Ubuntu 18.04 clamav-freshclam default configuration has too short a timeout

Bug #1927777 reported by Mark Bourne
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released

Bug Description

The postinst script for the Ubuntu 18.04 clamav-freshclam 0.103.2 package creates a default freshclam.conf file with "ReceiveTimeout=30". At least for me, this was too short to be able to download the initial virus definition files. With the recent rate limiting on ClamAV's servers, this lead to me hitting the limit very soon after installing, before I'd even figured out what was wrong. Although my Internet connection isn't fantastic, it's not particularly bad either (16Mbps). Even 60 seconds wasn't enough; I ended up setting it to 600, although something lower may have been fine.

Having raised this on the ClamAV mailing list, it was noted that the equivalent Ubuntu 20.04 package sets "ReceiveTimeout=0" (no timeout). Perhaps the Ubuntu 18.04 package should also disable the timeout by default?

The Ubuntu 16.04 package also sets a 30 second timeout by default, so if that's still being updated it may be worth considering there too.

Revision history for this message
Paride Legovini (paride) wrote :

Hi Mark and thanks for this bug report. The clamav d/changelog for version 0.102.2+dfsg-1 has this entry:

  * Set ReceiveTimeout to 0 which is upstream default.

dated 2020-02-09. In 2018 the timeout was bumped from 5s to 30s to solve [1], but apparently 30s aren't enough in some scenarios. I acknowledge this, however I'm not sure we can lightheartedly switch to a 30s timeout to "no timeout", as some deployments may rely on a timeout being present, and we try to keep the existing stable releases as stable as possible [2]. Moreover this issue has an easy workaround (just change ReceiveTimeout on your system, as you did).

I'm triaging this as a wishlist bug. You are of course welcome to drive the fix for this yourself, however I suggest to first read the SRU wiki page [3], as you may end up concluding this bug doesn't qualify.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915098
[2] https://xkcd.com/1172/
[3] https://wiki.ubuntu.com/StableReleaseUpdates

Changed in clamav (Ubuntu):
status: New → Fix Released
Changed in clamav (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.