security/clamav: /ar/run on TMPFS renders the port broken by design

From: FreeBSD User <freebsd_at_walstatt-de.de>
Date: Sat, 27 Aug 2022 06:30:15 UTC
Hello,

I'm referencing to Bug 259699 [2] and Bug 259585 [1].

Port security/clamav is without doubt for many of FreeBSD users an important piece of security
software so I assume a widespread usage.

It is also a not uncommon use case to use NanoBSD or any kind of low-memory-footprint
installation schemes in which /var/run - amongst other system folders - are created at boot
time as TMPFS and highly volatile.

In our case, the boxes running a small security appliance based upon FreeBSD is rebooted every
24 hours and so /var/run is vanishing.

To make the long story short:

The solution for this problem would be a check for existence and take action addendum in
precmd() routine of the rc-script as sketched in Bug 259699.
The maintainer rejects such a workaround by arguing this would violate POLA (see comment 4 in
PR 259699 [2]. The maintainer's argument regaring to mtree's files are sound to me.

The question is: how can this issue be solved?

It is really hard to always chenge our local repository and patch whenever clamav has been
patched and modified for what reason ever.

Tahanks for reading,

kind regards

O. Hartmann

[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259585
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259699


-- 
O. Hartmann