How to disable ClamAV in 9.02

[Polydwarf]

As a result of my research into ClamAV, and why it can decide to start restarting itself every two minutes (see thread here), I was given the official options of either doing an apt-get remove clamav or reformatting and reinstalling Untangle.

For a few reasons, I didn't want to do that (I don't want to spend the time to reformat a system during off-hours, metapackage issues with the Lite package causing everything else to become orphaned in the apt heirarchy, etc). So, instead, I made a couple of quick tweaks to the init scripts of clamav, and I'm posting them here for other people that are having issues with ClamAV running when they don't want it to, with a couple of extra thoughts/ideas.

Disclaimer -- You're on your own here. I'm taking no responsibility for anything. Make backups of all files before editing. If you create a space-time vortex and destroy the planet, that's on you.

With that out of the way... In a nutshell, the issue I was having was that ClamAV was not installed in any rack. However, because it had been installed at one point in the past, the service would always run. What's more, it would restart itself every couple of minutes (I think the monit daemon was doing the restarting, but I never actually verified it). So, the goal was to stop ClamAV from running with a minimum of fuss.

The tweaks to the init scripts are purely to make sure clamav doesn't start, when you call /etc/init.d/clamav-daemon start. You'll need to get to a command prompt (Either on the Untangle machine itself, or by enabling SSH access to your untangle box), then edit /etc/init.d/clamav-daemon.

Do a search in your editor (if using nano, ctrl-w) for the string "start)" (no quotes).

That should take you to a section of code that looks roughly like :

Code:

case "$1" in
  start)
  OPTIND=1
  # Check for database existance (start will fail if it's missing)
  for db in main daily; do
    if [ ! -e "$DATABASEDIR"/"$db".cvd ] && [ ! -d "$DATABASEDIR"/"$db".inc ] && [ ! -e "$DATABASEDIR"/"$db".cld ]; then
      log_failure_msg "Clamav signatures not found in $DATABASEDIR"
      log_failure_msg "Please retrieve them using freshclam or install the clamav-data package"
      log_failure_msg "Then run '/etc/init.d/clamav-daemon start'"
      exit 0
    fi
  done
  if [ -z "$RUN_SUPERVISED" ] ; then
    log_daemon_msg "Starting $DESC" "$NAME "
    start-stop-daemon --start -o -c $User --exec $DAEMON
    ret=$?
  else
    log_daemon_msg "Starting $DESC" "$NAME (supervised) "
    $SUPERVISOR $SUPERVISORARGS
    ret=$?
  fi

I added a couple of lines right after "start)", so it ended up looking like:

Code:

case "$1" in
  start)

  log_daemon_msg "Skipping ClamAV starting due to ClamAV being a CPU hog"
  exit 0


  OPTIND=1
  # Check for database existance (start will fail if it's missing)
  for db in main daily; do
    if [ ! -e "$DATABASEDIR"/"$db".cvd ] && [ ! -d "$DATABASEDIR"/"$db".inc ] && [ ! -e "$DATABASEDIR"/"$db".cld ]; then
      log_failure_msg "Clamav signatures not found in $DATABASEDIR"
      log_failure_msg "Please retrieve them using freshclam or install the clamav-data package"
      log_failure_msg "Then run '/etc/init.d/clamav-daemon start'"
      exit 0
    fi
  done
  if [ -z "$RUN_SUPERVISED" ] ; then
    log_daemon_msg "Starting $DESC" "$NAME "
    start-stop-daemon --start -o -c $User --exec $DAEMON
    ret=$?
  else
    log_daemon_msg "Starting $DESC" "$NAME (supervised) "
    $SUPERVISOR $SUPERVISORARGS
    ret=$?
  fi

What this does is gives you a little text on the command line telling you it's skipping starting ClamAV, and then immediately exits out before it does anything else.

You can do the same sort of thing to /etc/init.d/clamav-freshclam (Search for the "start)" section, then put in a logging line and an exit before it does anything else).

Stop the services yourself (or just restart the Untangle machine if you're not sure how to stop services from the command line), and *boom*... Untangle, with ClamAV installed, but without ClamAV running.

----

Now, on to the thoughts... In the thread I linked in the first paragraph above, dmorris stated that init scripts are subject to updating and overwriting. So, this change can get reverted out on the next update, and you wouldn't know it.

The idea is to make backups of the init scripts I've modified to somewhere else on the filesystem, then make a cron job that runs once a day, overwrites the scripts in /etc/init.d with the ones that you backed up, then issue a /etc/init.d/clamav-daemon stop.

If the init scripts haven't changed, no big deal. ClamAV won't be running anyways.

If they have changed, you get back your old scripts that stop clam from running, and make sure it stops so that it doesn't do dumb things.

I could see some issues with the init scripts, if Untangle wildly changes things in an update. Because I didn't do anything more than a quick tweak, there's a lot of scripting left around that could break. A stripped down init script would fix that issue. But, I'm not sure how often the Untangle distro changes with respect to that, and I'd rather not spend time doing something for the sake of doing it.