>> 2) Cloud-init ensures that on boot the files are downloaded from
>> the private mirror and are always available locally. Tthen
>> cloud-init restarts the clamav daemon.
Double-check this step. If the systemd condition is failing, or clamd
is failing to find the files, then the files aren't getting where they
need to.
_facepalm_ Indeed, cloud init and freshclam were supposed to have the same url, however cloud init had a typo.
* cloud init was not downloading the files
* clamav daemon was not starting due to the systemd condition
* freshclam was downloaidng the files. It could not notify clamav deamon because it was already stopped
* then I was sshing in the machine, misread the systemd glob (as you mention below) thinking it was an && not ||. And then I wrongly blamed the systemd condition for the problem.
Thanks for pointing out what I missed completely.
>> The systemd unit file has 2 ConditionPathExistsGlob that require
>> the additional files "main.cld", "main.inc", "daily.cld",
>> "daily.inc" to be available, for the service to start.
>> $ cat /lib/systemd/system/clamav-daemon.service
>> [Unit]
>> Description=Clam AntiVirus userspace daemon
>> Documentation=man:clamd(8) man:clamd.conf(5)
>> https://www.clamav.net/documents/
>> # Check for database existence
>> ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
>> ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
Unless I misread, that means "at least one of main.cvd, main.cld, or
main.inc, plus at least one of daily.cvd, daily.cld, or daily.inc"; you
should not need more. If you're using the stock signature files you'll
usually see bytecode.(cvd|cld|inc) as well, but it's not considered
critical.
Regards
Vangelis