mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-06-02 01:20:29 +00:00
Code Issues Projects Releases Wiki Activity

clamav: updated reciped

Browse Source 
added packaged define and init scripts.

patches are all debian

Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Armin Kuster
2015-01-11 11:24:25 -08:00
parent 5303fcfcb6
commit 09e316367a
27 changed files with 63361 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
recipes-security/clamav/clamav-0.98.5/0001-Change-paths-in-sample-conf-file-to-match-Debian.patch
+40
View File
@@ -0,0 +1,40 @@
From a6d6189e25d0a1053dc1aaff1b4c71f84b4599cf Mon Sep 17 00:00:00 2001
From: Scott Kitterman <scott@kitterman.com>
Date: Mon, 10 Mar 2014 19:20:18 -0400
Subject: Change paths in sample conf file to match Debian
---
etc/clamav-milter.conf.sample | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/etc/clamav-milter.conf.sample b/etc/clamav-milter.conf.sample
index b7d66a4f9641..ed0d519ffb9b 100644
--- a/etc/clamav-milter.conf.sample
+++ b/etc/clamav-milter.conf.sample
@@ -64,7 +64,7 @@ Example
# daemon (main thread).
#
# Default: disabled
-#PidFile /var/run/clamav-milter.pid
+#PidFile /var/run/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -90,7 +90,7 @@ Example
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
-#ClamdSocket tcp:scanner.mydomain:7357
+ClamdSocket /var/run/clamav/clamd
##
@@ -212,7 +212,7 @@ Example
# A full path is required.
#
# Default: disabled
-#LogFile /tmp/clamav-milter.log
+#LogFile /var/log/clamav/clamav-milter.log
# By default the log file is locked for writing - the lock protects against
# running clamav-milter multiple times.
recipes-security/clamav/clamav-0.98.5/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
+56
View File
@@ -0,0 +1,56 @@
From 3ae8ea99a010e5c513aa48c3bfa15a65772f742b Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat, 29 Mar 2014 15:52:55 +0100
Subject: Add an additional \n after the number in the pidfile
start-stop-daemon works without the \n in the file but pkill does not.
Also the output of cat $PifFile looks better :)
https://bugzilla.clamav.net/show_bug.cgi?id=10907
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
clamav-milter/clamav-milter.c | 2 +-
clamd/server-th.c | 2 +-
freshclam/freshclam.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/clamav-milter/clamav-milter.c b/clamav-milter/clamav-milter.c
index b6ac9e157872..2c7a4d7d3414 100644
--- a/clamav-milter/clamav-milter.c
+++ b/clamav-milter/clamav-milter.c
@@ -381,7 +381,7 @@ int main(int argc, char **argv) {
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
} else {
- if (fprintf(fd, "%u", (unsigned int)getpid())<0) {
+ if (fprintf(fd, "%u\n", (unsigned int)getpid())<0) {
logg("!Can't save PID in file %s\n", opt->strarg);
}
fclose(fd);
diff --git a/clamd/server-th.c b/clamd/server-th.c
index 7ec5ae80cd64..d97cd6fb34e1 100644
--- a/clamd/server-th.c
+++ b/clamd/server-th.c
@@ -1034,7 +1034,7 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
} else {
- if (fprintf(fd, "%u", (unsigned int) mainpid)<0) {
+ if (fprintf(fd, "%u\n", (unsigned int) mainpid)<0) {
logg("!Can't save PID in file %s\n", opt->strarg);
}
fclose(fd);
diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c
index 1a3279966720..166586bf6447 100644
--- a/freshclam/freshclam.c
+++ b/freshclam/freshclam.c
@@ -135,7 +135,7 @@ writepid (const char *pidfile)
}
else
{
- fprintf (fd, "%d", (int) getpid ());
+ fprintf (fd, "%d\n", (int) getpid ());
fclose (fd);
}
umask (old_umask);
recipes-security/clamav/clamav-0.98.5/0003-unit_tests-increment-test-timeout-from-40secs-to-5mi.patch
+30
View File
@@ -0,0 +1,30 @@
From d5febd3fab63a6dc4af148ab1b94fe8a85412b46 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 25 Apr 2014 22:06:23 +0200
Subject: unit_tests: increment test-timeout from 40secs to 5mins
I see now and then that tests on the slower archs (arm*, mips) fail due to
the timeout restriction. Often a second build even on the same buildd
succeeds. I think that the buildd is either close to the limit or has
something else (another sbuild running) going so it does not finish the
test in 40secs.
Therefore I raise the bar to a 5 minutes limit. The worst thing that can
happen is, that it takes more than 4 minutes before an enless loop will
be detected.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
unit_tests/preload_run.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unit_tests/preload_run.sh b/unit_tests/preload_run.sh
index 8b8c8e3954dd..365b3a8e0edb 100755
--- a/unit_tests/preload_run.sh
+++ b/unit_tests/preload_run.sh
@@ -5,5 +5,5 @@
ulimit -c 0 || true
LD_PRELOAD=$LIBPRELOAD
export LD_PRELOAD
-export CK_DEFAULT_TIMEOUT=40
+export CK_DEFAULT_TIMEOUT=300
exec $@
recipes-security/clamav/clamav-0.98.5/0004-Fix-compiling-on-Hurd.patch
+50
View File
@@ -0,0 +1,50 @@
From db4079249ca4ead5821ce6e1d32edad84c2579aa Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Sat, 21 Jun 2014 17:00:47 +0200
Subject: Fix compiling on Hurd.
The header linux/sockios.h is not available on Hurd.
---
libclamav/hostid.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libclamav/hostid.c b/libclamav/hostid.c
index bf988de2d6fd..e683539eaf41 100644
--- a/libclamav/hostid.c
+++ b/libclamav/hostid.c
@@ -47,7 +47,7 @@
#include <ifaddrs.h>
#endif
-#if defined(SIOCGIFHWADDR)
+#if defined(SIOCGIFHWADDR) && !defined(__GNU__)
#if defined(_AIX)
#include <sys/ndd_var.h>
#include <sys/kinfo.h>
@@ -116,7 +116,7 @@ struct device *get_devices(void)
uint8_t *mac;
int sock;
-#if defined(SIOCGIFHWADDR)
+#if defined(SIOCGIFHWADDR) && !defined(__GNU__)
struct ifreq ifr;
#else
struct sockaddr_dl *sdl;
@@ -155,7 +155,7 @@ struct device *get_devices(void)
* Instead, Linux uses its own ioctl. This code only runs if we're not Linux,
* Windows, or FreeBSD.
*/
-#if !defined(SIOCGIFHWADDR)
+#if !defined(SIOCGIFHWADDR) || defined(__GNU__)
for (i=0; i < ndevices; i++) {
if (!(strcmp(devices[i].name, addr->ifa_name))) {
sdl = (struct sockaddr_dl *)(addr->ifa_addr);
@@ -180,7 +180,7 @@ struct device *get_devices(void)
}
/* This is the Linux version of getting the MAC addresses */
-#if defined(SIOCGIFHWADDR)
+#if defined(SIOCGIFHWADDR) && !defined(__GNU__)
for (i=0; i < ndevices; i++) {
if (!(devices[i].name))
continue;
recipes-security/clamav/clamav-0.98.5/0005-Workaround-a-bug-in-libc-on-Hurd.patch
+35
View File
@@ -0,0 +1,35 @@
From b8e7d19ec50c30c59fa1038cd9da6d37c2176833 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Sat, 21 Jun 2014 17:02:06 +0200
Subject: Workaround a bug in libc on Hurd
The send() function, when asked to send 0 characters, doesn't trigger a corresponding recv(), except on Hurd.
This breaks the communication between clamd and clamdscan.
See: https://bugs.debian.org/752237
---
clamd/scanner.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/clamd/scanner.c b/clamd/scanner.c
index cd3d07c4ad3e..d531c4420686 100644
--- a/clamd/scanner.c
+++ b/clamd/scanner.c
@@ -119,6 +119,7 @@ int scan_callback(STATBUF *sb, char *filename, const char *msg, enum cli_ftw_rea
/* detect disconnected socket,
* this should NOT detect half-shutdown sockets (SHUT_WR) */
+#if !defined(__GNU__)
if (send(scandata->conn->sd, &ret, 0, 0) == -1 && errno != EINTR) {
logg("$Client disconnected while command was active!\n");
thrmgr_group_terminate(scandata->conn->group);
@@ -126,7 +127,7 @@ int scan_callback(STATBUF *sb, char *filename, const char *msg, enum cli_ftw_rea
free(filename);
return CL_BREAK;
}
-
+#endif
if (thrmgr_group_need_terminate(scandata->conn->group)) {
logg("^Client disconnected while scanjob was active\n");
if (reason == visit_file)
recipes-security/clamav/clamav-0.98.5/0006-remove-unnecessary-harmful-flags-from-libclamav.pc.patch
+22
View File
@@ -0,0 +1,22 @@
From 0fd50756af998fabc3393f67ff8b78a4855303d9 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Mon, 4 Aug 2014 22:44:40 +0200
Subject: remove unnecessary/harmful flags from libclamav.pc
---
libclamav.pc.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libclamav.pc.in b/libclamav.pc.in
index 27db30e757ff..19ef1e4e0399 100644
--- a/libclamav.pc.in
+++ b/libclamav.pc.in
@@ -6,6 +6,6 @@ includedir=@includedir@
Name: libclamav
Description: A GPL virus scanner
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
-Cflags: -I${includedir} @CFLAGS@
+Libs: -L${libdir} -lclamav
+Cflags: -I${includedir}
recipes-security/clamav/clamav-0.98.5/0007-libclamav-use-libmspack.patch
+4042
View File
File diff suppressed because it is too large Load Diff
recipes-security/clamav/clamav-0.98.5/0008-Add-upstream-systemd-support-for-clamav-daemon-and-c.patch
+655
View File
@@ -0,0 +1,655 @@
From d2564db5d3f50adc67474ffb22b0ee7027a82828 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Mon, 11 Aug 2014 23:22:05 +0200
Subject: Add upstream systemd support for clamav-daemon and clamav-freshclam.
---
Makefile.am | 2 +-
clamd/Makefile.am | 4 ++
clamd/clamav-daemon.service.in | 17 ++++++
clamd/clamav-daemon.socket | 12 ++++
clamd/clamd.c | 102 +++++++++++++++++++++++++++-------
clamd/localserver.c | 34 ++++++++++++
clamd/server-th.c | 55 +++++++++++-------
clamd/tcpserver.c | 50 +++++++++++++++++
configure.ac | 3 +
freshclam/Makefile.am | 4 ++
freshclam/clamav-freshclam.service.in | 12 ++++
freshclam/freshclam.c | 39 +++++++++++--
m4/reorganization/libs/systemd.m4 | 18 ++++++
shared/misc.h | 8 +++
shared/optparser.c | 2 +-
15 files changed, 318 insertions(+), 44 deletions(-)
create mode 100644 clamd/clamav-daemon.service.in
create mode 100644 clamd/clamav-daemon.socket
create mode 100644 freshclam/clamav-freshclam.service.in
create mode 100644 m4/reorganization/libs/systemd.m4
diff --git a/Makefile.am b/Makefile.am
index 2eecd94b668b..017d6327ff58 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,7 +33,7 @@ pkgconfig_DATA = libclamav.pc
# don't complain that configuration files and databases are not removed, this is intended
distuninstallcheck_listfiles = find . -type f ! -name clamd.conf ! -name freshclam.conf ! -name daily.cvd ! -name main.cvd -print
DISTCLEANFILES = target.h
-DISTCHECK_CONFIGURE_FLAGS=--enable-milter --disable-clamav --enable-all-jit-targets --enable-llvm=yes
+DISTCHECK_CONFIGURE_FLAGS=--enable-milter --disable-clamav --enable-all-jit-targets --enable-llvm=yes --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
lcov:
($(MAKE); cd unit_tests; $(MAKE) lcov)
quick-check:
diff --git a/clamd/Makefile.am b/clamd/Makefile.am
index 61bbd69d1133..edc133138e58 100644
--- a/clamd/Makefile.am
+++ b/clamd/Makefile.am
@@ -50,6 +50,10 @@ clamd_SOURCES = \
AM_CFLAGS=@WERR_CFLAGS@
+if INSTALL_SYSTEMD_UNITS
+systemdsystemunit_DATA = clamav-daemon.socket clamav-daemon.service
+endif
+
endif
LIBS = $(top_builddir)/libclamav/libclamav.la @CLAMD_LIBS@ @THREAD_LIBS@
diff --git a/clamd/clamav-daemon.service.in b/clamd/clamav-daemon.service.in
new file mode 100644
index 000000000000..0a5d456a2b36
--- /dev/null
+++ b/clamd/clamav-daemon.service.in
@@ -0,0 +1,17 @@
+[Unit]
+Description=Clam AntiVirus userspace daemon
+Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
+Requires=clamav-daemon.socket
+# Check for database existence
+ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
+ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
+
+[Service]
+ExecStart=@prefix@/sbin/clamd --foreground=true
+# Reload the database
+ExecReload=/bin/kill -USR2 $MAINPID
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target
+Also=clamav-daemon.socket
diff --git a/clamd/clamav-daemon.socket b/clamd/clamav-daemon.socket
new file mode 100644
index 000000000000..43a34cd36aad
--- /dev/null
+++ b/clamd/clamav-daemon.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=Socket for Clam AntiVirus userspace daemon
+Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
+
+[Socket]
+ListenStream=/run/clamav/clamd.ctl
+#ListenStream=127.0.0.1:1024
+ExecStartPost=/bin/chown -R clamav:clamav /run/clamav/
+ExecStopPost=/bin/rm /run/clamav/clamd.ctl
+
+[Install]
+WantedBy=sockets.target
diff --git a/clamd/clamd.c b/clamd/clamd.c
index 96204291f433..ec15eacc8c25 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -72,7 +72,7 @@
#include "scanner.h"
short debug_mode = 0, logok = 0;
-short foreground = 0;
+short foreground = -1;
char hostid[37];
char *get_hostid(void *cbdata);
@@ -160,6 +160,31 @@ int main(int argc, char **argv)
debug_mode = 1;
}
+ /* check foreground option from command line to override config file */
+ int j;
+ for(j = 0; j < argc; j += 1)
+ {
+ if ((memcmp(argv[j], "--foreground", 12) == 0) || (memcmp(argv[j], "-F", 2) == 0))
+ {
+ /* found */
+ break;
+ }
+ }
+
+ if (j < argc)
+ {
+ if(optget(opts, "Foreground")->enabled)
+ {
+ foreground = 1;
+ }
+ else
+ {
+ foreground = 0;
+ }
+ }
+
+ int num_fd = sd_listen_fds(0);
+
/* parse the config file */
cfgfile = optget(opts, "config-file")->strarg;
pt = strdup(cfgfile);
@@ -295,7 +320,9 @@ int main(int argc, char **argv)
if(optget(opts, "LocalSocket")->enabled)
localsock = 1;
- if(!tcpsock && !localsock) {
+ logg("#Received %d file descriptor(s) from systemd.\n", num_fd);
+
+ if(!tcpsock && !localsock && num_fd == 0) {
logg("!Please define server type (local and/or TCP).\n");
ret = 1;
break;
@@ -577,7 +604,9 @@ int main(int argc, char **argv)
break;
}
- if(tcpsock) {
+ if(tcpsock || num_fd > 0) {
+ int *t;
+
opt = optget(opts, "TCPAddr");
if (opt->enabled) {
int breakout = 0;
@@ -604,7 +633,7 @@ int main(int argc, char **argv)
}
}
#ifndef _WIN32
- if(localsock) {
+ if(localsock && num_fd == 0) {
int *t;
mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */
@@ -666,8 +695,43 @@ int main(int argc, char **argv)
nlsockets++;
}
+ /* check for local sockets passed by systemd */
+ if (num_fd > 0)
+ {
+ int *t;
+ t = realloc(lsockets, sizeof(int) * (nlsockets + 1));
+ if (!(t)) {
+ ret = 1;
+ break;
+ }
+ lsockets = t;
+
+ lsockets[nlsockets] = localserver(opts);
+ if (lsockets[nlsockets] == -1)
+ {
+ ret = 1;
+ break;
+ }
+ else if (lsockets[nlsockets] > 0)
+ {
+ nlsockets++;
+ }
+ }
+
/* fork into background */
- if(!optget(opts, "Foreground")->enabled) {
+ if (foreground == -1)
+ {
+ if (optget(opts, "Foreground")->enabled)
+ {
+ foreground = 1;
+ }
+ else
+ {
+ foreground = 0;
+ }
+ }
+ if(foreground == 0)
+ {
#ifdef C_BSD
/* workaround for OpenBSD bug, see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=885 */
for(ret=0;(unsigned int)ret<nlsockets;ret++) {
@@ -701,8 +765,6 @@ int main(int argc, char **argv)
if(chdir("/") == -1)
logg("^Can't change current working directory to root\n");
- } else {
- foreground = 1;
}
#endif
@@ -716,22 +778,24 @@ int main(int argc, char **argv)
} while (0);
- logg("*Closing the main socket%s.\n", (nlsockets > 1) ? "s" : "");
-
- for (i = 0; i < nlsockets; i++) {
- closesocket(lsockets[i]);
- }
+ if (num_fd == 0)
+ {
+ logg("*Closing the main socket%s.\n", (nlsockets > 1) ? "s" : "");
+ for (i = 0; i < nlsockets; i++) {
+ closesocket(lsockets[i]);
+ }
#ifndef _WIN32
- if(nlsockets && localsock) {
- opt = optget(opts, "LocalSocket");
+ if(nlsockets && localsock) {
+ opt = optget(opts, "LocalSocket");
- if(unlink(opt->strarg) == -1)
- logg("!Can't unlink the socket file %s\n", opt->strarg);
- else
- logg("Socket file removed.\n");
- }
+ if(unlink(opt->strarg) == -1)
+ logg("!Can't unlink the socket file %s\n", opt->strarg);
+ else
+ logg("Socket file removed.\n");
+ }
#endif
+ }
free(lsockets);
diff --git a/clamd/localserver.c b/clamd/localserver.c
index db07415212ad..d963efd244f5 100644
--- a/clamd/localserver.c
+++ b/clamd/localserver.c
@@ -39,6 +39,7 @@
#include "shared/optparser.h"
#include "shared/output.h"
+#include "shared/misc.h"
#include "others.h"
#include "server.h"
@@ -60,6 +61,39 @@ int localserver(const struct optstruct *opts)
STATBUF foo;
char *estr;
+ int num_fd = sd_listen_fds(0);
+ if (num_fd > 2)
+ {
+ logg("!LOCAL: Received more than two file descriptors from systemd.\n");
+ return -1;
+ }
+ else if (num_fd > 0)
+ {
+ /* use socket passed by systemd */
+ int i;
+ for(i = 0; i < num_fd; i += 1)
+ {
+ sockfd = SD_LISTEN_FDS_START + i;
+ if (sd_is_socket(sockfd, AF_UNIX, SOCK_STREAM, 1) == 1)
+ {
+ /* correct socket */
+ break;
+ }
+ else
+ {
+ /* wrong socket */
+ sockfd = -2;
+ }
+ }
+ if (sockfd == -2)
+ {
+ logg("#LOCAL: No local AF_UNIX SOCK_STREAM socket received from systemd.\n");
+ return -2;
+ }
+ logg("#LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.\n");
+ return sockfd;
+ }
+ /* create socket */
memset((char *) &server, 0, sizeof(server));
server.sun_family = AF_UNIX;
strncpy(server.sun_path, optget(opts, "LocalSocket")->strarg, sizeof(server.sun_path));
diff --git a/clamd/server-th.c b/clamd/server-th.c
index d97cd6fb34e1..5c12811b662b 100644
--- a/clamd/server-th.c
+++ b/clamd/server-th.c
@@ -48,6 +48,7 @@
#include "shared/output.h"
#include "shared/optparser.h"
+#include "shared/misc.h"
#include "fan.h"
#include "server.h"
@@ -445,13 +446,19 @@ static void *acceptloop_th(void *arg)
}
pthread_mutex_unlock(fds->buf_mutex);
- for (i=0;i < fds->nfds; i++) {
- if (fds->buf[i].fd == -1)
- continue;
- logg("$Shutdown: closed fd %d\n", fds->buf[i].fd);
- shutdown(fds->buf[i].fd, 2);
- closesocket(fds->buf[i].fd);
+ if (sd_listen_fds(0) == 0)
+ {
+ /* only close the sockets, when not using systemd socket activation */
+ for (i=0;i < fds->nfds; i++)
+ {
+ if (fds->buf[i].fd == -1)
+ continue;
+ logg("$Shutdown: closed fd %d\n", fds->buf[i].fd);
+ shutdown(fds->buf[i].fd, 2);
+ closesocket(fds->buf[i].fd);
+ }
}
+
fds_free(fds);
pthread_mutex_destroy(fds->buf_mutex);
pthread_mutex_lock(&exit_mutex);
@@ -1344,16 +1351,22 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi
if (progexit) {
pthread_mutex_unlock(&exit_mutex);
pthread_mutex_lock(fds->buf_mutex);
- for (i=0;i < fds->nfds; i++) {
- if (fds->buf[i].fd == -1)
- continue;
- thrmgr_group_terminate(fds->buf[i].group);
- if (thrmgr_group_finished(fds->buf[i].group, EXIT_ERROR)) {
- logg("$Shutdown closed fd %d\n", fds->buf[i].fd);
- shutdown(fds->buf[i].fd, 2);
- closesocket(fds->buf[i].fd);
- fds->buf[i].fd = -1;
- }
+ if (sd_listen_fds(0) == 0)
+ {
+ /* only close the sockets, when not using systemd socket activation */
+ for (i=0;i < fds->nfds; i++)
+ {
+ if (fds->buf[i].fd == -1)
+ continue;
+ thrmgr_group_terminate(fds->buf[i].group);
+ if (thrmgr_group_finished(fds->buf[i].group, EXIT_ERROR))
+ {
+ logg("$Shutdown closed fd %d\n", fds->buf[i].fd);
+ shutdown(fds->buf[i].fd, 2);
+ closesocket(fds->buf[i].fd);
+ fds->buf[i].fd = -1;
+ }
+ }
}
pthread_mutex_unlock(fds->buf_mutex);
break;
@@ -1462,9 +1475,13 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi
#endif
if(dbstat.entries)
cl_statfree(&dbstat);
- logg("*Shutting down the main socket%s.\n", (nsockets > 1) ? "s" : "");
- for (i = 0; i < nsockets; i++)
- shutdown(socketds[i], 2);
+ if (sd_listen_fds(0) == 0)
+ {
+ /* only close the sockets, when not using systemd socket activation */
+ logg("*Shutting down the main socket%s.\n", (nsockets > 1) ? "s" : "");
+ for (i = 0; i < nsockets; i++)
+ shutdown(socketds[i], 2);
+ }
if((opt = optget(opts, "PidFile"))->enabled) {
if(unlink(opt->strarg) == -1)
diff --git a/clamd/tcpserver.c b/clamd/tcpserver.c
index c3027a85c1f4..81387b3c8512 100644
--- a/clamd/tcpserver.c
+++ b/clamd/tcpserver.c
@@ -60,6 +60,56 @@ int tcpserver(int **lsockets, unsigned int *nlsockets, char *ipaddr, const struc
sockets = *lsockets;
+ int num_fd = sd_listen_fds(0);
+ if (num_fd > 2)
+ {
+ logg("!TCP: Received more than two file descriptors from systemd.\n");
+ return -1;
+ }
+ else if (num_fd > 0)
+ {
+ /* use socket passed by systemd */
+ int i;
+ for(i = 0; i < num_fd; i += 1)
+ {
+ sockfd = SD_LISTEN_FDS_START + i;
+ if (sd_is_socket(sockfd, AF_INET, SOCK_STREAM, 1) == 1)
+ {
+ /* correct socket */
+ logg("#TCP: Received AF_INET SOCK_STREAM socket from systemd.\n");
+ break;
+ }
+ else if (sd_is_socket(sockfd, AF_INET6, SOCK_STREAM, 1) == 1)
+ {
+ /* correct socket */
+ logg("#TCP: Received AF_INET6 SOCK_STREAM socket from systemd.\n");
+ break;
+ }
+ else
+ {
+ /* wrong socket */
+ sockfd = -2;
+ }
+ }
+ if (sockfd == -2)
+ {
+ logg("#TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.\n");
+ return -2;
+ }
+
+ t = realloc(sockets, sizeof(int) * (*nlsockets + 1));
+ if (!(t)) {
+ return -1;
+ }
+ sockets = t;
+
+ sockets[*nlsockets] = sockfd;
+ (*nlsockets)++;
+ *lsockets = sockets;
+ return 0;
+ }
+
+ /* create socket */
snprintf(port, sizeof(port), "%lld", optget(opts, "TCPSocket")->numarg);
memset(&hints, 0x00, sizeof(struct addrinfo));
diff --git a/configure.ac b/configure.ac
index 41043753fc92..02caad29410a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -86,6 +86,7 @@ AM_MAINTAINER_MODE
m4_include([m4/reorganization/libs/libz.m4])
m4_include([m4/reorganization/libs/bzip.m4])
m4_include([m4/reorganization/libs/unrar.m4])
+m4_include([m4/reorganization/libs/systemd.m4])
m4_include([m4/reorganization/code_checks/ipv6.m4])
m4_include([m4/reorganization/code_checks/dns.m4])
m4_include([m4/reorganization/code_checks/fanotify.m4])
@@ -137,9 +138,11 @@ clamscan/Makefile
database/Makefile
docs/Makefile
clamd/Makefile
+clamd/clamav-daemon.service
clamdscan/Makefile
clamsubmit/Makefile
clamav-milter/Makefile
+freshclam/clamav-freshclam.service
freshclam/Makefile
sigtool/Makefile
clamconf/Makefile
diff --git a/freshclam/Makefile.am b/freshclam/Makefile.am
index 58fc17471c35..051bf3380e98 100644
--- a/freshclam/Makefile.am
+++ b/freshclam/Makefile.am
@@ -49,6 +49,10 @@ freshclam_SOURCES = \
mirman.c \
mirman.h
+if INSTALL_SYSTEMD_UNITS
+systemdsystemunit_DATA = clamav-freshclam.service
+endif
+
AM_CFLAGS=@WERR_CFLAGS@
DEFS = @DEFS@ -DCL_NOTHREADS
AM_CPPFLAGS = @SSL_CPPFLAGS@ -I$(top_srcdir) -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav @FRESHCLAM_CPPFLAGS@ @JSON_CPPFLAGS@
diff --git a/freshclam/clamav-freshclam.service.in b/freshclam/clamav-freshclam.service.in
new file mode 100644
index 000000000000..f717cd642106
--- /dev/null
+++ b/freshclam/clamav-freshclam.service.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=ClamAV virus database updater
+Documentation=man:freshclam(1) man:freshclam.conf(5) http://www.clamav.net/lang/en/doc/
+# If user wants it run from cron, don't start the daemon.
+ConditionPathExists=!/etc/cron.d/clamav-freshclam
+
+[Service]
+ExecStart=@prefix@/bin/freshclam -d --foreground=true
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target
diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c
index 166586bf6447..f170613877c4 100644
--- a/freshclam/freshclam.c
+++ b/freshclam/freshclam.c
@@ -64,7 +64,7 @@
static short terminate = 0;
extern int active_children;
-static short foreground = 1;
+static short foreground = -1;
char updtmpdir[512], dbdir[512];
int sigchld_wait = 1;
const char *pidfile = NULL;
@@ -117,7 +117,7 @@ sighandler (int sig)
if (pidfile)
unlink (pidfile);
logg ("Update process terminated\n");
- exit (2);
+ exit (0);
}
return;
@@ -322,6 +322,26 @@ main (int argc, char **argv)
return 0;
}
+ /* check foreground option from command line to override config file */
+ int j;
+ for(j = 0; j < argc; j += 1)
+ {
+ if ((memcmp(argv[j], "--foreground", 12) == 0) || (memcmp(argv[j], "-F", 2) == 0))
+ {
+ /* found */
+ break;
+ }
+ }
+
+ if (j < argc) {
+ if(optget(opts, "Foreground")->enabled) {
+ foreground = 1;
+ }
+ else {
+ foreground = 0;
+ }
+ }
+
/* parse the config file */
cfgfile = optget (opts, "config-file")->strarg;
pt = strdup (cfgfile);
@@ -638,7 +658,19 @@ main (int argc, char **argv)
bigsleep = 24 * 3600 / checks;
#ifndef _WIN32
- if (!optget (opts, "Foreground")->enabled)
+ /* fork into background */
+ if (foreground == -1)
+ {
+ if (optget(opts, "Foreground")->enabled)
+ {
+ foreground = 1;
+ }
+ else
+ {
+ foreground = 0;
+ }
+ }
+ if(foreground == 0)
{
if (daemonize () == -1)
{
@@ -646,7 +678,6 @@ main (int argc, char **argv)
optfree (opts);
return FCE_FAILEDUPDATE;
}
- foreground = 0;
mprintf_disabled = 1;
}
#endif
diff --git a/m4/reorganization/libs/systemd.m4 b/m4/reorganization/libs/systemd.m4
new file mode 100644
index 000000000000..cac5d4272fda
--- /dev/null
+++ b/m4/reorganization/libs/systemd.m4
@@ -0,0 +1,18 @@
+dnl Check for systemd-daemon
+PKG_CHECK_MODULES(SYSTEMD, [libsystemd-daemon], [AC_DEFINE([HAVE_SYSTEMD],,[systemd-daemon is supported])], [AC_MSG_RESULT([systemd-daemon is not supported])])
+CLAMD_LIBS="$CLAMD_LIBS $SYSTEMD_LIBS"
+CFLAGS="$CFLAGS $SYSTEMD_CFLAGS"
+
+dnl Check for systemd system unit installation directory (see man 7 daemon)
+AC_ARG_WITH([systemdsystemunitdir], AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),, [with_systemdsystemunitdir=auto])
+AS_IF([test "x$with_systemdsystemunitdir" = "xyes" -o "x$with_systemdsystemunitdir" = "xauto"], [
+ def_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)
+ AS_IF([test "x$def_systemdsystemunitdir" = "x"],
+ [AS_IF([test "x$with_systemdsystemunitdir" = "xyes"], [AC_MSG_ERROR([systemd support requested but pkg-config unable to query systemd package])])
+ with_systemdsystemunitdir=no],
+ [with_systemdsystemunitdir=$def_systemdsystemunitdir])])
+AS_IF([test "x$with_systemdsystemunitdir" != "xno"],
+ [AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])])
+AM_CONDITIONAL(INSTALL_SYSTEMD_UNITS, [test "x$with_systemdsystemunitdir" != "xno"])
+AC_MSG_RESULT([checking for systemd system unit installation directory... $with_systemdsystemunitdir])
+
diff --git a/shared/misc.h b/shared/misc.h
index 7f3a9f962d0d..3e093936caa1 100644
--- a/shared/misc.h
+++ b/shared/misc.h
@@ -37,6 +37,14 @@
# endif
#endif
+#ifdef HAVE_SYSTEMD
+# include <systemd/sd-daemon.h>
+#else
+# define sd_listen_fds(u) 0
+# define SD_LISTEN_FDS_START 3
+# define sd_is_socket(f, a, s, l) 1
+#endif
+
#include <limits.h>
#ifndef PATH_MAX
diff --git a/shared/optparser.c b/shared/optparser.c
index 63c88550d5b8..b61ec832a32f 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -272,7 +272,7 @@ const struct clam_option __clam_options[] = {
{ "AllowAllMatchScan", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Permit use of the ALLMATCHSCAN command.", "yes" },
- { "Foreground", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" },
+ { "Foreground", "foreground", 'F', CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" },
{ "Debug", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "Enable debug messages in libclamav.", "no" },
recipes-security/clamav/clamav-0.98.5/0009-fix-ssize_t-size_t-off_t-printf-modifier.patch
+478
View File
@@ -0,0 +1,478 @@
From 26516ebe7ae678be78e748bc973835844e369f72 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sun, 17 Aug 2014 21:24:03 +0200
Subject: fix ssize_t/size_t/off_t printf modifier
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes a segfault on ARM, Sparc, … if 64bit off_t is used. Once LFS
is enabled then off_t becomes 64bit and there is no portable way to express
it except to cast the variable to signed long long. However with LFS
enabled we can spare that cast.
The 32bit Architectures may explode here because the earlier 64bit off_t
consumes two argument slots and the filename (on which glibc uses
strlen()) becomes invalid.
In brief:
ssize_t -> %zd
size_t -> %zu
off_t -> %llu (with LFS enabled)
https://bugzilla.clamav.net/show_bug.cgi?id=11092
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
clamd/clamd.c | 2 +-
clamd/server-th.c | 3 ++-
libclamav/adc.c | 5 +++--
libclamav/asn1.c | 3 ++-
libclamav/bytecode.c | 4 ++--
libclamav/bytecode_api.c | 2 +-
libclamav/hashtab.c | 32 +++++++++++++++++++++-----------
libclamav/jsparse/js-norm.c | 6 ++++--
libclamav/matcher.c | 6 ++++--
libclamav/pdf.c | 29 +++++++++++++++++++----------
libclamav/regex_list.c | 5 ++++-
libclamav/scanners.c | 5 +++--
shared/misc.h | 4 ++++
shared/output.c | 3 ++-
sigtool/sigtool.c | 3 ++-
15 files changed, 74 insertions(+), 38 deletions(-)
diff --git a/clamd/clamd.c b/clamd/clamd.c
index ec15eacc8c25..8c87e1bb9a87 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -355,7 +355,7 @@ int main(int argc, char **argv)
if(logg_size)
- logg("#Log file size limited to %u bytes.\n", logg_size);
+ logg("#Log file size limited to %" PRId64 "bytes.\n", logg_size);
else
logg("#Log file size limit disabled.\n");
diff --git a/clamd/server-th.c b/clamd/server-th.c
index 5c12811b662b..84086f39fbfb 100644
--- a/clamd/server-th.c
+++ b/clamd/server-th.c
@@ -689,7 +689,8 @@ static int handle_stream(client_conn_t *conn, struct fd_buf *buf, const struct o
logg("!INSTREAM: Can't write to temporary file.\n");
*error = 1;
}
- logg("$Processed %lu bytes of chunkdata, pos %lu\n", cmdlen, pos);
+ logg("$Processed %" _sizet " bytes of chunkdata, pos %" _sizet "\n",
+ cmdlen, pos);
pos += cmdlen;
if (pos == buf->off) {
buf->off = 0;
diff --git a/libclamav/adc.c b/libclamav/adc.c
index 6ad00ea96571..684335f1bfb5 100644
--- a/libclamav/adc.c
+++ b/libclamav/adc.c
@@ -28,6 +28,7 @@
#include <string.h>
#endif
+#include "shared/misc.h"
#include "clamav.h"
#include "cltypes.h"
#include "others.h"
@@ -86,8 +87,8 @@ int adc_decompress(adc_stream *strm)
return ADC_DATA_ERROR;
}
- cli_dbgmsg("adc_decompress: avail_in %lu avail_out %lu state %u\n", strm->avail_in, strm->avail_out, strm->state);
-
+ cli_dbgmsg("adc_decompress: avail_in %" _sizet " avail_out %" _sizet " state %u\n",
+ strm->avail_in, strm->avail_out, strm->state);
while (strm->avail_out) {
/* Exit if needs more in bytes and none available */
int needsInput;
diff --git a/libclamav/asn1.c b/libclamav/asn1.c
index c6cf0dd00c50..e6f55642640d 100644
--- a/libclamav/asn1.c
+++ b/libclamav/asn1.c
@@ -24,6 +24,7 @@
#include <time.h>
+#include "shared/misc.h"
#include "clamav.h"
#include "asn1.h"
#include "bignum.h"
@@ -1481,7 +1482,7 @@ int asn1_check_mscat(struct cl_engine *engine, fmap_t *map, size_t offset, unsig
if (engine->dconf->pe & PE_CONF_DISABLECERT)
return CL_VIRUS;
- cli_dbgmsg("in asn1_check_mscat (offset: %lu)\n", offset);
+ cli_dbgmsg("in asn1_check_mscat (offset: %" _sizet ")\n", offset);
crtmgr_init(&certs);
if(crtmgr_add_roots(engine, &certs)) {
crtmgr_free(&certs);
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index 28d2d716f93b..b34f818fdaba 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -1489,8 +1489,8 @@ void cli_sigperf_print()
cli_infomsg (NULL, "%-*s %*s %*s %*s %*s\n", max_name_len, "=============",
8, "=====", 8, "========", 12, "===========", 9, "=========");
while (elem->run_count) {
- cli_infomsg (NULL, "%-*s %*lu %*lu %*llu %*.2f\n", max_name_len, elem->bc_name,
- 8, elem->run_count, 8, elem->match_count,
+ cli_infomsg (NULL, "%-*s %*lu %*lu %*" PRIu64 " %*.2f\n", max_name_len,
+ elem->bc_name, 8, elem->run_count, 8, elem->match_count,
12, elem->usecs, 9, (double)elem->usecs/elem->run_count);
elem++;
}
diff --git a/libclamav/bytecode_api.c b/libclamav/bytecode_api.c
index 5bded4ebaca0..72a9393183a2 100644
--- a/libclamav/bytecode_api.c
+++ b/libclamav/bytecode_api.c
@@ -122,7 +122,7 @@ int32_t cli_bcapi_seek(struct cli_bc_ctx* ctx, int32_t pos, uint32_t whence)
return -1;
}
if (off < 0 || off > ctx->file_size) {
- cli_dbgmsg("bcapi_seek: out of file: %ld (max %d)\n",
+ cli_dbgmsg("bcapi_seek: out of file: %" PRId64 " (max %d)\n",
off, ctx->file_size);
return -1;
}
diff --git a/libclamav/hashtab.c b/libclamav/hashtab.c
index 88e81ba2c2ef..cafce3ac8927 100644
--- a/libclamav/hashtab.c
+++ b/libclamav/hashtab.c
@@ -25,6 +25,7 @@
#include <stdio.h>
#include <string.h>
+#include "shared/misc.h"
#include "cltypes.h"
#include "clamav.h"
#include "others.h"
@@ -329,9 +330,10 @@ static int cli_hashtab_grow(struct cli_hashtable *s)
struct cli_element* htable;
size_t i,idx, used = 0;
- cli_dbgmsg("hashtab.c: new capacity: %lu\n",new_capacity);
+ cli_dbgmsg("hashtab.c: new capacity: %" _sizet "\n",new_capacity);
if(new_capacity == s->capacity) {
- cli_errmsg("hashtab.c: capacity problem growing from: %lu\n",s->capacity);
+ cli_errmsg("hashtab.c: capacity problem growing from: %" _sizet
+ "\n", s->capacity);
return CL_EMEM;
}
htable = cli_calloc(new_capacity, sizeof(*s->htable));
@@ -372,7 +374,7 @@ static int cli_hashtab_grow(struct cli_hashtable *s)
s->used = used;
s->capacity = new_capacity;
s->maxfill = new_capacity*8/10;
- cli_dbgmsg("Table %p size after grow:%ld\n",(void*)s,s->capacity);
+ cli_dbgmsg("Table %p size after grow: %" _sizet "\n", s, s->capacity);
PROFILE_GROW_DONE(s);
return CL_SUCCESS;
}
@@ -386,7 +388,7 @@ static int cli_htu32_grow(struct cli_htu32 *s, mpool_t *mempool)
const size_t new_capacity = nearest_power(s->capacity + 1);
struct cli_htu32_element* htable = mpool_calloc(mempool, new_capacity, sizeof(*s->htable));
size_t i,idx, used = 0;
- cli_dbgmsg("hashtab.c: new capacity: %lu\n",new_capacity);
+ cli_dbgmsg("hashtab.c: new capacity: %" _sizet "\n", new_capacity);
if(new_capacity == s->capacity || !htable)
return CL_EMEM;
@@ -422,7 +424,7 @@ static int cli_htu32_grow(struct cli_htu32 *s, mpool_t *mempool)
s->used = used;
s->capacity = new_capacity;
s->maxfill = new_capacity*8/10;
- cli_dbgmsg("Table %p size after grow:%ld\n",(void*)s,s->capacity);
+ cli_dbgmsg("Table %p size after grow: %" _sizet "\n", s, s->capacity);
PROFILE_GROW_DONE(s);
return CL_SUCCESS;
}
@@ -437,7 +439,9 @@ const struct cli_element* cli_hashtab_insert(struct cli_hashtable *s, const char
if(!s)
return NULL;
if(s->used > s->maxfill) {
- cli_dbgmsg("hashtab.c:Growing hashtable %p, because it has exceeded maxfill, old size:%ld\n",(void*)s,s->capacity);
+ cli_dbgmsg("hashtab.c:Growing hashtable %p, because it has "
+ "exceeded maxfill, old size: %" _sizet "\n", s,
+ s->capacity);
cli_hashtab_grow(s);
}
do {
@@ -486,7 +490,8 @@ const struct cli_element* cli_hashtab_insert(struct cli_hashtable *s, const char
} while (tries <= s->capacity);
/* no free place found*/
PROFILE_HASH_EXHAUSTED(s);
- cli_dbgmsg("hashtab.c: Growing hashtable %p, because its full, old size:%ld.\n",(void*)s,s->capacity);
+ cli_dbgmsg("hashtab.c: Growing hashtable %p, because its full, "
+ "old size: %" _sizet ".\n", s, s->capacity);
} while( cli_hashtab_grow(s) >= 0 );
cli_warnmsg("hashtab.c: Unable to grow hashtable\n");
return NULL;
@@ -504,7 +509,9 @@ int cli_htu32_insert(struct cli_htu32 *s, const struct cli_htu32_element *item,
if(!s)
return CL_ENULLARG;
if(s->used > s->maxfill) {
- cli_dbgmsg("hashtab.c:Growing hashtable %p, because it has exceeded maxfill, old size:%ld\n",(void*)s,s->capacity);
+ cli_dbgmsg("hashtab.c:Growing hashtable %p, because it has "
+ "exceeded maxfill, old size: %" _sizet "\n", s,
+ s->capacity);
cli_htu32_grow(s, mempool);
}
do {
@@ -543,7 +550,8 @@ int cli_htu32_insert(struct cli_htu32 *s, const struct cli_htu32_element *item,
} while (tries <= s->capacity);
/* no free place found*/
PROFILE_HASH_EXHAUSTED(s);
- cli_dbgmsg("hashtab.c: Growing hashtable %p, because its full, old size:%ld.\n",(void*)s,s->capacity);
+ cli_dbgmsg("hashtab.c: Growing hashtable %p, because its full, "
+ "old size: %" _sizet ".\n", s, s->capacity);
} while( (ret = cli_htu32_grow(s, mempool)) >= 0 );
cli_warnmsg("hashtab.c: Unable to grow hashtable\n");
return ret;
@@ -632,11 +640,13 @@ int cli_hashtab_generate_c(const struct cli_hashtable *s,const char* name)
else if(e->key == DELETED_KEY)
printf("\t{DELETED_KEY,0,0},\n");
else
- printf("\t{\"%s\", %ld, %ld},\n", e->key, e->data, e->len);
+ printf("\t{\"%s\", %ld, %" _sizet"},\n", e->key,
+ e->data, e->len);
}
printf("};\n");
printf("const struct cli_hashtable %s = {\n",name);
- printf("\t%s_elements, %ld, %ld, %ld", name, s->capacity, s->used, s->maxfill);
+ printf("\t%s_elements, %" _sizet ", %" _sizet" , %" _sizet, name,
+ s->capacity, s->used, s->maxfill);
printf("\n};\n");
PROFILE_REPORT(s);
diff --git a/libclamav/jsparse/js-norm.c b/libclamav/jsparse/js-norm.c
index 85eba72c2e87..9a56aa34856f 100644
--- a/libclamav/jsparse/js-norm.c
+++ b/libclamav/jsparse/js-norm.c
@@ -34,6 +34,7 @@
#include <ctype.h>
#include <assert.h>
+#include "shared/misc.h"
#include "clamav.h"
#include "cltypes.h"
#include "jsparse/lexglobal.h"
@@ -525,7 +526,8 @@ static int replace_token_range(struct tokens *dst, size_t start, size_t end, con
{
const size_t len = with ? with->cnt : 0;
size_t i;
- cli_dbgmsg(MODULE "Replacing tokens %lu - %lu with %lu tokens\n",start, end, len);
+ cli_dbgmsg(MODULE "Replacing tokens %" _sizet " - %" _sizet " with %"
+ _sizet " tokens\n", start, end, len);
if(start >= dst->cnt || end > dst->cnt)
return -1;
for(i=start;i<end;i++) {
@@ -547,7 +549,7 @@ static int append_tokens(struct tokens *dst, const struct tokens *src)
return CL_ENULLARG;
if(tokens_ensure_capacity(dst, dst->cnt + src->cnt))
return CL_EMEM;
- cli_dbgmsg(MODULE "Appending %lu tokens\n", src->cnt);
+ cli_dbgmsg(MODULE "Appending %" _sizet " tokens\n", src->cnt);
memcpy(&dst->data[dst->cnt], src->data, src->cnt * sizeof(dst->data[0]));
dst->cnt += src->cnt;
return CL_SUCCESS;
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index 3f4f5c1659d5..e684f7122e26 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -52,6 +52,7 @@
#include "perflogging.h"
#include "bytecode_priv.h"
#include "bytecode_api_impl.h"
+#include "shared/misc.h"
#ifdef CLI_PERF_LOGGING
@@ -1069,8 +1070,9 @@ int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer,
const struct cli_cdb *cdb;
unsigned int viruses_found = 0;
- cli_dbgmsg("CDBNAME:%s:%lu:%s:%lu:%lu:%d:%u:%u:%p\n",
- cli_ftname(ctx->container_type), fsizec, fname, fsizec, fsizer, encrypted, filepos, res1, res2);
+ cli_dbgmsg("CDBNAME:%s:%" _sizet ":%s:%" _sizet ":%" _sizet ":%d:%u:%u:%p\n",
+ cli_ftname(ctx->container_type), fsizec, fname, fsizec, fsizer,
+ encrypted, filepos, res1, res2);
if (ctx->engine && ctx->engine->cb_meta)
if (ctx->engine->cb_meta(cli_ftname(ctx->container_type), fsizec, fname, fsizer, encrypted, filepos, ctx->cb_ctx) == CL_VIRUS) {
diff --git a/libclamav/pdf.c b/libclamav/pdf.c
index 2e469c1e5d56..2de348e7c3fd 100644
--- a/libclamav/pdf.c
+++ b/libclamav/pdf.c
@@ -60,6 +60,7 @@
#include "rijndael.h"
#include "textnorm.h"
#include "json_api.h"
+#include "shared/misc.h"
#ifdef CL_DEBUG
/*#define SAVE_TMP
@@ -1019,10 +1020,12 @@ int pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t flags)
orig_length = length;
if (length > pdf->size || obj->start + p_stream + length > pdf->size) {
- cli_dbgmsg("cli_pdf: length out of file: %ld + %ld > %ld\n",
- p_stream, length, pdf->size);
- noisy_warnmsg("length out of file, truncated: %ld + %ld > %ld\n",
- p_stream, length, pdf->size);
+ cli_dbgmsg("cli_pdf: length out of file: %" PRId64 " + %"
+ PRId64 " > % " PRId64 "\n", p_stream,
+ length, pdf->size);
+ noisy_warnmsg("length out of file, truncated: %" PRId64
+ " + %" PRId64 " > %" PRId64 "\n",
+ p_stream, length, pdf->size);
length = pdf->size - (obj->start + p_stream);
}
@@ -1044,17 +1047,21 @@ int pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t flags)
if (length < 0)
length = 0;
- cli_dbgmsg("cli_pdf: calculated length %ld\n", length);
+ cli_dbgmsg("cli_pdf: calculated length %" PRId64 "\n",
+ length);
} else {
if (size > (size_t)length+2) {
- cli_dbgmsg("cli_pdf: calculated length %ld < %ld\n",
+ cli_dbgmsg("cli_pdf: calculated length %" PRId64 " < %"
+ _ssizet "\n",
length, size);
length = size;
}
}
if (orig_length && size > (size_t)orig_length + 20) {
- cli_dbgmsg("cli_pdf: orig length: %ld, length: %ld, size: %ld\n", orig_length, length, size);
+ cli_dbgmsg("cli_pdf: orig length: %" PRId64 ", length: %"
+ PRId64", size: %" _ssizet "\n", orig_length,
+ length, size);
pdfobj_flag(pdf, obj, BAD_STREAMLEN);
}
@@ -1240,7 +1247,7 @@ int pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t flags)
}
} while (0);
- cli_dbgmsg("cli_pdf: extracted %ld bytes %u %u obj to %s\n", sum, obj->id>>8, obj->id&0xff, fullname);
+ cli_dbgmsg("cli_pdf: extracted %" PRId64 " bytes %u %u obj to %p\n", sum, obj->id>>8, obj->id&0xff, fullname);
if (flags & PDF_EXTRACT_OBJ_SCAN && sum) {
int rc2;
@@ -2493,7 +2500,8 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)
if (pdfver != start || offset) {
pdf.flags |= 1 << BAD_PDF_HEADERPOS;
- cli_dbgmsg("cli_pdf: PDF header is not at position 0: %ld\n",pdfver-start+offset);
+ cli_dbgmsg("cli_pdf: PDF header is not at position 0: %" PRId64 "\n",
+ pdfver - start + offset);
#if HAVE_JSON
if (pdfobj)
cli_jsonbool(pdfobj, "BadVersionLocation", 1);
@@ -2602,7 +2610,8 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)
while ((rc = pdf_findobj(&pdf)) > 0) {
struct pdf_obj *obj = &pdf.objs[pdf.nobjs-1];
- cli_dbgmsg("cli_pdf: found %d %d obj @%ld\n", obj->id >> 8, obj->id&0xff, obj->start + offset);
+ cli_dbgmsg("cli_pdf: found %d %d obj @%" PRId64 "\n", obj->id >> 8,
+ obj->id & 0xff, obj->start + offset);
}
if (pdf.nobjs)
diff --git a/libclamav/regex_list.c b/libclamav/regex_list.c
index f30cc4cd4349..4b27c2974fb6 100644
--- a/libclamav/regex_list.c
+++ b/libclamav/regex_list.c
@@ -41,6 +41,7 @@
#include <assert.h>
#include "regex/regex.h"
+#include "shared/misc.h"
#include "clamav.h"
#include "others.h"
@@ -84,7 +85,9 @@ static inline size_t get_char_at_pos_with_skip(const struct pre_fixup_info* info
return (pos <= strlen(buffer)) ? buffer[pos>0 ? pos-1:0] : '\0';
}
str = info->pre_displayLink.data;
- cli_dbgmsg("calc_pos_with_skip: skip:%lu, %lu - %lu \"%s\",\"%s\"\n", pos, info->host_start, info->host_end, str, buffer);
+ cli_dbgmsg("calc_pos_with_skip: skip: %" _sizet ", %" _sizet " - %"
+ _sizet " \"%s\",\"%s\"\n", pos, info->host_start,
+ info->host_end, str, buffer);
pos += info->host_start;
while(str[realpos] && !isalnum(str[realpos])) realpos++;
for(; str[realpos] && (pos>0); pos--) {
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index 07a38eedc7a5..49cd70a18d9e 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -49,6 +49,7 @@
#define DCONF_MAIL ctx->dconf->mail
#define DCONF_OTHER ctx->dconf->other
+#include "shared/misc.h"
#include "clamav.h"
#include "others.h"
#include "dconf.h"
@@ -3171,8 +3172,8 @@ int cli_map_scandesc(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx,
if (!length) length = old_len - offset;
if (length > old_len - offset) {
- cli_dbgmsg("Data truncated: %lu -> %lu\n",
- (unsigned long)length, old_len - offset);
+ cli_dbgmsg("Data truncated: %" _sizet" -> %" PRIu64" \n", length,
+ old_len - offset);
length = old_len - offset;
}
diff --git a/shared/misc.h b/shared/misc.h
index 3e093936caa1..65f8c9ce0382 100644
--- a/shared/misc.h
+++ b/shared/misc.h
@@ -51,6 +51,10 @@
#define PATH_MAX 1024
#endif
+#include <inttypes.h>
+#define _sizet "zu"
+#define _ssizet "zd"
+
char *freshdbdir(void);
void print_version(const char *dbdir);
int check_flevel(void);
diff --git a/shared/output.c b/shared/output.c
index 5e947a57a6f9..ab054a8bbeee 100644
--- a/shared/output.c
+++ b/shared/output.c
@@ -214,7 +214,8 @@ static int rename_logg(STATBUF *sb)
if (!logg_rotate) {
if (logg_fp) {
- fprintf(logg_fp, "Log size = %zu, max = %zu\n", sb->st_size, logg_size);
+ fprintf(logg_fp, "Log size = %" PRId64 ", max = %" PRId64 "\n",
+ sb->st_size, logg_size);
fprintf(logg_fp, "WARNING: Log size limit met but log file rotation turned off. Forcing log file rotation anyways.\n");
}
diff --git a/sigtool/sigtool.c b/sigtool/sigtool.c
index f2135c210e02..d67e662cfea1 100644
--- a/sigtool/sigtool.c
+++ b/sigtool/sigtool.c
@@ -373,7 +373,8 @@ static char *getdsig(const char *host, const char *user, const unsigned char *da
closesocket(sockd);
return NULL;
} else {
- mprintf("Signature received (length = %lu)\n", (unsigned long)strlen(buff) - 10);
+ mprintf("Signature received (length = %" _sizet ")\n",
+ (unsigned long)strlen(buff) - 10);
}
} else {
mprintf("!getdsig: Communication error with remote server\n");
recipes-security/clamav/clamav-0.98.5/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
+26
View File
@@ -0,0 +1,26 @@
From 86ebd6e3f8fa60d0bdbed10eb10c5a7699b821e4 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Mon, 25 Aug 2014 22:54:37 +0200
Subject: hardcode LLVM linker flag, because llvm-config returns only flags for
linking statically
this reduces the size of libclamav by more than 80 percent
---
libclamav/c++/configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libclamav/c++/configure.ac b/libclamav/c++/configure.ac
index a6697ddd8e82..3c7c7e26fbf8 100644
--- a/libclamav/c++/configure.ac
+++ b/libclamav/c++/configure.ac
@@ -121,8 +121,8 @@ if test "x$llvmconfig" != "x"; then
else
AC_SUBST(LLVMCONFIG_LDFLAGS, [`$llvmconfig --ldflags`])
fi
- AC_SUBST(LLVMCONFIG_LIBS, [`$llvmconfig --libs jit nativecodegen scalaropts ipo`])
- AC_SUBST(LLVMCONFIG_LIBFILES, [`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`])
+ AC_SUBST(LLVMCONFIG_LIBS, [-lLLVM-$llvmver])
+ AC_SUBST(LLVMCONFIG_LIBFILES, [])
AC_MSG_NOTICE([CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS])
AC_MSG_NOTICE([LDFLAGS from llvm-config: $LLVMCONFIG_LDFLAGS])
AC_MSG_NOTICE([LIBS from llvm-config: $LLVMCONFIG_LIBS])
recipes-security/clamav/clamav-0.98.5/0011-Add-libmspack-library-from-upstream-without-unnecess.patch
+56090
View File
File diff suppressed because it is too large Load Diff
recipes-security/clamav/clamav-0.98.5/0012-allow-to-use-internal-libmspack-if-the-external-is-n.patch
+106
View File
@@ -0,0 +1,106 @@
From 2bb998ed68841356499fe5c5cde875e87563572c Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Wed, 30 Jul 2014 21:59:17 +0200
Subject: allow to use internal libmspack if the external is not available
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
configure.ac | 16 ++++++++++++++--
libclamav/Makefile.am | 30 +++++++++++++++++++++++++++++-
2 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 02caad29410a..5abe018a00b0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,6 +131,18 @@ m4_include([m4/reorganization/libs/curl.m4])
m4_include([m4/reorganization/substitutions.m4])
+PKG_CHECK_MODULES([LIBMSPACK], [libmspack],
+ use_internal_mspack=no, use_internal_mspack=yes)
+
+AM_CONDITIONAL([USE_INTERNAL_MSPACK], test "x$use_internal_mspack" = "xyes")
+
+if test "x$use_internal_mspack" = "xyes"; then
+ mspack_msg="Internal"
+ AC_CONFIG_SUBDIRS([libclamav/libmspack-0.4alpha])
+else
+ mspack_msg="External, $LIBMSPACK_CFLAGS $LIBMSPACK_LIBS"
+fi
+
AM_CONDITIONAL([ENABLE_CLAMSUBMIT], [test "$have_curl" = "yes"])
AC_CONFIG_FILES([
@@ -178,8 +190,6 @@ fi
AM_CONDITIONAL([ENABLE_LLVM],
[test "$subdirfailed" != "yes" && test "$enable_llvm" != "no"])
-PKG_CHECK_MODULES([LIBMSPACK], [libmspack])
-
no_recursion="yes";
AC_OUTPUT([libclamav/Makefile])
@@ -236,6 +246,8 @@ if test "x$PCRE_HOME" = "x"; then
else
CL_MSG_STATUS([pcre ],[$PCRE_HOME],[$have_pcre])
fi
+CL_MSG_STATUS([preclass ],[$LIBJSON_HOME],[$have_json])
+CL_MSG_STATUS([libmspack ],[yes],[$mspack_msg])
if test "x$XML_LIBS" = "x"; then
CL_MSG_STATUS([dmg and xar ],[no],[])
else
diff --git a/libclamav/Makefile.am b/libclamav/Makefile.am
index 538e83dcdd03..6d2cf920d6e2 100644
--- a/libclamav/Makefile.am
+++ b/libclamav/Makefile.am
@@ -122,11 +122,12 @@ libclamav_internal_utils_nothreads_la_SOURCES=str.c\
libclamav_internal_utils_nothreads_la_LDFLAGS=-static @SSL_LDFLAGS@ @JSON_LDFLAGS@
libclamav_internal_utils_nothreads_la_CFLAGS=$(AM_CFLAGS) -DCL_NOTHREADS @SSL_CPPFLAGS@ @JSON_CPPFLAGS@
libclamav_internal_utils_nothreads_la_LIBADD=@SSL_LIBS@ @JSON_LIBS@
+SUBDIRS=
if ENABLE_LLVM
LLVMLIBADD=c++/libclamavcxx.la -lstdc++ -lm
LLVMDEP=c++/libclamavcxx.la
-SUBDIRS=c++
+SUBDIRS+=c++
else
LLVMLIBADD=libclamav_nocxx.la
LLVMDEP=libclamav_nocxx.la
@@ -147,8 +148,35 @@ if VERSIONSCRIPT
libclamav_la_LDFLAGS += -Wl,@VERSIONSCRIPTFLAG@,@top_srcdir@/libclamav/libclamav.map
endif
+if USE_INTERNAL_MSPACK
+SUBDIRS += libmspack-0.4alpha
+libclamav_la_CFLAGS += -I@top_srcdir@/libclamav/libmspack-0.4alpha/mspack
+libclamav_la_LIBADD += @top_builddir@/libclamav/libmspack-0.4alpha/.libs/cabc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/system.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/kwajd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/hlpc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/chmd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/qtmd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/litc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/oabc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/lzxd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/litd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/crc32.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/lzssd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/kwajc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/cabd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/szddd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/lzxc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/mszipd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/szddc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/oabd.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/chmc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/mszipc.o \
+ @top_builddir@/libclamav/libmspack-0.4alpha/.libs/hlpd.o
+else
libclamav_la_CFLAGS += $(LIBMSPACK_CFLAGS)
libclamav_la_LDFLAGS += $(LIBMSPACK_LIBS)
+endif
include_HEADERS = clamav.h
recipes-security/clamav/clamav-0.98.5/0013-fix-autoreconf-with-embedded-libmspack.patch
+27
View File
@@ -0,0 +1,27 @@
From b1ab1a88f38c9d9cea2433dac33b8ecb31b3c799 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Mon, 22 Sep 2014 21:50:05 +0200
Subject: fix autoreconf with embedded libmspack
---
libclamav/libmspack-0.4alpha/NEWS | 1 +
libclamav/libmspack-0.4alpha/configure.ac | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/libclamav/libmspack-0.4alpha/NEWS b/libclamav/libmspack-0.4alpha/NEWS
index e69de29bb2d1..8d1c8b69c3fc 100644
--- a/libclamav/libmspack-0.4alpha/NEWS
+++ b/libclamav/libmspack-0.4alpha/NEWS
@@ -0,0 +1 @@
+
diff --git a/libclamav/libmspack-0.4alpha/configure.ac b/libclamav/libmspack-0.4alpha/configure.ac
index 55fb6ce5ee9d..1fc98577f152 100644
--- a/libclamav/libmspack-0.4alpha/configure.ac
+++ b/libclamav/libmspack-0.4alpha/configure.ac
@@ -46,5 +46,5 @@ AC_SYS_LARGEFILE
AC_FUNC_FSEEKO
# Checks for library functions.
-AC_CONFIG_FILES([Makefile doc/Makefile doc/Doxyfile libmspack.pc])
+AC_CONFIG_FILES([Makefile libmspack.pc])
AC_OUTPUT
recipes-security/clamav/clamav-0.98.5/0014-remove-AC_CONFIG_SRCDIR-llvm-configure-from-libclama.patch
+23
View File
@@ -0,0 +1,23 @@
From 573da4644d9dbcff3107c4bc3a8a346a5ba0b84d Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Tue, 14 Oct 2014 20:16:04 +0200
Subject: remove AC_CONFIG_SRCDIR([llvm/configure]) from
libclamav/c++/configure.ac to allow compilation without the
libclamav/c++/llvm directory
---
libclamav/c++/configure.ac | 1 -
1 file changed, 1 deletion(-)
diff --git a/libclamav/c++/configure.ac b/libclamav/c++/configure.ac
index 3c7c7e26fbf8..43e187ff1f56 100644
--- a/libclamav/c++/configure.ac
+++ b/libclamav/c++/configure.ac
@@ -16,7 +16,6 @@ dnl MA 02110-1301, USA.
AC_PREREQ([2.59])
AC_INIT([libclamavc++],[devel],[http://bugs.clamav.net])
AC_CONFIG_AUX_DIR([config])
-AC_CONFIG_SRCDIR([llvm/configure])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADER([clamavcxx-config.h])
AC_CANONICAL_TARGET
recipes-security/clamav/clamav-0.98.5/0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch
+229
View File
@@ -0,0 +1,229 @@
From 9ba0bd8840f8be4cccaf8134b65a012dffdd8ae0 Mon Sep 17 00:00:00 2001
From: Shawn Webb <swebb@sourcefire.com>
Date: Thu, 31 Jul 2014 11:50:23 -0400
Subject: bb#10731 - Allow to specificy a group for the socket of which the
user is not a member
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
clamav-milter/clamav-milter.c | 193 +++++++++++++++++++++---------------------
1 file changed, 98 insertions(+), 95 deletions(-)
diff --git a/clamav-milter/clamav-milter.c b/clamav-milter/clamav-milter.c
index 2c7a4d7d3414..99e7fe7fac04 100644
--- a/clamav-milter/clamav-milter.c
+++ b/clamav-milter/clamav-milter.c
@@ -116,6 +116,104 @@ int main(int argc, char **argv) {
}
}
+ if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
+ logg("!Please configure the MilterSocket directive\n");
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+
+ if(smfi_setconn(my_socket) == MI_FAILURE) {
+ logg("!smfi_setconn failed\n");
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ if(smfi_register(descr) == MI_FAILURE) {
+ logg("!smfi_register failed\n");
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ opt = optget(opts, "FixStaleSocket");
+ umsk = umask(0777); /* socket is created with 000 to avoid races */
+ if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
+ logg("!Failed to create socket %s\n", my_socket);
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ umask(umsk); /* restore umask */
+ if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
+ /* set group ownership and perms on the local socket */
+ char *sock_name = my_socket;
+ mode_t sock_mode;
+ if(!strncmp(my_socket, "unix:", 5))
+ sock_name += 5;
+ if(!strncmp(my_socket, "local:", 6))
+ sock_name += 6;
+ if(*my_socket == ':')
+ sock_name ++;
+
+ if(optget(opts, "MilterSocketGroup")->enabled) {
+ char *gname = optget(opts, "MilterSocketGroup")->strarg, *end;
+ gid_t sock_gid = strtol(gname, &end, 10);
+ if(*end) {
+ struct group *pgrp = getgrnam(gname);
+ if(!pgrp) {
+ logg("!Unknown group %s\n", gname);
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ sock_gid = pgrp->gr_gid;
+ }
+ if(chown(sock_name, -1, sock_gid)) {
+ logg("!Failed to change socket ownership to group %s\n", gname);
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ }
+
+ if ((opt = optget(opts, "User"))->enabled) {
+ struct passwd *user;
+ if ((user = getpwnam(opt->strarg)) == NULL) {
+ logg("ERROR: Can't get information about user %s.\n",
+ opt->strarg);
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+
+ if(chown(sock_name, user->pw_uid, -1)) {
+ logg("!Failed to change socket ownership to user %s\n", user->pw_name);
+ optfree(opts);
+ logg_close();
+ return 1;
+ }
+ }
+
+ if(optget(opts, "MilterSocketMode")->enabled) {
+ char *end;
+ sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8);
+ if(*end) {
+ logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ } else
+ sock_mode = 0777 & ~umsk;
+
+ if(chmod(sock_name, sock_mode & 0666)) {
+ logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+ }
+
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
struct passwd *user = NULL;
if((user = getpwnam(opt->strarg)) == NULL) {
@@ -248,15 +346,6 @@ int main(int argc, char **argv) {
multircpt = optget(opts, "SupportMultipleRecipients")->enabled;
- if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
- logg("!Please configure the MilterSocket directive\n");
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
-
if(!optget(opts, "Foreground")->enabled) {
if(daemonize() == -1) {
logg("!daemonize() failed\n");
@@ -271,92 +360,6 @@ int main(int argc, char **argv) {
logg("^Can't change current working directory to root\n");
}
- if(smfi_setconn(my_socket) == MI_FAILURE) {
- logg("!smfi_setconn failed\n");
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- if(smfi_register(descr) == MI_FAILURE) {
- logg("!smfi_register failed\n");
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- opt = optget(opts, "FixStaleSocket");
- umsk = umask(0777); /* socket is created with 000 to avoid races */
- if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
- logg("!Failed to create socket %s\n", my_socket);
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- umask(umsk); /* restore umask */
- if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
- /* set group ownership and perms on the local socket */
- char *sock_name = my_socket;
- mode_t sock_mode;
- if(!strncmp(my_socket, "unix:", 5))
- sock_name += 5;
- if(!strncmp(my_socket, "local:", 6))
- sock_name += 6;
- if(*my_socket == ':')
- sock_name ++;
-
- if(optget(opts, "MilterSocketGroup")->enabled) {
- char *gname = optget(opts, "MilterSocketGroup")->strarg, *end;
- gid_t sock_gid = strtol(gname, &end, 10);
- if(*end) {
- struct group *pgrp = getgrnam(gname);
- if(!pgrp) {
- logg("!Unknown group %s\n", gname);
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- sock_gid = pgrp->gr_gid;
- }
- if(chown(sock_name, -1, sock_gid)) {
- logg("!Failed to change socket ownership to group %s\n", gname);
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- }
- if(optget(opts, "MilterSocketMode")->enabled) {
- char *end;
- sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8);
- if(*end) {
- logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- } else
- sock_mode = 0777 & ~umsk;
-
- if(chmod(sock_name, sock_mode & 0666)) {
- logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
- localnets_free();
- whitelist_free();
- logg_close();
- optfree(opts);
- return 1;
- }
- }
-
maxfilesize = optget(opts, "MaxFileSize")->numarg;
if(!maxfilesize) {
logg("^Invalid MaxFileSize, using default (%d)\n", CLI_DEFAULT_MAXFILESIZE);
recipes-security/clamav/clamav-0.98.5/0016-clamav-milter-add-additinal-SMFIF_-flags-before-invo.patch
+86
View File
@@ -0,0 +1,86 @@
From dbc72db36eced2d3ca7c5b7f14970528c435429e Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sun, 26 Oct 2014 12:11:09 +0100
Subject: clamav-milter: add additinal SMFIF_* flags before invoking
smfi_register()
unfortunately after the shifting of the code (so that the socket could
be part of a group which is not part of the clamav user) I forgot (or
did not see it) to have the header flags added before the
smfi_register() was invoked. As a result the socket was working but it
was unable to add the X-Virus-Scanned & X-Virus-Status flags. This
patch fixes the issue.
https://bugzilla.clamav.net/show_bug.cgi?id=10731
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
clamav-milter/clamav-milter.c | 48 ++++++++++++++++++++++++-------------------
1 file changed, 27 insertions(+), 21 deletions(-)
diff --git a/clamav-milter/clamav-milter.c b/clamav-milter/clamav-milter.c
index 99e7fe7fac04..22db98ab7c5e 100644
--- a/clamav-milter/clamav-milter.c
+++ b/clamav-milter/clamav-milter.c
@@ -116,6 +116,33 @@ int main(int argc, char **argv) {
}
}
+ pt = optget(opts, "AddHeader")->strarg;
+ if (strcasecmp(pt, "No")) {
+ char myname[255];
+
+ if (((opt = optget(opts, "ReportHostname"))->enabled &&
+ strncpy(myname, opt->strarg, sizeof(myname))) ||
+ !gethostname(myname, sizeof(myname))) {
+
+ myname[sizeof(myname)-1] = '\0';
+ snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s at %s",
+ get_version(), myname);
+ } else {
+ snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s",
+ get_version());
+ }
+ xvirushdr[sizeof(xvirushdr)-1] = '\0';
+
+ descr.xxfi_flags |= SMFIF_ADDHDRS;
+
+ if (strcasecmp(pt, "Add")) { /* Replace or Yes */
+ descr.xxfi_flags |= SMFIF_CHGHDRS;
+ addxvirus = 1;
+ } else { /* Add */
+ addxvirus = 2;
+ }
+ }
+
if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
logg("!Please configure the MilterSocket directive\n");
logg_close();
@@ -323,27 +350,6 @@ int main(int argc, char **argv) {
return 1;
}
- pt = optget(opts, "AddHeader")->strarg;
- if(strcasecmp(pt, "No")) {
- char myname[255];
-
- if(((opt = optget(opts, "ReportHostname"))->enabled && strncpy(myname, opt->strarg, sizeof(myname))) || !gethostname(myname, sizeof(myname))) {
- myname[sizeof(myname)-1] = '\0';
- snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s at %s", get_version(), myname);
- } else
- snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s", get_version());
- xvirushdr[sizeof(xvirushdr)-1] = '\0';
-
- descr.xxfi_flags |= SMFIF_ADDHDRS;
-
- if(strcasecmp(pt, "Add")) { /* Replace or Yes */
- descr.xxfi_flags |= SMFIF_CHGHDRS;
- addxvirus = 1;
- } else { /* Add */
- addxvirus = 2;
- }
- }
-
multircpt = optget(opts, "SupportMultipleRecipients")->enabled;
if(!optget(opts, "Foreground")->enabled) {
recipes-security/clamav/clamav-0.98.5/0017-Bump-.so-version-number.patch
+22
View File
@@ -0,0 +1,22 @@
From 6569ca8a084191f9fedde16abf8fa15b6ebef4fe Mon Sep 17 00:00:00 2001
From: Shawn Webb <swebb@sourcefire.com>
Date: Wed, 19 Nov 2014 11:51:22 -0500
Subject: Bump .so version number
---
m4/reorganization/version.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/m4/reorganization/version.m4 b/m4/reorganization/version.m4
index ea263b28e647..f4fe8b1e150e 100644
--- a/m4/reorganization/version.m4
+++ b/m4/reorganization/version.m4
@@ -3,7 +3,7 @@ dnl VERSION="devel-`date +%Y%m%d`"
VERSION="0.98.5"
LC_CURRENT=7
-LC_REVISION=22
+LC_REVISION=24
LC_AGE=1
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
AC_SUBST([LIBCLAMAV_VERSION])
recipes-security/clamav/clamav-0.98.5/0018-llvm-don-t-use-system-libs.patch
+26
View File
@@ -0,0 +1,26 @@
From 169677f7699f78d483c84b4ab54943ea622535c8 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Wed, 19 Nov 2014 23:04:32 +0100
Subject: llvm: don't use --system-libs
this continues the saga of not linking the .a files so we don't care
about the libs llvm links against (like -ledit)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
libclamav/c++/configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libclamav/c++/configure.ac b/libclamav/c++/configure.ac
index 43e187ff1f56..2d2d47b9d24c 100644
--- a/libclamav/c++/configure.ac
+++ b/libclamav/c++/configure.ac
@@ -115,7 +115,7 @@ if test "x$llvmconfig" != "x"; then
if test $llvmver_test -ge 350; then
dnl LLVM 3.5.0 and after splits linker flags into two sets
ldflags=`$llvmconfig --ldflags`
- syslibs=`$llvmconfig --system-libs`
+ syslibs=
AC_SUBST(LLVMCONFIG_LDFLAGS, ["$ldflags $syslibs"])
else
AC_SUBST(LLVMCONFIG_LDFLAGS, [`$llvmconfig --ldflags`])
recipes-security/clamav/clamav-0.98.5/clamav-0001-clamdscan.patch
+21
View File
@@ -0,0 +1,21 @@
Fixes build error
proto.c: In function 'dconnect':
proto.c:86:67: error: invalid application of 'sizeof' to incomplete type 'struct sockaddr_un'
if (connect(sockd, (struct sockaddr *)&nixsock, sizeof(nixsock)) == 0)
Patch sent upstream: http://lurker.clamav.net/message/20140928.130829.5494fd68.en.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
diff -uNr a/clamdscan/proto.c b/clamdscan/proto.c
--- a/clamdscan/proto.c 2014-05-06 20:39:56.000000000 +0200
+++ b/clamdscan/proto.c 2014-05-10 10:41:44.000000000 +0200
@@ -35,6 +35,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/types.h>
+#include <sys/un.h>
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
recipes-security/clamav/clamav-0.98.5/clamav-freshclam.service
+12
View File
@@ -0,0 +1,12 @@
[Unit]
Description=ClamAV virus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) http://www.clamav.net/lang/en/doc/
# If user wants it run from cron, don't start the daemon.
ConditionPathExists=!/etc/cron.d/clamav-freshclam
[Service]
ExecStart=/usr/bin/freshclam -d --foreground=true
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
recipes-security/clamav/clamav-0.98.5/clamav-milter.conf.sample
+293
View File
@@ -0,0 +1,293 @@
##
## Example config file for clamav-milter
##
# Comment or remove the line below.
Example
##
## Main options
##
# Define the interface through which we communicate with sendmail
# This option is mandatory! Possible formats are:
# [[unix|local]:]/path/to/file - to specify a unix domain socket
# inet:port@[hostname|ip-address] - to specify an ipv4 socket
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
#MilterSocket /tmp/clamav-milter.socket
#MilterSocket inet:7357
# Define the group ownership for the (unix) milter socket.
# Default: disabled (the primary group of the user running clamd)
#MilterSocketGroup virusgroup
# Sets the permissions on the (unix) milter socket to the specified mode.
# Default: disabled (obey umask)
#MilterSocketMode 660
# Remove stale socket after unclean shutdown.
#
# Default: yes
#FixStaleSocket yes
# Run as another user (clamav-milter must be started by root for this option to work)
#
# Default: unset (don't drop privileges)
#User clamav
# Initialize supplementary group access (clamav-milter must be started by root).
#
# Default: no
#AllowSupplementaryGroups no
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout.
#
# Default: 120
#ReadTimeout 300
# Don't fork into background.
#
# Default: no
#Foreground yes
# Chroot to the specified directory.
# Chrooting is performed just after reading the config file and before dropping privileges.
#
# Default: unset (don't chroot)
#Chroot /newroot
# This option allows you to save a process identifier of the listening
# daemon (main thread).
#
# Default: disabled
#PidFile /var/run/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#
#TemporaryDirectory /var/tmp
##
## Clamd options
##
# Define the clamd socket to connect to for scanning.
# This option is mandatory! Syntax:
# ClamdSocket unix:path
# ClamdSocket tcp:host:port
# The first syntax specifies a local unix socket (needs an absolute path) e.g.:
# ClamdSocket unix:/var/run/clamd/clamd.socket
# The second syntax specifies a tcp local or remote tcp socket: the
# host can be a hostname or an ip address; the ":port" field is only required
# for IPv6 addresses, otherwise it defaults to 3310, e.g.:
# ClamdSocket tcp:192.168.0.1
#
# This option can be repeated several times with different sockets or even
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
ClamdSocket /var/run/clamav/clamd
##
## Exclusions
##
# Messages originating from these hosts/networks will not be scanned
# This option takes a host(name)/mask pair in CIRD notation and can be
# repeated several times. If "/mask" is omitted, a host is assumed.
# To specify a locally orignated, non-smtp, email use the keyword "local"
#
# Default: unset (scan everything regardless of the origin)
#LocalNet local
#LocalNet 192.168.0.0/24
#LocalNet 1111:2222:3333::/48
# This option specifies a file which contains a list of basic POSIX regular
# expressions. Addresses (sent to or from - see below) matching these regexes
# will not be scanned. Optionally each line can start with the string "From:"
# or "To:" (note: no whitespace after the colon) indicating if it is,
# respectively, the sender or recipient that is to be whitelisted.
# If the field is missing, "To:" is assumed.
# Lines starting with #, : or ! are ignored.
#
# Default unset (no exclusion applied)
#Whitelist /etc/whitelisted_addresses
# Messages from authenticated SMTP users matching this extended POSIX
# regular expression (egrep-like) will not be scanned.
# As an alternative, a file containing a plain (not regex) list of names (one
# per line) can be specified using the prefix "file:".
# e.g. SkipAuthenticated file:/etc/good_guys
#
# Note: this is the AUTH login name!
#
# Default: unset (no whitelisting based on SMTP auth)
#SkipAuthenticated ^(tom|dick|henry)$
# Messages larger than this value won't be scanned.
# Make sure this value is lower or equal than StreamMaxLength in clamd.conf
#
# Default: 25M
#MaxFileSize 10M
##
## Actions
##
# The following group of options controls the delievery process under
# different circumstances.
# The following actions are available:
# - Accept
# The message is accepted for delievery
# - Reject
# Immediately refuse delievery (a 5xx error is returned to the peer)
# - Defer
# Return a temporary failure message (4xx) to the peer
# - Blackhole (not available for OnFail)
# Like Accept but the message is sent to oblivion
# - Quarantine (not available for OnFail)
# Like Accept but message is quarantined instead of being delivered
#
# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ
# For Postfix this causes the message to be placed on hold
#
# Action to be performed on clean messages (mostly useful for testing)
# Default: Accept
#OnClean Accept
# Action to be performed on infected messages
# Default: Quarantine
#OnInfected Quarantine
# Action to be performed on error conditions (this includes failure to
# allocate data structures, no scanners available, network timeouts,
# unknown scanner replies and the like)
# Default: Defer
#OnFail Defer
# This option allows to set a specific rejection reason for infected messages
# and it's therefore only useful together with "OnInfected Reject"
# The string "%v", if present, will be replaced with the virus name.
# Default: MTA specific
#RejectMsg
# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an
# "X-Virus-Status" headers will be attached to each processed message, possibly
# replacing existing headers.
# If it is set to Add, the X-Virus headers are added possibly on top of the
# existing ones.
# Note that while "Replace" can potentially break DKIM signatures, "Add" may
# confuse procmail and similar filters.
# Default: no
#AddHeader Replace
# When AddHeader is in use, this option allows to arbitrary set the reported
# hostname. This may be desirable in order to avoid leaking internal names.
# If unset the real machine name is used.
# Default: disabled
#ReportHostname my.mail.server.name
# Execute a command (possibly searching PATH) when an infected message is found.
# The following parameters are passed to the invoked program in this order:
# virus name, queue id, sender, destination, subject, message id, message date.
# Note #1: this requires MTA macroes to be available (see LogInfected below)
# Note #2: the process is invoked in the context of clamav-milter
# Note #3: clamav-milter will wait for the process to exit. Be quick or fork to
# avoid unnecessary delays in email delievery
# Default: disabled
#VirusAction /usr/local/bin/my_infected_message_handler
##
## Logging options
##
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
#
# Default: disabled
#LogFile /var/log/clamav/clamav-milter.log
# By default the log file is locked for writing - the lock protects against
# running clamav-milter multiple times.
# This option disables log file locking.
#
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
# rotation (the LogRotate option) will always be enabled.
#
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
#
# Default: no
#LogTime yes
# Use system logger (can work together with LogFile).
#
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
#
# Default: no
#LogVerbose yes
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
#LogRotate yes
# This option allows to tune what is logged when a message is infected.
# Possible values are Off (the default - nothing is logged),
# Basic (minimal info logged), Full (verbose info logged)
# Note:
# For this to work properly in sendmail, make sure the msg_id, mail_addr,
# rcpt_addr and i macroes are available in eom. In other words add a line like:
# Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i
# to your .cf file. Alternatively use the macro:
# define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
# Postfix should be working fine with the default settings.
#
# Default: disabled
#LogInfected Basic
# This option allows to tune what is logged when no threat is found in a scanned message.
# See LogInfected for possible values and caveats.
# Useful in debugging but drastically increases the log size.
# Default: disabled
#LogClean Basic
# This option affects the behaviour of LogInfected, LogClean and VirusAction
# when a message with multiple recipients is scanned:
# If SupportMultipleRecipients is off (the default)
# then one single log entry is generated for the message and, in case the
# message is determined to be malicious, the command indicated by VirusAction
# is executed just once. In both cases only the last recipient is reported.
# If SupportMultipleRecipients is on:
# then one line is logged for each recipient and the command indicated
# by VirusAction is also executed once for each recipient.
#
# Note: although it's probably a good idea to enable this option, the default value
# is currently set to off for legacy reasons.
# Default: no
#SupportMultipleRecipients yes
recipes-security/clamav/clamav-0.98.5/clamav.service
+17
View File
@@ -0,0 +1,17 @@
[Unit]
Description=Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
Requires=clamav-daemon.socket
# Check for database existence
ConditionPathExistsGlob=/usr/share/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/usr/share/clamav/daily.{c[vl]d,inc}
[Service]
ExecStart=/usr/sbin/clamd --foreground=true
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
Also=clamav-daemon.socket
recipes-security/clamav/clamav-0.98.5/clamd.conf
+595
View File
@@ -0,0 +1,595 @@
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /tmp/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
# rotation (the LogRotate option) will always be enabled.
# Default: 1M
LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
#LogRotate yes
# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
ExtendedDetectionInfo yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /var/tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Only load the official signatures published by the ClamAV project.
# Default: no
#OfficialDatabaseOnly no
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
#LocalSocketGroup virusgroup
# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660
# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
#ReadTimeout 300
# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
#
# Default: 500
#SendBufTimeout 200
# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
#
# Default: 100
#MaxQueue 200
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Scan files and directories on other filesystems.
# Default: yes
#CrossFilesystems yes
# Perform a database check.
# Default: 600 (10 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
# any ALLMATCHSCAN command as invalid.
# Default: yes
#AllowAllMatchScan no
# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
# the complete list of PUA categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool
# Only include a specific PUA category. This directive can be used multiple
# times.
# Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
# This option causes memory or nested map scans to dump the content to disk.
# If you turn on this option, more data is written to disk and is available
# when the LeaveTemporaryFiles option is enabled.
#ForceToDisk yes
# This option allows you to disable the caching feature of the engine. By
# default, the engine will store an MD5 in a cache of any files that are
# not flagged as virus or that hit limits checks. Disabling the cache will
# have a negative performance impact on large scans.
# Default: no
#DisableCache yes
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite. If you turn off this option, the original files will still be
# scanned, but without additional processing.
# Default: yes
#ScanPE yes
# Certain PE files contain an authenticode signature. By default, we check
# the signature chain in the PE file against a database of trusted and
# revoked certificates if the file being scanned is marked as a virus.
# If any certificate in the chain validates against any trusted root, but
# does not match any revoked certificate, the file is marked as whitelisted.
# If the file does match a revoked certificate, the file is marked as virus.
# The following setting completely turns off authenticode verification.
# Default: no
#DisableCertCheck yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
##
## Documents
##
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanOLE2 yes
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros no
# This option enables scanning within PDF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanPDF yes
# This option enables scanning within SWF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanSWF yes
##
## Mail files
##
# Enable internal e-mail scanner.
# If you turn off this option, the original files will still be scanned, but
# without parsing individual messages/attachments.
# Default: yes
#ScanMail yes
# Scan RFC1341 messages split over many emails.
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#ScanPartialMessages yes
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockCloak no
# Detect partition intersections in raw disk images using heuristics.
# Default: no
#PartitionIntersection no
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be reported only at
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
#
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
#
# Default: no
#HeuristicScanPrecedence yes
##
## Data Loss Prevention (DLP)
##
# Enable the DLP module
# Default: No
#StructuredDataDetection yes
# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5
# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
#StructuredSSNFormatNormal yes
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
#StructuredSSNFormatStripped yes
##
## HTML
##
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
#ScanHTML yes
##
## Archives
##
# ClamAV can scan within archives and compressed files.
# If you turn off this option, the original files will still be scanned, but
# without unpacking and additional processing.
# Default: yes
#ScanArchive yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
##
## Limits
##
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: setting this limit too high may result in severe damage to the system.
# Default: 16
#MaxRecursion 10
# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000
# Maximum size of a file to check for embedded PE. Files larger than this value
# will skip the additional analysis step.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10M
#MaxEmbeddedPE 10M
# Maximum size of a HTML file to normalize. HTML files larger than this value
# will not be normalized or scanned.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10M
#MaxHTMLNormalize 10M
# Maximum size of a normalized HTML file to scan. HTML files larger than this
# value after normalization will not be scanned.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 2M
#MaxHTMLNoTags 2M
# Maximum size of a script file to normalize. Script content larger than this
# value will not be normalized or scanned.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 5M
#MaxScriptNormalize 5M
# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
# than this value will skip the step to potentially reanalyze as PE.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 1M
#MaxZipTypeRcg 1M
# This option sets the maximum number of partitions of a raw disk image to be scanned.
# Raw disk images with more partitions than this value will have up to the value number
# partitions scanned. Negative values are not allowed.
# Note: setting this limit too high may result in severe damage or impact performance.
# Default: 50
#MaxPartitions 128
# This option sets the maximum number of icons within a PE to be scanned.
# PE files with more icons than this value will have up to the value number icons scanned.
# Negative values are not allowed.
# WARNING: setting this limit too high may result in severe damage or impact performance.
# Default: 100
#MaxIconsPE 200
##
## On-access Scan Settings
##
# Enable on-access scanning. Currently, this is supported via fanotify.
# Clamuko/Dazuko support has been deprecated.
# Default: no
#ScanOnAccess yes
# Don't scan files larger than OnAccessMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#OnAccessMaxFileSize 10M
# Set the include paths (all files inside them will be scanned). You can have
# multiple OnAccessIncludePath directives but each directory must be added
# in a separate line. (On-access scan only)
# Default: disabled
#OnAccessIncludePath /home
#OnAccessIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# (On-access scan only)
# Default: disabled
#OnAccessExcludePath /home/bofh
# With this option you can whitelist specific UIDs. Processes with these UIDs
# will be able to access all files.
# This option can be used multiple times (one per line).
# Default: disabled
#OnAccessExcludeUID 0
##
## Bytecode
##
# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
# Default: yes
#Bytecode yes
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
# This value is only available if clamav was built with --enable-debug!
# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
# Note that by default only signed bytecode is loaded, currently you can only
# load unsigned bytecode in --enable-debug mode.
#
# Default: TrustSigned
#BytecodeSecurity TrustSigned
# Set bytecode timeout in miliseconds.
#
# Default: 5000
# BytecodeTimeout 1000
##
## Statistics gathering and submitting
##
# Enable statistical reporting.
# Default: no
#StatsEnabled yes
# Disable submission of individual PE sections for files flagged as malware.
# Default: no
#StatsPEDisabled yes
# HostID in the form of an UUID to use when submitting statistical information.
# Default: auto
#StatsHostID auto
# Time in seconds to wait for the stats server to come back with a response
# Default: 10
#StatsTimeout 10
recipes-security/clamav/clamav-0.98.5/freshclam.conf
+224
View File
@@ -0,0 +1,224 @@
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
# log rotation (the LogRotate option) will always be enabled.
# Default: 1M
LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
#LogRotate yes
# This option allows you to save the process identifier of the daemon
# Default: disabled
PidFile /var/run/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# You can use db.XY.ipv6.clamav.net for IPv6 connections.
#DatabaseMirror db.XY.clamav.net
# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5
# With this option you can control scripted updates. It's highly recommended
# to keep it enabled.
# Default: yes
#ScriptedUpdates yes
# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no
# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb
# This option allows you to easily point freshclam to private mirrors.
# If PrivateMirror is set, freshclam does not attempt to use DNS
# to determine whether its databases are out-of-date, instead it will
# use the If-Modified-Since request or directly check the headers of the
# remote database files. For each database, freshclam first attempts
# to download the CLD file. If that fails, it tries to download the
# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
# and ScriptedUpdates. It can be used multiple times to provide
# fall-back mirrors.
# Default: disabled
#PrivateMirror mirror1.mynetwork.com
#PrivateMirror mirror2.mynetwork.com
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
# Default: no
#NotifyClamd /path/to/clamd.conf
# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command
# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60
# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60
# With this option enabled, freshclam will attempt to load new
# databases into memory to make sure they are properly handled
# by libclamav before replacing the old ones.
# Default: yes
#TestDatabases yes
# When enabled freshclam will submit statistics to the ClamAV Project about
# the latest virus detections in your environment. The ClamAV maintainers
# will then use this data to determine what types of malware are the most
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
#SubmitDetectionStats /path/to/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
# your IP address to determine the geographical origin of the malware
# reported by your installation. If this installation is mainly used to
# scan data which comes from a different location, please enable this
# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
# of the country of origin.
# Default: disabled
#DetectionStatsCountry country-code
# This option enables support for our "Personal Statistics" service.
# When this option is enabled, the information on malware detected by
# your clamd installation is made available to you through our website.
# To get your HostID, log on http://www.stats.clamav.net and add a new
# host to your host list. Once you have the HostID, uncomment this option
# and paste the HostID here. As soon as your freshclam starts submitting
# information to our stats collecting service, you will be able to view
# the statistics of this clamd installation by logging into
# http://www.stats.clamav.net with the same credentials you used to
# generate the HostID. For more information refer to:
# http://www.clamav.net/documentation.html#cctts
# This feature requires SubmitDetectionStats to be enabled.
# Default: disabled
#DetectionStatsHostID unique-id
# This option enables support for Google Safe Browsing. When activated for
# the first time, freshclam will download a new database file (safebrowsing.cvd)
# which will be automatically loaded by clamd and clamscan during the next
# reload, provided that the heuristic phishing detection is turned on. This
# database includes information about websites that may be phishing sites or
# possible sources of malware. When using this option, it's mandatory to run
# freshclam at least every 30 minutes.
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
# database and its updates but all the contents are provided under Google's
# terms of use. See http://www.google.com/transparencyreport/safebrowsing
# and http://www.clamav.net/documentation.html#safebrowsing
# for more information.
# Default: disabled
#SafeBrowsing yes
# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: enabled
#Bytecode yes
# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors.
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2
recipes-security/clamav/clamav-0.98.5/series
+18
View File
@@ -0,0 +1,18 @@
0001-Change-paths-in-sample-conf-file-to-match-Debian.patch
0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
0003-unit_tests-increment-test-timeout-from-40secs-to-5mi.patch
0004-Fix-compiling-on-Hurd.patch
0005-Workaround-a-bug-in-libc-on-Hurd.patch
0006-remove-unnecessary-harmful-flags-from-libclamav.pc.patch
0007-libclamav-use-libmspack.patch
0008-Add-upstream-systemd-support-for-clamav-daemon-and-c.patch
0009-fix-ssize_t-size_t-off_t-printf-modifier.patch
0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
0011-Add-libmspack-library-from-upstream-without-unnecess.patch
0012-allow-to-use-internal-libmspack-if-the-external-is-n.patch
0013-fix-autoreconf-with-embedded-libmspack.patch
0014-remove-AC_CONFIG_SRCDIR-llvm-configure-from-libclama.patch
0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch
0016-clamav-milter-add-additinal-SMFIF_-flags-before-invo.patch
0017-Bump-.so-version-number.patch
0018-llvm-don-t-use-system-libs.patch
recipes-security/clamav/clamav-0.98.5/volatiles.03_clamav
+3
View File
@@ -0,0 +1,3 @@
# <type> <owner> <group> <mode> <path> <linksource>
d clamav clamav 0755 /var/log/clamav none
f clamav clamav 0655 /var/log/clamav/freshclam.log none
recipes-security/clamav/clamav_0.98.5.bb
+135
View File
@@ -0,0 +1,135 @@
SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface"
DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats."
HOMEPAGE = "http://www.clamav.net/index.html"
SECTION = "security"
LICENSE = "LGPL-2.1"
DEPENDS = "libtool db openssl zlib ncurses bzip2"
LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}+dfsg.orig.tar.xz;name=archive \
file://0001-Change-paths-in-sample-conf-file-to-match-Debian.patch \
file://0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch \
file://0003-unit_tests-increment-test-timeout-from-40secs-to-5mi.patch \
file://0004-Fix-compiling-on-Hurd.patch \
file://0005-Workaround-a-bug-in-libc-on-Hurd.patch \
file://0006-remove-unnecessary-harmful-flags-from-libclamav.pc.patch \
file://0007-libclamav-use-libmspack.patch \
file://0008-Add-upstream-systemd-support-for-clamav-daemon-and-c.patch \
file://0009-fix-ssize_t-size_t-off_t-printf-modifier.patch \
file://0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch \
file://0011-Add-libmspack-library-from-upstream-without-unnecess.patch \
file://0012-allow-to-use-internal-libmspack-if-the-external-is-n.patch \
file://0013-fix-autoreconf-with-embedded-libmspack.patch \
file://0014-remove-AC_CONFIG_SRCDIR-llvm-configure-from-libclama.patch \
file://0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch \
file://0016-clamav-milter-add-additinal-SMFIF_-flags-before-invo.patch \
file://0017-Bump-.so-version-number.patch \
file://0018-llvm-don-t-use-system-libs.patch \
file://clamav-0001-clamdscan.patch \
file://clamd.conf \
file://freshclam.conf \
file://volatiles.03_clamav \
"
SRC_URI[archive.md5sum] = "34d5e8698e57ce45c4a8c3c2cb211cf3"
SRC_URI[archive.sha256sum] = "0e353f646a0add17ca42e75ccfc7edf4f8b7c1acc972a86c317543f6b365db2d"
inherit autotools-brokensep pkgconfig useradd
S = "${WORKDIR}/${BPN}-${PV}+dfsg"
PACKAGECONFIG ??= ""
PACKAGECONFIG += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
PACKAGECONFIG[xml] = "--with-xml=${STAGING_LIBDIR}/.., --with-xml=no, libxml2,"
PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json,"
PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR}, --without-libcurl, curl,"
PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
UID = "clamav"
GID = "clamav"
EXTRA_OECONF += " --with-user=${UID} --with-group=${GID} \
--without-libcheck-prefix \
--disable-unrar \
--disable-llvm \
--with-openssl=${STAGING_LIBDIR}/.. \
--with-zlib=${STAGING_LIBDIR}/.. \
--with-libbz2-prefix=${STAGING_DIR}${prefix} \
--with-libcurses-prefix=${STAGING_LIBDIR}/.. \
"
do_install_append () {
install -d ${D}/${sysconfdir}
install -d ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
}
pkg_postinst_${PN} () {
if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
chown ${UID}:${GID} ${localstatedir}/lib/clamav
}
PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \
${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav6 ${PN}-staticdev"
FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bibdir}/clamsubmit \
${bindir}/sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
${docdir}/clamav/* "
FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
${docdir}/clamdscan/* \
${mandir}/man1/clamdscan* \
"
FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
${mandir}/man5/clamd* ${mandir}/man8/clamd* \
${sysconfdir}/clamd.conf* \
${systemd_unitdir}/system/clamav-daemon/* \
${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "
FILES_${PN}-freshclam = "${bindir}/freshclam \
${sysconfdir}/freshclam.conf* \
${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
${localstatedir}/lib/clamav \
${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \
${mandir}/man5/freshclam.conf.*"
FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \
${libdir}/pkgconfig/*.pc \
${mandir}/man1/clamav-config.* \
${includedir}/*.h ${docdir}/libclamav* "
FILES_${PN}-staticdev = "${libdir}/*.a"
FILES_${PN}-libclamav6 = "${libdir}/libclamav.so* ${libdir}/libmspack.so*\
${docdir}/libclamav6/* "
FILES_${PN}-doc = "${mandir}/man/* \
${datadir}/man/* \
${docdir}/* "
INSANE_SKIP_${PN}-libclamav6 = "dev-so"
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${UID}"
USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \
${localstatedir}/spool/${BPN} \
--no-create-home --shell /bin/false ${BPN}"
RPROVIDES_${PN} += "${PN}-systemd"
RREPLACES_${PN} += "${PN}-systemd"
RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "${BPN}.service"
RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav6"