From: David F. Skoll <dfs_at_nospam>
Date: Mon Jun 16 2008 - 14:51:15 GMT To: ClamAV users ML <email@example.com>
Aecio Neto wrote:
> Due to a network issue, freshclam was not able to connect to update > site. Then, freshclam set virus db as locked and clamd was not > possible to read it and exit. This happened twice this week.
We've been hit by this a lot. :-( It's really nasty because clamd removes
the pid file when it exits, so our (old) monitoring script did not restart
it (assuming that the admin had stopped it.)
You do *not* want to hold a lock while waiting for the network. The
proper freshclam algorithm would be something like this. (File names
are illustrative only.)
Hold a lock on /var/lock/freshclam.lock to avoid concurrent freshclams.
Copy the entire current database directory to a temporary directory.
Attempt to update the database in the temporary directory. During this
potentially time-consuming step, the main database is NOT locked and clamd
continues happily on its way.
If step (3) succeeded: Lock /var/lock/clam-db.lock. This lock
applies to both clamd and freshclam. Then rename the current database
directory to old, and the temporary one to current. Then release
/var/lock/clam-db.lock. Because the renaming is likely to be very
quick, clamd won't be locked out of the database directory for very
long. The lock-holding time certainly won't depend on network
If step (4) succeeded: Delete the old database directory.