Hello community, here is the log from the commit of package clamav.1667 for openSUSE:12.1:Update checked in at 2013-05-21 15:04:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/clamav.1667 (Old) and /work/SRC/openSUSE:12.1:Update/.clamav.1667.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav.1667" Changes: -------- New Changes file: --- /dev/null 2013-05-15 01:32:43.420028506 +0200 +++ /work/SRC/openSUSE:12.1:Update/.clamav.1667.new/clamav.changes 2013-05-21 15:04:46.000000000 +0200 @@ -0,0 +1,973 @@ +------------------------------------------------------------------- +Fri May 3 17:59:11 CEST 2013 - [email protected] + +- New version 0.97.8 (bnc#816865): + * CVE-2013-2020: Fix heap corruption + * CVE-2013-2021: Fix overflow due to PDF key length computation. + +------------------------------------------------------------------- +Wed Mar 20 17:32:19 UTC 2013 - [email protected] + +- Version 0.97.7 (bnc#809945) + * several hardening fixes. + +------------------------------------------------------------------- +Wed Sep 19 11:48:30 UTC 2012 - [email protected] + +- update to 0.97.6 + * libclamav: bb#5751 - cl_scansis() may returan a file descriptor + instead of a valid return code + +------------------------------------------------------------------- +Tue Jun 19 07:49:38 UTC 2012 - [email protected] + +- update to 0.95.5 [bnc#767574] +- addresses possible evasion cases in some archive formats +- CVE-2012-1457: allows to bypass malware detection via a TAR archive + entry with a length field that exceeds the total TAR file size +- CVE-2012-1458: allows to bypass malware detection via a crafted + reset interval in the LZXC header of a CHM file +- CVE-2012-1459: allows to bypass malware detection via a TAR archive + entry with a length field corresponding to that entire entry, plus + part of the header of the next entry +- also addresses stability issues in portions of the bytecode engine +- update clamav-conf.patch for moved lines +- add a definitions snapshot as {main,daily}.cvd no longer in tarball +- fix file-contains-date-and-time rpmlint warning + +------------------------------------------------------------------- +Tue Oct 18 09:17:51 UTC 2011 - [email protected] + +- New version 0.97.3 (bnc#724856, CVE-2011-3627): + * freshclam/manager.c: fix error when compiling without DNS + support (bb#3056) + * libclamav/pdf.c: flag and dump PDF objects with /Launch + (bb #3514) + * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash + (bb #3706). + * docs: clarify behavior of --scan-*/Scan* options (bb#3134) + * libclamav/bytecode_vm.c: fix opcode 20 error (bb #3100) + * freshclam: fix pidfile removal (bb#3499) + * libclamav/pdf.c: fix incorrect blocking of some encrypted PDF + with empty user passwords. (bb #3364) + * sigtool/sigtool.c: fix calculation of max signature length + +------------------------------------------------------------------- +Tue Jul 26 08:55:27 UTC 2011 - [email protected] + +- New version 0.97.2 (bnc#708263): + * libclamav/matcher-hash.c: off by one read in cli_hm_scan + (bb#2818, CVE-2011-2721). + * libclamav/pdf.c: fix encrypted pdf detection (bb #2988) + * clamav-milter/clamfi.c: fix typo in error message (bb#3040) + * libclamav/lzma_iface.c: shut up huge alloc warns for 7z/lzma + (bb#2913) + * libclamav/c++/bytecode2llvm.cpp: fix use of unaddressable data + in bytecode_watchdog. + * libclamav/phishcheck.c: fix safebrowsing detection on certain + URLs + +------------------------------------------------------------------- +Thu Jun 9 10:04:22 UTC 2011 - [email protected] + +- New version 0.97.1 (bnc#698999): + * libclamav/mew.c: harden boundary check on e8/e9 fixup + * libclamav/matcher-hash.c: in hm_sort don't swap an item with + itself (bb#2818) + * freshclam/manager.c: fix return code of Rfc2822DateTime() + (bb#2809) + * libclamav/pdf.c: better detection for encrypted PDFs + (bb #2448) + * libclamav/c++: add support for building with external LLVM 2.9, + and drop external 2.8 support + * clamd: log request ip address for instream scans #bb2592 + * libclamav/c++/llvm/lib/Target/X86/X86InstrInfo.td: bb #2763 + don't assert on AVX chips (Intel Core i5 and i7) + * sigtool: properly normalize html files (bb#2764) + * sigtool/sigtool.c: fix formatting of hash dbs (bb#2765) + * freshclam: add mirror statistics mechanism + * libclamav/pe_icons.c: don't sigbus on sparc (bb#2695) + * libclamav/pe.c: reset corrupted status before bytecode + hooks (bb#2544) + * sigtool, freshclam: put .info on top of container to speed + up loading + * sigtool: fix --verify-cdiff + * sigtool: allow arbitrary names for --build + * clamdscan: fix file exclusion (bb#2579) + * clamd: add new option ClamukoExcludeUID (bb#2260) + * libclamav/elf.c: fix incorrect detection of Broken.Executable + (bb#2580) + * shared/output.c: fix empty lines in syslog (bb#2578) + * clamd: update description of ReadTimeout (bb#2565) + * clamd: add new config option BytecodeUnsigned (bb#2537); + drop "None" from BytecodeSecurity + * clamscan: add new switch --bytecode-unsigned and drop + --bytecode-trust-all + * sigtool/sigtool.c: improve handling of bytecode.info (bb#2292) + * libclamav/others.c: make sure TLS key is initializer + (bb #2588). + * configure: check for enable_extended_FILE_stdio (bb #2542) + * sigtool/sigtool.c: handle all signature formats with + --(list|find)-sigs (bb#2534) + +------------------------------------------------------------------- +Wed Feb 9 09:20:42 UTC 2011 - [email protected] + +- Security update 0.9.7 (bnc#673753): + ClamAV 0.97 brings many improvements, including complete Windows + support, support for signatures based on SHA1 and SHA256, better + error detection, as well as speed and memory optimizations. The + complete list of changes is available in the ChangeLog file. For + upgrade notes and tips please see: + https://wiki.clamav.net/Main/UpgradeNotes097 + +------------------------------------------------------------------- +Wed Dec 1 17:42:03 UTC 2010 - [email protected] + +- New version 0.96.5 (bnc#656548): + * libclamav/pdf.c: fix crashes (bb #2358, bb #2380, bb #2396). + * libclamav/pe_icons.c: off by one while (bb#2344) + * libclamav: fix detection of embedded executables + * libclamav/matcher-ac.c: fix offset handling for sigs with {x-y} + * freshclam/manager.c: fix error path infinite loop (bb#2389) + * freshclam: improve mirror management + * libclamav: fix possible use of uninitialized values (bb#2291) + * libclamav: Set the unreliability flag on (un)packed files + (bb#2307) + * libclamav/c++: Update embedded copy of LLVM to version 2.8 + (bb #2327) + * freshclam: make query format backward compatible + * freshclam: get detection stats directly from clamd (bb#2312) + * libclamav/cache.c,c++/bytecode2llvm.cpp}: make cl_load thread + safe (bb #2333). + * freshclam: load database in subprocess (bb #2147). + * clamd: add new commands DETSTATS and DETSTATSCLEAR + (part of bb#2312) + * libclamav/7z.c: fix file descriptor leak (bb #2347) + * clamd, libclamavll: add ability to logg messages from libclamav + (bb #1965) + * libclamav/builtin_bytecodes.h: Don't disable JIT on pentium4 + (bb #2345) + * clamav-for-windows: displace clamav-for-windows to a separate + solution and directory + * clamd: add new option OLE2BlockMacros (requested by Mike) + * freshclam: DatabaseCustomURL: add support for + If-Modified-Since + * freshclam: add initial support for DatabaseCustomURL + +------------------------------------------------------------------- +Thu Oct 28 16:34:29 CEST 2010 - [email protected] + +- New version: 0.96.4 (bnc#649631): + * sigtool/sigtool.c: don't use of sizeof() for malloc'ed buffer + (bb#2283) + * shared/cdiff.c, sigtool/sigtool.c: fix error path double frees + (bb#2280, bb#2281) + * See /usr/share/doc/packages/clamav/ChangeLog for the full list + of changes. + +------------------------------------------------------------------- +Wed Sep 22 15:32:10 UTC 2010 - [email protected] + +- New version: 0.96.3 (bnc#640812): + * libclamav/nsis/bzlib.cld sys: port upstream fixes for + CVE-2010-0405, check for buggy bzip2 (bb#2230, bb#2231). + * libclamav/pdf.c: Add missing boundscheck to pdf code + (bb #2226). + * libclamav/c++/bytecode2llvm.cpp: workaround crash due to gcc + stack alignment requirements (bb #2270). + * libclamav/pdf.c, pe.c, bytecode*: Fix bytecode virusname + reporting (bb #2255). + * clamav-milter/netcode.c: fix error path fd leak when + connection succeeds but ping fails (bb#2259). + * libclamav/bytecode.c: properly skip bytecodes with long lines. + * unit_tests: add VI unit tests + * libclamav: versioninfo hashset was not properly cached + (bb#2065). + * libclamav/pe.c: add BC_PE_ALL hook (bb #2237). + * libclamav/c++/{bytecode2llvm,ClamBCRTChecks}.cpp: avoid false + 'Verification error' messages (bb #2239). + * freshclam/freshclam.c: fix handling of relative paths with + --datadir (bb#2240). + * clamd/clamd.c: limit RLIMIT_DATA to 2GB on 32-bit processes + (bb #1941). + * libclamav/regex/regexec.c: fix regex when + sizeof(void*) != sizeof(long) (bb #2232). + * libclamav/pdf.c: improve handling of pdf objects (bb #2216). + * libclamav/pe_icons.c: support special case where icon is ++++ 776 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.clamav.1667.new/clamav.changes New: ---- clamav-0.97.8.tar.gz clamav-conf.patch clamav-rcclamd clamav-rcfreshclam clamav-rcmilter clamav-rpmlintrc clamav-sles9.patch clamav-updateclamconf clamav.changes clamav.spec daily-15055.cvd main-54.cvd ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ # # spec file for package clamav # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: clamav BuildRequires: ncurses-devel BuildRequires: sed BuildRequires: sendmail BuildRequires: sendmail-devel %define llvm --disable-llvm %if 0%{?suse_version} >= 1010 BuildRequires: bc BuildRequires: pkgconfig BuildRequires: zlib-devel %ifarch %ix86 x86_64 %define llvm --enable-llvm # Needed for compiling LLVM. BuildRequires: gcc-c++ %endif %endif %if 0%{?suse_version} >= 1030 BuildRequires: check-devel BuildRequires: libbz2-devel BuildRequires: pwdutils BuildRequires: python-devel %define clamav_check --enable-check %else BuildRequires: bzip2 %define clamav_check --disable-check %endif Summary: Antivirus Toolkit License: GPL-2.0 Group: Productivity/Security Version: 0.97.8 Release: 0 Url: http://www.clamav.net Requires: latex2html-pngicons Obsoletes: clamav-db < 0.88.3 PreReq: %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod PreReq: /usr/bin/awk /bin/sed /bin/tar PreReq: %insserv_prereq Source0: %{name}-%{version}.tar.gz Source1: clamav-rcclamd Source2: clamav-rcfreshclam Source3: clamav-updateclamconf Source4: clamav-rpmlintrc Source5: clamav-rcmilter # http://db.local.clamav.net/main.cvd Source6: main-54.cvd # http://db.local.clamav.net/daily.cvd Source7: daily-15055.cvd Patch1: clamav-conf.patch Patch2: clamav-sles9.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library. Here is a list of the main features: * command-line scanner * fast, multi-threaded daemon with support for on-access scanning * milter interface for sendmail * advanced database updater with support for scripted updates and digital signatures * virus scanner C library * on-access scanning (Linux and FreeBSD) * virus database updated multiple times per day (see home page for total number of signatures) * built-in support for various archive formats, including Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others * built-in support for almost all mail file formats * built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others * built-in support for popular document formats including MS Office and MacOffice files, HTML, RTF and PDF %package db Summary: Virus Database for ClamAV License: BSD-3-Clause and GPL-2.0+ and LGPL-2.1+ and SUSE-Public-Domain and MIT Group: Productivity/Security PreReq: clamav sed /bin/cp /usr/bin/awk /bin/rm %if 0%{?suse_version} > 1120 BuildArch: noarch %endif %description db This package contains a snapshot of the virus description database for ClamAV. It is not needed if you use freshclam to keep your virus database up to date. Authors: -------- Tomasz Kojm Nigel Horne %prep %setup -q %patch1 %if 0%{?suse_version} == 0910 # SLES9's libmilter doesn't have smfi_insheader() %patch2 %endif %build %if 0%{?suse_version} >= 1010 CFLAGS="-fstack-protector" CXXFLAGS="-fstack-protector" %endif export CFLAGS="%optflags $CFLAGS" export CXXFLAGS="%optflags $CXXFLAGS" %if 0%{?suse_version} == 0910 # SLES9 needs this macro to enable the quarantine feature in libmilter CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET" %endif ./configure \ --prefix=%_prefix \ --libdir=%_libdir \ --mandir=%_mandir \ --sysconfdir=%_sysconfdir \ --disable-clamav \ --disable-static \ --with-dbdir=/var/lib/clamav \ --with-user=vscan \ --with-group=vscan \ --enable-milter \ %clamav_check \ %llvm \ --disable-zlib-vcheck \ --enable-clamdtop \ --disable-timestamps make %{?jobs:-j%jobs} %check VALGRIND_GENSUP=1 make check %install %makeinstall ln -sf docs/html/{clamdoc,index}.html mkdir -p %buildroot/etc/init.d install -m755 %SOURCE1 %buildroot/etc/init.d/clamd ln -s /etc/init.d/clamd %buildroot%_sbindir/rcclamd install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf install -d -m755 %buildroot/var/lib/clamav touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid install -m755 %SOURCE6 %buildroot/var/lib/clamav/main.cvd install -m755 %SOURCE7 %buildroot/var/lib/clamav/daily.cvd for f in %buildroot/var/lib/clamav/*.cvd; do mv $f $f.dist touch $f done touch %buildroot/var/lib/clamav/{main,daily}.cld mkdir -p %buildroot/var/spool/amavis %if 0%{?suse_version} > 1020 rm %buildroot/%_libdir/*.la %endif # Remove bogus dependencies from libclamav.pc sed -i 's/^Libs: .*/Libs: -lclamav/' %buildroot%_libdir/pkgconfig/libclamav.pc %files %defattr(-,root,root,-) %config(noreplace) %_sysconfdir/*.conf %config %attr(744,root,root)/etc/init.d/* %doc AUTHORS BUGS ChangeLog COPYING FAQ NEWS README UPGRADE %doc docs/*.pdf docs/html %doc %_mandir/*/* %_bindir/* %_sbindir/* %_includedir/* %_libdir/lib* %_libdir/pkgconfig/libclamav.pc %defattr(-,vscan,vscan) %dir %attr(700,vscan,root) /var/spool/amavis %dir /var/lib/clamav %ghost /var/lib/clamav/*.pid %ghost /var/lib/clamav/*.cld %ghost /var/lib/clamav/*.cvd %files db %defattr(-,vscan,vscan) %dir /var/lib/clamav /var/lib/clamav/*.cvd.dist %pre %_sbindir/groupadd -r vscan 2> /dev/null || : %_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false -c "Vscan account" -d /var/spool/amavis vscan 2> /dev/null || : %_sbindir/usermod vscan -g vscan 2> /dev/null || : %post /sbin/ldconfig # merge config files on update test "0$1" -lt 2 && exit 0 umask 022 for f in /etc/clamd.conf /etc/freshclam.conf /etc/clamav-milter.conf; do if test -e $f.rpmnew; then echo "Merging $f and $f.rpmnew" %_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp if test $? == 0; then mv $f $f.old mv $f.tmp $f else echo "Merging $f with $f.rpmnew failed" fi fi done # convert virus database file format when updating from < 0.93 DBDIR=$(awk '/^[[:space:]]*DatabaseDirectory/{print $NF}' /etc/clamd.conf) cd ${DBDIR:=/var/lib/clamav} umask 022 TMPFILE=$PWD/tmp.$$ for type in main daily; do rm -f $TMPFILE if test ! -f $type.cvd -a ! -f $type.cld -a -d $type.inc; then cd $type.inc test -f COPYING -a -f $type.info -a -f $type.db \ -a -f $type.hdb -a -f $type.mdb -a -f $type.ndb \ -a -f $type.zmd -a -f $type.fp || continue awk 'NR==1{printf $0; for (i=length($0); i<512; i++) printf " "}' \ $type.info > $TMPFILE || continue tar -c -f- COPYING $type.info $type.db $type.hdb $type.mdb \ $type.ndb $type.zmd $type.fp >> $TMPFILE || continue cd .. if test -f $TMPFILE; then chown --reference $type.inc $TMPFILE 2>/dev/null mv $TMPFILE $type.cld fi fi done rm -f $TMPFILE %triggerpostun -- %name < 0.88.3 # Move clamav.conf to clamd.conf when updating from an old version # and inform the admin about the rename. cd /etc if test -e clamav.conf.rpmsave -a ! -e clamd.conf.rpmnew; then mv clamd.conf clamd.conf.rpmnew mv clamav.conf.rpmsave clamd.conf cat > clamav.conf <<-EOF # clamd.conf has been renamed to clamav.conf. # This file can be removed. EOF %restart_on_update clamd fi %preun %stop_on_removal clamd freshclam %postun /sbin/ldconfig %restart_on_update clamd freshclam %insserv_cleanup %post db # determine the version number of a given database file getversion() { if test -f "$1"; then /usr/bin/sigtool -i "$1" | sed -n '/^Version: /s///gp' else # a non-existing file is assumed to have version 0 echo 0 fi } DBDIR=$(awk '/^[[:space:]]*DatabaseDirectory/{print $NF}' /etc/clamd.conf) cd ${DBDIR:=/var/lib/clamav} for f in main daily; do vdist=$(getversion $f.cvd.dist) vcvd=$(getversion $f.cvd) vcld=$(getversion $f.cld) v=$((vcld > vcvd ? vcld : vcvd)) if test $vdist -gt $v; then cp -a $f.cvd.dist $f.cvd rm -f $f.cld fi done %changelog ++++++ clamav-conf.patch ++++++ Index: etc/clamav-milter.conf =================================================================== --- etc/clamav-milter.conf.orig 2012-06-12 14:36:05.000000000 +0100 +++ etc/clamav-milter.conf 2012-06-19 08:53:49.000000000 +0100 @@ -2,10 +2,6 @@ ## Example config file for clamav-milter ## -# Comment or remove the line below. -Example - - ## ## Main options ## @@ -17,8 +13,7 @@ Example # inet6:port@[hostname|ip-address] - to specify an ipv6 socket # # Default: no default -#MilterSocket /tmp/clamav-milter.socket -#MilterSocket inet:7357 +MilterSocket /var/lib/clamav/clamav-milter-socket # Define the group ownership for the (unix) milter socket. # Default: disabled (the primary group of the user running clamd) @@ -36,7 +31,7 @@ Example # Run as another user (clamav-milter must be started by root for this option to work) # # Default: unset (don't drop privileges) -#User clamav +User vscan # Initialize supplementary group access (clamav-milter must be started by root). # @@ -64,7 +59,7 @@ Example # daemon (main thread). # # Default: disabled -#PidFile /var/run/clamav-milter.pid +PidFile /var/lib/clamav/clamav-milter.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). @@ -90,7 +85,7 @@ Example # with the same socket: clamd servers will be selected in a round-robin fashion. # # Default: no default -#ClamdSocket tcp:scanner.mydomain:7357 +ClamdSocket unix:/var/lib/clamav/clamd-socket ## @@ -238,13 +233,13 @@ Example # Use system logger (can work together with LogFile). # # Default: no -#LogSyslog yes +LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # # Default: LOG_LOCAL6 -#LogFacility LOG_MAIL +LogFacility LOG_MAIL # Enable verbose logging. # Index: etc/clamd.conf =================================================================== --- etc/clamd.conf.orig 2012-06-12 14:03:26.000000000 +0100 +++ etc/clamd.conf 2012-06-19 08:53:49.000000000 +0100 @@ -1,12 +1,8 @@ ## -## Example config file for the Clam AV daemon +## Config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## - -# Comment or remove the line below. -Example - # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. @@ -40,12 +36,12 @@ Example # Use system logger (can work together with LogFile). # Default: no -#LogSyslog yes +LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 -#LogFacility LOG_MAIL +LogFacility LOG_MAIL # Enable verbose logging. # Default: no @@ -58,7 +54,7 @@ Example # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled -#PidFile /var/run/clamd.pid +PidFile /var/lib/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). @@ -77,7 +73,7 @@ Example # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) -#LocalSocket /tmp/clamd.socket +LocalSocket /var/lib/clamav/clamd-socket # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) @@ -93,14 +89,14 @@ Example # TCP port address. # Default: no -#TCPSocket 3310 +TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: no -#TCPAddr 127.0.0.1 +TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 200 @@ -186,7 +182,7 @@ Example # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges -#User clamav +User vscan # Initialize supplementary group access (clamd must be started by root). # Default: no @@ -440,6 +436,10 @@ Example # Enable Clamuko. Dazuko must be configured and running. Clamuko supports # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS # is the preferred option. For more information please visit www.dazuko.org +# +# When enabling this, you most probably have to set "User root" above, +# so that clamav can access the files to be scanned. +# # Default: no #ClamukoScanOnAccess yes Index: etc/freshclam.conf =================================================================== --- etc/freshclam.conf.orig 2012-06-12 14:36:05.000000000 +0100 +++ etc/freshclam.conf 2012-06-19 08:53:49.000000000 +0100 @@ -1,12 +1,8 @@ ## -## Example config file for freshclam +## Config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## - -# Comment or remove the line below. -Example - # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) @@ -34,21 +30,21 @@ Example # Use system logger (can work together with UpdateLogFile). # Default: no -#LogSyslog yes +LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 -#LogFacility LOG_MAIL +LogFacility LOG_MAIL # This option allows you to save the process identifier of the daemon # Default: disabled -#PidFile /var/run/freshclam.pid +PidFile /var/lib/clamav/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) -#DatabaseOwner clamav +DatabaseOwner vscan # Initialize supplementary group access (freshclam must be started by root). # Default: no @@ -118,7 +114,7 @@ DatabaseMirror database.clamav.net # Send the RELOAD command to clamd. # Default: no -#NotifyClamd /path/to/clamd.conf +NotifyClamd /etc/clamd.conf # Run command after successful database update. # Default: disabled @@ -161,7 +157,7 @@ DatabaseMirror database.clamav.net # detected in the field and in what geographic area they are. # Freshclam will connect to clamd in order to get recent statistics. # Default: no -#SubmitDetectionStats /path/to/clamd.conf +#SubmitDetectionStats /etc/clamd.conf # Country of origin of malware/detection statistics (for statistical # purposes only). The statistics collector at ClamAV.net will look up ++++++ clamav-rcclamd ++++++ #! /bin/sh # Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Kurt Garloff # Please send feedback to http://www.suse.de/feedback/ # # /etc/init.d/clamd # and its symbolic link # /(usr/)sbin/rcclamd # # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # ### BEGIN INIT INFO # Provides: clamd # Required-Start: $syslog $remote_fs # Required-Stop: $syslog $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: virus scanner daemon # Description: Start the clamd virus scanner daemon ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- for us) according to LSB. # # Notes on Required-Start/X-UnitedLinux-Should-Start: # * There are two different issues that are solved by Required-Start # and X-UnitedLinux-Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag X-UnitedLinux-Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/X-UnitedLinux-Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * X-UnitedLinux-Should-Start/Stop are not part of LSB (as of 1.3) # but official Should-Start/Stop tags are in discussion (1.9). # insserv does support these as well. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance CLAMD_BIN=/usr/sbin/clamd test -x $CLAMD_BIN || { echo "$CLAMD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } CLAMD_DBDIR=$(clamconf | sed -n '/DatabaseDirectory = /{s///;s/"//g;p;q}') CLAMD_PIDFILE=/var/lib/clamav/clamd.pid # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks # rc_splash arg sets the boot splash screen to arg (if active) . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting Clam AntiVirus daemon " OUT=$(startproc -p $CLAMD_PIDFILE $CLAMD_BIN 2>&1) rc_status -v && rc_exit # If clamd failed to start, check if the reason is # missing virus database files. clamscan - < /dev/null &> /dev/null if test "$?" -eq "50"; then echo " !!" echo " !! ClamAV Virus definition files are missing from $CLAMD_DBDIR." echo " !! Plase run freshclam manually to download the latest version (>20MB)" echo " !! or install the clamav-db package." echo " !!" else echo "$OUT" fi ;; stop) echo -n "Shutting down Clam AntiVirus daemon " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. killproc -p $CLAMD_PIDFILE -TERM $CLAMD_BIN # Remember status and be verbose rc_status -v ;; try-restart | condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; reload | force-reload) ## Signal the daemon to reload its config. echo -n "Reloading Clam AntiVirus daemon " checkproc -p $CLAMD_PIDFILE $CLAMD_BIN && echo RELOAD > /dev/tcp/127.0.0.1/3310 rc_status -v ;; status) echo -n "Checking for Clam AntiVirus daemon " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc -p $CLAMD_PIDFILE $CLAMD_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit ++++++ clamav-rcfreshclam ++++++ #! /bin/sh # Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Kurt Garloff # Please send feedback to http://www.suse.de/feedback/ # # /etc/init.d/freshclam # and its symbolic link # /(usr/)sbin/rcfreshclam # # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # ### BEGIN INIT INFO # Provides: freshclam # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: virus scanner daemon # Description: Start the freshclam virus database update daemon ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- for us) according to LSB. # # Notes on Required-Start/X-UnitedLinux-Should-Start: # * There are two different issues that are solved by Required-Start # and X-UnitedLinux-Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag X-UnitedLinux-Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/X-UnitedLinux-Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * X-UnitedLinux-Should-Start/Stop are not part of LSB (as of 1.3) # but official Should-Start/Stop tags are in discussion (1.9). # insserv does support these as well. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance FRESHCLAM_BIN=/usr/bin/freshclam test -x $FRESHCLAM_BIN || { echo "$FRESHCLAM_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FRESHCLAM_PIDFILE=/var/lib/clamav/freshclam.pid # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks # rc_splash arg sets the boot splash screen to arg (if active) . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting Clam AntiVirus database update daemon " # Check if there is a virus definition file startproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN -d # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down Clam AntiVirus database update daemon " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. killproc -p $FRESHCLAM_PIDFILE -TERM $FRESHCLAM_BIN # Remember status and be verbose rc_status -v ;; try-restart | condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; reload | force-reload) ## Signal the daemon to reload its config. echo -n "Reloading Clam AntiVirus database update daemon " checkproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN && killproc -p $FRESHCLAM_PIDFILE -HUP $FRESHCLAM_BIN rc_status -v ;; status) echo -n "Checking for Clam AntiVirus database update daemon " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit ++++++ clamav-rcmilter ++++++ #!/bin/sh # # SUSE system startup script for clamav-milter # Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc. # Copyright (C) 2007 Reinhard Max, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/clamav-milter # and its symbolic link # /(usr/)sbin/rcclamav-milter # ### BEGIN INIT INFO # Provides: clamav-milter # Required-Start: clamd $syslog $remote_fs # Required-Stop: clamd $syslog $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: milter compatible mail scanner # Description: Start clamav-milter, which is needed to # use ClamAV for virus scanning in a sendmail environment. ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance BIN=/usr/sbin/clamav-milter # Read the pidfile from the config PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf) test -x $BIN || { echo "$BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Source LSB init functions . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting clamav-milter " # make sure everybody can access the local socket umask 0 ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc ${PIDFILE:+-p $PIDFILE} $BIN # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down clamav-milter " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -TERM ${PIDFILE:+-p $PIDFILE} -G $BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. $0 try-restart rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) rc_failed 3 rc_status -v ;; status) echo -n "Checking for clamav-milter " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc ${PIDFILE:+-p $PIDFILE} $BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/clamd.conf -nt $PIDFILE -o \ /etc/sysconfig/clamav-milter -nt $PIDFILE \ && echo restart ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ clamav-rpmlintrc ++++++ addFilter("non-standard-uid.*") addFilter("devel-file-in-non-devel-package.*") addFilter("obsolete-not-provided") ++++++ clamav-sles9.patch ++++++ Index: clamav-milter/clamfi.c =================================================================== --- clamav-milter/clamfi.c.orig +++ clamav-milter/clamfi.c @@ -90,16 +90,11 @@ static void add_x_header(SMFICTX *ctx, c while(status) if(smfi_chgheader(ctx, (char *)"X-Virus-Status", status--, NULL) != MI_SUCCESS) logg("^Failed to remove existing X-Virus-Status header\n"); + } if(smfi_addheader(ctx, (char *)"X-Virus-Scanned", xvirushdr) != MI_SUCCESS) logg("^Failed to add X-Virus-Scanned header\n"); if(smfi_addheader(ctx, (char *)"X-Virus-Status", st) != MI_SUCCESS) logg("^Failed to add X-Virus-Status header\n"); - } else { /* Add */ - if(smfi_insheader(ctx, 1, (char *)"X-Virus-Scanned", xvirushdr) != MI_SUCCESS) - logg("^Failed to insert X-Virus-Scanned header\n"); - if(smfi_insheader(ctx, 1, (char *)"X-Virus-Status", st) != MI_SUCCESS) - logg("^Failed to insert X-Virus-Status header\n"); - } } enum CFWHAT { --- clamav-milter/clamav-milter.c +++ clamav-milter/clamav-milter.c @@ -282,7 +282,7 @@ } opt = optget(opts, "FixStaleSocket"); umsk = umask(0777); /* socket is created with 000 to avoid races */ - if(smfi_opensocket(opt->enabled) == MI_FAILURE) { + if(smfi_opensocket() == MI_FAILURE) { logg("!Failed to create socket %s\n", my_socket); localnets_free(); whitelist_free(); ++++++ clamav-updateclamconf ++++++ #!/usr/bin/awk -f # # updateclamconf # # Merge two clamd.conf or freshclam.conf files and write the result to # the standard output. The result file contains all comments from the # second file with the active (i.e. not commented-out) settings from # the first file merged into it. Settings which were only in the first # file file and not mentioned in the second file any more, are appended # at the end, but commented out. # # Any comment must start with a hash and a space: # # comment # while any commented out setting must start with a hash and no space: # #settingname settingvalue # # The first file may optionally have the format that was used up to # version 0.88.7. In that case the settings will be converted to the # format that is used in version 0.90 and newer. # # Known issues: # # If an option exists more than once in eiter file, only the first # occurance will be moved over from the first file. AFAIK this # currently only applies to the DatabaseMirror option in # freshclam.conf. # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # # Authors: Reinhard Max <[email protected]> # Kurt Keller <[email protected]> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. BEGIN { if (ARGC != 3) { print "usage: updateclamconf oldfile newfile" > "/dev/stderr" exit 1 } # some options may be overridden from the command line $0 = override for (i=1; i<=NF; i+=2) { options[$i] = $i " " $(i+1) } pass = 0 } lastname != FILENAME { lastname = FILENAME pass++ } # collect options from the first file pass == 1 && $0 ~ /^[[:space:]]*[^#]/ { if (NF == 1) { $2 = "yes" } if (!($1 in options)) { options[$1] = $0 } } # merge options into the content of the second file pass == 2 { # copy $1, so that sub() doesn't modify $0 o = $1 sub("^#", "", o) if (o in options) { if (o == "NotifyClamd" && options[o] ~ / yes$/) { sub("^#", "") options[o] = $0 } print options[o] delete options[o] } else { print } } # print out any options that were only found in the first file END { for (o in options) { print "\n# These options weren't found in the new config file" for (o in options) { print "# " o, options[o] } break } } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
