages1
User actions