-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #820 - add new option --fail-if-cvd-older-than=days #867
Conversation
Please let me know if this is a good start. I'll continue with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a great start!
I have some suggested changes but nothing functional.
I forgot to mention this on the previous PR, but in the spirit of #841, I would suggest adding both a clamd.conf
option as well as a --fail-if-cvd-older-than
command line option when you extend this for clamd
. Which of course means adding documentatino as well to
clamd.conf.sample
clamd.conf
manpageclamd
manpage
I assume the clamscan part is OK, so I'll start work shortly on the clamd part. Thanks for the quick review so far! |
As a heads up, we're prepping the 1.1 release candidate early next week. It'd be fun to get this in there, but if not it will have to wait for merge until after release in a few weeks, and be included in the following version (1.2) which will be released around August/September-ish. Edit: To clarify, we don't like adding new features between the release candidate and release, though we may merge minor bug fixes during that time. |
Understood. No problem, I'll do my best to get to the clamd part ASAP. Thanks! |
There's an additional clamd |
Also, if you prefer this PR to be in a single commit please let me know and I'm happy to squash and force-commit the result. |
The If we do make the reload fail for old cvds, then to solve it I think you'd have to add an engine option to set the max database age. That's maybe more work than you want to do? If we don't make the reload fail for old cvds, then we should adjust the wording in the
Don't worry about it, I will squash the commits and reword slightly when I merge it. Speaking of which, I pushed a change to the win32 equivalent of the I'd like your opinion on what you think we should do regarding the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In terms of code and documentation, everything looks great to me.
I manually tested clamd and clamscan behavior, including verifying that the clamd reload is not affected by the new options.
Marking as "request changes" because we'll need either a change to the clamd.conf documentation if we choose to keep the reload behavior as-is, or because we'd need more clamd changes to support the option in the reload use case.
The amount of needed work is irrelevant to me, there are only two important factors here IMHO:
If it's OK to postpone this for the next release (i.e. the answer to the first question is "not necessarily"), and if it makes sense for the
Thanks! Sorry about missing the Windows part - I guess it shows I'm a UNIX person. :) |
I tested this change to the What I realized with this patch is that failing the CVD update does not cause clamd to die. Instead it intentionally continues on with the existing databases, which is very likely the preferred behavior. So then I thought about it a little more about the problem. I realize that the scenario I was trying to account for should not happen. That is, it should only try to run the In short, I'm happy with the PR as-is and don't care about any further documentation change after all.
😆 No worries, I should have said something. I'll make sure this all passes our automated Jenkins tests, and if so will merge it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had to make a small change because initializing arrays with = {};
doesn't work on windows -- but you can initialize with = {0};
. Outside of that testing looked good.
When passed, causes clamscan to exit with a non-zero return code if the virus database is older than the specified number of days.
When passed, causes clamd to exit (on start-up) with a non-zero return code if the virus database is older than the specified number of days. Additionally, we introduce FailIfCvdOlderThan as a clamd.conf synonym for --fail-if-cvd-older-than.
Actually - one more change. The new clamav.h API in libclamav.map should be in a different namespace: |
Thanks! |
Thank you so much for the help @rzvncj |
Thank you all! This is really fantastic! |
You're welcome! It's been quick and pleasant. Thanks for the prompt reviews! |
* Add new clamd and clamscan option --cache-size This option allows you to set the number of entries the cache can store. Additionally, introduce CacheSize as a clamd.conf synonym for --cache-size. Fixes Cisco-Talos#867
* Add new clamd and clamscan option --cache-size This option allows you to set the number of entries the cache can store. Additionally, introduce CacheSize as a clamd.conf synonym for --cache-size. Fixes Cisco-Talos#867
* Add new clamd and clamscan option --cache-size This option allows you to set the number of entries the cache can store. Additionally, introduce CacheSize as a clamd.conf synonym for --cache-size. Fixes Cisco-Talos#867
* Add new clamd and clamscan option --cache-size This option allows you to set the number of entries the cache can store. Additionally, introduce CacheSize as a clamd.conf synonym for --cache-size. Fixes Cisco-Talos#867
* Add new clamd and clamscan option --cache-size This option allows you to set the number of entries the cache can store. Additionally, introduce CacheSize as a clamd.conf synonym for --cache-size. Fixes Cisco-Talos#867
* Add new clamd and clamscan option --cache-size This option allows you to set the number of entries the cache can store. Additionally, introduce CacheSize as a clamd.conf synonym for --cache-size. Fixes #867
When passed, causes clamscan to exit with a non-zero return code if the virus database is older than the specified number of days.