[yocto] [meta-security][PATCH] clamav: freshclam need bind to run

akuster808 akuster808 at gmail.com
Sat Apr 6 23:15:18 PDT 2019 


On 4/7/19 10:42 AM, Adrian Bunk wrote:
> On Sun, Apr 07, 2019 at 01:38:38AM +0530, akuster808 wrote:
>>
>> On 4/6/19 8:31 PM, Adrian Bunk wrote:
>>> On Sat, Apr 06, 2019 at 08:15:40PM +0530, Armin Kuster wrote:
>>>> Add it to the rdepends for that package
>>>>
>>>> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
>>>> ---
>>>>  recipes-security/clamav/clamav_0.99.4.bb | 2 ++
>>>>  1 file changed, 2 insertions(+)
>>>>
>>>> diff --git a/recipes-security/clamav/clamav_0.99.4.bb b/recipes-security/clamav/clamav_0.99.4.bb
>>>> index 6219d9e..dbe903f 100644
>>>> --- a/recipes-security/clamav/clamav_0.99.4.bb
>>>> +++ b/recipes-security/clamav/clamav_0.99.4.bb
>>>> @@ -152,3 +152,5 @@ RCONFLICTS_${PN} += "${PN}-systemd"
>>>>  SYSTEMD_SERVICE_${PN} = "${BPN}.service"
>>>>  
>>>>  RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav"
>>>> +
>>>> +RDEPENDS_freshclam = "bind"
>>> freshclam depending on a DNS server looks very wrong.
>> got talk to clamav folks then.
>>
>>> What is the actual problem?
>> ClamAV update process started at Sat Apr  6 14:59:25 2019
>> WARNING: Can't query current.cvd.clamav.net
>> WARNING: Invalid DNS reply. Falling back to HTTP mode.
>> ERROR: Can't get information about database.clamav.net: Temporary failure in name resolution
>> ERROR: Can't download main.cvd from database.clamav.net
>> Giving up on database.clamav.net...
>>
>> because 
>>
>> Use DNS to verify virus database version. Freshclam uses DNS TXT records
>> to verify database and software versions 
>>
>> therefor I am including bind.
> freshclam needing DNS information makes sense, which means it must be 
> configured how to access a DNS server.
>
> On the local machine you need only DNS client funtionality,
> just like every user needs for a web browser.

>
> Forcing installation of a DNS server is not the correct solution
> when the actual problem is just a configuration issue on the
> machine where you were trying it.

So I can expect a patch to provide such configuration. I would like to
see how you would solve this.
Maybe an FAQ we can add to the layer for this package?

- armin
>> - Armin
> cu
> Adrian
>

More information about the yocto mailing list