Compare commits
10 Commits
Author | SHA1 | Date |
---|---|---|
Robert Scheck | c2a90c00ea | |
Robert Scheck | 2cfaede773 | |
Robert Scheck | e83b89fce6 | |
Sérgio M. Basto | 629ff45d72 | |
Robert Scheck | dd703ec634 | |
Orion Poplawski | 7308909710 | |
Orion Poplawski | 8dc4d31df5 | |
Orion Poplawski | 2e5f321f11 | |
Sérgio M. Basto | caa3615daa | |
Sérgio M. Basto | 75726c0376 |
|
@ -1,5 +1,6 @@
|
|||
/clamd-wrapper.tar.bz2
|
||||
/clamav-*-norar.tar.xz
|
||||
/main*.cvd
|
||||
/daily*.cvd
|
||||
/bytecode-278.cvd
|
||||
/bytecode-319.cvd
|
||||
/bytecode-*.cvd
|
||||
/zlib-*.tar.bz2
|
||||
|
|
|
@ -1,279 +0,0 @@
|
|||
* Tue Dec 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.7-1
|
||||
- updated to 0.88.7
|
||||
|
||||
* Sun Nov 5 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.6-1
|
||||
- updated to 0.88.6
|
||||
|
||||
* Wed Oct 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.5-1
|
||||
- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295
|
||||
- added patch to set '__attribute__ ((visibility("hidden")))' for
|
||||
exported MD5_*() functions (fixes #202043)
|
||||
|
||||
* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.88.4-4
|
||||
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
|
||||
|
||||
* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-3
|
||||
- splitted SysV initscripts of -milter and -server into own subpackages
|
||||
|
||||
* Fri Sep 15 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-2
|
||||
- rebuilt
|
||||
|
||||
* Tue Aug 8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-1
|
||||
- updated to 0.88.4 (SECURITY)
|
||||
|
||||
* Wed Jul 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
||||
- removed the clamdscan(1) manpage from the -server subpackage
|
||||
|
||||
* Sat Jul 8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
||||
- removed a superfluous '}'
|
||||
- removed some code which was relevant for FC-3 only
|
||||
|
||||
* Sat Jul 8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.3-1
|
||||
- updated to 0.88.3
|
||||
- updated to new fedora-usermgmt macros
|
||||
|
||||
* Tue May 16 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-2
|
||||
- cleanups: removed unneeded curlies, use plain command instead of
|
||||
%%__XXX macro, whitespace cleanup, removed unneeded versioned
|
||||
dependencies
|
||||
- added a 'Requires(post): group(clamav)' dependencies for -update and
|
||||
added the corresponding Provides: to -data
|
||||
- removed the %%_without_milter conditional; you won't gain anything
|
||||
when milter would be disabled at buildtime
|
||||
|
||||
* Sun Apr 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-1
|
||||
- updated to 0.88.2 (SECURITY)
|
||||
- rediffed patches; most issues handled by 0.88.1-2 are fixed in
|
||||
0.88.2
|
||||
|
||||
* Mon Apr 24 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-2
|
||||
- added patch which fixes some classes of compiler warnings; at least
|
||||
the using of implicitly declared functions was reported to cause
|
||||
segfaults on AMD64 (brought to my attention by Marc Perkel)
|
||||
- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
|
||||
|
||||
* Thu Apr 06 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-1
|
||||
- updated to 0.88.1 (SECURITY)
|
||||
|
||||
* Sat Feb 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-2
|
||||
- rebuilt for FC5
|
||||
|
||||
* Tue Jan 10 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-1
|
||||
- updated to 0.88
|
||||
- added pseudo-versions for the 'init(...)' provides as a first step
|
||||
for the support of alternative initmethods
|
||||
|
||||
* Tue Nov 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-2
|
||||
- moved 'freshclam.conf.5' man page into the -update subpackage (#173221)
|
||||
- ship 'clamd.conf.5' man page in the -server subpackage *too*. The
|
||||
same file is contained in multiple packages now, but this man-page
|
||||
can not be removed from the base package because it also applies to
|
||||
'clamdscan' there (#173221).
|
||||
|
||||
* Fri Nov 4 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-1
|
||||
- updated to 0.87.1
|
||||
|
||||
* Sat Sep 17 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87-1
|
||||
- updated to 0.87 (SECURITY)
|
||||
- removed -timeout patch; it is solved upstream
|
||||
- reverted the -exim changes; they add yet more complexity, their
|
||||
functionality can go into an own package and they contained flaws
|
||||
|
||||
* Fri Sep 9 2005 David Woodhouse <dwmw2@infradead.org> - 0.86.2-5
|
||||
- Add clamav-exim configuration package
|
||||
|
||||
* Fri Jul 29 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-4
|
||||
- [milter] create the milter-logfile in the %%post scriptlet
|
||||
- [milter] reverted the change of the default child_timeout value; it
|
||||
was set to 5 minutes in 0.86.2 which conflicts with the internal
|
||||
mode where a timeout must not be set. So, the clamav-milter would
|
||||
not run with the default configuration
|
||||
|
||||
* Thu Jul 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-3
|
||||
- Fixed calculation of sleep duration; on some systems/IPs, `hostid`
|
||||
results in a negative number which is retained by the bash
|
||||
modulo-operation. So the sleep may get a negative number of seconds
|
||||
being interpreted as an option. This version makes sure that the
|
||||
module-operations returns a non-negative value. [BZ #164494, James
|
||||
Wilkinson]
|
||||
- added support for a /usr/sbin/clamav-notify-servers.local hook; this
|
||||
file will be executed (source'd) before all other actions and can
|
||||
abort the entire processing by invoking 'exit'
|
||||
|
||||
* Mon Jul 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-2
|
||||
- updated to 0.86.2 (SECURITY)
|
||||
- changed the freshclam updating mechanism (again); now, it consists
|
||||
of a crontab which does not need to be changed and a helper script
|
||||
(freshclam-sleep). This helper script is configured by
|
||||
/etc/sysconfig/freshclam
|
||||
|
||||
* Sat Jun 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.1-2
|
||||
- updated to 0.86.1
|
||||
- fixed randomization in %%post scriptlet: hour should be a range but
|
||||
not a single number
|
||||
|
||||
* Tue Jun 21 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86-1
|
||||
- updated to 0.86
|
||||
- randomize freshclam startup times in -update's %%post script (suggested
|
||||
by Stephen Smoogen); this requires some more Requires(post): also
|
||||
|
||||
* Wed May 18 2005 Warren Togami <wtogami@redhat.com> - 0.85.1-4
|
||||
- fix dist tagging the way Enrico wants it
|
||||
|
||||
* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at> - 0.85.1-2
|
||||
- Rebuild
|
||||
|
||||
* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at> - 0.85.1-1
|
||||
- Update
|
||||
|
||||
* Sat May 14 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.85-0
|
||||
- updated to 0.85
|
||||
|
||||
* Sun May 1 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.84-0
|
||||
- updated to 0.84
|
||||
|
||||
* Fri Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
|
||||
- rebuilt
|
||||
|
||||
* Tue Feb 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.83-1
|
||||
- updated to 0.83
|
||||
|
||||
* Tue Feb 8 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.82-1
|
||||
- updated to 0.82
|
||||
- minor spec cleanups
|
||||
|
||||
* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.2
|
||||
- build the package with '--disable-zlib-vcheck' because RH is unable to
|
||||
apply a fix for a 5 month old and solved security issue. Please fill
|
||||
your comments at https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385
|
||||
- added 'BuildRequires: bc' (should work without also, but ./configure
|
||||
gives out ugly warnings else)
|
||||
|
||||
* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.1
|
||||
- updated to 0.81
|
||||
- do not ship the 'clamd.milter' daemon anymore; clamav-milter supports
|
||||
an internal mode now which is enabled by default
|
||||
- updated -milter %%description
|
||||
|
||||
* Thu Jan 20 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.2
|
||||
- s!cron.d/clamav!cron.d/clamav-update! in the %%description of the -update
|
||||
subpackage (https://bugzilla.fedora.us/show_bug.cgi?id=1715#c39)
|
||||
|
||||
* Wed Nov 3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.1
|
||||
- updated to 0.80
|
||||
- removed DMS, FreeBSD-HOWTO and localized docs as it is not shipped anymore
|
||||
- buildrequire 'curl-devel'
|
||||
- renamed clamav.conf to clamd.conf (upstream change)
|
||||
- updated -initoff patch
|
||||
|
||||
* Tue Sep 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75.1-0.fdr.1
|
||||
- updated to 0.75.1
|
||||
- use %%configure, the problems with the architecture specification
|
||||
seem to have passed (probably because of an autoconf update)
|
||||
- set mode 0600 for the cron-script (required by vixie-cron)
|
||||
- made the cronjob a spambot and send mail about deactivated freshclam
|
||||
service to nearly everybody... (root, postmaster, webmaster)
|
||||
- other fixes in the notification cronjob
|
||||
|
||||
* Fri Jul 23 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75-0.fdr.1
|
||||
- updated to 0.75
|
||||
|
||||
* Thu Jul 15 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.2
|
||||
- moved /usr/bin/clamav-config from main into -devel
|
||||
|
||||
* Wed Jun 30 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.1
|
||||
- updated to 0.74
|
||||
|
||||
* Mon Jun 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.73-0.fdr.1
|
||||
- updated to 0.73
|
||||
- added pkgconfig file
|
||||
|
||||
* Fri Jun 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.3
|
||||
- notify the user about a deactivated clamav-update service
|
||||
- added clamd-gen script which generates template spec-files for
|
||||
services using clamd
|
||||
- copied template configuration files to %pkgdatadir/template (needed
|
||||
for clamd-gen)
|
||||
- moved the clamd-wrapper from %_initrddir to %{pkgdatadir}; a symlink
|
||||
will be provided for compatibility reasons
|
||||
- conditionalized building of the -milter subpackage ('--without
|
||||
milter' switch) to enable builds on RH73 (bug #1715, comment #5/#7)
|
||||
|
||||
* Fri Jun 4 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.2
|
||||
- removed 'BuildRequires: dietlibc'; it was a leftover from the
|
||||
pre-use-signal era (before 0.70) (bug #1716)
|
||||
|
||||
* Thu Jun 3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.1
|
||||
- updated to 0.72
|
||||
|
||||
* Thu May 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.2
|
||||
- removed the randomization in the cronjob; it seems to be impossible
|
||||
to use the mod-operator (%%) there. Instead of, the user has to
|
||||
replace some placeholders...
|
||||
|
||||
* Wed May 19 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.1
|
||||
- updated to 0.71
|
||||
|
||||
* Fri May 7 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1.1
|
||||
- quote 'EOF' to delay $RANDOM expansion
|
||||
|
||||
* Tue Apr 27 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.2
|
||||
- updated GECOS entry for the 'clamav' user to describe its purpose
|
||||
more accurately
|
||||
- use explicit '-m755' when creating directories with install
|
||||
|
||||
* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1
|
||||
- updated to 0.70; rediffed some patches
|
||||
- updated logrotate script to use signals and documented the steps
|
||||
which are needed to make it work
|
||||
- adapted initscript to use signals instead of sockwrite
|
||||
- removed sockwrite; signals can now be used to reload the database
|
||||
- added logfile to the -milter subpackage
|
||||
|
||||
* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2.1
|
||||
- tagged some Requires:, since clamav-server is required in the milter-%%post* scriptlets
|
||||
|
||||
* Sat Mar 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2
|
||||
- split the double Requires(...,...): statements; see
|
||||
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118773
|
||||
- require the recent fedora-usermgmt package (0.7) which fixes similar
|
||||
ordering issues
|
||||
|
||||
* Thu Mar 18 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.1
|
||||
- updated to 0.68 (using the -1 version)
|
||||
- ship milter-files in the -milter instead of the -server subpackage
|
||||
|
||||
* Tue Feb 24 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.3
|
||||
- fixed ':' vs. '.' in chown
|
||||
|
||||
* Tue Feb 17 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.2
|
||||
- randomize freshclam startup to prevent server peaks
|
||||
|
||||
* Mon Feb 16 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.1
|
||||
- updated to 0.67 (using the -1 version)
|
||||
|
||||
* Wed Feb 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.66-0.fdr.2
|
||||
- updated to 0.66; important, packaging-relevant changes are
|
||||
freshclam:
|
||||
* $http_proxy is not supported anymore; you have to configure it in
|
||||
/etc/freshclam.conf
|
||||
* the logfile has been renamed to /var/log/freshclam.log
|
||||
- removed %%check section; buildroot check is implemented in local
|
||||
testsuite already
|
||||
- added some %%verify(not mtime) modifiers to avoid unnecessary .rpmnew
|
||||
files
|
||||
- added some directory-Requires:
|
||||
- activated milter-package and made it work
|
||||
- added patch to disable clamav-milter service by default
|
||||
- renamed /var/run/clamav.<SERVICE> to /var/run/clamd.<SERVICE>; this
|
||||
makes things more consistently but can break backward compatibility. The
|
||||
initscript should deal with the old version too, but I would not bet on
|
||||
it...
|
||||
- updated some descriptions
|
||||
- fixed the update-mechanism; now it happens in two stages: at first,
|
||||
the files will be downloaded as user 'clamav' and then, root initiates
|
||||
the daemon-reload.
|
||||
|
||||
* Mon Feb 9 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.65-0.fdr.5
|
||||
- added security fix for
|
||||
http://www.securityfocus.com/archive/1/353194/2004-02-06/2004-02-12/1
|
14
Makefile
14
Makefile
|
@ -1,14 +0,0 @@
|
|||
MAKEFILE_COMMON = $(HOME)/.fedora/common.mk
|
||||
-include $(MAKEFILE_COMMON)
|
||||
|
||||
# can not use final tarball name here as it will conflict with rules
|
||||
# within Makefile.common
|
||||
TARBALL_CLEAN = ${NAME}-${VERSION}-norar.tar.xz.tmp
|
||||
TARBALL = ${NAME}-${VERSION}.tar.gz
|
||||
|
||||
clean-sources: ${TARBALL_CLEAN}
|
||||
|
||||
${TARBALL_CLEAN}: ${TARBALL}
|
||||
rm -f $@.tmp
|
||||
zcat $< | tar --delete -f - '*/libclamunrar/*' | xz -c > $@.tmp
|
||||
mv $@.tmp $@
|
116
README.fedora
116
README.fedora
|
@ -1,116 +0,0 @@
|
|||
A clamav-milter setup consists of the following three components:
|
||||
|
||||
* the clamav-milter itself
|
||||
|
||||
--> this is provided by the 'clamav-milter' package plus (alternatively)
|
||||
'clamav-milter-upstart' or 'clamav-milter-sysvinit'
|
||||
|
||||
The main configuration is in /etc/mail/clamav-milter.conf and MUST
|
||||
be changed before first use.
|
||||
|
||||
The -sysvinit package is managed by the traditional tools, but
|
||||
-upstart requires modification of /etc/event.d/clamav-milter to
|
||||
enable automatic startup. See comments there for more details.
|
||||
|
||||
* a clamav scanner daemon
|
||||
|
||||
--> this package is called 'clamav-scanner' plus (alternatively)
|
||||
'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
|
||||
|
||||
The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
|
||||
edited before first use).
|
||||
|
||||
The -sysvinit package is managed by the traditional tools, but
|
||||
-upstart requires modification of /etc/event.d/clamd.scan to enable
|
||||
automatic startup. See comments there for more details.
|
||||
|
||||
* the MTA (sendmail/postfix)
|
||||
|
||||
--> you should know how to install this...
|
||||
|
||||
When communicating across unix sockets with the clamav-milter, it is
|
||||
suggested to use the /var/run/clamav-milter/clamav-milter.socket
|
||||
path. You have to add something like
|
||||
|
||||
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
|
||||
|
||||
to your sendmail.mc.
|
||||
|
||||
|
||||
|
||||
It is suggested that components communicate through TCP sockets as
|
||||
this eases setup. Please add corresponding packet filter rules!
|
||||
|
||||
|
||||
EXAMPLE
|
||||
=======
|
||||
|
||||
For clamav-milter, a possible setup might be created by
|
||||
|
||||
A) On the MTA (assumed hostname 'host-mta')
|
||||
|
||||
1. Add to sendmail.mc
|
||||
|
||||
| INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
|
||||
|
||||
2. Rebuild sendmail.cf
|
||||
|
||||
|
||||
B) On the clamav-milter host (assumed hostname 'host-milter')
|
||||
|
||||
1. Install clamav-milter + clamav-milter-upstart packages
|
||||
|
||||
2. Set in /etc/mail/clamav-milter.conf
|
||||
|
||||
| MilterSocket inet:6666
|
||||
| ClamdSocket tcp:host-scanner:6665
|
||||
|
||||
and all the other options which are required on your system
|
||||
|
||||
3. Edit /etc/event.d/clamav-milter and uncomment the
|
||||
|
||||
| start on starting local
|
||||
|
||||
line. Restart your system or execute
|
||||
|
||||
| initctl emit starting local
|
||||
|
||||
4. Add something like
|
||||
|
||||
| iptables -N IN-cmilt
|
||||
| iptables -A IN-cmilt -s host-mta -j ACCEPT
|
||||
| iptables -A IN-cmilt -j DROP
|
||||
|
||||
| iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
|
||||
|
||||
to your firewall setup
|
||||
|
||||
C) On the clamav-scanner host (assumed hostname 'host-scanner')
|
||||
|
||||
1. Install clamav-scanner + clamav-scanner-upstart packages
|
||||
|
||||
2. Add to /etc/clamd.d/scan.conf
|
||||
|
||||
| TCPSocket 6665
|
||||
| TCPAddr host-scanner
|
||||
|
||||
comment out possible 'LocalSocket' lines and set all the other
|
||||
options which are required on your system
|
||||
|
||||
3. Edit /etc/event.d/clamav-scanner and uncomment the
|
||||
|
||||
| start on starting local
|
||||
|
||||
line. Restart your system or execute
|
||||
|
||||
| initctl emit starting local
|
||||
|
||||
4. Add something like
|
||||
|
||||
| iptables -N IN-cscan
|
||||
| iptables -A IN-cscan -s host-milter -j ACCEPT
|
||||
| iptables -A IN-cscan -j DROP
|
||||
|
||||
| iptables -A INPUT -p tcp --dport 6665 -j IN-csan
|
||||
|
||||
to your firewall setup
|
|
@ -0,0 +1,18 @@
|
|||
https://bugzilla.clamav.net/show_bug.cgi?id=12097
|
||||
|
||||
--- shared/optparser.c
|
||||
+++ shared/optparser.c
|
||||
@@ -505,6 +505,13 @@ const struct clam_option __clam_options[
|
||||
{ "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
|
||||
{ "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
|
||||
{ "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
|
||||
+ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
|
||||
+ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
|
||||
+ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
|
||||
+ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
|
||||
+ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
|
||||
+ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
|
||||
+ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
|
||||
|
||||
/* Milter specific options */
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
--- clamav-0.98/clamav-milter/clamav-milter.c 2013-09-16 21:28:14.000000000 +0200
|
||||
+++ clamav-0.98/clamav-milter/clamav-milter.c.umask 2013-10-06 20:39:08.000000000 +0200
|
||||
@@ -374,7 +374,7 @@
|
||||
|
||||
if((opt = optget(opts, "PidFile"))->enabled) {
|
||||
FILE *fd;
|
||||
- mode_t old_umask = umask(0002);
|
||||
+ mode_t old_umask = umask(0022);
|
||||
|
||||
if((fd = fopen(opt->strarg, "w")) == NULL) {
|
||||
logg("!Can't save PID in file %s\n", opt->strarg);
|
||||
--- clamav-0.98/shared/output.c 2013-09-16 21:28:14.000000000 +0200
|
||||
+++ clamav-0.98/shared/output.c.umask 2013-10-06 20:39:28.000000000 +0200
|
||||
@@ -348,7 +348,7 @@
|
||||
logg_open();
|
||||
|
||||
if(!logg_fp && logg_file) {
|
||||
- old_umask = umask(0037);
|
||||
+ old_umask = umask(0077);
|
||||
if((logg_fp = fopen(logg_file, "at")) == NULL) {
|
||||
umask(old_umask);
|
||||
#ifdef CL_THREAD_SAFE
|
||||
--- clamav-0.98/freshclam/freshclam.c 2013-09-16 21:28:14.000000000 +0200
|
||||
+++ clamav-0.98/freshclam/freshclam.c.umask 2013-10-06 20:39:47.000000000 +0200
|
||||
@@ -123,7 +123,7 @@
|
||||
{
|
||||
FILE *fd;
|
||||
int old_umask;
|
||||
- old_umask = umask (0006);
|
||||
+ old_umask = umask (0022);
|
||||
if ((fd = fopen (pidfile, "w")) == NULL)
|
||||
{
|
||||
logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno));
|
|
@ -1,27 +0,0 @@
|
|||
--- clamav-0.99/libclamav.pc.in 2015-09-18 22:48:25.000000000 +0200
|
||||
+++ clamav-0.99/libclamav.pc.in.private 2015-12-02 01:30:30.055231319 +0100
|
||||
@@ -7,6 +7,6 @@
|
||||
Description: A GPL virus scanner
|
||||
Version: @PACKAGE_VERSION@
|
||||
Libs: -L${libdir} -lclamav
|
||||
-Libs.private: @LIBCLAMAV_LIBS@
|
||||
+Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
|
||||
Cflags: -I${includedir}
|
||||
|
||||
--- clamav-0.99/clamav-config.in 2015-05-28 23:56:25.000000000 +0200
|
||||
+++ clamav-0.99/clamav-config.in.private 2015-12-02 01:31:34.933705763 +0100
|
||||
@@ -54,12 +54,8 @@
|
||||
usage 0
|
||||
;;
|
||||
|
||||
- --cflags)
|
||||
- echo -I@includedir@ @CFLAGS@
|
||||
- ;;
|
||||
-
|
||||
- --libs)
|
||||
- echo -L@libdir@ @LIBCLAMAV_LIBS@
|
||||
+ (--cflags|--libs)
|
||||
+ ${PKG_CONFIG:-pkg-config} "$1" libclamav
|
||||
;;
|
||||
|
||||
*)
|
|
@ -1,137 +0,0 @@
|
|||
https://github.com/vrtadmin/clamav-devel/commit/f5bc94cf01e6a19d5255c0e5f9a5bc2336f5a2b1
|
||||
backported (re-merge). See also:
|
||||
|
||||
- https://bugzilla.clamav.net/show_bug.cgi?id=11549
|
||||
- https://github.com/e2guardian/e2guardian/issues/159
|
||||
|
||||
--- clamav-0.99.2/libclamav/scanners.c 2016-04-22 17:02:19.000000000 +0200
|
||||
+++ clamav-0.99.2/libclamav/scanners.c.temp-cleanup 2017-11-17 00:59:14.295670694 +0100
|
||||
@@ -1342,37 +1342,33 @@
|
||||
return CL_CLEAN;
|
||||
}
|
||||
|
||||
- /* dump to disk only if explicitly asked to
|
||||
- * or if necessary to check relative offsets,
|
||||
- * otherwise we can process just in-memory */
|
||||
- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
|
||||
- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
|
||||
- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
|
||||
- return ret;
|
||||
- }
|
||||
- if (ctx->engine->keeptmp)
|
||||
- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
|
||||
- }
|
||||
-
|
||||
if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
|
||||
cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
|
||||
- free(tmpname);
|
||||
return CL_EMEM;
|
||||
}
|
||||
-
|
||||
text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
|
||||
- ret = CL_CLEAN;
|
||||
-
|
||||
|
||||
if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
|
||||
- free(tmpname);
|
||||
- return ret;
|
||||
+ free(normalized);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
|
||||
- cli_ac_freedata(&tmdata);
|
||||
- free(tmpname);
|
||||
- return ret;
|
||||
+ cli_ac_freedata(&tmdata);
|
||||
+ free(normalized);
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ /* dump to disk only if explicitly asked to
|
||||
+ * or if necessary to check relative offsets,
|
||||
+ * otherwise we can process just in-memory */
|
||||
+ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
|
||||
+ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
|
||||
+ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
|
||||
+ goto done;
|
||||
+ }
|
||||
+ if (ctx->engine->keeptmp)
|
||||
+ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
|
||||
}
|
||||
|
||||
mdata[0] = &tmdata;
|
||||
@@ -1387,10 +1383,9 @@
|
||||
map_off += written;
|
||||
|
||||
if (write(ofd, state.out, state.out_pos) == -1) {
|
||||
- cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
|
||||
- close(ofd);
|
||||
- free(tmpname);
|
||||
- return CL_EWRITE;
|
||||
+ cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
|
||||
+ ret = CL_EWRITE;
|
||||
+ goto done;
|
||||
}
|
||||
text_normalize_reset(&state);
|
||||
}
|
||||
@@ -1409,11 +1404,6 @@
|
||||
funmap(*ctx->fmap);
|
||||
}
|
||||
*ctx->fmap = map;
|
||||
-
|
||||
- /* If we aren't keeping temps, delete the normalized file after scan. */
|
||||
- if(!(ctx->engine->keeptmp))
|
||||
- if (cli_unlink(tmpname)) ret = CL_EUNLINK;
|
||||
-
|
||||
} else {
|
||||
/* Since the above is moderately costly all in all,
|
||||
* do the old stuff if there's no relative offsets. */
|
||||
@@ -1421,11 +1411,8 @@
|
||||
if (troot) {
|
||||
cli_targetinfo(&info, 7, map);
|
||||
ret = cli_ac_caloff(troot, &tmdata, &info);
|
||||
- if (ret) {
|
||||
- cli_ac_freedata(&tmdata);
|
||||
- free(tmpname);
|
||||
- return ret;
|
||||
- }
|
||||
+ if (ret)
|
||||
+ goto done;
|
||||
}
|
||||
|
||||
while(1) {
|
||||
@@ -1466,13 +1453,6 @@
|
||||
|
||||
}
|
||||
|
||||
- if(ctx->engine->keeptmp) {
|
||||
- free(tmpname);
|
||||
- if (ofd >= 0)
|
||||
- close(ofd);
|
||||
- }
|
||||
- free(normalized);
|
||||
-
|
||||
if(ret != CL_VIRUS || SCAN_ALL) {
|
||||
if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)
|
||||
viruses_found++;
|
||||
@@ -1481,9 +1461,19 @@
|
||||
viruses_found++;
|
||||
}
|
||||
|
||||
+done:
|
||||
+ free(normalized);
|
||||
cli_ac_freedata(&tmdata);
|
||||
cli_ac_freedata(&gmdata);
|
||||
|
||||
+ if (ofd != -1)
|
||||
+ close(ofd);
|
||||
+ if (tmpname != NULL) {
|
||||
+ if (!ctx->engine->keeptmp)
|
||||
+ cli_unlink(tmpname);
|
||||
+ free(tmpname);
|
||||
+ }
|
||||
+
|
||||
if (SCAN_ALL && viruses_found)
|
||||
return CL_VIRUS;
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
VERSION=0.100.3
|
||||
NAME=clamav
|
||||
TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
|
||||
TARBALL=${NAME}-${VERSION}.tar.gz
|
||||
|
||||
wget https://www.clamav.net/downloads/production/${TARBALL}
|
||||
wget https://www.clamav.net/downloads/production/${TARBALL}.sig
|
||||
gpg --verify ${TARBALL}.sig ${TARBALL}
|
||||
#rm -f ${TARBALL}.tmp
|
||||
zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN}
|
||||
#mv ${TARBALL}.tmp ${TARBALL_CLEAN}
|
|
@ -0,0 +1,58 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Startup script for the Clamav Milter Daemon
|
||||
#
|
||||
# chkconfig: - 77 23
|
||||
# description: clamav-milter is a daemon which hooks into sendmail \
|
||||
# and routes email messages to clamav.
|
||||
# processname: clamav-milter
|
||||
# pidfile: /var/run/clamav/clamav-milter.pid
|
||||
# config: /etc/sysconfig/clamav-milter
|
||||
|
||||
# Source function library.
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# Source networking configuration.
|
||||
. /etc/sysconfig/network
|
||||
|
||||
[ -x /usr/sbin/clamav-milter ] || exit 0
|
||||
|
||||
# Local clamav-milter config
|
||||
CLAMAV_FLAGS=
|
||||
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting Clamav Milter Daemon: "
|
||||
daemon clamav-milter $CLAMAV_FLAGS
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamav-milter
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping Clamav Milter Daemon: "
|
||||
killproc clamav-milter
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamav-milter
|
||||
;;
|
||||
status)
|
||||
status clamav-milter
|
||||
RETVAL=$?
|
||||
;;
|
||||
restart|reload)
|
||||
$0 stop
|
||||
$0 start
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart)
|
||||
[ -e /var/lock/subsys/clamav-milter ] && $0 restart
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: clamav-milter {start|stop|status|restart|reload|condrestart}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
|
@ -0,0 +1,4 @@
|
|||
### Simple config file for clamav-milter, you should
|
||||
### read the documentation and tweak it as you wish.
|
||||
|
||||
CLAMAV_FLAGS=""
|
|
@ -1,25 +0,0 @@
|
|||
[Unit]
|
||||
Description = Milter module for the Clam Antivirus scanner
|
||||
After = syslog.target nss-lookup.target network.target
|
||||
Before = sendmail.service
|
||||
Before = postfix.service
|
||||
After = clamd@scan.service
|
||||
|
||||
[Service]
|
||||
Type = forking
|
||||
ExecStart = /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
|
||||
Restart = on-failure
|
||||
|
||||
User=clamilt
|
||||
Group=clamilt
|
||||
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
CapabilityBoundingSet=CAP_KILL
|
||||
|
||||
ReadOnlyDirectories=/etc
|
||||
ReadOnlyDirectories=/usr
|
||||
ReadOnlyDirectories=/var/lib
|
||||
|
||||
[Install]
|
||||
WantedBy = multi-user.target
|
|
@ -1,93 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# clamav-milter Starts/stop the "clamav-milter" daemon
|
||||
#
|
||||
# chkconfig: - 79 31
|
||||
# description: A virus scanning milter
|
||||
|
||||
# Source function library.
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
exec=/usr/sbin/clamav-milter
|
||||
prog="clamav-milter"
|
||||
|
||||
OPTS='-c /etc/mail/clamav-milter.conf'
|
||||
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
|
||||
|
||||
pidfile=/var/run/clamav-milter/milter.pid
|
||||
lockfile=/var/lock/subsys/$prog
|
||||
|
||||
start() {
|
||||
[ -x $exec ] || exit 5
|
||||
[ -f $config ] || exit 6
|
||||
echo -n $"Starting $prog: "
|
||||
daemon --pidfile=${pidfile} $exec $OPTS --foreground=no --pid=${pidfile}
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && touch $lockfile
|
||||
return $retval
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc -p "${pidfile}" $exec
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && rm -f $lockfile
|
||||
return $retval
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
reload() {
|
||||
restart
|
||||
}
|
||||
|
||||
force_reload() {
|
||||
restart
|
||||
}
|
||||
|
||||
rh_status() {
|
||||
# run checks to determine if the service is running or use generic status
|
||||
status -p "${pidfile}" $prog
|
||||
}
|
||||
|
||||
rh_status_q() {
|
||||
rh_status >/dev/null 2>&1
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
rh_status_q && exit 0
|
||||
$1
|
||||
;;
|
||||
stop)
|
||||
rh_status_q || exit 0
|
||||
$1
|
||||
;;
|
||||
restart)
|
||||
$1
|
||||
;;
|
||||
reload)
|
||||
rh_status_q || exit 7
|
||||
$1
|
||||
;;
|
||||
force-reload)
|
||||
force_reload
|
||||
;;
|
||||
status)
|
||||
rh_status
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
rh_status_q || exit 0
|
||||
restart
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
|
||||
exit 2
|
||||
esac
|
||||
exit $?
|
|
@ -1,14 +0,0 @@
|
|||
### !!! Uncomment only *one* of the 'start on' statements !!!
|
||||
|
||||
### Uncomment these lines when you want clamav-milter to be a milter
|
||||
### for a locally running MTA
|
||||
#start on (starting sendmail or starting postfix)
|
||||
|
||||
### Uncomment these lines when you want clamav-milter to be a milter
|
||||
### for a remotely running MTA
|
||||
#start on runlevel [345] and starting local
|
||||
|
||||
stop on runlevel [!345]
|
||||
|
||||
respawn
|
||||
exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes
|
|
@ -1,6 +0,0 @@
|
|||
## Adjust this line...
|
||||
MAILTO=root
|
||||
|
||||
## It is ok to execute it as root; freshclam drops privileges and becomes
|
||||
## user 'clamupdate' as soon as possible
|
||||
0 */3 * * * root /usr/share/clamav/freshclam-sleep
|
|
@ -1,4 +0,0 @@
|
|||
/var/log/freshclam.log {
|
||||
monthly
|
||||
notifempty
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Startup script for the Clam AntiVirus Daemon
|
||||
#
|
||||
# chkconfig: - 61 39
|
||||
# description: Clam AntiVirus Daemon is a TCP/IP or socket protocol \
|
||||
# server.
|
||||
# processname: clamd
|
||||
# pidfile: /var/run/clamav/clamd.pid
|
||||
# config: /etc/clamd.conf
|
||||
|
||||
# Source function library.
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# Source networking configuration.
|
||||
. /etc/sysconfig/network
|
||||
|
||||
[ -x /usr/sbin/clamd ] || exit 0
|
||||
|
||||
# Local clamd config
|
||||
test -f /etc/sysconfig/clamd && . /etc/sysconfig/clamd
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting Clam AntiVirus Daemon: "
|
||||
daemon clamd
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping Clam AntiVirus Daemon: "
|
||||
killproc clamd
|
||||
rm -f /var/run/clamav/clamd.sock
|
||||
rm -f /var/run/clamav/clamd.pid
|
||||
RETVAL=$?
|
||||
echo
|
||||
### heres the fix... we gotta remove the stale files on restart
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd
|
||||
;;
|
||||
status)
|
||||
status clamd
|
||||
RETVAL=$?
|
||||
;;
|
||||
restart|reload)
|
||||
$0 stop
|
||||
$0 start
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart)
|
||||
[ -e /var/lock/subsys/clamd ] && $0 restart
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: clamd {start|stop|status|restart|reload|condrestart}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
1746
clamav.spec
1746
clamav.spec
File diff suppressed because it is too large
Load Diff
59
clamd-README
59
clamd-README
|
@ -1,59 +0,0 @@
|
|||
To create individual clamd-instance take the following files and
|
||||
modify/copy them in the suggested way:
|
||||
|
||||
clamd.conf:
|
||||
* set LocalSocket (or better: TCPSocket) and User to suitable values;
|
||||
avoid PidFile unless it is required by system monitoring or something
|
||||
else. Logging through syslog is usually better than an individual
|
||||
Logfile.
|
||||
* place this file into /etc/clamd.d with an unique service-name;
|
||||
e.g. as /etc/clamd.d/<SERVICE>.conf
|
||||
|
||||
When using TCPSocket, create iptables rules which are limiting the
|
||||
access by source and/or by using '-m owner'.
|
||||
|
||||
When LogFile feature is wanted, it must be writable for the assigned
|
||||
User. Recommended way to reach this, is to:
|
||||
* make it owned by the User's *group*
|
||||
* assign at least 0620 (u+rw,g+w) permissions
|
||||
|
||||
A suitable command might be
|
||||
| # touch <logfile>
|
||||
| # chgrp <user> <logfile>
|
||||
| # chmod 0620 <logfile>
|
||||
| # restorecon <logfile>
|
||||
|
||||
NEVER use 'clamav' as the user since he can modify the database.
|
||||
This is the user who is running the application; e.g. for mimedefang
|
||||
(http://www.roaringpenguin.com/mimedefang), the user might be
|
||||
'defang'.Theoretically, distinct users could be used, but it must be
|
||||
made sure that the application-user can write into the socket-file,
|
||||
and that the clamd-user can access the files asked by the
|
||||
application to be checked.
|
||||
|
||||
clamd.logrotate: (only when LogFile feature is used)
|
||||
* set the correct value for the logfile
|
||||
* place it into /etc/logrotate.d
|
||||
|
||||
clamd@<SERVICE>.service: (systemd instance)
|
||||
* instance of clamd@.service
|
||||
|
||||
Additionally, when using LocalSocket instead of TCPSocket, the directory
|
||||
for the socket file must be created. For tmpfiles based systems, you
|
||||
might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
|
||||
with a content of
|
||||
|
||||
| d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
|
||||
|
||||
Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
|
||||
so that the socket can be accessed by clamd and by the applications
|
||||
using clamd. Make sure that the socket is not world accessible; else,
|
||||
DOS attacks or worse are trivial.
|
||||
|
||||
|
||||
[Disclaimer:
|
||||
this file and the script/configfiles are not part of the official
|
||||
clamav package.
|
||||
|
||||
Please send complaints and comments to
|
||||
mailto:enrico.scholz@informatik.tu-chemnitz.de!]
|
269
clamd-gen
269
clamd-gen
|
@ -1,269 +0,0 @@
|
|||
#! /bin/bash
|
||||
|
||||
# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; version 2 of the License.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
function showHelp()
|
||||
{
|
||||
echo \
|
||||
$"Usage: clamd-gen --service=<SERVICE> --version=<VERSION> --release=<RELEASE>
|
||||
--license=<LICENSE> --username=>USERNAME>
|
||||
"
|
||||
exit 0
|
||||
}
|
||||
|
||||
function rpm.generatePreamble()
|
||||
{
|
||||
cat <<EOF
|
||||
%{!?release_func:%define release_func() %1%{?dist}}
|
||||
# The name of the minit service
|
||||
%define minitsvcdir %minitdir/services/%name
|
||||
# The configuration file for the SysV initservice
|
||||
%define conffile %_sysconfdir/clamd.d/%service.conf
|
||||
# The directory, where the milter socket will be placed into; this
|
||||
# socket will be named clamd.sock
|
||||
%define rundir /var/run/clamd.%service
|
||||
# The name of the logfile
|
||||
%define logfile /var/log/clamd.%service
|
||||
# The user under whose id, the clamd shall be running. This user must
|
||||
# be able to read the files from the base-service and is usually
|
||||
# created there.
|
||||
%define username $USERNAME
|
||||
# The packagename of the service
|
||||
%define service $SERVICE
|
||||
# The service name as used by the system's initscripts; usually this
|
||||
# is %service
|
||||
%define baseservice %service
|
||||
|
||||
%define __chkconfig /sbin/chkconfig
|
||||
%define minitdir %_sysconfdir/minit
|
||||
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
function rpm.generateHeader()
|
||||
{
|
||||
cat <<EOF
|
||||
Summary: Clamav server for '%service'
|
||||
Name: clamd.%service
|
||||
Version: $VERSION
|
||||
Release: %release_func $RELEASE
|
||||
Epoch: 0
|
||||
License: $LICENSE
|
||||
Group: System Environment/Daemons
|
||||
BuildRoot: %_tmppath/%name-%version-%release-root
|
||||
BuildArch: noarch
|
||||
Requires: init(%name)
|
||||
Requires(pre): %service
|
||||
Requires: clamav-server
|
||||
BuildRequires: clamav-devel
|
||||
|
||||
%package sysv
|
||||
Summary: SysV initscripts for a %service clamav-server
|
||||
Group: System Environment/Daemons
|
||||
Provides: init(%name) = sysv
|
||||
Conflicts: init(%name) < sysv
|
||||
Conflicts: init(%name) > sysv
|
||||
Requires: clamav-server-sysv
|
||||
Requires(post): %name = %epoch:%version-%release
|
||||
Requires(post): diffutils mktemp %__chkconfig
|
||||
Requires(preun): %__chkconfig
|
||||
Requires(pre): %_initrddir
|
||||
Requires(postun): %_initrddir
|
||||
|
||||
%package minit
|
||||
Summary: minit initscripts for a %service clamav-server
|
||||
Group: System Environment/Daemons
|
||||
Provides: init(%name) = minit
|
||||
Conflicts: init(%name) < minit
|
||||
Conflicts: init(%name) > minit
|
||||
Requires(post): %name = %epoch:%version-%release
|
||||
Requires(post): diffutils mktemp
|
||||
Requires(pre): minit-setup
|
||||
Requires(postun): minit-setup
|
||||
Requires(triggers): minit-tools
|
||||
|
||||
|
||||
%description
|
||||
Basic setup for a clamav server for '%service'.
|
||||
|
||||
|
||||
%description sysv
|
||||
Basic setup for a clamav server for '%service'.
|
||||
|
||||
This package contains initscripts for SysV based systems.
|
||||
|
||||
|
||||
%description minit
|
||||
Basic setup for a clamav server for '%service'.
|
||||
|
||||
This package contains initscripts for minit based systems.
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
function rpm.genBody()
|
||||
{
|
||||
cat <<"XEOFX"
|
||||
%prep
|
||||
%build
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
%__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log}
|
||||
|
||||
d=/usr/share/clamav/template
|
||||
|
||||
function subst
|
||||
{
|
||||
src=$d/$1
|
||||
dst=$RPM_BUILD_ROOT$2
|
||||
|
||||
%__install -d -m755 $(dirname "$dst")
|
||||
sed -e 's!^\(#?LogFile \).*!\1%logfile!g;
|
||||
s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g;
|
||||
s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g;
|
||||
s!<SERVICE>!%service!g;
|
||||
s!<USER>!%username!g;' "$src" >"$dst"
|
||||
chmod --reference "$src" "$dst"
|
||||
}
|
||||
|
||||
subst clamd.conf %conffile
|
||||
subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service
|
||||
|
||||
%if 0%{!?_without_sysv:1}
|
||||
subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service
|
||||
subst clamd.init %_initrddir/clamd.%service
|
||||
%endif
|
||||
|
||||
ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service
|
||||
|
||||
touch $RPM_BUILD_ROOT%logfile
|
||||
touch $RPM_BUILD_ROOT%rundir/clamd.sock
|
||||
|
||||
%if 0%{!?_without_minit:1}
|
||||
ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run
|
||||
touch $RPM_BUILD_ROOT%minitsvcdir/respawn
|
||||
cat <<EOF >$RPM_BUILD_ROOT%minitsvcdir/params
|
||||
-c
|
||||
%conffile
|
||||
EOF
|
||||
%endif
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%triggerin minit -- %baseservice
|
||||
minit-svc add services/clamd.%service services/%baseservice/
|
||||
|
||||
%triggerun minit -- %baseservice
|
||||
test "$1" != 0 -a "$2" != 0 || \
|
||||
minit-svc del services/clamd.%service services/%baseservice/
|
||||
|
||||
|
||||
%post minit
|
||||
d=$(mktemp /tmp/clamd.%service.XXXXXX)
|
||||
sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d"
|
||||
grep -q '^Foreground' $d || echo 'Foreground' >>$d
|
||||
cmp -s "$d" %conffile || cat "$d" >"%conffile"
|
||||
rm -f "$d"
|
||||
|
||||
%post sysv
|
||||
d=$(mktemp /tmp/clamd.%service.XXXXXX)
|
||||
sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d"
|
||||
cmp -s "$d" %conffile || cat "$d" >"%conffile"
|
||||
rm -f "$d"
|
||||
|
||||
%__chkconfig --add %name
|
||||
|
||||
|
||||
%preun sysv
|
||||
test "$1" != 0 || %__chkconfig --del %name
|
||||
|
||||
XEOFX
|
||||
}
|
||||
|
||||
|
||||
function rpm.genFiles
|
||||
{
|
||||
cat <<"EOF"
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc
|
||||
%config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username) %logfile
|
||||
%config(noreplace) %verify(not mtime) %conffile
|
||||
%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service
|
||||
%_sbindir/clamd.%service
|
||||
%dir %attr(0700,%username,root) %rundir
|
||||
%ghost %rundir/clamd.sock
|
||||
|
||||
|
||||
%if 0%{!?_without_sysv:1}
|
||||
%files sysv
|
||||
%defattr(-,root,root,-)
|
||||
%config %verify(not mtime) %_initrddir/clamd.%service
|
||||
%config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service
|
||||
%endif
|
||||
|
||||
|
||||
%if 0%{!?_without_minit:1}
|
||||
%files minit
|
||||
%defattr(-,root,root,-)
|
||||
%dir %minitsvcdir
|
||||
%config(noreplace) %verify(not mtime) %minitsvcdir/params
|
||||
%config %minitsvcdir/run
|
||||
%minitsvcdir/respawn
|
||||
%endif
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
SERVICE=
|
||||
VERSION=
|
||||
RELEASE=
|
||||
LICENSE=
|
||||
USERNAME=
|
||||
tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1
|
||||
eval set -- "$tmp"
|
||||
|
||||
while true; do
|
||||
case "$1" in
|
||||
(--help) showHelp $0;;
|
||||
(--service) SERVICE=$2; shift;;
|
||||
(--version) VERSION=$2; shift;;
|
||||
(--release) RELEASE=$2; shift;;
|
||||
(--license) LICENSE=$2; shift;;
|
||||
(--username) USERNAME=$2; shift;;
|
||||
(--) shift; break;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
for i in SERVICE VERSION RELEASE LICENSE USERNAME; do
|
||||
eval tmp=\$${i}
|
||||
test "$tmp" || {
|
||||
echo $"No value for $i specified; assuming @${i}@" >&2;
|
||||
eval $i=@${i}@;
|
||||
}
|
||||
done
|
||||
|
||||
|
||||
rpm.generatePreamble
|
||||
rpm.generateHeader
|
||||
rpm.genBody
|
||||
rpm.genFiles
|
|
@ -1,90 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Xchkconfig: - 75 35
|
||||
# Xdescription: The clamd daemon listens for incoming connections on \
|
||||
# Unix or TCP socket and scans files or directories on demand.
|
||||
|
||||
test "$CLAMD_SERVICE" || {
|
||||
echo $"*** $0 can not be called in this way"
|
||||
echo $"*** Please see /usr/share/doc/clamav-server-*/README how"
|
||||
echo $"*** the clamav-server can be configured"
|
||||
exit 6
|
||||
}
|
||||
|
||||
# Source function library.
|
||||
. /etc/init.d/functions
|
||||
|
||||
# Get config.
|
||||
test -r /etc/sysconfig/network && . /etc/sysconfig/network
|
||||
|
||||
# Check that networking is up.
|
||||
test "$NETWORKING" != "no" || exit 6
|
||||
|
||||
lockfile=/var/lock/subsys/clamd.${CLAMD_SERVICE}
|
||||
sysconffile=/etc/sysconfig/clamd.${CLAMD_SERVICE}
|
||||
procname=clamd.${CLAMD_SERVICE}
|
||||
|
||||
CLAMD_CONFIGFILE=/etc/clamd.d/${CLAMD_SERVICE}.conf
|
||||
CLAMD_OPTIONS=
|
||||
CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid
|
||||
## backward-compatibility check...
|
||||
for i in /var/run/clamd.${CLAMD_SERVICE}/clamd.sock \
|
||||
/var/run/clamav.${CLAMD_SERVICE}/clamd.sock; do
|
||||
CLAMD_SOCKET=$i
|
||||
test ! -e "$i" || break
|
||||
done
|
||||
test -f "$sysconffile" && . "$sysconffile"
|
||||
|
||||
|
||||
RETVAL=0
|
||||
prog="clamd.${CLAMD_SERVICE}"
|
||||
|
||||
start () {
|
||||
echo -n $"Starting $prog: "
|
||||
daemon --pidfile=${CLAMD_PIDFILE} \
|
||||
exec -a $procname /usr/sbin/clamd \
|
||||
${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE}
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && touch $lockfile
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop () {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc -p ${CLAMD_PIDFILE} $procname
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && rm -f $lockfile
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
reload() {
|
||||
rc=0
|
||||
echo -n $"Reloading $prog: "
|
||||
killproc -p ${CLAMD_PIDFILE} $procname -HUP || rc=$?
|
||||
echo
|
||||
echo -n $"Loading new virus-database: "
|
||||
killproc -p ${CLAMD_PIDFILE} $procname -USR2 || rc=$?
|
||||
echo
|
||||
return $rc
|
||||
}
|
||||
|
||||
restart () {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start|stop|restart|reload)
|
||||
$1 ;;
|
||||
status)
|
||||
status -p ${CLAMD_PIDFILE} $procname ;;
|
||||
condrestart)
|
||||
test ! -f $lockfile || restart
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
|
||||
exit 2
|
||||
esac
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# chkconfig: - 75 35
|
||||
# description: The clamd server running for <SERVICE>
|
||||
|
||||
CLAMD_SERVICE=<SERVICE>
|
||||
. /usr/share/clamav/clamd-wrapper
|
|
@ -1,9 +1,8 @@
|
|||
/var/log/clamd.<SERVICE> {
|
||||
monthly
|
||||
notifempty
|
||||
missingok
|
||||
|
||||
postrotate
|
||||
killall -HUP clamd.<SERVICE> >/dev/null 2>&1 || :
|
||||
endscript
|
||||
%{_localstatedir}/log/clamav/clamd.log {
|
||||
missingok
|
||||
notifempty
|
||||
create 644 clam clam
|
||||
postrotate
|
||||
killall -HUP clamd 2>/dev/null || :
|
||||
endscript
|
||||
}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
### !!! Uncomment only *one* of the 'start on' statements !!!
|
||||
|
||||
### Uncomment this line when you want clamd.scan to be a scanner for a
|
||||
### locally running clamav-milter
|
||||
#start on starting clamav-milter
|
||||
|
||||
### Uncomment this line when you want clamd.scan to be a generic
|
||||
### scanner service
|
||||
#start on runlevel [345] and starting local
|
||||
|
||||
stop on runlevel [!345]
|
||||
|
||||
respawn
|
||||
exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes
|
|
@ -1,3 +0,0 @@
|
|||
#CLAMD_CONFIGFILE=/etc/clamd.d/<SERVICE>.conf
|
||||
#CLAMD_SOCKET=/var/run/clamd.<SERVICE>/clamd.sock
|
||||
#CLAMD_OPTIONS=
|
|
@ -1,8 +0,0 @@
|
|||
[Unit]
|
||||
Description = clamd scanner (%i) daemon
|
||||
After = syslog.target nss-lookup.target network.target
|
||||
|
||||
[Service]
|
||||
Type = forking
|
||||
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
|
||||
Restart = on-failure
|
|
@ -1,7 +0,0 @@
|
|||
.include /lib/systemd/system/clamd@.service
|
||||
|
||||
[Unit]
|
||||
Description = Generic clamav scanner daemon
|
||||
|
||||
[Install]
|
||||
WantedBy = multi-user.target
|
|
@ -1,52 +0,0 @@
|
|||
#! /bin/bash
|
||||
# Copyright (C) 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; version 2 of the License.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
|
||||
FRESHCLAM_MOD=$[ 3*60 ] # 3 hours
|
||||
|
||||
f=/etc/sysconfig/freshclam
|
||||
test ! -e "$f" || . "$f"
|
||||
|
||||
|
||||
case x"$1" in
|
||||
(xnow) FRESHCLAM_DELAY=0;;
|
||||
(x|xrandom) : ${FRESHCLAM_DELAY:=$[ 0x`hostid` ]};;
|
||||
(*) FRESHCLAM_DELAY=$1;;
|
||||
esac
|
||||
|
||||
set -e
|
||||
|
||||
case $FRESHCLAM_DELAY in
|
||||
(disabled-warn)
|
||||
echo $"\
|
||||
WARNING: update of clamav database is disabled; please see
|
||||
'$f'
|
||||
for information how to enable the periodic update resp. how to turn
|
||||
off this message." >&2
|
||||
exit 1
|
||||
;;
|
||||
|
||||
(disabled)
|
||||
exit 0
|
||||
;;
|
||||
|
||||
(*)
|
||||
let FRESHCLAM_MOD*=60
|
||||
sleep $[ (FRESHCLAM_DELAY % FRESHCLAM_MOD + FRESHCLAM_MOD) % FRESHCLAM_MOD ]
|
||||
;;
|
||||
esac
|
||||
|
||||
/usr/bin/freshclam --quiet
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
### A simple update script for the clamav virus database.
|
||||
### This could as well be replaced by a SysV script.
|
||||
|
||||
### fix log file if needed
|
||||
LOG_FILE="%{_localstatedir}/log/clamav/freshclam.log"
|
||||
if [ ! -f "$LOG_FILE" ]; then
|
||||
touch "$LOG_FILE"
|
||||
chmod 644 "$LOG_FILE"
|
||||
chown clam.clam "$LOG_FILE"
|
||||
fi
|
||||
|
||||
%{_bindir}/freshclam \
|
||||
--quiet \
|
||||
--datadir="%{_localstatedir}/lib/clamav" \
|
||||
--log="$LOG_FILE"
|
|
@ -0,0 +1,5 @@
|
|||
%{_localstatedir}/log/clamav/freshclam.log {
|
||||
missingok
|
||||
notifempty
|
||||
create 644 clam clam
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
## When changing the periodicity of freshclam runs in the crontab,
|
||||
## this value must be adjusted also. Its value is the timespan between
|
||||
## two subsequent freshclam runs in minutes. E.g. for the default
|
||||
##
|
||||
## | 0 */3 * * * ...
|
||||
##
|
||||
## crontab line, the value is 180 (minutes).
|
||||
# FRESHCLAM_MOD=
|
||||
|
||||
## A predefined value for the delay in seconds. By default, the value is
|
||||
## calculated by the 'hostid' program. This predefined value guarantees
|
||||
## constant timespans of 3 hours between two subsequent freshclam runs.
|
||||
##
|
||||
## This option accepts two special values:
|
||||
## 'disabled-warn' ... disables the automatic freshclam update and
|
||||
## gives out a warning
|
||||
## 'disabled' ... disables the automatic freshclam silently
|
||||
# FRESHCLAM_DELAY=
|
|
@ -1,12 +0,0 @@
|
|||
Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
|
||||
===================================================================
|
||||
--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
|
||||
+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
|
||||
@@ -52,6 +52,7 @@ static void runAtExitHandlers() {
|
||||
#include <sys/stat.h>
|
||||
#endif
|
||||
#include <fcntl.h>
|
||||
+#include <unistd.h>
|
||||
/* stat functions are redirecting to __xstat with a version number. On x86-64
|
||||
* linking with libc_nonshared.a and -Wl,--export-dynamic doesn't make 'stat'
|
||||
* available as an exported symbol, so we have to add it explicitly.
|
8
sources
8
sources
|
@ -1,4 +1,6 @@
|
|||
SHA512 (clamav-0.99.3-norar.tar.xz) = d80b20c982d35eecd2719af325bc774a5a5fe63a97f3d855c74919f6cfac6fe3f12c51479e49d96031ae0e9a3dedcf446dd22426cceba22ec4b641e9ea1f250a
|
||||
SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
|
||||
SHA512 (daily-24253.cvd) = cef70a86f7989ec330c0479f6070e735181168c0331e981cfcd8d9a5aebdd6be42d772167c701f6f33219a4b41aced806e70c156e9a2a060c30ba55e73743fcd
|
||||
SHA512 (clamav-0.100.3-norar.tar.xz) = f1d9b9b99950e3741b1a34472e3eec58f3cfd44bfd1ee11bb37997c08919aee33c2ba277689427eb59d854643fb1052a7d4117ad4ea630426169a34f52eef65f
|
||||
SHA512 (daily-25401.cvd) = dcd24145dd6f533208df13c656ca661d8dc0755fdb5f05ca0ac224594062de2aafd0a84464b4dded3f5df52329d29ed3ed3d42afb9673363dd39314f582976f6
|
||||
SHA512 (bytecode-328.cvd) = 6ff39ae8bcc7ddf92f056310bbd19f0bdbcd56f56e005e952f7e5e50ae7378621f4a8ad21dc710343ecf1debc192ab4c02d4897f4c612f08ebc9e7035d2fa306
|
||||
SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a
|
||||
SHA512 (clamd-wrapper.tar.bz2) = a67f15197ebc92c0e9387e32da944d6815b1ce106ae0dd0c00e9001b6224f4f11119dd1df675bb1a7f8ac15ad2a3aaab67ae39d6257d0de6967b1f7cf1527ef9
|
||||
SHA512 (zlib-1.2.7.tar.bz2) = 3e18c3923210c2c3da6e12735c0d2babdaf661fb704430516b00aaab8d5e690d8d8f46646173c634f04b050a59bf979d343aede472c5038afcda7baa2c897635
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
diff -up zlib-1.2.5/contrib/minizip/unzip.c.fixuncrypt zlib-1.2.5/contrib/minizip/unzip.c
|
||||
--- zlib-1.2.5/contrib/minizip/unzip.c.fixuncrypt 2011-11-11 12:13:56.335867758 -0500
|
||||
+++ zlib-1.2.5/contrib/minizip/unzip.c 2011-11-11 12:14:01.747799372 -0500
|
||||
@@ -68,10 +68,6 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
-#ifndef NOUNCRYPT
|
||||
- #define NOUNCRYPT
|
||||
-#endif
|
||||
-
|
||||
#include "zlib.h"
|
||||
#include "unzip.h"
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
From 0cf495a1ca941428c0b11e2307cad760ae44993e Mon Sep 17 00:00:00 2001
|
||||
From: Mark Adler <madler@alumni.caltech.edu>
|
||||
Date: Sat, 29 Sep 2012 22:23:47 -0700
|
||||
Subject: [PATCH] Fix bug where gzopen(), gzclose() would write an empty file.
|
||||
|
||||
A gzopen() to write (mode "w") followed immediately by a gzclose()
|
||||
would output an empty zero-length file. What it should do is write
|
||||
an empty gzip file, with the gzip header, empty deflate content,
|
||||
and gzip trailer totalling 20 bytes. This fixes it to do that.
|
||||
---
|
||||
gzwrite.c | 15 +++++++--------
|
||||
1 file changed, 7 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/gzwrite.c b/gzwrite.c
|
||||
index f53aace..79a69a5 100644
|
||||
--- a/gzwrite.c
|
||||
+++ b/gzwrite.c
|
||||
@@ -554,15 +554,14 @@ int ZEXPORT gzclose_w(file)
|
||||
}
|
||||
|
||||
/* flush, free memory, and close file */
|
||||
- if (state->size) {
|
||||
- if (gz_comp(state, Z_FINISH) == -1)
|
||||
- ret = state->err;
|
||||
- if (!state->direct) {
|
||||
- (void)deflateEnd(&(state->strm));
|
||||
- free(state->out);
|
||||
- }
|
||||
- free(state->in);
|
||||
+ if (gz_comp(state, Z_FINISH) == -1)
|
||||
+ ret = state->err;
|
||||
+ if (!state->direct) {
|
||||
+ (void)deflateEnd(&(state->strm));
|
||||
+ free(state->out);
|
||||
}
|
||||
+ if (state->size)
|
||||
+ free(state->in);
|
||||
gz_error(state, Z_OK, NULL);
|
||||
free(state->path);
|
||||
if (close(state->fd) == -1)
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
From 51370f365607fe14a6a7a1a27b3bd29d788f5e5b Mon Sep 17 00:00:00 2001
|
||||
From: Mark Adler <madler@alumni.caltech.edu>
|
||||
Date: Mon, 18 Feb 2013 21:06:35 -0800
|
||||
Subject: [PATCH] Fix serious but very rare decompression bug in inftrees.c.
|
||||
|
||||
inftrees.c compared the number of used table entries to the maximum
|
||||
allowed value using >= instead of >. This patch fixes those to use
|
||||
>. The bug was discovered by Ignat Kolesnichenko of Yandex LC
|
||||
where they have run petabytes of data through zlib. Triggering the
|
||||
bug is apparently very rare, seeing as how it has been out there in
|
||||
the wild for almost three years before being discovered. The bug
|
||||
is instantiated only if the exact maximum number of decoding table
|
||||
entries, ENOUGH_DISTS or ENOUGH_LENS is used by the block being
|
||||
decoded, resulting in the false positive of overflowing the table.
|
||||
---
|
||||
inftrees.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/inftrees.c b/inftrees.c
|
||||
index 873da59..3781399 100644
|
||||
--- a/inftrees.c
|
||||
+++ b/inftrees.c
|
||||
@@ -208,8 +208,8 @@ unsigned short FAR *work;
|
||||
mask = used - 1; /* mask for comparing low */
|
||||
|
||||
/* check available table space */
|
||||
- if ((type == LENS && used >= ENOUGH_LENS) ||
|
||||
- (type == DISTS && used >= ENOUGH_DISTS))
|
||||
+ if ((type == LENS && used > ENOUGH_LENS) ||
|
||||
+ (type == DISTS && used > ENOUGH_DISTS))
|
||||
return 1;
|
||||
|
||||
/* process all codes and make table entries */
|
||||
@@ -277,8 +277,8 @@ unsigned short FAR *work;
|
||||
|
||||
/* check for enough space */
|
||||
used += 1U << curr;
|
||||
- if ((type == LENS && used >= ENOUGH_LENS) ||
|
||||
- (type == DISTS && used >= ENOUGH_DISTS))
|
||||
+ if ((type == LENS && used > ENOUGH_LENS) ||
|
||||
+ (type == DISTS && used > ENOUGH_DISTS))
|
||||
return 1;
|
||||
|
||||
/* point entry in root table to sub-table */
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
diff -upr zlib-1.2.7.orig/deflate.c zlib-1.2.7/deflate.c
|
||||
--- zlib-1.2.7.orig/deflate.c 2012-10-04 12:18:50.750427902 +0200
|
||||
+++ zlib-1.2.7/deflate.c 2012-10-04 12:20:04.222190460 +0200
|
||||
@@ -1150,15 +1150,16 @@ local void lm_init (s)
|
||||
/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
|
||||
* match.S. The code will be functionally equivalent.
|
||||
*/
|
||||
-local uInt longest_match(s, cur_match)
|
||||
+local uInt longest_match(s, pcur_match)
|
||||
deflate_state *s;
|
||||
- IPos cur_match; /* current match */
|
||||
+ IPos pcur_match; /* current match */
|
||||
{
|
||||
+ ptrdiff_t cur_match = pcur_match; /* extend to pointer width */
|
||||
unsigned chain_length = s->max_chain_length;/* max hash chain length */
|
||||
register Bytef *scan = s->window + s->strstart; /* current string */
|
||||
register Bytef *match; /* matched string */
|
||||
register int len; /* length of current match */
|
||||
- int best_len = s->prev_length; /* best match length so far */
|
||||
+ ptrdiff_t best_len = s->prev_length; /* best match length so far */
|
||||
int nice_match = s->nice_match; /* stop if match long enough */
|
||||
IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
|
||||
s->strstart - (IPos)MAX_DIST(s) : NIL;
|
||||
@@ -1173,12 +1174,12 @@ local uInt longest_match(s, cur_match)
|
||||
* Try with and without -DUNALIGNED_OK to check.
|
||||
*/
|
||||
register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
|
||||
- register ush scan_start = *(ushf*)scan;
|
||||
- register ush scan_end = *(ushf*)(scan+best_len-1);
|
||||
+ register uInt scan_start = *(ushf*)scan;
|
||||
+ register uInt scan_end = *(ushf*)(scan+best_len-1);
|
||||
#else
|
||||
register Bytef *strend = s->window + s->strstart + MAX_MATCH;
|
||||
- register Byte scan_end1 = scan[best_len-1];
|
||||
- register Byte scan_end = scan[best_len];
|
||||
+ register uInt scan_end1 = scan[best_len-1];
|
||||
+ register uInt scan_end = scan[best_len];
|
||||
#endif
|
||||
|
||||
/* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
|
|
@ -0,0 +1,45 @@
|
|||
From f1b8edadc3c733990f8a8de4d643f968e571ae85 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Tkac <atkac@redhat.com>
|
||||
Date: Fri, 17 Aug 2012 15:13:48 +0200
|
||||
Subject: [PATCH] Rank Z_BLOCK flush below Z_PARTIAL_FLUSH only when last
|
||||
flush was Z_BLOCK.
|
||||
|
||||
This fixes regression introduced by f1ebdd6a9c495a5db9a22aa80dd7d54ae7db42e9
|
||||
(Permit stronger flushes after Z_BLOCK flushes.). Now this code is valid
|
||||
again:
|
||||
|
||||
deflate(stream, Z_SYNC_FLUSH);
|
||||
deflateParams(stream, newLevel, Z_DEFAULT_STRATEGY);
|
||||
|
||||
Signed-off-by: Adam Tkac <atkac@redhat.com>
|
||||
---
|
||||
deflate.c | 13 ++++++++++---
|
||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/deflate.c b/deflate.c
|
||||
index 9e4c2cb..3422f72 100644
|
||||
--- a/deflate.c
|
||||
+++ b/deflate.c
|
||||
@@ -882,9 +882,16 @@ int ZEXPORT deflate (strm, flush)
|
||||
* flushes. For repeated and useless calls with Z_FINISH, we keep
|
||||
* returning Z_STREAM_END instead of Z_BUF_ERROR.
|
||||
*/
|
||||
- } else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) &&
|
||||
- flush != Z_FINISH) {
|
||||
- ERR_RETURN(strm, Z_BUF_ERROR);
|
||||
+ } else if (strm->avail_in == 0 && flush != Z_FINISH) {
|
||||
+ char err;
|
||||
+
|
||||
+ /* Degrade Z_BLOCK only when last flush was Z_BLOCK */
|
||||
+ err = (old_flush == Z_BLOCK) ?
|
||||
+ RANK(flush) <= RANK(old_flush) : flush <= old_flush;
|
||||
+
|
||||
+ if (err) {
|
||||
+ ERR_RETURN(strm, Z_BUF_ERROR);
|
||||
+ }
|
||||
}
|
||||
|
||||
/* User must not provide more input after the first FINISH: */
|
||||
--
|
||||
1.7.11.4
|
||||
|
Loading…
Reference in New Issue