Maldet monitoring daemon causes ClamAV to think that signatures have changed forcing them to be constantly reloaded

[Gazoo]

When the maldet daemon is running the ClamAV daemon always thinks that signature databases have changed (according to the SelfCheck interval) and forces a reload of signatures (even though signatures haven't actually changed).

After looking at the maldet code it looks like the problem is that the maldet monitor_cycle() function calls -> gensigs() -> clamav_linksigs(). This causes the rfxn.hdb rfxn.ndb rfxn.yara files to be constantly deleted and re-copied with every single monitor cycle. The ClamAV daemon detects the database file modification changes in /var/lib/clamav which forces all signatures to be reloaded.

You can see that the file modification times change every minute on the rfxn database files in the /var/lib/clamav directory when the maldet monitoring daemon is running.

[Gazoo]

@rfxn I'm going to have some free time over the holidays and I'm willing to spend some time fixing some of these
linux-malware-detect bugs. Maybe it would be a good time to get some of the contributors together and see if we can put out another release. A holiday bug hunt?