Upgrade to 0.100.3 (#1696106, #1696110, #1696116)

Security fixes CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-1000085
  CVE-2018-0202

Conflicts:
	clamav.spec

.gitignore

@@ -1,5 +1,6 @@
+/clamd-wrapper.tar.bz2
 /clamav-*-norar.tar.xz
 /main*.cvd
 /daily*.cvd
-/bytecode-278.cvd
-/bytecode-319.cvd
+/bytecode-*.cvd
+/zlib-*.tar.bz2

ChangeLog-rpm.old

@@ -1,279 +0,0 @@
-* Tue Dec 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.7-1
-- updated to 0.88.7
-
-* Sun Nov  5 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.6-1
-- updated to 0.88.6
-
-* Wed Oct 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.5-1
-- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295
-- added patch to set '__attribute__ ((visibility("hidden")))' for
-  exported MD5_*() functions (fixes #202043)
-
-* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.88.4-4
- - rebuilt for unwind info generation, broken in gcc-4.1.1-21
-
-* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-3
-- splitted SysV initscripts of -milter and -server into own subpackages
-
-* Fri Sep 15 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-2
-- rebuilt
-
-* Tue Aug  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-1
-- updated to 0.88.4 (SECURITY)
-
-* Wed Jul 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
-- removed the clamdscan(1) manpage from the -server subpackage
-
-* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
-- removed a superfluous '}'
-- removed some code which was relevant for FC-3 only
-
-* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.3-1
-- updated to 0.88.3
-- updated to new fedora-usermgmt macros
-
-* Tue May 16 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-2
-- cleanups: removed unneeded curlies, use plain command instead of
-  %%__XXX macro, whitespace cleanup, removed unneeded versioned
-  dependencies
-- added a 'Requires(post): group(clamav)' dependencies for -update and
-  added the corresponding Provides: to -data
-- removed the %%_without_milter conditional; you won't gain anything
-  when milter would be disabled at buildtime
-
-* Sun Apr 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-1
-- updated to 0.88.2 (SECURITY)
-- rediffed patches; most issues handled by 0.88.1-2 are fixed in
-  0.88.2
-
-* Mon Apr 24 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-2
-- added patch which fixes some classes of compiler warnings; at least
-  the using of implicitly declared functions was reported to cause
-  segfaults on AMD64 (brought to my attention by Marc Perkel)
-- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
-
-* Thu Apr 06 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-1
-- updated to 0.88.1 (SECURITY)
-
-* Sat Feb 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-2
-- rebuilt for FC5
-
-* Tue Jan 10 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-1
-- updated to 0.88
-- added pseudo-versions for the 'init(...)' provides as a first step
-  for the support of alternative initmethods
-
-* Tue Nov 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-2
-- moved 'freshclam.conf.5' man page into the -update subpackage (#173221)
-- ship 'clamd.conf.5' man page in the -server subpackage *too*. The
-  same file is contained in multiple packages now, but this man-page
-  can not be removed from the base package because it also applies to
-  'clamdscan' there (#173221).
-
-* Fri Nov  4 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-1
-- updated to 0.87.1
-
-* Sat Sep 17 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87-1
-- updated to 0.87 (SECURITY)
-- removed -timeout patch; it is solved upstream
-- reverted the -exim changes; they add yet more complexity, their
-  functionality can go into an own package and they contained flaws
-
-* Fri Sep  9 2005 David Woodhouse <dwmw2@infradead.org> - 0.86.2-5
-- Add clamav-exim configuration package
-
-* Fri Jul 29 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-4
-- [milter] create the milter-logfile in the %%post scriptlet
-- [milter] reverted the change of the default child_timeout value; it
-  was set to 5 minutes in 0.86.2 which conflicts with the internal
-  mode where a timeout must not be set. So, the clamav-milter would
-  not run with the default configuration
-
-* Thu Jul 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-3
-- Fixed calculation of sleep duration; on some systems/IPs, `hostid`
-  results in a negative number which is retained by the bash
-  modulo-operation. So the sleep may get a negative number of seconds
-  being interpreted as an option. This version makes sure that the
-  module-operations returns a non-negative value. [BZ #164494, James
-  Wilkinson]
-- added support for a /usr/sbin/clamav-notify-servers.local hook; this
-  file will be executed (source'd) before all other actions and can
-  abort the entire processing by invoking 'exit'
-
-* Mon Jul 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-2
-- updated to 0.86.2 (SECURITY)
-- changed the freshclam updating mechanism (again); now, it consists
-  of a crontab which does not need to be changed and a helper script
-  (freshclam-sleep). This helper script is configured by
-  /etc/sysconfig/freshclam
-
-* Sat Jun 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.1-2
-- updated to 0.86.1
-- fixed randomization in %%post scriptlet: hour should be a range but
-  not a single number
-
-* Tue Jun 21 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86-1
-- updated to 0.86
-- randomize freshclam startup times in -update's %%post script (suggested
-  by Stephen Smoogen); this requires some more Requires(post): also
-
-* Wed May 18 2005 Warren Togami <wtogami@redhat.com> - 0.85.1-4
-- fix dist tagging the way Enrico wants it
-
-* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at>					  - 0.85.1-2
-- Rebuild
-
-* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at>					  - 0.85.1-1
-- Update
-
-* Sat May 14 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.85-0
-- updated to 0.85
-
-* Sun May  1 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.84-0
-- updated to 0.84
-
-* Fri Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
-- rebuilt
-
-* Tue Feb 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.83-1
-- updated to 0.83
-
-* Tue Feb  8 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.82-1
-- updated to 0.82
-- minor spec cleanups
-
-* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.2
-- build the package with '--disable-zlib-vcheck' because RH is unable to
-  apply a fix for a 5 month old and solved security issue.  Please fill
-  your comments at https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385
-- added 'BuildRequires: bc' (should work without also, but ./configure
-  gives out ugly warnings else)
-
-* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.1
-- updated to 0.81
-- do not ship the 'clamd.milter' daemon anymore; clamav-milter supports
-  an internal mode now which is enabled by default
-- updated -milter %%description
-
-* Thu Jan 20 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.2
-- s!cron.d/clamav!cron.d/clamav-update! in the %%description of the -update
-  subpackage (https://bugzilla.fedora.us/show_bug.cgi?id=1715#c39)
-
-* Wed Nov  3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.1
-- updated to 0.80
-- removed DMS, FreeBSD-HOWTO and localized docs as it is not shipped anymore
-- buildrequire 'curl-devel'
-- renamed clamav.conf to clamd.conf (upstream change)
-- updated -initoff patch
-
-* Tue Sep 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75.1-0.fdr.1
-- updated to 0.75.1
-- use %%configure, the problems with the architecture specification
-  seem to have passed (probably because of an autoconf update)
-- set mode 0600 for the cron-script (required by vixie-cron)
-- made the cronjob a spambot and send mail about deactivated freshclam
-  service to nearly everybody... (root, postmaster, webmaster)
-- other fixes in the notification cronjob
-
-* Fri Jul 23 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75-0.fdr.1
-- updated to 0.75
-
-* Thu Jul 15 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.2
-- moved /usr/bin/clamav-config from main into -devel
-
-* Wed Jun 30 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.1
-- updated to 0.74
-
-* Mon Jun 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.73-0.fdr.1
-- updated to 0.73
-- added pkgconfig file
-
-* Fri Jun 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.3
-- notify the user about a deactivated clamav-update service
-- added clamd-gen script which generates template spec-files for
-  services using clamd
-- copied template configuration files to %pkgdatadir/template (needed
-  for clamd-gen)
-- moved the clamd-wrapper from %_initrddir to %{pkgdatadir}; a symlink
-  will be provided for compatibility reasons
-- conditionalized building of the -milter subpackage ('--without
-  milter' switch) to enable builds on RH73 (bug #1715, comment #5/#7)
-
-* Fri Jun  4 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.2
-- removed 'BuildRequires: dietlibc'; it was a leftover from the
-  pre-use-signal era (before 0.70) (bug #1716)
-
-* Thu Jun  3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.1
-- updated to 0.72
-
-* Thu May 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.2
-- removed the randomization in the cronjob; it seems to be impossible
-  to use the mod-operator (%%) there. Instead of, the user has to
-  replace some placeholders...
-
-* Wed May 19 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.1
-- updated to 0.71
-
-* Fri May  7 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1.1
-- quote 'EOF' to delay $RANDOM expansion
-
-* Tue Apr 27 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.2
-- updated GECOS entry for the 'clamav' user to describe its purpose
-  more accurately
-- use explicit '-m755' when creating directories with install
-
-* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1
-- updated to 0.70; rediffed some patches
-- updated logrotate script to use signals and documented the steps
-  which are needed to make it work
-- adapted initscript to use signals instead of sockwrite
-- removed sockwrite; signals can now be used to reload the database
-- added logfile to the -milter subpackage
-
-* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2.1
-- tagged some Requires:, since clamav-server is required in the milter-%%post* scriptlets
-
-* Sat Mar 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2
-- split the double Requires(...,...): statements; see
-  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118773
-- require the recent fedora-usermgmt package (0.7) which fixes similar
-  ordering issues
-
-* Thu Mar 18 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.1
-- updated to 0.68 (using the -1 version)
-- ship milter-files in the -milter instead of the -server subpackage
-
-* Tue Feb 24 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.3
-- fixed ':' vs. '.' in chown
-
-* Tue Feb 17 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.2
-- randomize freshclam startup to prevent server peaks
-
-* Mon Feb 16 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.1
-- updated to 0.67 (using the -1 version)
-
-* Wed Feb 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.66-0.fdr.2
-- updated to 0.66; important, packaging-relevant changes are
-  freshclam:
-  * $http_proxy is not supported anymore; you have to configure it in
-    /etc/freshclam.conf
-  * the logfile has been renamed to /var/log/freshclam.log
-- removed %%check section; buildroot check is implemented in local
-  testsuite already
-- added some %%verify(not mtime) modifiers to avoid unnecessary .rpmnew
-  files
-- added some directory-Requires:
-- activated milter-package and made it work
-- added patch to disable clamav-milter service by default
-- renamed /var/run/clamav.<SERVICE> to /var/run/clamd.<SERVICE>; this
-  makes things more consistently but can break backward compatibility. The
-  initscript should deal with the old version too, but I would not bet on
-  it...
-- updated some descriptions
-- fixed the update-mechanism; now it happens in two stages: at first,
-  the files will be downloaded as user 'clamav' and then, root initiates
-  the daemon-reload.
-
-* Mon Feb  9 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.65-0.fdr.5
-- added security fix for
-  http://www.securityfocus.com/archive/1/353194/2004-02-06/2004-02-12/1

Makefile

@@ -1,14 +0,0 @@
-MAKEFILE_COMMON = $(HOME)/.fedora/common.mk
--include $(MAKEFILE_COMMON)
-
-# can not use final tarball name here as it will conflict with rules
-# within Makefile.common
-TARBALL_CLEAN =	${NAME}-${VERSION}-norar.tar.xz.tmp
-TARBALL =	${NAME}-${VERSION}.tar.gz
-
-clean-sources:	${TARBALL_CLEAN}
-
-${TARBALL_CLEAN}:	${TARBALL}
-	rm -f $@.tmp
-	zcat $< | tar --delete -f - '*/libclamunrar/*' | xz -c > $@.tmp
-	mv $@.tmp $@

README.fedora

@@ -1,116 +0,0 @@
-A clamav-milter setup consists of the following three components:
-
-* the clamav-milter itself
-
-  --> this is provided by the 'clamav-milter' package plus (alternatively)
-      'clamav-milter-upstart' or 'clamav-milter-sysvinit'
-
-  The main configuration is in /etc/mail/clamav-milter.conf and MUST
-  be changed before first use.
-
-  The -sysvinit package is managed by the traditional tools, but
-  -upstart requires modification of /etc/event.d/clamav-milter to
-  enable automatic startup.  See comments there for more details.
-
-* a clamav scanner daemon
-
-  --> this package is called 'clamav-scanner' plus (alternatively)
-      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
-
-  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
-  edited before first use).
-
-  The -sysvinit package is managed by the traditional tools, but
-  -upstart requires modification of /etc/event.d/clamd.scan to enable
-  automatic startup.  See comments there for more details.
-
-* the MTA (sendmail/postfix)
-
-  --> you should know how to install this...
-
-  When communicating across unix sockets with the clamav-milter, it is
-  suggested to use the /var/run/clamav-milter/clamav-milter.socket
-  path.  You have to add something like
-
-    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
-
-  to your sendmail.mc.
-
-
-
-It is suggested that components communicate through TCP sockets as
-this eases setup.  Please add corresponding packet filter rules!
-
-
-EXAMPLE
-=======
-
-For clamav-milter, a possible setup might be created by
-
-A)  On the MTA  (assumed hostname 'host-mta')
-
-  1. Add to sendmail.mc
-
-    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
-
-  2. Rebuild sendmail.cf
-
-
-B)  On the clamav-milter host (assumed hostname 'host-milter')
-
-  1. Install clamav-milter + clamav-milter-upstart packages
-
-  2. Set in /etc/mail/clamav-milter.conf
-
-    | MilterSocket	inet:6666
-    | ClamdSocket	tcp:host-scanner:6665
-
-     and all the other options which are required on your system
-
-  3. Edit /etc/event.d/clamav-milter and uncomment the
-
-    | start on starting local
-
-     line. Restart your system or execute
-
-    | initctl emit starting local
-
-  4. Add something like
-
-    | iptables -N IN-cmilt
-    | iptables -A IN-cmilt -s host-mta -j ACCEPT
-    | iptables -A IN-cmilt -j DROP
-
-    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
-
-     to your firewall setup
-
-C)  On the clamav-scanner host (assumed hostname 'host-scanner')
-
-  1. Install clamav-scanner + clamav-scanner-upstart packages
-
-  2. Add to /etc/clamd.d/scan.conf
-
-    | TCPSocket 6665
-    | TCPAddr   host-scanner
-
-     comment out possible 'LocalSocket' lines and set all the other
-     options which are required on your system
-
-  3. Edit /etc/event.d/clamav-scanner and uncomment the
-
-    | start on starting local
-
-     line. Restart your system or execute
-
-    | initctl emit starting local
-
-  4. Add something like
-
-    | iptables -N IN-cscan
-    | iptables -A IN-cscan -s host-milter -j ACCEPT
-    | iptables -A IN-cscan -j DROP
-
-    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
-
-     to your firewall setup

clamav-0.100.0-stats-deprecation.patch

@@ -0,0 +1,18 @@
+https://bugzilla.clamav.net/show_bug.cgi?id=12097
+
+--- shared/optparser.c	
++++ shared/optparser.c	
+@@ -505,6 +505,13 @@ const struct clam_option __clam_options[
+     { "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
+     { "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
+     { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
++    { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
++    { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
++    { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
++    { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
++    { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
++    { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
++    { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ 
+     /* Milter specific options */
+ 

clamav-0.98-umask.patch

@@ -1,33 +0,0 @@
---- clamav-0.98/clamav-milter/clamav-milter.c		2013-09-16 21:28:14.000000000 +0200
-+++ clamav-0.98/clamav-milter/clamav-milter.c.umask	2013-10-06 20:39:08.000000000 +0200
-@@ -374,7 +374,7 @@
- 
-     if((opt = optget(opts, "PidFile"))->enabled) {
- 	FILE *fd;
--	mode_t old_umask = umask(0002);
-+	mode_t old_umask = umask(0022);
- 
- 	if((fd = fopen(opt->strarg, "w")) == NULL) {
- 	    logg("!Can't save PID in file %s\n", opt->strarg);
---- clamav-0.98/shared/output.c				2013-09-16 21:28:14.000000000 +0200
-+++ clamav-0.98/shared/output.c.umask			2013-10-06 20:39:28.000000000 +0200
-@@ -348,7 +348,7 @@
-     logg_open();
- 
-     if(!logg_fp && logg_file) {
--        old_umask = umask(0037);
-+        old_umask = umask(0077);
-         if((logg_fp = fopen(logg_file, "at")) == NULL) {
-             umask(old_umask);
- #ifdef CL_THREAD_SAFE
---- clamav-0.98/freshclam/freshclam.c			2013-09-16 21:28:14.000000000 +0200
-+++ clamav-0.98/freshclam/freshclam.c.umask		2013-10-06 20:39:47.000000000 +0200
-@@ -123,7 +123,7 @@
- {
-     FILE *fd;
-     int old_umask;
--    old_umask = umask (0006);
-+    old_umask = umask (0022);
-     if ((fd = fopen (pidfile, "w")) == NULL)
-     {
-         logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno));

clamav-0.99-private.patch

@@ -1,27 +0,0 @@
---- clamav-0.99/libclamav.pc.in			2015-09-18 22:48:25.000000000 +0200
-+++ clamav-0.99/libclamav.pc.in.private		2015-12-02 01:30:30.055231319 +0100
-@@ -7,6 +7,6 @@
- Description: A GPL virus scanner
- Version: @PACKAGE_VERSION@
- Libs: -L${libdir} -lclamav
--Libs.private: @LIBCLAMAV_LIBS@
-+Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
- Cflags: -I${includedir}
- 
---- clamav-0.99/clamav-config.in		2015-05-28 23:56:25.000000000 +0200
-+++ clamav-0.99/clamav-config.in.private	2015-12-02 01:31:34.933705763 +0100
-@@ -54,12 +54,8 @@
- 	usage 0
- 	;;
- 
--    --cflags)
--       	echo -I@includedir@ @CFLAGS@
--       	;;
--
--    --libs)
--       	echo -L@libdir@ @LIBCLAMAV_LIBS@
-+    (--cflags|--libs)
-+	${PKG_CONFIG:-pkg-config} "$1" libclamav
-        	;;
- 
-     *)

clamav-0.99.2-temp-cleanup.patch

@@ -1,137 +0,0 @@
-https://github.com/vrtadmin/clamav-devel/commit/f5bc94cf01e6a19d5255c0e5f9a5bc2336f5a2b1
-backported (re-merge). See also:
-
- - https://bugzilla.clamav.net/show_bug.cgi?id=11549
- - https://github.com/e2guardian/e2guardian/issues/159
-
---- clamav-0.99.2/libclamav/scanners.c			2016-04-22 17:02:19.000000000 +0200
-+++ clamav-0.99.2/libclamav/scanners.c.temp-cleanup	2017-11-17 00:59:14.295670694 +0100
-@@ -1342,37 +1342,33 @@
- 		return CL_CLEAN;
- 	}
- 
--	/* dump to disk only if explicitly asked to
--	 * or if necessary to check relative offsets,
--	 * otherwise we can process just in-memory */
--	if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
--		if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
--			cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
--			return ret;
--		}
--		if (ctx->engine->keeptmp)
--			cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
--	}
--
- 	if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
- 		cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
--		free(tmpname);
- 		return CL_EMEM;
- 	}
--
- 	text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
--	ret = CL_CLEAN;
--
- 
- 	if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
--		free(tmpname);
--		return ret;
-+            free(normalized);
-+            return ret;
- 	}
- 
- 	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
--		cli_ac_freedata(&tmdata);
--		free(tmpname);
--		return ret;
-+            cli_ac_freedata(&tmdata);
-+            free(normalized);
-+            return ret;
-+	}
-+
-+	/* dump to disk only if explicitly asked to
-+	 * or if necessary to check relative offsets,
-+	 * otherwise we can process just in-memory */
-+	if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
-+            if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
-+                cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
-+                goto done;
-+            }
-+            if (ctx->engine->keeptmp)
-+                cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
- 	}
- 
- 	mdata[0] = &tmdata;
-@@ -1387,10 +1383,9 @@
- 			map_off += written;
- 
- 			if  (write(ofd, state.out, state.out_pos) == -1) {
--				cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
--				close(ofd);
--				free(tmpname);
--				return CL_EWRITE;
-+                            cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
-+                            ret = CL_EWRITE;
-+                            goto done;
- 			}
- 			text_normalize_reset(&state);
- 		}
-@@ -1409,11 +1404,6 @@
- 			funmap(*ctx->fmap);
- 		}
- 		*ctx->fmap = map;
--
--		/* If we aren't keeping temps, delete the normalized file after scan. */
--		if(!(ctx->engine->keeptmp))
--			if (cli_unlink(tmpname)) ret = CL_EUNLINK;
--
- 	} else {
- 		/* Since the above is moderately costly all in all,
- 		 * do the old stuff if there's no relative offsets. */
-@@ -1421,11 +1411,8 @@
- 		if (troot) {
- 			cli_targetinfo(&info, 7, map);
- 			ret = cli_ac_caloff(troot, &tmdata, &info);
--			if (ret) {
--				cli_ac_freedata(&tmdata);
--				free(tmpname);
--				return ret;
--			}
-+			if (ret)
-+                            goto done;
- 		}
- 
- 		while(1) {
-@@ -1466,13 +1453,6 @@
- 
- 	}
- 
--	if(ctx->engine->keeptmp) {
--		free(tmpname);
--		if (ofd >= 0)
--			close(ofd);
--	}
--	free(normalized);
--
- 	if(ret != CL_VIRUS || SCAN_ALL)  {
- 		if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)
- 			viruses_found++;
-@@ -1481,9 +1461,19 @@
- 				viruses_found++;
- 	}
- 
-+done:
-+	free(normalized);
- 	cli_ac_freedata(&tmdata);
- 	cli_ac_freedata(&gmdata);
- 
-+	if (ofd != -1)
-+		close(ofd);
-+	if (tmpname != NULL) {
-+		if (!ctx->engine->keeptmp)
-+			cli_unlink(tmpname);
-+		free(tmpname);
-+	}
-+
- 	if (SCAN_ALL && viruses_found)
- 		return CL_VIRUS;
- 

clamav-clean.sh

@@ -0,0 +1,11 @@
+VERSION=0.100.3
+NAME=clamav
+TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
+TARBALL=${NAME}-${VERSION}.tar.gz
+
+wget https://www.clamav.net/downloads/production/${TARBALL}
+wget https://www.clamav.net/downloads/production/${TARBALL}.sig
+gpg --verify ${TARBALL}.sig ${TARBALL}
+#rm -f ${TARBALL}.tmp
+zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN}
+#mv ${TARBALL}.tmp ${TARBALL_CLEAN}

clamav-milter.init

@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Startup script for the Clamav Milter Daemon
+#
+# chkconfig: - 77 23
+# description: clamav-milter is a daemon which hooks into sendmail \
+#              and routes email messages to clamav.
+# processname: clamav-milter
+# pidfile: /var/run/clamav/clamav-milter.pid
+# config: /etc/sysconfig/clamav-milter
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+[ -x /usr/sbin/clamav-milter ] || exit 0
+
+# Local clamav-milter config
+CLAMAV_FLAGS=
+test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
+
+# See how we were called.
+case "$1" in
+  start)
+	echo -n "Starting Clamav Milter Daemon: "
+        daemon clamav-milter $CLAMAV_FLAGS 
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamav-milter
+	;;
+  stop)
+	echo -n "Stopping Clamav Milter Daemon: "
+	killproc clamav-milter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamav-milter
+	;;
+  status)
+	status clamav-milter
+	RETVAL=$?
+	;;
+  restart|reload)
+	$0 stop
+	$0 start
+	RETVAL=$?
+	;;
+  condrestart)
+	[ -e /var/lock/subsys/clamav-milter ] && $0 restart
+	RETVAL=$?
+	;;
+  *)
+	echo "Usage: clamav-milter {start|stop|status|restart|reload|condrestart}"
+	exit 1
+esac
+
+exit $RETVAL

clamav-milter.sysconfig

@@ -0,0 +1,4 @@
+### Simple config file for clamav-milter, you should
+### read the documentation and tweak it as you wish.
+
+CLAMAV_FLAGS=""

clamav-milter.systemd

@@ -1,25 +0,0 @@
-[Unit]
-Description = Milter module for the Clam Antivirus scanner
-After = syslog.target nss-lookup.target network.target
-Before = sendmail.service
-Before = postfix.service
-After = clamd@scan.service
-
-[Service]
-Type = forking
-ExecStart = /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
-Restart = on-failure
-
-User=clamilt
-Group=clamilt
-
-PrivateTmp=yes
-PrivateDevices=yes
-CapabilityBoundingSet=CAP_KILL
-
-ReadOnlyDirectories=/etc
-ReadOnlyDirectories=/usr
-ReadOnlyDirectories=/var/lib
-
-[Install]
-WantedBy = multi-user.target

clamav-milter.sysv

@@ -1,93 +0,0 @@
-#!/bin/bash
-#
-# clamav-milter Starts/stop the "clamav-milter" daemon
-#
-# chkconfig:   - 79 31
-# description: A virus scanning milter
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-exec=/usr/sbin/clamav-milter
-prog="clamav-milter"
-
-OPTS='-c /etc/mail/clamav-milter.conf'
-[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
-
-pidfile=/var/run/clamav-milter/milter.pid
-lockfile=/var/lock/subsys/$prog
-
-start() {
-    [ -x $exec ] || exit 5
-    [ -f $config ] || exit 6
-    echo -n $"Starting $prog: "
-    daemon --pidfile=${pidfile} $exec $OPTS --foreground=no --pid=${pidfile}
-    retval=$?
-    echo
-    [ $retval -eq 0 ] && touch $lockfile
-    return $retval
-}
-
-stop() {
-    echo -n $"Stopping $prog: "
-    killproc -p "${pidfile}" $exec
-    retval=$?
-    echo
-    [ $retval -eq 0 ] && rm -f $lockfile
-    return $retval
-}
-
-restart() {
-    stop
-    start
-}
-
-reload() {
-    restart
-}
-
-force_reload() {
-    restart
-}
-
-rh_status() {
-    # run checks to determine if the service is running or use generic status
-    status -p "${pidfile}" $prog
-}
-
-rh_status_q() {
-    rh_status >/dev/null 2>&1
-}
-
-
-case "$1" in
-    start)
-	rh_status_q && exit 0
-	$1
-	;;
-    stop)
-	rh_status_q || exit 0
-	$1
-	;;
-    restart)
-	$1
-	;;
-    reload)
-	rh_status_q || exit 7
-	$1
-	;;
-    force-reload)
-	force_reload
-	;;
-    status)
-	rh_status
-	;;
-    condrestart|try-restart)
-	rh_status_q || exit 0
-	restart
-	;;
-    *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
-	exit 2
-esac
-exit $?

clamav-milter.upstart

@@ -1,14 +0,0 @@
-### !!! Uncomment only *one* of the 'start on' statements !!!
-
-### Uncomment these lines when you want clamav-milter to be a milter
-### for a locally running MTA
-#start on (starting sendmail or starting postfix)
-
-### Uncomment these lines when you want clamav-milter to be a milter
-### for a remotely running MTA
-#start on runlevel [345] and starting local
-
-stop  on runlevel [!345]
-
-respawn
-exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes

clamav-update.crond

@@ -1,6 +0,0 @@
-## Adjust this line...
-MAILTO=root
-
-## It is ok to execute it as root; freshclam drops privileges and becomes
-## user 'clamupdate' as soon as possible
-0  */3 * * * root /usr/share/clamav/freshclam-sleep

clamav-update.logrotate

@@ -1,4 +0,0 @@
-/var/log/freshclam.log {
-        monthly
-        notifempty
-}

clamav.init

@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+# Startup script for the Clam AntiVirus Daemon
+#
+# chkconfig: - 61 39
+# description: Clam AntiVirus Daemon is a TCP/IP or socket protocol \
+#              server.
+# processname: clamd
+# pidfile: /var/run/clamav/clamd.pid
+# config: /etc/clamd.conf
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+[ -x /usr/sbin/clamd ] || exit 0
+
+# Local clamd config
+test -f /etc/sysconfig/clamd && . /etc/sysconfig/clamd
+
+# See how we were called.
+case "$1" in
+  start)
+	echo -n "Starting Clam AntiVirus Daemon: "
+	daemon clamd
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd
+	;;
+  stop)
+	echo -n "Stopping Clam AntiVirus Daemon: "
+	killproc clamd
+	rm -f /var/run/clamav/clamd.sock
+	rm -f /var/run/clamav/clamd.pid
+	RETVAL=$?
+	echo
+### heres the fix... we gotta remove the stale files on restart
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd 	
+	;;
+  status)
+	status clamd
+	RETVAL=$?
+	;;
+  restart|reload)
+	$0 stop
+	$0 start
+	RETVAL=$?
+	;;
+  condrestart)
+	[ -e /var/lock/subsys/clamd ] && $0 restart
+	RETVAL=$?
+	;;
+  *)
+	echo "Usage: clamd {start|stop|status|restart|reload|condrestart}"
+	exit 1
+esac
+
+exit $RETVAL

clamd-README

@@ -1,59 +0,0 @@
-To create individual clamd-instance take the following files and
-modify/copy them in the suggested way:
-
-clamd.conf:
-  * set LocalSocket (or better: TCPSocket) and User to suitable values;
-    avoid PidFile unless it is required by system monitoring or something
-    else. Logging through syslog is usually better than an individual
-    Logfile.
-  * place this file into /etc/clamd.d with an unique service-name;
-    e.g. as /etc/clamd.d/<SERVICE>.conf
-
-  When using TCPSocket, create iptables rules which are limiting the
-  access by source and/or by using '-m owner'.
-
-  When LogFile feature is wanted, it must be writable for the assigned
-  User. Recommended way to reach this, is to:
-  * make it owned by the User's *group*
-  * assign at least 0620 (u+rw,g+w) permissions
-
-  A suitable command might be
-  | # touch <logfile>
-  | # chgrp <user> <logfile>
-  | # chmod 0620   <logfile>
-  | # restorecon <logfile>
-
-  NEVER use 'clamav' as the user since he can modify the database.
-  This is the user who is running the application; e.g. for mimedefang
-  (http://www.roaringpenguin.com/mimedefang), the user might be
-  'defang'.Theoretically, distinct users could be used, but it must be
-  made sure that the application-user can write into the socket-file,
-  and that the clamd-user can access the files asked by the
-  application to be checked.
-
-clamd.logrotate: (only when LogFile feature is used)
-  * set the correct value for the logfile
-  * place it into /etc/logrotate.d
-
-clamd@<SERVICE>.service: (systemd instance)
-  * instance of clamd@.service
-
-Additionally, when using LocalSocket instead of TCPSocket, the directory
-for the socket file must be created.  For tmpfiles based systems, you
-might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
-with a content of
-
- | d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
-
-Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
-so that the socket can be accessed by clamd and by the applications
-using clamd. Make sure that the socket is not world accessible; else,
-DOS attacks or worse are trivial.
-
-
-[Disclaimer:
- this file and the script/configfiles are not part of the official
- clamav package.
-
- Please send complaints and comments to
- mailto:enrico.scholz@informatik.tu-chemnitz.de!]

clamd-gen

@@ -1,269 +0,0 @@
-#! /bin/bash
-
-# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-function showHelp()
-{
-    echo \
-$"Usage: clamd-gen --service=<SERVICE> --version=<VERSION> --release=<RELEASE>
-                 --license=<LICENSE> --username=>USERNAME>
-"
-    exit 0
-}
-
-function rpm.generatePreamble()
-{
-    cat <<EOF
-%{!?release_func:%define release_func()	%1%{?dist}}
-# The name of the minit service
-%define minitsvcdir	%minitdir/services/%name
-# The configuration file for the SysV initservice
-%define conffile	%_sysconfdir/clamd.d/%service.conf
-# The directory, where the milter socket will be placed into; this
-# socket will be named clamd.sock
-%define rundir		/var/run/clamd.%service
-# The name of the logfile
-%define logfile		/var/log/clamd.%service
-# The user under whose id, the clamd shall be running. This user must
-# be able to read the files from the base-service and is usually
-# created there.
-%define username	$USERNAME
-# The packagename of the service
-%define service		$SERVICE
-# The service name as used by the system's initscripts; usually this
-# is %service
-%define baseservice	%service
-
-%define __chkconfig	/sbin/chkconfig
-%define minitdir	%_sysconfdir/minit
-
-
-EOF
-}
-
-function rpm.generateHeader()
-{
-    cat <<EOF
-Summary:		Clamav server for '%service'
-Name:			clamd.%service
-Version:		$VERSION
-Release:		%release_func $RELEASE
-Epoch:			0
-License:		$LICENSE
-Group:			System Environment/Daemons
-BuildRoot:		%_tmppath/%name-%version-%release-root
-BuildArch:		noarch
-Requires:		init(%name)
-Requires(pre):		%service
-Requires:		clamav-server
-BuildRequires:		clamav-devel
-
-%package sysv
-Summary:		SysV initscripts for a %service clamav-server
-Group:			System Environment/Daemons
-Provides:		init(%name) = sysv
-Conflicts:		init(%name) < sysv
-Conflicts:		init(%name) > sysv
-Requires:		clamav-server-sysv
-Requires(post):		%name = %epoch:%version-%release
-Requires(post):		diffutils mktemp %__chkconfig
-Requires(preun):	%__chkconfig
-Requires(pre):		%_initrddir
-Requires(postun):	%_initrddir
-
-%package minit
-Summary:		minit initscripts for a %service clamav-server
-Group:			System Environment/Daemons
-Provides:		init(%name) = minit
-Conflicts:		init(%name) < minit
-Conflicts:		init(%name) > minit
-Requires(post):		%name = %epoch:%version-%release
-Requires(post):		diffutils mktemp
-Requires(pre):		minit-setup
-Requires(postun):	minit-setup
-Requires(triggers):	minit-tools
-
-
-%description
-Basic setup for a clamav server for '%service'.
-
-
-%description sysv
-Basic setup for a clamav server for '%service'.
-
-This package contains initscripts for SysV based systems.
-
-
-%description minit
-Basic setup for a clamav server for '%service'.
-
-This package contains initscripts for minit based systems.
-
-EOF
-}
-
-
-function rpm.genBody()
-{
-    cat <<"XEOFX"
-%prep
-%build
-
-%install
-rm -rf $RPM_BUILD_ROOT
-%__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log}
-
-d=/usr/share/clamav/template
-
-function subst
-{
-	src=$d/$1
-	dst=$RPM_BUILD_ROOT$2
-
-	%__install -d -m755 $(dirname "$dst")
-	sed -e 's!^\(#?LogFile \).*!\1%logfile!g;
-		s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g;
-		s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g;
-		s!<SERVICE>!%service!g;
-		s!<USER>!%username!g;' "$src" >"$dst"
-	chmod --reference "$src" "$dst"
-}
-
-subst clamd.conf      %conffile
-subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service
-
-%if 0%{!?_without_sysv:1}
-subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service
-subst clamd.init      %_initrddir/clamd.%service
-%endif
-
-ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service
-
-touch $RPM_BUILD_ROOT%logfile
-touch $RPM_BUILD_ROOT%rundir/clamd.sock
-
-%if 0%{!?_without_minit:1}
-ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run
-touch                          $RPM_BUILD_ROOT%minitsvcdir/respawn
-cat <<EOF                     >$RPM_BUILD_ROOT%minitsvcdir/params
--c
-%conffile
-EOF
-%endif
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
-%triggerin minit -- %baseservice
-minit-svc add services/clamd.%service services/%baseservice/
-
-%triggerun minit -- %baseservice
-test "$1" != 0 -a "$2" != 0 || \
-	minit-svc del services/clamd.%service services/%baseservice/
-
-
-%post minit
-d=$(mktemp /tmp/clamd.%service.XXXXXX)
-sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d"
-grep -q '^Foreground' $d || echo 'Foreground' >>$d
-cmp -s "$d" %conffile || cat "$d" >"%conffile"
-rm -f "$d"
-
-%post sysv
-d=$(mktemp /tmp/clamd.%service.XXXXXX)
-sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d"
-cmp -s "$d" %conffile || cat "$d" >"%conffile"
-rm -f "$d"
-
-%__chkconfig --add %name
-
-
-%preun sysv
-test "$1" != 0 || %__chkconfig --del %name
-
-XEOFX
-}
-
-
-function rpm.genFiles
-{
-    cat <<"EOF"
-%files
-%defattr(-,root,root,-)
-%doc
-%config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username)  %logfile
-%config(noreplace) %verify(not mtime) %conffile
-%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service
-%_sbindir/clamd.%service
-%dir %attr(0700,%username,root) %rundir
-%ghost %rundir/clamd.sock
-
-
-%if 0%{!?_without_sysv:1}
-%files sysv
-%defattr(-,root,root,-)
-%config            %verify(not mtime) %_initrddir/clamd.%service
-%config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service
-%endif
-
-
-%if 0%{!?_without_minit:1}
-%files minit
-%defattr(-,root,root,-)
-%dir                                  %minitsvcdir
-%config(noreplace) %verify(not mtime) %minitsvcdir/params
-%config                               %minitsvcdir/run
-				      %minitsvcdir/respawn
-%endif
-EOF
-}
-
-
-SERVICE=
-VERSION=
-RELEASE=
-LICENSE=
-USERNAME=
-tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1
-eval set -- "$tmp"
-
-while true; do
-    case "$1" in
-	(--help)	showHelp $0;;
-	(--service)	SERVICE=$2;  shift;;
-	(--version)	VERSION=$2;  shift;;
-	(--release)	RELEASE=$2;  shift;;
-	(--license)	LICENSE=$2;  shift;;
-	(--username)	USERNAME=$2; shift;;
-	(--)		shift; break;;
-    esac
-    shift
-done
-
-for i in SERVICE VERSION RELEASE LICENSE USERNAME; do
-    eval tmp=\$${i}
-    test "$tmp" || {
-	echo $"No value for $i specified; assuming @${i}@"  >&2;
-	eval $i=@${i}@;
-    }
-done
-
-
-rpm.generatePreamble
-rpm.generateHeader
-rpm.genBody
-rpm.genFiles

clamd-wrapper

@@ -1,90 +0,0 @@
-#!/bin/bash
-#
-# Xchkconfig: - 75 35
-# Xdescription: The clamd daemon listens for incoming connections on		\
-#               Unix or TCP socket and scans files or directories on demand.
-
-test "$CLAMD_SERVICE" || {
-    echo $"*** $0 can not be called in this way"
-    echo $"*** Please see /usr/share/doc/clamav-server-*/README how"
-    echo $"*** the clamav-server can be configured"
-    exit 6
-}
-
-# Source function library.
-. /etc/init.d/functions
-
-# Get config.
-test -r /etc/sysconfig/network && . /etc/sysconfig/network
-
-# Check that networking is up.
-test "$NETWORKING" != "no" || exit 6
-
-lockfile=/var/lock/subsys/clamd.${CLAMD_SERVICE}
-sysconffile=/etc/sysconfig/clamd.${CLAMD_SERVICE}
-procname=clamd.${CLAMD_SERVICE}
-
-CLAMD_CONFIGFILE=/etc/clamd.d/${CLAMD_SERVICE}.conf
-CLAMD_OPTIONS=
-CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid
-## backward-compatibility check...
-for i in /var/run/clamd.${CLAMD_SERVICE}/clamd.sock \
-	 /var/run/clamav.${CLAMD_SERVICE}/clamd.sock; do
-  CLAMD_SOCKET=$i
-  test ! -e "$i" || break
-done
-test -f "$sysconffile" && . "$sysconffile"
-
-
-RETVAL=0
-prog="clamd.${CLAMD_SERVICE}"
-
-start () {
-	echo -n $"Starting $prog: "
-	daemon --pidfile=${CLAMD_PIDFILE} \
-	    exec -a $procname /usr/sbin/clamd \
-	    ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE}
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && touch $lockfile
-	return $RETVAL
-}
-
-stop () {
-	echo -n $"Stopping $prog: "
-	killproc -p ${CLAMD_PIDFILE} $procname
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && rm -f $lockfile
-	return $RETVAL
-}
-
-reload() {
-	rc=0
-	echo -n $"Reloading $prog: "
-	killproc -p ${CLAMD_PIDFILE} $procname -HUP  || rc=$?
-	echo
-	echo -n $"Loading new virus-database: "
-	killproc -p ${CLAMD_PIDFILE} $procname -USR2 || rc=$?
-	echo
-	return $rc
-}
-
-restart () {
-	stop
-	start
-}
-
-# See how we were called.
-case "$1" in
-  start|stop|restart|reload)
-	$1 ;;
-  status)
-	status -p ${CLAMD_PIDFILE} $procname ;;
-  condrestart)
-	test ! -f $lockfile || restart
-	;;
-  *)
-	echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
-	exit 2
-esac

clamd.SERVICE.init

@@ -1,7 +0,0 @@
-#!/bin/bash
-#
-# chkconfig: - 75 35
-# description: The clamd server running for <SERVICE>
-
-CLAMD_SERVICE=<SERVICE>
-. /usr/share/clamav/clamd-wrapper

clamd.logrotate

@@ -1,9 +1,8 @@
-/var/log/clamd.<SERVICE> {
-	monthly
-	notifempty
-	missingok
-
-	postrotate
-		killall -HUP clamd.<SERVICE> >/dev/null 2>&1 || :
-	endscript
+%{_localstatedir}/log/clamav/clamd.log {
+        missingok
+        notifempty
+        create 644 clam clam
+        postrotate
+                killall -HUP clamd 2>/dev/null || :
+        endscript
 }

clamd.scan.upstart

@@ -1,14 +0,0 @@
-### !!! Uncomment only *one* of the 'start on' statements !!!
-
-### Uncomment this line when you want clamd.scan to be a scanner for a
-### locally running clamav-milter
-#start on starting clamav-milter
-
-### Uncomment this line when you want clamd.scan to be a generic
-### scanner service
-#start on runlevel [345] and starting local
-
-stop  on runlevel [!345]
-
-respawn
-exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes

clamd.sysconfig

@@ -1,3 +0,0 @@
-#CLAMD_CONFIGFILE=/etc/clamd.d/<SERVICE>.conf
-#CLAMD_SOCKET=/var/run/clamd.<SERVICE>/clamd.sock
-#CLAMD_OPTIONS=

clamd@.service

@@ -1,8 +0,0 @@
-[Unit]
-Description = clamd scanner (%i) daemon
-After = syslog.target nss-lookup.target network.target
-
-[Service]
-Type = forking
-ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
-Restart = on-failure

clamd@scan.service

@@ -1,7 +0,0 @@
-.include /lib/systemd/system/clamd@.service
-
-[Unit]
-Description = Generic clamav scanner daemon
-
-[Install]
-WantedBy = multi-user.target

freshclam-sleep

@@ -1,52 +0,0 @@
-#! /bin/bash
-# Copyright (C) 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-
-FRESHCLAM_MOD=$[ 3*60 ]		# 3 hours
-
-f=/etc/sysconfig/freshclam
-test ! -e "$f" || . "$f"
-
-
-case x"$1" in
-    (xnow)		FRESHCLAM_DELAY=0;;
-    (x|xrandom)		: ${FRESHCLAM_DELAY:=$[ 0x`hostid` ]};;
-    (*)			FRESHCLAM_DELAY=$1;;
-esac
-
-set -e
-
-case $FRESHCLAM_DELAY in
-    (disabled-warn)
-	echo $"\
-WARNING: update of clamav database is disabled; please see
-  '$f'
-  for information how to enable the periodic update resp. how to turn
-  off this message." >&2
-	exit 1
-	;;
-
-    (disabled)
-	exit 0
-	;;
-
-    (*)
-	let FRESHCLAM_MOD*=60
-	sleep $[ (FRESHCLAM_DELAY % FRESHCLAM_MOD + FRESHCLAM_MOD) % FRESHCLAM_MOD ]
-	;;
-esac
-
-/usr/bin/freshclam --quiet

freshclam.cron

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+### A simple update script for the clamav virus database.
+### This could as well be replaced by a SysV script.
+
+### fix log file if needed
+LOG_FILE="%{_localstatedir}/log/clamav/freshclam.log"
+if [ ! -f "$LOG_FILE" ]; then
+    touch "$LOG_FILE"
+    chmod 644 "$LOG_FILE"
+    chown clam.clam "$LOG_FILE"
+fi
+
+%{_bindir}/freshclam \
+    --quiet \
+    --datadir="%{_localstatedir}/lib/clamav" \
+    --log="$LOG_FILE"

freshclam.logrotate

@@ -0,0 +1,5 @@
+%{_localstatedir}/log/clamav/freshclam.log {
+        missingok
+        notifempty
+        create 644 clam clam
+}

freshclam.sysconfig

@@ -1,18 +0,0 @@
-## When changing the periodicity of freshclam runs in the crontab,
-## this value must be adjusted also. Its value is the timespan between
-## two subsequent freshclam runs in minutes. E.g. for the default
-##
-## | 0 */3 * * *  ...
-##
-## crontab line, the value is 180 (minutes).
-# FRESHCLAM_MOD=
-
-## A predefined value for the delay in seconds. By default, the value is
-## calculated by the 'hostid' program. This predefined value guarantees
-## constant timespans of 3 hours between two subsequent freshclam runs.
-##
-## This option accepts two special values:
-## 'disabled-warn'  ...  disables the automatic freshclam update and
-##                         gives out a warning
-## 'disabled'       ...  disables the automatic freshclam silently
-# FRESHCLAM_DELAY=

llvm-glibc.patch

@@ -1,12 +0,0 @@
-Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
-===================================================================
---- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
-+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
-@@ -52,6 +52,7 @@ static void runAtExitHandlers() {
- #include <sys/stat.h>
- #endif
- #include <fcntl.h>
-+#include <unistd.h>
- /* stat functions are redirecting to __xstat with a version number.  On x86-64 
-  * linking with libc_nonshared.a and -Wl,--export-dynamic doesn't make 'stat' 
-  * available as an exported symbol, so we have to add it explicitly.

sources

@@ -1,4 +1,6 @@
-SHA512 (clamav-0.99.3-norar.tar.xz) = d80b20c982d35eecd2719af325bc774a5a5fe63a97f3d855c74919f6cfac6fe3f12c51479e49d96031ae0e9a3dedcf446dd22426cceba22ec4b641e9ea1f250a
-SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
-SHA512 (daily-24253.cvd) = cef70a86f7989ec330c0479f6070e735181168c0331e981cfcd8d9a5aebdd6be42d772167c701f6f33219a4b41aced806e70c156e9a2a060c30ba55e73743fcd
+SHA512 (clamav-0.100.3-norar.tar.xz) = f1d9b9b99950e3741b1a34472e3eec58f3cfd44bfd1ee11bb37997c08919aee33c2ba277689427eb59d854643fb1052a7d4117ad4ea630426169a34f52eef65f
+SHA512 (daily-25401.cvd) = dcd24145dd6f533208df13c656ca661d8dc0755fdb5f05ca0ac224594062de2aafd0a84464b4dded3f5df52329d29ed3ed3d42afb9673363dd39314f582976f6
+SHA512 (bytecode-328.cvd) = 6ff39ae8bcc7ddf92f056310bbd19f0bdbcd56f56e005e952f7e5e50ae7378621f4a8ad21dc710343ecf1debc192ab4c02d4897f4c612f08ebc9e7035d2fa306
 SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a
+SHA512 (clamd-wrapper.tar.bz2) = a67f15197ebc92c0e9387e32da944d6815b1ce106ae0dd0c00e9001b6224f4f11119dd1df675bb1a7f8ac15ad2a3aaab67ae39d6257d0de6967b1f7cf1527ef9
+SHA512 (zlib-1.2.7.tar.bz2) = 3e18c3923210c2c3da6e12735c0d2babdaf661fb704430516b00aaab8d5e690d8d8f46646173c634f04b050a59bf979d343aede472c5038afcda7baa2c897635

zlib-1.2.5-minizip-fixuncrypt.patch

@@ -0,0 +1,14 @@
+diff -up zlib-1.2.5/contrib/minizip/unzip.c.fixuncrypt zlib-1.2.5/contrib/minizip/unzip.c
+--- zlib-1.2.5/contrib/minizip/unzip.c.fixuncrypt	2011-11-11 12:13:56.335867758 -0500
++++ zlib-1.2.5/contrib/minizip/unzip.c	2011-11-11 12:14:01.747799372 -0500
+@@ -68,10 +68,6 @@
+ #include <stdlib.h>
+ #include <string.h>
+ 
+-#ifndef NOUNCRYPT
+-        #define NOUNCRYPT
+-#endif
+-
+ #include "zlib.h"
+ #include "unzip.h"
+ 

zlib-1.2.7-Fix-bug-where-gzopen-gzclose-would-write-an-empty-fi.patch

@@ -0,0 +1,43 @@
+From 0cf495a1ca941428c0b11e2307cad760ae44993e Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Sat, 29 Sep 2012 22:23:47 -0700
+Subject: [PATCH] Fix bug where gzopen(), gzclose() would write an empty file.
+
+A gzopen() to write (mode "w") followed immediately by a gzclose()
+would output an empty zero-length file.  What it should do is write
+an empty gzip file, with the gzip header, empty deflate content,
+and gzip trailer totalling 20 bytes.  This fixes it to do that.
+---
+ gzwrite.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/gzwrite.c b/gzwrite.c
+index f53aace..79a69a5 100644
+--- a/gzwrite.c
++++ b/gzwrite.c
+@@ -554,15 +554,14 @@ int ZEXPORT gzclose_w(file)
+     }
+ 
+     /* flush, free memory, and close file */
+-    if (state->size) {
+-        if (gz_comp(state, Z_FINISH) == -1)
+-            ret = state->err;
+-        if (!state->direct) {
+-            (void)deflateEnd(&(state->strm));
+-            free(state->out);
+-        }
+-        free(state->in);
++    if (gz_comp(state, Z_FINISH) == -1)
++        ret = state->err;
++    if (!state->direct) {
++        (void)deflateEnd(&(state->strm));
++        free(state->out);
+     }
++    if (state->size)
++        free(state->in);
+     gz_error(state, Z_OK, NULL);
+     free(state->path);
+     if (close(state->fd) == -1)
+-- 
+1.9.3
+

zlib-1.2.7-fix-serious-but-very-rare-decompression-bug-in-inftr.patch

@@ -0,0 +1,47 @@
+From 51370f365607fe14a6a7a1a27b3bd29d788f5e5b Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Mon, 18 Feb 2013 21:06:35 -0800
+Subject: [PATCH] Fix serious but very rare decompression bug in inftrees.c.
+
+inftrees.c compared the number of used table entries to the maximum
+allowed value using >= instead of >.  This patch fixes those to use
+>.  The bug was discovered by Ignat Kolesnichenko of Yandex LC
+where they have run petabytes of data through zlib.  Triggering the
+bug is apparently very rare, seeing as how it has been out there in
+the wild for almost three years before being discovered.  The bug
+is instantiated only if the exact maximum number of decoding table
+entries, ENOUGH_DISTS or ENOUGH_LENS is used by the block being
+decoded, resulting in the false positive of overflowing the table.
+---
+ inftrees.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/inftrees.c b/inftrees.c
+index 873da59..3781399 100644
+--- a/inftrees.c
++++ b/inftrees.c
+@@ -208,8 +208,8 @@ unsigned short FAR *work;
+     mask = used - 1;            /* mask for comparing low */
+ 
+     /* check available table space */
+-    if ((type == LENS && used >= ENOUGH_LENS) ||
+-        (type == DISTS && used >= ENOUGH_DISTS))
++    if ((type == LENS && used > ENOUGH_LENS) ||
++        (type == DISTS && used > ENOUGH_DISTS))
+         return 1;
+ 
+     /* process all codes and make table entries */
+@@ -277,8 +277,8 @@ unsigned short FAR *work;
+ 
+             /* check for enough space */
+             used += 1U << curr;
+-            if ((type == LENS && used >= ENOUGH_LENS) ||
+-                (type == DISTS && used >= ENOUGH_DISTS))
++            if ((type == LENS && used > ENOUGH_LENS) ||
++                (type == DISTS && used > ENOUGH_DISTS))
+                 return 1;
+ 
+             /* point entry in root table to sub-table */
+-- 
+1.9.3
+

zlib-1.2.7-optimized-s390.patch

@@ -0,0 +1,40 @@
+diff -upr zlib-1.2.7.orig/deflate.c zlib-1.2.7/deflate.c
+--- zlib-1.2.7.orig/deflate.c	2012-10-04 12:18:50.750427902 +0200
++++ zlib-1.2.7/deflate.c	2012-10-04 12:20:04.222190460 +0200
+@@ -1150,15 +1150,16 @@ local void lm_init (s)
+ /* For 80x86 and 680x0, an optimized version will be provided in match.asm or
+  * match.S. The code will be functionally equivalent.
+  */
+-local uInt longest_match(s, cur_match)
++local uInt longest_match(s, pcur_match)
+     deflate_state *s;
+-    IPos cur_match;                             /* current match */
++    IPos pcur_match;                             /* current match */
+ {
++    ptrdiff_t cur_match = pcur_match; /* extend to pointer width */
+     unsigned chain_length = s->max_chain_length;/* max hash chain length */
+     register Bytef *scan = s->window + s->strstart; /* current string */
+     register Bytef *match;                       /* matched string */
+     register int len;                           /* length of current match */
+-    int best_len = s->prev_length;              /* best match length so far */
++    ptrdiff_t best_len = s->prev_length;              /* best match length so far */
+     int nice_match = s->nice_match;             /* stop if match long enough */
+     IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
+         s->strstart - (IPos)MAX_DIST(s) : NIL;
+@@ -1173,12 +1174,12 @@ local uInt longest_match(s, cur_match)
+      * Try with and without -DUNALIGNED_OK to check.
+      */
+     register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
+-    register ush scan_start = *(ushf*)scan;
+-    register ush scan_end   = *(ushf*)(scan+best_len-1);
++    register uInt scan_start = *(ushf*)scan;
++    register uInt scan_end   = *(ushf*)(scan+best_len-1);
+ #else
+     register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+-    register Byte scan_end1  = scan[best_len-1];
+-    register Byte scan_end   = scan[best_len];
++    register uInt scan_end1  = scan[best_len-1];
++    register uInt scan_end   = scan[best_len];
+ #endif
+ 
+     /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.

zlib-1.2.7-z-block-flush.patch

@@ -0,0 +1,45 @@
+From f1b8edadc3c733990f8a8de4d643f968e571ae85 Mon Sep 17 00:00:00 2001
+From: Adam Tkac <atkac@redhat.com>
+Date: Fri, 17 Aug 2012 15:13:48 +0200
+Subject: [PATCH] Rank Z_BLOCK flush below Z_PARTIAL_FLUSH only when last
+ flush was Z_BLOCK.
+
+This fixes regression introduced by f1ebdd6a9c495a5db9a22aa80dd7d54ae7db42e9
+(Permit stronger flushes after Z_BLOCK flushes.). Now this code is valid
+again:
+
+deflate(stream, Z_SYNC_FLUSH);
+deflateParams(stream, newLevel, Z_DEFAULT_STRATEGY);
+
+Signed-off-by: Adam Tkac <atkac@redhat.com>
+---
+ deflate.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/deflate.c b/deflate.c
+index 9e4c2cb..3422f72 100644
+--- a/deflate.c
++++ b/deflate.c
+@@ -882,9 +882,16 @@ int ZEXPORT deflate (strm, flush)
+      * flushes. For repeated and useless calls with Z_FINISH, we keep
+      * returning Z_STREAM_END instead of Z_BUF_ERROR.
+      */
+-    } else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) &&
+-               flush != Z_FINISH) {
+-        ERR_RETURN(strm, Z_BUF_ERROR);
++    } else if (strm->avail_in == 0 && flush != Z_FINISH) {
++        char err;
++
++        /* Degrade Z_BLOCK only when last flush was Z_BLOCK */
++        err = (old_flush == Z_BLOCK) ?
++              RANK(flush) <= RANK(old_flush) : flush <= old_flush;
++
++        if (err) {
++            ERR_RETURN(strm, Z_BUF_ERROR);
++        }
+     }
+ 
+     /* User must not provide more input after the first FINISH: */
+-- 
+1.7.11.4
+