First Last Prev Next    This bug is not in your last search results.
Bug 12062 - implement PING
implement PING
Status: RESOLVED FIXED
Product: ClamAV
Classification: ClamAV
Component: clamdscan
0.100.0-beta
x86_64 GNU/Linux
: P3 enhancement
: ---
Assigned To: ClamAV team
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-21 10:21 EDT by A. Schulze
Modified: 2020-02-05 13:25 EST (History)
3 users (show)

See Also:
QA Contact:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description A. Schulze 2018-03-21 10:21:44 EDT 
the clamd protocol knows a command "PING". clamd MUST respond with "PONG"
see "man clamd"

Feature Request:
Please enhance clamdscan to support this command.

Usecase: Docker implement health checks.
see https://docs.docker.com/engine/reference/builder/#healthcheck

One possible health check could be "clamdscan --ping --quiet"
If the configured clamd respond, clamdscan will just exit 0 and docker know
"this container is healthy"

I tried to implement that with "clamdscan --version" but that don't work with current code:
 - clamdscan exit code is always 0
 - clamdscan print a version itself, if communication with clamd failed
   ( see function "print_server_version" in clamdscan/clamdscan.c )
Comment 1 Micah Snyder 2018-03-21 11:28:35 EDT 
Sounds like a simple enough request.  We can look at this and your other requests for 0.101 as we begin feature planning and wrap up 0.100
Comment 2 Ged 2019-08-16 09:03:16 EDT 
It's very easy to achieve the objective with existing tools:

mail6:~# >>> crontab -l | grep PING
* * * * * /bin/echo 'PING'|/bin/nc localhost 3311|/usr/bin/logger -p mail.debug 2>&1

I'd suggest that implementing this request would be a waste of effort.
Comment 3 A. Schulze 2019-08-19 02:08:50 EDT 
Hello Ged,

while it is as simple as you say on a usual Unix host it has some consequences while implementing this as Docker container for example as healthcheck.

- one have to "know" clamd's servicepoint
  * localhost/tcp port
  * /path/to/socket
  -> separate parsing of clamd.conf required

- Tools required
  Docker images are supposed to not contain the full unix toolchains
  while this require netcat and probably sed/awk to parse clamd.conf

- many people implementing such stuff reinventing the wheel again and again

to simplify such a healthcheck I asked for an implementation in clamdscan itself.

Andreas
Comment 4 Micah Snyder 2019-08-22 13:25:45 EDT 
Hi Andreas,

Sorry we overlooked this in version planning... it just slipped by :(.  I'm going to create a ticket in Jira now and associate it with 0.103. 

-Micah
Comment 5 Micah Snyder 2019-12-06 17:03:47 EST 
Andreas,

I was working on some internal test harness stuff and found a need to use clamdscan to do a ping.  

I realized I could achieve this by doing:

   echo "PING" | clamdscan --stream -

Exit code < 2 is a pong.  Exit code >= 2 is no response.  The timeout in testing appears to be 2 seconds, but I haven't really peeked at the code to confirm.  I'll be using this technique to verify that clamd is up and ready for clamdscan tests on Windows, where I can't just verify that clamd forked.

This ticket was fresh on my mind as I've been reviewing & prioritizing Jira & Bugzilla tickets recently and I wanted to share.  I still hope to add a `--ping` command line option for v0.103.

-Micah
Comment 6 Mickey Sola 2020-02-05 13:25:48 EST 
Added a ping and a wait implementation to both clamdscan and clamonacc via: https://github.com/Cisco-Talos/clamav-devel/commit/f3e895c949ef3c87305f1d7f3f169ece8b806b97

The wait will have the client hold off on server communication until a PONG is received from clamd (until the specified timeout is reached)
First Last Prev Next    This bug is not in your last search results.