Clamav 0.99.3 with git "merge" master

i.e.: git diff HEAD..master | patch -p1 and git add ChangeLog-rpm.old README.fedora clamav-0.98-umask.patch clamav-0.99-private.patch clamav-milter.systemd clamav-milter.sysv clamav-milter.upstart clamav-update.crond clamav-update.logrotate clamd-README clamd-gen clamd-wrapper clamd.SERVICE.init clamd.scan.upstart clamd.sysconfig clamd@.service clamd@scan.service freshclam-sleep freshclam.sysconfig llvm-glibc.patch and again git diff HEAD..master | patch -p1 patching file clamd-gen patching file freshclam-sleep
2018-01-26 22:54:22 +00:00 · 2018-01-26 22:54:22 +00:00 · 162c660fd5
parent 4f3fd81e6a
commit 162c660fd5
29 changed files with 2433 additions and 785 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
-/clamd-wrapper.tar.bz2
 /clamav-*-norar.tar.xz
 /main*.cvd
 /daily*.cvd
 /bytecode-278.cvd
+/bytecode-319.cvd
--- a/ChangeLog-rpm.old
+++ b/ChangeLog-rpm.old
@ -0,0 +1,279 @@
+* Tue Dec 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.7-1
+- updated to 0.88.7
+
+* Sun Nov  5 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.6-1
+- updated to 0.88.6
+
+* Wed Oct 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.5-1
+- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295
+- added patch to set '__attribute__ ((visibility("hidden")))' for
+  exported MD5_*() functions (fixes #202043)
+
+* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.88.4-4
+ - rebuilt for unwind info generation, broken in gcc-4.1.1-21
+
+* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-3
+- splitted SysV initscripts of -milter and -server into own subpackages
+
+* Fri Sep 15 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-2
+- rebuilt
+
+* Tue Aug  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-1
+- updated to 0.88.4 (SECURITY)
+
+* Wed Jul 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+- removed the clamdscan(1) manpage from the -server subpackage
+
+* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+- removed a superfluous '}'
+- removed some code which was relevant for FC-3 only
+
+* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.3-1
+- updated to 0.88.3
+- updated to new fedora-usermgmt macros
+
+* Tue May 16 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-2
+- cleanups: removed unneeded curlies, use plain command instead of
+  %%__XXX macro, whitespace cleanup, removed unneeded versioned
+  dependencies
+- added a 'Requires(post): group(clamav)' dependencies for -update and
+  added the corresponding Provides: to -data
+- removed the %%_without_milter conditional; you won't gain anything
+  when milter would be disabled at buildtime
+
+* Sun Apr 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-1
+- updated to 0.88.2 (SECURITY)
+- rediffed patches; most issues handled by 0.88.1-2 are fixed in
+  0.88.2
+
+* Mon Apr 24 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-2
+- added patch which fixes some classes of compiler warnings; at least
+  the using of implicitly declared functions was reported to cause
+  segfaults on AMD64 (brought to my attention by Marc Perkel)
+- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
+
+* Thu Apr 06 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-1
+- updated to 0.88.1 (SECURITY)
+
+* Sat Feb 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-2
+- rebuilt for FC5
+
+* Tue Jan 10 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-1
+- updated to 0.88
+- added pseudo-versions for the 'init(...)' provides as a first step
+  for the support of alternative initmethods
+
+* Tue Nov 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-2
+- moved 'freshclam.conf.5' man page into the -update subpackage (#173221)
+- ship 'clamd.conf.5' man page in the -server subpackage *too*. The
+  same file is contained in multiple packages now, but this man-page
+  can not be removed from the base package because it also applies to
+  'clamdscan' there (#173221).
+
+* Fri Nov  4 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-1
+- updated to 0.87.1
+
+* Sat Sep 17 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87-1
+- updated to 0.87 (SECURITY)
+- removed -timeout patch; it is solved upstream
+- reverted the -exim changes; they add yet more complexity, their
+  functionality can go into an own package and they contained flaws
+
+* Fri Sep  9 2005 David Woodhouse <dwmw2@infradead.org> - 0.86.2-5
+- Add clamav-exim configuration package
+
+* Fri Jul 29 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-4
+- [milter] create the milter-logfile in the %%post scriptlet
+- [milter] reverted the change of the default child_timeout value; it
+  was set to 5 minutes in 0.86.2 which conflicts with the internal
+  mode where a timeout must not be set. So, the clamav-milter would
+  not run with the default configuration
+
+* Thu Jul 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-3
+- Fixed calculation of sleep duration; on some systems/IPs, `hostid`
+  results in a negative number which is retained by the bash
+  modulo-operation. So the sleep may get a negative number of seconds
+  being interpreted as an option. This version makes sure that the
+  module-operations returns a non-negative value. [BZ #164494, James
+  Wilkinson]
+- added support for a /usr/sbin/clamav-notify-servers.local hook; this
+  file will be executed (source'd) before all other actions and can
+  abort the entire processing by invoking 'exit'
+
+* Mon Jul 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-2
+- updated to 0.86.2 (SECURITY)
+- changed the freshclam updating mechanism (again); now, it consists
+  of a crontab which does not need to be changed and a helper script
+  (freshclam-sleep). This helper script is configured by
+  /etc/sysconfig/freshclam
+
+* Sat Jun 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.1-2
+- updated to 0.86.1
+- fixed randomization in %%post scriptlet: hour should be a range but
+  not a single number
+
+* Tue Jun 21 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86-1
+- updated to 0.86
+- randomize freshclam startup times in -update's %%post script (suggested
+  by Stephen Smoogen); this requires some more Requires(post): also
+
+* Wed May 18 2005 Warren Togami <wtogami@redhat.com> - 0.85.1-4
+- fix dist tagging the way Enrico wants it
+
+* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at>					  - 0.85.1-2
+- Rebuild
+
+* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at>					  - 0.85.1-1
+- Update
+
+* Sat May 14 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.85-0
+- updated to 0.85
+
+* Sun May  1 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.84-0
+- updated to 0.84
+
+* Fri Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
+- rebuilt
+
+* Tue Feb 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.83-1
+- updated to 0.83
+
+* Tue Feb  8 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.82-1
+- updated to 0.82
+- minor spec cleanups
+
+* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.2
+- build the package with '--disable-zlib-vcheck' because RH is unable to
+  apply a fix for a 5 month old and solved security issue.  Please fill
+  your comments at https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385
+- added 'BuildRequires: bc' (should work without also, but ./configure
+  gives out ugly warnings else)
+
+* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.1
+- updated to 0.81
+- do not ship the 'clamd.milter' daemon anymore; clamav-milter supports
+  an internal mode now which is enabled by default
+- updated -milter %%description
+
+* Thu Jan 20 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.2
+- s!cron.d/clamav!cron.d/clamav-update! in the %%description of the -update
+  subpackage (https://bugzilla.fedora.us/show_bug.cgi?id=1715#c39)
+
+* Wed Nov  3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.1
+- updated to 0.80
+- removed DMS, FreeBSD-HOWTO and localized docs as it is not shipped anymore
+- buildrequire 'curl-devel'
+- renamed clamav.conf to clamd.conf (upstream change)
+- updated -initoff patch
+
+* Tue Sep 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75.1-0.fdr.1
+- updated to 0.75.1
+- use %%configure, the problems with the architecture specification
+  seem to have passed (probably because of an autoconf update)
+- set mode 0600 for the cron-script (required by vixie-cron)
+- made the cronjob a spambot and send mail about deactivated freshclam
+  service to nearly everybody... (root, postmaster, webmaster)
+- other fixes in the notification cronjob
+
+* Fri Jul 23 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75-0.fdr.1
+- updated to 0.75
+
+* Thu Jul 15 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.2
+- moved /usr/bin/clamav-config from main into -devel
+
+* Wed Jun 30 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.1
+- updated to 0.74
+
+* Mon Jun 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.73-0.fdr.1
+- updated to 0.73
+- added pkgconfig file
+
+* Fri Jun 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.3
+- notify the user about a deactivated clamav-update service
+- added clamd-gen script which generates template spec-files for
+  services using clamd
+- copied template configuration files to %pkgdatadir/template (needed
+  for clamd-gen)
+- moved the clamd-wrapper from %_initrddir to %{pkgdatadir}; a symlink
+  will be provided for compatibility reasons
+- conditionalized building of the -milter subpackage ('--without
+  milter' switch) to enable builds on RH73 (bug #1715, comment #5/#7)
+
+* Fri Jun  4 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.2
+- removed 'BuildRequires: dietlibc'; it was a leftover from the
+  pre-use-signal era (before 0.70) (bug #1716)
+
+* Thu Jun  3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.1
+- updated to 0.72
+
+* Thu May 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.2
+- removed the randomization in the cronjob; it seems to be impossible
+  to use the mod-operator (%%) there. Instead of, the user has to
+  replace some placeholders...
+
+* Wed May 19 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.1
+- updated to 0.71
+
+* Fri May  7 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1.1
+- quote 'EOF' to delay $RANDOM expansion
+
+* Tue Apr 27 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.2
+- updated GECOS entry for the 'clamav' user to describe its purpose
+  more accurately
+- use explicit '-m755' when creating directories with install
+
+* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1
+- updated to 0.70; rediffed some patches
+- updated logrotate script to use signals and documented the steps
+  which are needed to make it work
+- adapted initscript to use signals instead of sockwrite
+- removed sockwrite; signals can now be used to reload the database
+- added logfile to the -milter subpackage
+
+* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2.1
+- tagged some Requires:, since clamav-server is required in the milter-%%post* scriptlets
+
+* Sat Mar 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2
+- split the double Requires(...,...): statements; see
+  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118773
+- require the recent fedora-usermgmt package (0.7) which fixes similar
+  ordering issues
+
+* Thu Mar 18 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.1
+- updated to 0.68 (using the -1 version)
+- ship milter-files in the -milter instead of the -server subpackage
+
+* Tue Feb 24 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.3
+- fixed ':' vs. '.' in chown
+
+* Tue Feb 17 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.2
+- randomize freshclam startup to prevent server peaks
+
+* Mon Feb 16 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.1
+- updated to 0.67 (using the -1 version)
+
+* Wed Feb 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.66-0.fdr.2
+- updated to 0.66; important, packaging-relevant changes are
+  freshclam:
+  * $http_proxy is not supported anymore; you have to configure it in
+    /etc/freshclam.conf
+  * the logfile has been renamed to /var/log/freshclam.log
+- removed %%check section; buildroot check is implemented in local
+  testsuite already
+- added some %%verify(not mtime) modifiers to avoid unnecessary .rpmnew
+  files
+- added some directory-Requires:
+- activated milter-package and made it work
+- added patch to disable clamav-milter service by default
+- renamed /var/run/clamav.<SERVICE> to /var/run/clamd.<SERVICE>; this
+  makes things more consistently but can break backward compatibility. The
+  initscript should deal with the old version too, but I would not bet on
+  it...
+- updated some descriptions
+- fixed the update-mechanism; now it happens in two stages: at first,
+  the files will be downloaded as user 'clamav' and then, root initiates
+  the daemon-reload.
+
+* Mon Feb  9 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.65-0.fdr.5
+- added security fix for
+  http://www.securityfocus.com/archive/1/353194/2004-02-06/2004-02-12/1
--- a/README.fedora
+++ b/README.fedora
@ -0,0 +1,116 @@
+A clamav-milter setup consists of the following three components:
+
+* the clamav-milter itself
+
+  --> this is provided by the 'clamav-milter' package plus (alternatively)
+      'clamav-milter-upstart' or 'clamav-milter-sysvinit'
+
+  The main configuration is in /etc/mail/clamav-milter.conf and MUST
+  be changed before first use.
+
+  The -sysvinit package is managed by the traditional tools, but
+  -upstart requires modification of /etc/event.d/clamav-milter to
+  enable automatic startup.  See comments there for more details.
+
+* a clamav scanner daemon
+
+  --> this package is called 'clamav-scanner' plus (alternatively)
+      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
+
+  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
+  edited before first use).
+
+  The -sysvinit package is managed by the traditional tools, but
+  -upstart requires modification of /etc/event.d/clamd.scan to enable
+  automatic startup.  See comments there for more details.
+
+* the MTA (sendmail/postfix)
+
+  --> you should know how to install this...
+
+  When communicating across unix sockets with the clamav-milter, it is
+  suggested to use the /var/run/clamav-milter/clamav-milter.socket
+  path.  You have to add something like
+
+    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
+
+  to your sendmail.mc.
+
+
+
+It is suggested that components communicate through TCP sockets as
+this eases setup.  Please add corresponding packet filter rules!
+
+
+EXAMPLE
+=======
+
+For clamav-milter, a possible setup might be created by
+
+A)  On the MTA  (assumed hostname 'host-mta')
+
+  1. Add to sendmail.mc
+
+    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
+
+  2. Rebuild sendmail.cf
+
+
+B)  On the clamav-milter host (assumed hostname 'host-milter')
+
+  1. Install clamav-milter + clamav-milter-upstart packages
+
+  2. Set in /etc/mail/clamav-milter.conf
+
+    | MilterSocket	inet:6666
+    | ClamdSocket	tcp:host-scanner:6665
+
+     and all the other options which are required on your system
+
+  3. Edit /etc/event.d/clamav-milter and uncomment the
+
+    | start on starting local
+
+     line. Restart your system or execute
+
+    | initctl emit starting local
+
+  4. Add something like
+
+    | iptables -N IN-cmilt
+    | iptables -A IN-cmilt -s host-mta -j ACCEPT
+    | iptables -A IN-cmilt -j DROP
+
+    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
+
+     to your firewall setup
+
+C)  On the clamav-scanner host (assumed hostname 'host-scanner')
+
+  1. Install clamav-scanner + clamav-scanner-upstart packages
+
+  2. Add to /etc/clamd.d/scan.conf
+
+    | TCPSocket 6665
+    | TCPAddr   host-scanner
+
+     comment out possible 'LocalSocket' lines and set all the other
+     options which are required on your system
+
+  3. Edit /etc/event.d/clamav-scanner and uncomment the
+
+    | start on starting local
+
+     line. Restart your system or execute
+
+    | initctl emit starting local
+
+  4. Add something like
+
+    | iptables -N IN-cscan
+    | iptables -A IN-cscan -s host-milter -j ACCEPT
+    | iptables -A IN-cscan -j DROP
+
+    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
+
+     to your firewall setup
--- a/clamav-0.98-umask.patch
+++ b/clamav-0.98-umask.patch
@ -0,0 +1,33 @@
+--- clamav-0.98/clamav-milter/clamav-milter.c		2013-09-16 21:28:14.000000000 +0200
+++ clamav-0.98/clamav-milter/clamav-milter.c.umask	2013-10-06 20:39:08.000000000 +0200
+@@ -374,7 +374,7 @@
+ 
+     if((opt = optget(opts, "PidFile"))->enabled) {
+ 	FILE *fd;
+-	mode_t old_umask = umask(0002);
+	mode_t old_umask = umask(0022);
+ 
+ 	if((fd = fopen(opt->strarg, "w")) == NULL) {
+ 	    logg("!Can't save PID in file %s\n", opt->strarg);
+--- clamav-0.98/shared/output.c				2013-09-16 21:28:14.000000000 +0200
+++ clamav-0.98/shared/output.c.umask			2013-10-06 20:39:28.000000000 +0200
+@@ -348,7 +348,7 @@
+     logg_open();
+ 
+     if(!logg_fp && logg_file) {
+-        old_umask = umask(0037);
+        old_umask = umask(0077);
+         if((logg_fp = fopen(logg_file, "at")) == NULL) {
+             umask(old_umask);
+ #ifdef CL_THREAD_SAFE
+--- clamav-0.98/freshclam/freshclam.c			2013-09-16 21:28:14.000000000 +0200
+++ clamav-0.98/freshclam/freshclam.c.umask		2013-10-06 20:39:47.000000000 +0200
+@@ -123,7 +123,7 @@
+ {
+     FILE *fd;
+     int old_umask;
+-    old_umask = umask (0006);
+    old_umask = umask (0022);
+     if ((fd = fopen (pidfile, "w")) == NULL)
+     {
+         logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno));
--- a/clamav-0.99-private.patch
+++ b/clamav-0.99-private.patch
@ -0,0 +1,27 @@
+--- clamav-0.99/libclamav.pc.in			2015-09-18 22:48:25.000000000 +0200
+++ clamav-0.99/libclamav.pc.in.private		2015-12-02 01:30:30.055231319 +0100
+@@ -7,6 +7,6 @@
+ Description: A GPL virus scanner
+ Version: @PACKAGE_VERSION@
+ Libs: -L${libdir} -lclamav
+-Libs.private: @LIBCLAMAV_LIBS@
+Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
+ Cflags: -I${includedir}
+ 
+--- clamav-0.99/clamav-config.in		2015-05-28 23:56:25.000000000 +0200
+++ clamav-0.99/clamav-config.in.private	2015-12-02 01:31:34.933705763 +0100
+@@ -54,12 +54,8 @@
+ 	usage 0
+ 	;;
+ 
+-    --cflags)
+-       	echo -I@includedir@ @CFLAGS@
+-       	;;
+-
+-    --libs)
+-       	echo -L@libdir@ @LIBCLAMAV_LIBS@
+    (--cflags|--libs)
+	${PKG_CONFIG:-pkg-config} "$1" libclamav
+        	;;
+ 
+     *)
--- a/clamav-milter.init
+++ b/clamav-milter.init
@ -1,58 +0,0 @@
-#!/bin/sh
-#
-# Startup script for the Clamav Milter Daemon
-#
-# chkconfig: - 77 23
-# description: clamav-milter is a daemon which hooks into sendmail \
-#              and routes email messages to clamav.
-# processname: clamav-milter
-# pidfile: /var/run/clamav/clamav-milter.pid
-# config: /etc/sysconfig/clamav-milter
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-[ -x /usr/sbin/clamav-milter ] || exit 0
-
-# Local clamav-milter config
-CLAMAV_FLAGS=
-test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
-
-# See how we were called.
-case "$1" in
-  start)
-	echo -n "Starting Clamav Milter Daemon: "
-        daemon clamav-milter $CLAMAV_FLAGS 
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamav-milter
-	;;
-  stop)
-	echo -n "Stopping Clamav Milter Daemon: "
-	killproc clamav-milter
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamav-milter
-	;;
-  status)
-	status clamav-milter
-	RETVAL=$?
-	;;
-  restart|reload)
-	$0 stop
-	$0 start
-	RETVAL=$?
-	;;
-  condrestart)
-	[ -e /var/lock/subsys/clamav-milter ] && $0 restart
-	RETVAL=$?
-	;;
-  *)
-	echo "Usage: clamav-milter {start|stop|status|restart|reload|condrestart}"
-	exit 1
-esac
-
-exit $RETVAL
--- a/clamav-milter.sysconfig
+++ b/clamav-milter.sysconfig
@ -1,4 +0,0 @@
-### Simple config file for clamav-milter, you should
-### read the documentation and tweak it as you wish.
-
-CLAMAV_FLAGS=""
--- a/clamav-milter.systemd
+++ b/clamav-milter.systemd
@ -0,0 +1,25 @@
+[Unit]
+Description = Milter module for the Clam Antivirus scanner
+After = syslog.target nss-lookup.target network.target
+Before = sendmail.service
+Before = postfix.service
+After = clamd@scan.service
+
+[Service]
+Type = forking
+ExecStart = /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
+Restart = on-failure
+
+User=clamilt
+Group=clamilt
+
+PrivateTmp=yes
+PrivateDevices=yes
+CapabilityBoundingSet=CAP_KILL
+
+ReadOnlyDirectories=/etc
+ReadOnlyDirectories=/usr
+ReadOnlyDirectories=/var/lib
+
+[Install]
+WantedBy = multi-user.target
--- a/clamav-milter.sysv
+++ b/clamav-milter.sysv
@ -0,0 +1,93 @@
+#!/bin/bash
+#
+# clamav-milter Starts/stop the "clamav-milter" daemon
+#
+# chkconfig:   - 79 31
+# description: A virus scanning milter
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec=/usr/sbin/clamav-milter
+prog="clamav-milter"
+
+OPTS='-c /etc/mail/clamav-milter.conf'
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+pidfile=/var/run/clamav-milter/milter.pid
+lockfile=/var/lock/subsys/$prog
+
+start() {
+    [ -x $exec ] || exit 5
+    [ -f $config ] || exit 6
+    echo -n $"Starting $prog: "
+    daemon --pidfile=${pidfile} $exec $OPTS --foreground=no --pid=${pidfile}
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p "${pidfile}" $exec
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    restart
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    # run checks to determine if the service is running or use generic status
+    status -p "${pidfile}" $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+    start)
+	rh_status_q && exit 0
+	$1
+	;;
+    stop)
+	rh_status_q || exit 0
+	$1
+	;;
+    restart)
+	$1
+	;;
+    reload)
+	rh_status_q || exit 7
+	$1
+	;;
+    force-reload)
+	force_reload
+	;;
+    status)
+	rh_status
+	;;
+    condrestart|try-restart)
+	rh_status_q || exit 0
+	restart
+	;;
+    *)
+	echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+	exit 2
+esac
+exit $?
--- a/clamav-milter.upstart
+++ b/clamav-milter.upstart
@ -0,0 +1,14 @@
+### !!! Uncomment only *one* of the 'start on' statements !!!
+
+### Uncomment these lines when you want clamav-milter to be a milter
+### for a locally running MTA
+#start on (starting sendmail or starting postfix)
+
+### Uncomment these lines when you want clamav-milter to be a milter
+### for a remotely running MTA
+#start on runlevel [345] and starting local
+
+stop  on runlevel [!345]
+
+respawn
+exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes
--- a/clamav-update.crond
+++ b/clamav-update.crond
@ -0,0 +1,6 @@
+## Adjust this line...
+MAILTO=root
+
+## It is ok to execute it as root; freshclam drops privileges and becomes
+## user 'clamupdate' as soon as possible
+0  */3 * * * root /usr/share/clamav/freshclam-sleep
--- a/clamav-update.logrotate
+++ b/clamav-update.logrotate
@ -0,0 +1,4 @@
+/var/log/freshclam.log {
+        monthly
+        notifempty
+}
--- a/clamav.init
+++ b/clamav.init
@ -1,60 +0,0 @@
-#!/bin/sh
-#
-# Startup script for the Clam AntiVirus Daemon
-#
-# chkconfig: - 61 39
-# description: Clam AntiVirus Daemon is a TCP/IP or socket protocol \
-#              server.
-# processname: clamd
-# pidfile: /var/run/clamav/clamd.pid
-# config: /etc/clamd.conf
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-[ -x /usr/sbin/clamd ] || exit 0
-
-# Local clamd config
-test -f /etc/sysconfig/clamd && . /etc/sysconfig/clamd
-
-# See how we were called.
-case "$1" in
-  start)
-	echo -n "Starting Clam AntiVirus Daemon: "
-	daemon clamd
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd
-	;;
-  stop)
-	echo -n "Stopping Clam AntiVirus Daemon: "
-	killproc clamd
-	rm -f /var/run/clamav/clamd.sock
-	rm -f /var/run/clamav/clamd.pid
-	RETVAL=$?
-	echo
-### heres the fix... we gotta remove the stale files on restart
-	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd 	
-	;;
-  status)
-	status clamd
-	RETVAL=$?
-	;;
-  restart|reload)
-	$0 stop
-	$0 start
-	RETVAL=$?
-	;;
-  condrestart)
-	[ -e /var/lock/subsys/clamd ] && $0 restart
-	RETVAL=$?
-	;;
-  *)
-	echo "Usage: clamd {start|stop|status|restart|reload|condrestart}"
-	exit 1
-esac
-
-exit $RETVAL
--- a/clamav.spec
+++ b/clamav.spec
--- a/59
+++ b/59
@ -0,0 +1,59 @@
+To create individual clamd-instance take the following files and
+modify/copy them in the suggested way:
+
+clamd.conf:
+  * set LocalSocket (or better: TCPSocket) and User to suitable values;
+    avoid PidFile unless it is required by system monitoring or something
+    else. Logging through syslog is usually better than an individual
+    Logfile.
+  * place this file into /etc/clamd.d with an unique service-name;
+    e.g. as /etc/clamd.d/<SERVICE>.conf
+
+  When using TCPSocket, create iptables rules which are limiting the
+  access by source and/or by using '-m owner'.
+
+  When LogFile feature is wanted, it must be writable for the assigned
+  User. Recommended way to reach this, is to:
+  * make it owned by the User's *group*
+  * assign at least 0620 (u+rw,g+w) permissions
+
+  A suitable command might be
+  | # touch <logfile>
+  | # chgrp <user> <logfile>
+  | # chmod 0620   <logfile>
+  | # restorecon <logfile>
+
+  NEVER use 'clamav' as the user since he can modify the database.
+  This is the user who is running the application; e.g. for mimedefang
+  (http://www.roaringpenguin.com/mimedefang), the user might be
+  'defang'.Theoretically, distinct users could be used, but it must be
+  made sure that the application-user can write into the socket-file,
+  and that the clamd-user can access the files asked by the
+  application to be checked.
+
+clamd.logrotate: (only when LogFile feature is used)
+  * set the correct value for the logfile
+  * place it into /etc/logrotate.d
+
+clamd@<SERVICE>.service: (systemd instance)
+  * instance of clamd@.service
+
+Additionally, when using LocalSocket instead of TCPSocket, the directory
+for the socket file must be created.  For tmpfiles based systems, you
+might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
+with a content of
+
+ | d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
+
+Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
+so that the socket can be accessed by clamd and by the applications
+using clamd. Make sure that the socket is not world accessible; else,
+DOS attacks or worse are trivial.
+
+
+[Disclaimer:
+ this file and the script/configfiles are not part of the official
+ clamav package.
+
+ Please send complaints and comments to
+ mailto:enrico.scholz@informatik.tu-chemnitz.de!]
--- a/269
+++ b/269
@ -0,0 +1,269 @@
+#! /bin/bash
+
+# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+function showHelp()
+{
+    echo \
+$"Usage: clamd-gen --service=<SERVICE> --version=<VERSION> --release=<RELEASE>
+                 --license=<LICENSE> --username=>USERNAME>
+"
+    exit 0
+}
+
+function rpm.generatePreamble()
+{
+    cat <<EOF
+%{!?release_func:%define release_func()	%1%{?dist}}
+# The name of the minit service
+%define minitsvcdir	%minitdir/services/%name
+# The configuration file for the SysV initservice
+%define conffile	%_sysconfdir/clamd.d/%service.conf
+# The directory, where the milter socket will be placed into; this
+# socket will be named clamd.sock
+%define rundir		/var/run/clamd.%service
+# The name of the logfile
+%define logfile		/var/log/clamd.%service
+# The user under whose id, the clamd shall be running. This user must
+# be able to read the files from the base-service and is usually
+# created there.
+%define username	$USERNAME
+# The packagename of the service
+%define service		$SERVICE
+# The service name as used by the system's initscripts; usually this
+# is %service
+%define baseservice	%service
+
+%define __chkconfig	/sbin/chkconfig
+%define minitdir	%_sysconfdir/minit
+
+
+EOF
+}
+
+function rpm.generateHeader()
+{
+    cat <<EOF
+Summary:		Clamav server for '%service'
+Name:			clamd.%service
+Version:		$VERSION
+Release:		%release_func $RELEASE
+Epoch:			0
+License:		$LICENSE
+Group:			System Environment/Daemons
+BuildRoot:		%_tmppath/%name-%version-%release-root
+BuildArch:		noarch
+Requires:		init(%name)
+Requires(pre):		%service
+Requires:		clamav-server
+BuildRequires:		clamav-devel
+
+%package sysv
+Summary:		SysV initscripts for a %service clamav-server
+Group:			System Environment/Daemons
+Provides:		init(%name) = sysv
+Conflicts:		init(%name) < sysv
+Conflicts:		init(%name) > sysv
+Requires:		clamav-server-sysv
+Requires(post):		%name = %epoch:%version-%release
+Requires(post):		diffutils mktemp %__chkconfig
+Requires(preun):	%__chkconfig
+Requires(pre):		%_initrddir
+Requires(postun):	%_initrddir
+
+%package minit
+Summary:		minit initscripts for a %service clamav-server
+Group:			System Environment/Daemons
+Provides:		init(%name) = minit
+Conflicts:		init(%name) < minit
+Conflicts:		init(%name) > minit
+Requires(post):		%name = %epoch:%version-%release
+Requires(post):		diffutils mktemp
+Requires(pre):		minit-setup
+Requires(postun):	minit-setup
+Requires(triggers):	minit-tools
+
+
+%description
+Basic setup for a clamav server for '%service'.
+
+
+%description sysv
+Basic setup for a clamav server for '%service'.
+
+This package contains initscripts for SysV based systems.
+
+
+%description minit
+Basic setup for a clamav server for '%service'.
+
+This package contains initscripts for minit based systems.
+
+EOF
+}
+
+
+function rpm.genBody()
+{
+    cat <<"XEOFX"
+%prep
+%build
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log}
+
+d=/usr/share/clamav/template
+
+function subst
+{
+	src=$d/$1
+	dst=$RPM_BUILD_ROOT$2
+
+	%__install -d -m755 $(dirname "$dst")
+	sed -e 's!^\(#?LogFile \).*!\1%logfile!g;
+		s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g;
+		s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g;
+		s!<SERVICE>!%service!g;
+		s!<USER>!%username!g;' "$src" >"$dst"
+	chmod --reference "$src" "$dst"
+}
+
+subst clamd.conf      %conffile
+subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service
+
+%if 0%{!?_without_sysv:1}
+subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service
+subst clamd.init      %_initrddir/clamd.%service
+%endif
+
+ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service
+
+touch $RPM_BUILD_ROOT%logfile
+touch $RPM_BUILD_ROOT%rundir/clamd.sock
+
+%if 0%{!?_without_minit:1}
+ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run
+touch                          $RPM_BUILD_ROOT%minitsvcdir/respawn
+cat <<EOF                     >$RPM_BUILD_ROOT%minitsvcdir/params
+-c
+%conffile
+EOF
+%endif
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%triggerin minit -- %baseservice
+minit-svc add services/clamd.%service services/%baseservice/
+
+%triggerun minit -- %baseservice
+test "$1" != 0 -a "$2" != 0 || \
+	minit-svc del services/clamd.%service services/%baseservice/
+
+
+%post minit
+d=$(mktemp /tmp/clamd.%service.XXXXXX)
+sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d"
+grep -q '^Foreground' $d || echo 'Foreground' >>$d
+cmp -s "$d" %conffile || cat "$d" >"%conffile"
+rm -f "$d"
+
+%post sysv
+d=$(mktemp /tmp/clamd.%service.XXXXXX)
+sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d"
+cmp -s "$d" %conffile || cat "$d" >"%conffile"
+rm -f "$d"
+
+%__chkconfig --add %name
+
+
+%preun sysv
+test "$1" != 0 || %__chkconfig --del %name
+
+XEOFX
+}
+
+
+function rpm.genFiles
+{
+    cat <<"EOF"
+%files
+%defattr(-,root,root,-)
+%doc
+%config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username)  %logfile
+%config(noreplace) %verify(not mtime) %conffile
+%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service
+%_sbindir/clamd.%service
+%dir %attr(0700,%username,root) %rundir
+%ghost %rundir/clamd.sock
+
+
+%if 0%{!?_without_sysv:1}
+%files sysv
+%defattr(-,root,root,-)
+%config            %verify(not mtime) %_initrddir/clamd.%service
+%config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service
+%endif
+
+
+%if 0%{!?_without_minit:1}
+%files minit
+%defattr(-,root,root,-)
+%dir                                  %minitsvcdir
+%config(noreplace) %verify(not mtime) %minitsvcdir/params
+%config                               %minitsvcdir/run
+				      %minitsvcdir/respawn
+%endif
+EOF
+}
+
+
+SERVICE=
+VERSION=
+RELEASE=
+LICENSE=
+USERNAME=
+tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1
+eval set -- "$tmp"
+
+while true; do
+    case "$1" in
+	(--help)	showHelp $0;;
+	(--service)	SERVICE=$2;  shift;;
+	(--version)	VERSION=$2;  shift;;
+	(--release)	RELEASE=$2;  shift;;
+	(--license)	LICENSE=$2;  shift;;
+	(--username)	USERNAME=$2; shift;;
+	(--)		shift; break;;
+    esac
+    shift
+done
+
+for i in SERVICE VERSION RELEASE LICENSE USERNAME; do
+    eval tmp=\$${i}
+    test "$tmp" || {
+	echo $"No value for $i specified; assuming @${i}@"  >&2;
+	eval $i=@${i}@;
+    }
+done
+
+
+rpm.generatePreamble
+rpm.generateHeader
+rpm.genBody
+rpm.genFiles
--- a/90
+++ b/90
@ -0,0 +1,90 @@
+#!/bin/bash
+#
+# Xchkconfig: - 75 35
+# Xdescription: The clamd daemon listens for incoming connections on		\
+#               Unix or TCP socket and scans files or directories on demand.
+
+test "$CLAMD_SERVICE" || {
+    echo $"*** $0 can not be called in this way"
+    echo $"*** Please see /usr/share/doc/clamav-server-*/README how"
+    echo $"*** the clamav-server can be configured"
+    exit 6
+}
+
+# Source function library.
+. /etc/init.d/functions
+
+# Get config.
+test -r /etc/sysconfig/network && . /etc/sysconfig/network
+
+# Check that networking is up.
+test "$NETWORKING" != "no" || exit 6
+
+lockfile=/var/lock/subsys/clamd.${CLAMD_SERVICE}
+sysconffile=/etc/sysconfig/clamd.${CLAMD_SERVICE}
+procname=clamd.${CLAMD_SERVICE}
+
+CLAMD_CONFIGFILE=/etc/clamd.d/${CLAMD_SERVICE}.conf
+CLAMD_OPTIONS=
+CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid
+## backward-compatibility check...
+for i in /var/run/clamd.${CLAMD_SERVICE}/clamd.sock \
+	 /var/run/clamav.${CLAMD_SERVICE}/clamd.sock; do
+  CLAMD_SOCKET=$i
+  test ! -e "$i" || break
+done
+test -f "$sysconffile" && . "$sysconffile"
+
+
+RETVAL=0
+prog="clamd.${CLAMD_SERVICE}"
+
+start () {
+	echo -n $"Starting $prog: "
+	daemon --pidfile=${CLAMD_PIDFILE} \
+	    exec -a $procname /usr/sbin/clamd \
+	    ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE}
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch $lockfile
+	return $RETVAL
+}
+
+stop () {
+	echo -n $"Stopping $prog: "
+	killproc -p ${CLAMD_PIDFILE} $procname
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
+	return $RETVAL
+}
+
+reload() {
+	rc=0
+	echo -n $"Reloading $prog: "
+	killproc -p ${CLAMD_PIDFILE} $procname -HUP  || rc=$?
+	echo
+	echo -n $"Loading new virus-database: "
+	killproc -p ${CLAMD_PIDFILE} $procname -USR2 || rc=$?
+	echo
+	return $rc
+}
+
+restart () {
+	stop
+	start
+}
+
+# See how we were called.
+case "$1" in
+  start|stop|restart|reload)
+	$1 ;;
+  status)
+	status -p ${CLAMD_PIDFILE} $procname ;;
+  condrestart)
+	test ! -f $lockfile || restart
+	;;
+  *)
+	echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
+	exit 2
+esac
--- a/clamd.SERVICE.init
+++ b/clamd.SERVICE.init
@ -0,0 +1,7 @@
+#!/bin/bash
+#
+# chkconfig: - 75 35
+# description: The clamd server running for <SERVICE>
+
+CLAMD_SERVICE=<SERVICE>
+. /usr/share/clamav/clamd-wrapper
--- a/clamd.logrotate
+++ b/clamd.logrotate
@ -1,8 +1,9 @@
-%{_localstatedir}/log/clamav/clamd.log {
-        missingok
-        notifempty
-        create 644 clam clam
-        postrotate
-                killall -HUP clamd 2>/dev/null || :
-        endscript
+/var/log/clamd.<SERVICE> {
+	monthly
+	notifempty
+	missingok
+
+	postrotate
+		killall -HUP clamd.<SERVICE> >/dev/null 2>&1 || :
+	endscript
 }
--- a/clamd.scan.upstart
+++ b/clamd.scan.upstart
@ -0,0 +1,14 @@
+### !!! Uncomment only *one* of the 'start on' statements !!!
+
+### Uncomment this line when you want clamd.scan to be a scanner for a
+### locally running clamav-milter
+#start on starting clamav-milter
+
+### Uncomment this line when you want clamd.scan to be a generic
+### scanner service
+#start on runlevel [345] and starting local
+
+stop  on runlevel [!345]
+
+respawn
+exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes
--- a/clamd.sysconfig
+++ b/clamd.sysconfig
@ -0,0 +1,3 @@
+#CLAMD_CONFIGFILE=/etc/clamd.d/<SERVICE>.conf
+#CLAMD_SOCKET=/var/run/clamd.<SERVICE>/clamd.sock
+#CLAMD_OPTIONS=
--- a/clamd@.service
+++ b/clamd@.service
@ -0,0 +1,8 @@
+[Unit]
+Description = clamd scanner (%i) daemon
+After = syslog.target nss-lookup.target network.target
+
+[Service]
+Type = forking
+ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
+Restart = on-failure
--- a/clamd@scan.service
+++ b/clamd@scan.service
@ -0,0 +1,7 @@
+.include /lib/systemd/system/clamd@.service
+
+[Unit]
+Description = Generic clamav scanner daemon
+
+[Install]
+WantedBy = multi-user.target
--- a/52
+++ b/52
@ -0,0 +1,52 @@
+#! /bin/bash
+# Copyright (C) 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+FRESHCLAM_MOD=$[ 3*60 ]		# 3 hours
+
+f=/etc/sysconfig/freshclam
+test ! -e "$f" || . "$f"
+
+
+case x"$1" in
+    (xnow)		FRESHCLAM_DELAY=0;;
+    (x|xrandom)		: ${FRESHCLAM_DELAY:=$[ 0x`hostid` ]};;
+    (*)			FRESHCLAM_DELAY=$1;;
+esac
+
+set -e
+
+case $FRESHCLAM_DELAY in
+    (disabled-warn)
+	echo $"\
+WARNING: update of clamav database is disabled; please see
+  '$f'
+  for information how to enable the periodic update resp. how to turn
+  off this message." >&2
+	exit 1
+	;;
+
+    (disabled)
+	exit 0
+	;;
+
+    (*)
+	let FRESHCLAM_MOD*=60
+	sleep $[ (FRESHCLAM_DELAY % FRESHCLAM_MOD + FRESHCLAM_MOD) % FRESHCLAM_MOD ]
+	;;
+esac
+
+/usr/bin/freshclam --quiet
--- a/freshclam.cron
+++ b/freshclam.cron
@ -1,17 +0,0 @@
-#!/bin/sh
-
-### A simple update script for the clamav virus database.
-### This could as well be replaced by a SysV script.
-
-### fix log file if needed
-LOG_FILE="%{_localstatedir}/log/clamav/freshclam.log"
-if [ ! -f "$LOG_FILE" ]; then
-    touch "$LOG_FILE"
-    chmod 644 "$LOG_FILE"
-    chown clam.clam "$LOG_FILE"
-fi
-
-%{_bindir}/freshclam \
-    --quiet \
-    --datadir="%{_localstatedir}/lib/clamav" \
-    --log="$LOG_FILE"
--- a/freshclam.logrotate
+++ b/freshclam.logrotate
@ -1,5 +0,0 @@
-%{_localstatedir}/log/clamav/freshclam.log {
-        missingok
-        notifempty
-        create 644 clam clam
-}
--- a/freshclam.sysconfig
+++ b/freshclam.sysconfig
@ -0,0 +1,18 @@
+## When changing the periodicity of freshclam runs in the crontab,
+## this value must be adjusted also. Its value is the timespan between
+## two subsequent freshclam runs in minutes. E.g. for the default
+##
+## | 0 */3 * * *  ...
+##
+## crontab line, the value is 180 (minutes).
+# FRESHCLAM_MOD=
+
+## A predefined value for the delay in seconds. By default, the value is
+## calculated by the 'hostid' program. This predefined value guarantees
+## constant timespans of 3 hours between two subsequent freshclam runs.
+##
+## This option accepts two special values:
+## 'disabled-warn'  ...  disables the automatic freshclam update and
+##                         gives out a warning
+## 'disabled'       ...  disables the automatic freshclam silently
+# FRESHCLAM_DELAY=
--- a/llvm-glibc.patch
+++ b/llvm-glibc.patch
@ -0,0 +1,12 @@
+Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+===================================================================
+--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+@@ -52,6 +52,7 @@ static void runAtExitHandlers() {
+ #include <sys/stat.h>
+ #endif
+ #include <fcntl.h>
+#include <unistd.h>
+ /* stat functions are redirecting to __xstat with a version number.  On x86-64 
+  * linking with libc_nonshared.a and -Wl,--export-dynamic doesn't make 'stat' 
+  * available as an exported symbol, so we have to add it explicitly.
--- a/9
+++ b/9
@ -1,5 +1,4 @@
-a4517adbd9c72a3fec3fbb1384dd3234  clamav-0.99.2-norar.tar.xz
-d71fbb44799945970f2c2b75e40ec105  daily-21723.cvd
-f13ead862171f50019c15c946d25e91f  main-57.cvd
-c545b6a9775ccb72a293d259335589be  bytecode-278.cvd
-e809f74ed139df2e4af3fafbca32f678  clamd-wrapper.tar.bz2
+SHA512 (clamav-0.99.3-norar.tar.xz) = d80b20c982d35eecd2719af325bc774a5a5fe63a97f3d855c74919f6cfac6fe3f12c51479e49d96031ae0e9a3dedcf446dd22426cceba22ec4b641e9ea1f250a
+SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
+SHA512 (daily-24253.cvd) = cef70a86f7989ec330c0479f6070e735181168c0331e981cfcd8d9a5aebdd6be42d772167c701f6f33219a4b41aced806e70c156e9a2a060c30ba55e73743fcd
+SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a