diff --git a/README.fedora b/README.fedora index 7abd190..e512782 100644 --- a/README.fedora +++ b/README.fedora @@ -1,5 +1,5 @@ -Please note since el7 and Fedora 15 or 19 we use only systemd. -upstart and sysv was dropped, this document may still applies to el6. +Please note for Fedora and EPEL 7+ we use only systemd. +upstart and sysvinit only apply to EPEL 6. A clamav-milter setup consists of the following three components: @@ -11,18 +11,22 @@ A clamav-milter setup consists of the following three components: The main configuration is in /etc/mail/clamav-milter.conf and MUST be changed before first use. + This can be enabled with: 'systemctl enable clamav-milter.service' + The -sysvinit package is managed by the traditional tools, but -upstart requires modification of /etc/event.d/clamav-milter to enable automatic startup. See comments there for more details. * a clamav scanner daemon - --> this package is called 'clamav-scanner' plus (alternatively) - 'clamav-scanner-upstart' or 'clamav-scanner-sysvinit' + --> this is in the clamd package (or on EL6: + 'clamav-scanner-upstart' or 'clamav-scanner-sysvinit') The daemon is configured by /etc/clamd.d/scan.conf (which MUST be edited before first use). + This can be enabled with: 'systemctl enable clamd@scan.service' + The -sysvinit package is managed by the traditional tools, but -upstart requires modification of /etc/event.d/clamd.scan to enable automatic startup. See comments there for more details. @@ -32,19 +36,14 @@ A clamav-milter setup consists of the following three components: --> you should know how to install this... When communicating across unix sockets with the clamav-milter, it is - suggested to use the /var/run/clamav-milter/clamav-milter.socket + suggested to use the /run/clamav-milter/clamav-milter.socket path. You have to add something like - INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl + INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl to your sendmail.mc. - -It is suggested that components communicate through TCP sockets as -this eases setup. Please add corresponding packet filter rules! - - EXAMPLE ======= @@ -70,13 +69,13 @@ B) On the clamav-milter host (assumed hostname 'host-milter') and all the other options which are required on your system - 3. Edit /etc/event.d/clamav-milter and uncomment the + 3. Enable clamav-milter.service: - | start on starting local + | systemctl enable clamav-milter.service - line. Restart your system or execute + Restart your system or execute - | initctl emit starting local + | systemctl start clamav-milter.service 4. Add something like @@ -90,7 +89,7 @@ B) On the clamav-milter host (assumed hostname 'host-milter') C) On the clamav-scanner host (assumed hostname 'host-scanner') - 1. Install clamav-scanner + clamav-scanner-upstart packages + 1. Install clamd 2. Add to /etc/clamd.d/scan.conf @@ -100,13 +99,13 @@ C) On the clamav-scanner host (assumed hostname 'host-scanner') comment out possible 'LocalSocket' lines and set all the other options which are required on your system - 3. Edit /etc/event.d/clamav-scanner and uncomment the + 3. Enable clamd@scan.service: - | start on starting local + | systemctl enable clamd@scan.service - line. Restart your system or execute + Restart your system or execute - | initctl emit starting local + | systemctl start clamd@scan.service 4. Add something like diff --git a/clamav.spec b/clamav.spec index ede6db2..4b02d54 100644 --- a/clamav.spec +++ b/clamav.spec @@ -54,7 +54,7 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav Version: 0.101.4 -Release: 2%{?dist} +Release: 3%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -82,8 +82,6 @@ Source10: main-58.cvd Source11: daily-25550.cvd #http://database.clamav.net/bytecode.cvd Source12: bytecode-330.cvd -#for devel -Source100: clamd-gen #for update Source200: freshclam-sleep Source201: freshclam.sysconfig @@ -326,8 +324,8 @@ mkdir -p libclamunrar{,_iface} sed -ri \ -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ - -e 's!^#?(LocalSocket ).*!#\1/var/run/clamd./clamd.sock!g' \ - -e 's!^(#?PidFile ).*!\1/var/run/clamd./clamd.pid!g' \ + -e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd./clamd.sock!g' \ + -e 's!^(#?PidFile ).*!\1%{_rundir}/clamd./clamd.pid!g' \ -e 's!^#?(User ).*!\1!g' \ -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \ -e 's! /usr/local/share/clamav,! %homedir,!g' \ @@ -433,7 +431,6 @@ install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf %if %{with sysv} install -m 0644 -p %SOURCE520 $RPM_BUILD_ROOT%pkgdatadir/ %endif -install -m 0755 -p %SOURCE100 $RPM_BUILD_ROOT%pkgdatadir/ cp -pa _doc_server/* $RPM_BUILD_ROOT%pkgdatadir/template %if %{with sysv} @@ -471,7 +468,6 @@ sed -e 's!!scan!g;' $RPM_BUILD_ROOT%pkgdatadir/template/clamd.init \ %endif install -D -p -m 0644 %SOURCE410 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf -install -D -p -m 0644 %SOURCE430 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf d %scanstatedir 0710 %scanuser virusgroup @@ -553,8 +549,10 @@ exit 0 /usr/bin/killall -u %scanuser clamd 2>/dev/null || : %endif %if %{with systemd} -%systemd_post clamd@.service -%systemd_post clamd@scan.service +# Point to the new service unit +[ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && + ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : +%systemd_post clamd@\*.service %{?with_tmpfiles:/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || :} %endif @@ -567,8 +565,7 @@ test "$1" != 0 || /sbin/chkconfig --del clamd.scan test "$1" != "0" || /sbin/initctl -q stop clamd.scan || : %endif %if %{with systemd} -%systemd_preun clamd@.service -%systemd_preun clamd@scan.service +%systemd_preun clamd@\*.service %endif %postun -n clamd @@ -576,8 +573,7 @@ test "$1" != "0" || /sbin/initctl -q stop clamd.scan || : test "$1" = 0 || %_initrddir/clamd.scan condrestart >/dev/null || : %endif %if %{with systemd} -%systemd_postun_with_restart clamd@.service -%systemd_postun_with_restart clamd@scan.service +%systemd_postun_with_restart clamd@\*.service %endif @@ -670,7 +666,6 @@ test "$1" = 0 || %_initrddir/clamav-milter condrestart >/dev/null || : %_includedir/* %_libdir/*.so %pkgdatadir/template -%pkgdatadir/clamd-gen %_libdir/pkgconfig/* %_bindir/clamav-config @@ -735,9 +730,6 @@ test "$1" = 0 || %_initrddir/clamav-milter condrestart >/dev/null || : %if %{with upstart} %config(noreplace) %_sysconfdir/init/clamd.scan* %endif -%if %{with systemd} - %_unitdir/clamd@scan.service -%endif ## ----------------------- @@ -769,6 +761,10 @@ test "$1" = 0 || %_initrddir/clamav-milter condrestart >/dev/null || : %changelog +* Mon Nov 18 2019 Orion Poplawski - 0.101.4-3 +- Drop clamd@scan.service file (bz#1725810) +- Change /var/run to /run + * Mon Nov 18 2019 Orion Poplawski - 0.101.4-2 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835) diff --git a/clamd-README b/clamd-README index ca2d102..1399542 100644 --- a/clamd-README +++ b/clamd-README @@ -1,10 +1,9 @@ To create individual clamd-instance take the following files and modify/copy them in the suggested way: -clamd.conf: - * set LocalSocket (or better: TCPSocket) and User to suitable values; - avoid PidFile unless it is required by system monitoring or something - else. Logging through syslog is usually better than an individual +/etc/clamd/scan.conf: + * set LocalSocket for localhost access or TCPSocket for network access + and User to suitable values. Logging through syslog is usually better than an individual Logfile. * place this file into /etc/clamd.d with an unique service-name; e.g. as /etc/clamd.d/.conf @@ -40,10 +39,10 @@ clamd@.service: (systemd instance) Additionally, when using LocalSocket instead of TCPSocket, the directory for the socket file must be created. For tmpfiles based systems, you -might want to create a file /usr/lib/tmpfiles.d/clamd..conf +might want to create a file /etc/tmpfiles.d/clamd..conf with a content of - | d /var/run/clamd. + | d /run/clamd. Adjust (0710 should suffice for most cases) and + so that the socket can be accessed by clamd and by the applications @@ -53,9 +52,9 @@ DOS attacks or worse are trivial. After emulating these steps by hand (or else rebooting), you still need set SELinux: - chcon -t clamd_var_run_t /var/run/clamd. + chcon -t clamd_var_run_t /run/clamd. or - restorecon -R -v "/var/run/clamd." + restorecon -R -v "/run/clamd." More SELinux notes: you may need run: diff --git a/clamd-gen b/clamd-gen deleted file mode 100755 index ac5dae2..0000000 --- a/clamd-gen +++ /dev/null @@ -1,269 +0,0 @@ -#! /bin/bash - -# Copyright (C) 2004 Enrico Scholz -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -function showHelp() -{ - echo \ -$"Usage: clamd-gen --service= --version= --release= - --license= --username=>USERNAME> -" - exit 0 -} - -function rpm.generatePreamble() -{ - cat < sysv -Requires: clamav-server-sysv -Requires(post): %name = %epoch:%version-%release -Requires(post): diffutils mktemp %__chkconfig -Requires(preun): %__chkconfig -Requires(pre): %_initrddir -Requires(postun): %_initrddir - -%package minit -Summary: minit initscripts for a %service clamav-server -Group: System Environment/Daemons -Provides: init(%name) = minit -Conflicts: init(%name) < minit -Conflicts: init(%name) > minit -Requires(post): %name = %epoch:%version-%release -Requires(post): diffutils mktemp -Requires(pre): minit-setup -Requires(postun): minit-setup -Requires(triggers): minit-tools - - -%description -Basic setup for a clamav server for '%service'. - - -%description sysv -Basic setup for a clamav server for '%service'. - -This package contains initscripts for SysV based systems. - - -%description minit -Basic setup for a clamav server for '%service'. - -This package contains initscripts for minit based systems. - -EOF -} - - -function rpm.genBody() -{ - cat <<"XEOFX" -%prep -%build - -%install -rm -rf $RPM_BUILD_ROOT -%__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log} - -d=/usr/share/clamav/template - -function subst -{ - src=$d/$1 - dst=$RPM_BUILD_ROOT$2 - - %__install -d -m755 $(dirname "$dst") - sed -e 's!^\(#?LogFile \).*!\1%logfile!g; - s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g; - s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g; - s!!%service!g; - s!!%username!g;' "$src" >"$dst" - chmod --reference "$src" "$dst" -} - -subst clamd.conf %conffile -subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service - -%if 0%{!?_without_sysv:1} -subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service -subst clamd.init %_initrddir/clamd.%service -%endif - -ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service - -touch $RPM_BUILD_ROOT%logfile -touch $RPM_BUILD_ROOT%rundir/clamd.sock - -%if 0%{!?_without_minit:1} -ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run -touch $RPM_BUILD_ROOT%minitsvcdir/respawn -cat <$RPM_BUILD_ROOT%minitsvcdir/params --c -%conffile -EOF -%endif - -%clean -rm -rf $RPM_BUILD_ROOT - - -%triggerin minit -- %baseservice -minit-svc add services/clamd.%service services/%baseservice/ - -%triggerun minit -- %baseservice -test "$1" != 0 -a "$2" != 0 || \ - minit-svc del services/clamd.%service services/%baseservice/ - - -%post minit -d=$(mktemp /tmp/clamd.%service.XXXXXX) -sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d" -grep -q '^Foreground' $d || echo 'Foreground' >>$d -cmp -s "$d" %conffile || cat "$d" >"%conffile" -rm -f "$d" - -%post sysv -d=$(mktemp /tmp/clamd.%service.XXXXXX) -sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d" -cmp -s "$d" %conffile || cat "$d" >"%conffile" -rm -f "$d" - -%__chkconfig --add %name - - -%preun sysv -test "$1" != 0 || %__chkconfig --del %name - -XEOFX -} - - -function rpm.genFiles -{ - cat <<"EOF" -%files -%defattr(-,root,root,-) -%doc -%config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username) %logfile -%config(noreplace) %verify(not mtime) %conffile -%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service -%_sbindir/clamd.%service -%dir %attr(0700,%username,root) %rundir -%ghost %rundir/clamd.sock - - -%if 0%{!?_without_sysv:1} -%files sysv -%defattr(-,root,root,-) -%config %verify(not mtime) %_initrddir/clamd.%service -%config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service -%endif - - -%if 0%{!?_without_minit:1} -%files minit -%defattr(-,root,root,-) -%dir %minitsvcdir -%config(noreplace) %verify(not mtime) %minitsvcdir/params -%config %minitsvcdir/run - %minitsvcdir/respawn -%endif -EOF -} - - -SERVICE= -VERSION= -RELEASE= -LICENSE= -USERNAME= -tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1 -eval set -- "$tmp" - -while true; do - case "$1" in - (--help) showHelp $0;; - (--service) SERVICE=$2; shift;; - (--version) VERSION=$2; shift;; - (--release) RELEASE=$2; shift;; - (--license) LICENSE=$2; shift;; - (--username) USERNAME=$2; shift;; - (--) shift; break;; - esac - shift -done - -for i in SERVICE VERSION RELEASE LICENSE USERNAME; do - eval tmp=\$${i} - test "$tmp" || { - echo $"No value for $i specified; assuming @${i}@" >&2; - eval $i=@${i}@; - } -done - - -rpm.generatePreamble -rpm.generateHeader -rpm.genBody -rpm.genFiles diff --git a/clamd@.service b/clamd@.service index c4300dc..2e3011b 100644 --- a/clamd@.service +++ b/clamd@.service @@ -1,13 +1,15 @@ [Unit] Description = clamd scanner (%i) daemon Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ -# Check for database existence -# ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc} -# ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc} After = syslog.target nss-lookup.target network.target [Service] Type = forking ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf +# Reload the database +ExecReload=/bin/kill -USR2 $MAINPID Restart = on-failure TimeoutStartSec=420 + +[Install] +WantedBy = multi-user.target