MacOS X Server Security Update 2009-005 Breaks Something About Freshclam
If you're seeing a lot of this
/var/log/system.log
file, then it's because the file
/usr/freshclam -d -c 4
, you will see, as I did, that there is nothing amiss. It works fine. So what gives?
I don't know what made me do it, but I used Lingon, a very wonderful but, alas, dead program to generate a launchd.plist file to compare this one against. There was one very subtle difference. The one that Lingon generated had this bit in it:
Didja' catch that? It's subtle, but it's apparently a killer. I don't know how XML is really supposed to work, but it seems that a string with "-c 4" in it doesn't get properly placed into the command line arguments for freshclam, but two strings, one with "-c" and the other with "4", get concatenated into the proper "-c 4". Go figure.
The other problem the file has, but which doesn't seem to be a real problem, is that the Iterations
key seems to be unknown. I couldn't find it anywhere in the manpage for launchd.plist
and launchd complains about it somewhere else in the logfile, so I took that key out.
So... give the command line a little sudo lovin', make these changes, unload the faulty plist and load up the new one, and you're good to go.
Problem...
...solved.
1 I broke the lines strangely here because code blocks don't wrap, for one, and because I wanted Google to pick up on the error message in its entirety.
Thanks for this entry, Bill! I ran into the problem on a handful of clients' servers. What fixed it for me though, was making sure a space was in front of the "-c" string, like this:
Without the string, it still kicked out errors in /var/log/system.log, but now all is good.
Indeed, thanks for the detective work. Not much information on the web when OS X Server issues pop up!
I did the fix a bit differently, after looking at the man page for freshclam, I replaced
"-c 4"
with
"--checks=4"
I like this because it keeps the argument in one XML value, and it is more readable. I guess the security update broke something in launchd when it tries to pass a program argument with a space in it.
Oh, hey, both good solutions. I like Hans's solution a bit better, and in fact I would go so far as to change the other argument to "--daemon" just for visual consistency, too.
Thanks, guys. Glad to have helped.
Thanks - wouldn't have guessed that one :)
I noticed that Server Admin will break this whenever it tries to "fix" its mapping between the argument words as expected by freshclam and the way it passes them to launchd via the XML. As used as I am to looking at things based on how shells see words, the XML is actually a bit easier to understand, in that each string element will be passed as a quoted word to the shell (or just to the relevant exec system call, which may or may not allow for and think necessary first calling a shell for argument interpolation), without having to think about single or double quote roles or escape characters.
I filed a bug report with Apple for this. The URL for the bug reporting system is http://bugreport.apple.com. The ID for the bug is 7293993, although I don't know if the system allows people to see issues opened by others.
Thank you!
Fixed it for me too.
Thanks soooooo much. I've been seeing this a while, and it's hard to debug other problems when syslog keeps scrolling because clamav isn't running right.
Printed and stuck in my "Binder of All Knowledge" LOL
Fabulous - thanks!