BUG: clamav packages badly broken

Michael Schwendt bugs.michael at gmx.net
Mon Dec 31 19:07:27 UTC 2007 

On Mon, 31 Dec 2007 11:30:37 -0700, Kevin Fenzi wrote:

> On Sat, 29 Dec 2007 22:40:22 +0100
> bugs.michael at gmx.net (Michael Schwendt) wrote:
> 
> > On Sat, 29 Dec 2007 14:06:13 -0700, Kevin Fenzi wrote:
> > 
> > > - freshclam should work when the package is installed. Currently it
> > > requires you to comment a line in a script for no reason I can
> > > tell. 
> > 
> > Cannot find this in bugzilla. The /etc/sysconfig script disables the
> > automatic update on purpose (to prevent unauthorized network access)
> > and warns the user about that default. What is wrong with that?
> 
> Where is there a requirement that network access should require
> configuration changes?

It's not mandatory, but it's nice to the user.

> Should we modify any other network accessing
> services to require a config change before using the network?

Installation of a package should not enable a network-using service
automatically. Accessing the network to download data may be seen as a
lesser problem than binding a service to a public port. But both are issues
where the user/admin ought to opt-in rather than opt-out.

> What good would clamav be on a machine thats not on a network and what
> good is it with no up 2 date virus definitions? 

This question is biased. The update feature is not missing, it can be
enabled for automated downloads if the software is told to do that.
 
> > > - The package could not remove the clamav user on removal. 
> 
> This I guess is part of the fedora-usermanagement setup. 

uid/gid removal IMO is a "must not" unless all files with that uid/gid are
removed as well.

> > > I'm sure I could look around for more issues. 
> > > 
> > > > Why can't a volunteer create and maintain a clamav configuration
> > > > add-on package, which offers a single system-wide clamav daemon if
> > > > that is requested by the clamav user base in Fedora/EPEL?
> > > 
> > > I suppose someone could... thats not my issue however. My issues
> > > are in the clamav package itself, not just not having a system wide
> > > clamd. 
> > 
> > The list is interesting, but it adds more than what I thought has
> > been the primary (only?) issue with the Fedora clamav packages.
> 
> Really? So the only real issue you see is that there is no system wide
> clamd setup? 

 Yes, based on older [similar threads] that was my impression. The typical
clamav-in-fedora critic complains that starting clamd takes more than
installing the package and running a service script. It is certainly not
the first time somebody tried to run the wrapper-script without even
skimming over the readme file.

More information about the epel-devel-list mailing list