Clamav package adds proxy to config on install and update

[Expired for clamav (Ubuntu) because there has been no activity for 60 days.]

Status changed to 'Confirmed' because the bug affects multiple users.

Experienced this bug today across 10 different installs (mix of Desktop and Server edition).
Had to manually remove the apt-cacher-ng proxy address from the freshclam.conf files.

I had a quick look at the clamav source code and only found proxy settings being imported from $http_proxy. Didn't see anything specifically targeting apt proxy settings, so I suspect apt-get is setting the http_proxy environment variable during runtime, which is then being picked up by clamav if installed via apt-get.

I've confirmed http_proxy is not set in my standard environment, but haven't had time to run apt-get through a debugger to confirm my theory of apt setting the http_proxy variable in its process.

There also seems to be a duplicate bug here: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1631355

I can reproduce this in cosmic *if* the http_proxy and ftp_proxy env vars are set at clamav-freshclam install time, i.e., when I do "apt install clamav-freshclam". Then I get them set in /etc/clamav/freshclam.conf, and this is done by clamav-freshclam's postinst script.

If these vars are being set to point at a proxy that is not a general proxy, then I don't think freshclam is at fault here. It is expected that http_proxy/ftp_proxy point to a proxy that works for the general case.

I'll mark this bug as incomplete, because it does seem like the right approach is being taken. Please comment if people affected by this think otherwise.

Thanks

[Expired for clamav (Ubuntu) because there has been no activity for 60 days.]

I ran into this on an Xenial to Bionic upgrade. After the upgrade to Bionic was complete, freshclam started trying to download clamav database through my apt proxy. The database download attempts failed due to apt proxy being strictly for apt only.

From quick debugging... I think it might be related to update-manager's UpdateManager/Core/utils.py . utils.py has an init_proxy method to set the http(s)_proxy environment variables. Part of this method pulls the proxy settings from Acquire::https::Proxy before setting http(s)_proxy environment variables.

I suspect it is this logic that is causing freshclam to start trying to download database updates from apt proxy on upgrade (a do-release-upgrade, in this case).

Thank you for the analysis, Sean. I think this explains the problem. It looks like the init_proxy() function is run unconditionally by update-manager when it starts, so any maintainer scripts spawned by update-manager are incorrectly being given an http(s)_proxy environment variable in this case.

Adding a task for update-manager since this seems to be a bug in update-manager.