Merge branch 'master' into epel8
This commit is contained in:
commit
23f9fc1d06
|
@ -1,4 +1,4 @@
|
||||||
VERSION=0.102.3
|
VERSION=0.102.4
|
||||||
NAME=clamav
|
NAME=clamav
|
||||||
TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
|
TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
|
||||||
TARBALL=${NAME}-${VERSION}.tar.gz
|
TARBALL=${NAME}-${VERSION}.tar.gz
|
||||||
|
|
13
clamav.spec
13
clamav.spec
|
@ -40,7 +40,7 @@
|
||||||
|
|
||||||
Summary: End-user tools for the Clam Antivirus scanner
|
Summary: End-user tools for the Clam Antivirus scanner
|
||||||
Name: clamav
|
Name: clamav
|
||||||
Version: 0.102.3
|
Version: 0.102.4
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
|
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
|
||||||
URL: https://www.clamav.net/
|
URL: https://www.clamav.net/
|
||||||
|
@ -322,6 +322,8 @@ install -D -m 0644 -p %SOURCE12 $RPM_BUILD_ROOT%homedir/bytecode.cvd
|
||||||
## prepare the clamd-files
|
## prepare the clamd-files
|
||||||
install -D -m 0644 -p %SOURCE3 _doc_server/clamd.logrotate
|
install -D -m 0644 -p %SOURCE3 _doc_server/clamd.logrotate
|
||||||
install -D -m 0644 -p %SOURCE5 _doc_server/README
|
install -D -m 0644 -p %SOURCE5 _doc_server/README
|
||||||
|
## Fixup URL for EPEL
|
||||||
|
%{?epel:sed -i -e s/product=Fedora/product=Fedora%20EPEL/ _doc_server/README}
|
||||||
|
|
||||||
install -D -p -m 0644 %SOURCE100 $RPM_BUILD_ROOT%_unitdir/clamonacc.service
|
install -D -p -m 0644 %SOURCE100 $RPM_BUILD_ROOT%_unitdir/clamonacc.service
|
||||||
|
|
||||||
|
@ -615,9 +617,16 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 17 2020 Orion Poplawski <orion@nwra.com> - 0.102.4-1
|
||||||
|
- Update to 0.102.4 (bz#1857867,1858262,1858263,1858265,1858266)
|
||||||
|
- Security fixes CVE-2020-3327 CVE-2020-3350 CVE-2020-3481
|
||||||
|
|
||||||
|
* Thu May 28 2020 Orion Poplawski <orion@nwra.com> - 0.102.3-2
|
||||||
|
- Update clamd README file (bz#1798369)
|
||||||
|
|
||||||
* Thu May 14 2020 Orion Poplawski <orion@nwra.com> - 0.102.3-1
|
* Thu May 14 2020 Orion Poplawski <orion@nwra.com> - 0.102.3-1
|
||||||
- Update to 0.102.3 (bz#1834910)
|
- Update to 0.102.3 (bz#1834910)
|
||||||
- Security fixes CVE-2020-3341
|
- Security fixes CVE-2020-3327 CVE-2020-3341
|
||||||
|
|
||||||
* Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9
|
* Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9
|
||||||
- Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
|
- Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
|
||||||
|
|
73
clamd-README
73
clamd-README
|
@ -1,18 +1,16 @@
|
||||||
To create individual clamd-instance take the following files and
|
By default, clamd provides a general "scan" service that requires minimal
|
||||||
modify/copy them in the suggested way:
|
configuration. To configure, edit /etc/clamd/scan.conf and:
|
||||||
|
|
||||||
/etc/clamd/scan.conf:
|
* set LocalSocket for localhost access or TCPSocket for network access.
|
||||||
* set LocalSocket for localhost access or TCPSocket for network access
|
|
||||||
and User to suitable values. Logging through syslog is usually better than an individual
|
|
||||||
Logfile.
|
|
||||||
* place this file into /etc/clamd.d with an unique service-name;
|
|
||||||
e.g. as /etc/clamd.d/<SERVICE>.conf
|
|
||||||
|
|
||||||
When using TCPSocket, create iptables rules which are limiting the
|
Default configuration will:
|
||||||
access by source and/or by using '-m owner'.
|
|
||||||
|
* Log to syslog
|
||||||
|
* Run as the user "clamscan"
|
||||||
|
|
||||||
When LogFile feature is wanted, it must be writable for the assigned
|
When LogFile feature is wanted, it must be writable for the assigned
|
||||||
User. Recommended way to reach this, is to:
|
User. The recommended way is to:
|
||||||
|
|
||||||
* make it owned by the User's *group*
|
* make it owned by the User's *group*
|
||||||
* assign at least 0620 (u+rw,g+w) permissions
|
* assign at least 0620 (u+rw,g+w) permissions
|
||||||
|
|
||||||
|
@ -22,34 +20,41 @@ modify/copy them in the suggested way:
|
||||||
| # chmod 0620 <logfile>
|
| # chmod 0620 <logfile>
|
||||||
| # restorecon <logfile>
|
| # restorecon <logfile>
|
||||||
|
|
||||||
NEVER use 'clamav' as the user since he can modify the database.
|
NEVER use 'clamav' as the user since it can modify the database. This is
|
||||||
This is the user who is running the application; e.g. for mimedefang
|
the user who is running the application; e.g. for mimedefang
|
||||||
(http://www.roaringpenguin.com/mimedefang), the user might be
|
(http://www.roaringpenguin.com/mimedefang), the user might be 'defang'.
|
||||||
'defang'.Theoretically, distinct users could be used, but it must be
|
Theoretically, distinct users could be used, but it must be made sure that
|
||||||
made sure that the application-user can write into the socket-file,
|
the application-user can write into the socket-file, and that the clamd-user
|
||||||
and that the clamd-user can access the files asked by the
|
can access the files asked by the application to be checked.
|
||||||
application to be checked.
|
|
||||||
|
The default service can be enabled and started with:
|
||||||
|
|
||||||
|
systemctl enable clamd@scan.service
|
||||||
|
systemctl start clamd@scan.service
|
||||||
|
|
||||||
|
To create other individual clamd-instances take the following files in
|
||||||
|
/usr/share/doc/clamd/ and modify/copy them in the suggested way:
|
||||||
|
|
||||||
|
clamd.conf, copy to /etc/clamd.d/<SERVICE>.conf
|
||||||
|
* Change <SERVICE> as to match name of config file
|
||||||
|
* Any other changes as noted above
|
||||||
|
|
||||||
clamd.logrotate: (only when LogFile feature is used)
|
clamd.logrotate: (only when LogFile feature is used)
|
||||||
* set the correct value for the logfile
|
* set the correct value for the logfile
|
||||||
* place it into /etc/logrotate.d
|
* place it into /etc/logrotate.d
|
||||||
|
|
||||||
clamd@<SERVICE>.service: (systemd instance)
|
Additionally, when using LocalSocket instead of TCPSocket, the directory
|
||||||
* instance of clamd@.service
|
for the socket file must be created. For tmpfiles based systems, you might
|
||||||
|
want to create a file /etc/tmpfiles.d/clamd.<SERVICE>.conf with a content of
|
||||||
Additionally, when using LocalSocket instead of TCPSocket, the directory
|
|
||||||
for the socket file must be created. For tmpfiles based systems, you
|
|
||||||
might want to create a file /etc/tmpfiles.d/clamd.<SERVICE>.conf
|
|
||||||
with a content of
|
|
||||||
|
|
||||||
| d /run/clamd.<SERVICE> <MODE> <USER> <GROUP>
|
| d /run/clamd.<SERVICE> <MODE> <USER> <GROUP>
|
||||||
|
|
||||||
Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
|
Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
|
||||||
so that the socket can be accessed by clamd and by the applications
|
so that the socket can be accessed by clamd and by the applications using
|
||||||
using clamd. Make sure that the socket is not world accessible; else,
|
clamd. Make sure that the socket is not world accessible; else, DOS attacks
|
||||||
DOS attacks or worse are trivial.
|
or worse are trivial.
|
||||||
|
|
||||||
After emulating these steps by hand (or else rebooting), you still need set
|
After emulating these steps by hand (or else rebooting), you still need set
|
||||||
SELinux:
|
SELinux:
|
||||||
|
|
||||||
chcon -t clamd_var_run_t /run/clamd.<SERVICE>
|
chcon -t clamd_var_run_t /run/clamd.<SERVICE>
|
||||||
|
@ -65,9 +70,15 @@ and also maybe this one (I need to confirm that is obsolete)
|
||||||
|
|
||||||
setsebool -P antivirus_use_jit 1
|
setsebool -P antivirus_use_jit 1
|
||||||
|
|
||||||
|
The new service can be enabled and started with:
|
||||||
|
|
||||||
|
systemctl enable clamd@<SERVICE>.service
|
||||||
|
systemctl start clamd@<SERVICE>.service
|
||||||
|
|
||||||
|
|
||||||
[Disclaimer:
|
[Disclaimer:
|
||||||
this file and the script/configfiles are not part of the official
|
this file and the script/configfiles are not part of the official
|
||||||
clamav package.
|
clamav package.
|
||||||
|
|
||||||
Please send complaints and comments to
|
Please send complaints and comments to
|
||||||
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav]
|
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=clamav]
|
||||||
|
|
4
sources
4
sources
|
@ -1,4 +1,4 @@
|
||||||
SHA512 (clamav-0.102.3-norar.tar.xz) = edf7c8405159c5230331e410d45208770b3fa7d4763990dffec20dd2842c92624dcc1ee1ec455e09b61632c2023a4046b8fd73b64baa9babfa4505da6cca9f4a
|
SHA512 (clamav-0.102.4-norar.tar.xz) = 202bf77edac1c6880b51981ef2508b90b935f9da62d235620ca457eaaa613ef3f1ac48ea3908f53bbc1a10cf204d9973cbe447cb2d96c1724b68eb3ef8cf4b80
|
||||||
SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53
|
SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53
|
||||||
SHA512 (daily-25811.cvd) = 938bf443d59cbb946aefcd2eabfdb856c8cd6f98ec54f1f8c62fe0633e136e56ca20024ecfb04606e4a5265a5a83d86a76819e66d51e948d8a81cbdcabd5226d
|
SHA512 (daily-25876.cvd) = dd3ae3b1a95976014adeacf63574b7662212668676b0fc6a6d6f52bbb3c576e0c6e1188d6e8431ddd8da787e71de6d2e5ac25cfce9e824f41d7c271f16bcba9d
|
||||||
SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c
|
SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c
|
||||||
|
|
Loading…
Reference in New Issue