2018-04-13 17:16:49 +02:00
|
|
|
--- etc/clamav-milter.conf.sample.orig
|
|
|
|
|
+++ etc/clamav-milter.conf.sample
|
2009-04-07 12:45:24 +02:00
|
|
|
@@ -2,10 +2,6 @@
|
|
|
|
|
## Example config file for clamav-milter
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
-# Comment or remove the line below.
|
|
|
|
|
-Example
|
|
|
|
|
-
|
|
|
|
|
-
|
|
|
|
|
##
|
|
|
|
|
## Main options
|
|
|
|
|
##
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -17,8 +13,7 @@ Example
|
2009-04-07 12:45:24 +02:00
|
|
|
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
|
|
|
|
|
#
|
|
|
|
|
# Default: no default
|
|
|
|
|
-#MilterSocket /tmp/clamav-milter.socket
|
|
|
|
|
-#MilterSocket inet:7357
|
2020-05-12 20:00:54 +02:00
|
|
|
+MilterSocket /run/clamav/clamav-milter-socket
|
2009-04-07 12:45:24 +02:00
|
|
|
|
2010-04-08 22:11:51 +02:00
|
|
|
# Define the group ownership for the (unix) milter socket.
|
|
|
|
|
# Default: disabled (the primary group of the user running clamd)
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -37,7 +32,7 @@ Example
|
|
|
|
|
# to work)
|
2009-04-07 12:45:24 +02:00
|
|
|
#
|
|
|
|
|
# Default: unset (don't drop privileges)
|
|
|
|
|
-#User clamav
|
|
|
|
|
+User vscan
|
|
|
|
|
|
2018-04-13 17:16:49 +02:00
|
|
|
# Waiting for data from clamd will timeout after this time (seconds).
|
|
|
|
|
# Value of 0 disables the timeout.
|
|
|
|
|
@@ -61,7 +56,7 @@ Example
|
2020-09-18 16:19:44 +02:00
|
|
|
# also owned by root to keep other users from tampering with it.
|
2009-04-07 12:45:24 +02:00
|
|
|
#
|
|
|
|
|
# Default: disabled
|
|
|
|
|
-#PidFile /var/run/clamav-milter.pid
|
2020-05-12 20:00:54 +02:00
|
|
|
+PidFile /run/clamav/clamav-milter.pid
|
2009-04-07 12:45:24 +02:00
|
|
|
|
|
|
|
|
# Optional path to the global temporary directory.
|
|
|
|
|
# Default: system specific (usually /tmp or /var/tmp).
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -88,7 +83,7 @@ Example
|
|
|
|
|
# fashion.
|
2009-04-07 12:45:24 +02:00
|
|
|
#
|
|
|
|
|
# Default: no default
|
|
|
|
|
-#ClamdSocket tcp:scanner.mydomain:7357
|
2020-05-12 20:00:54 +02:00
|
|
|
+ClamdSocket unix:/run/clamav/clamd-socket
|
2009-04-07 12:45:24 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
##
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -238,13 +233,13 @@ Example
|
2009-04-07 12:45:24 +02:00
|
|
|
# Use system logger (can work together with LogFile).
|
|
|
|
|
#
|
|
|
|
|
# Default: no
|
|
|
|
|
-#LogSyslog yes
|
|
|
|
|
+LogSyslog yes
|
|
|
|
|
|
|
|
|
|
# Specify the type of syslog messages - please refer to 'man syslog'
|
|
|
|
|
# for facility names.
|
|
|
|
|
#
|
|
|
|
|
# Default: LOG_LOCAL6
|
|
|
|
|
-#LogFacility LOG_MAIL
|
|
|
|
|
+LogFacility LOG_MAIL
|
|
|
|
|
|
|
|
|
|
# Enable verbose logging.
|
|
|
|
|
#
|
2018-04-13 17:16:49 +02:00
|
|
|
--- etc/clamd.conf.sample.orig
|
|
|
|
|
+++ etc/clamd.conf.sample
|
2007-02-25 12:09:43 +01:00
|
|
|
@@ -1,12 +1,8 @@
|
|
|
|
|
##
|
|
|
|
|
-## Example config file for the Clam AV daemon
|
|
|
|
|
+## Config file for the Clam AV daemon
|
2007-01-16 00:07:16 +01:00
|
|
|
## Please read the clamd.conf(5) manual before editing this file.
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
-# Comment or remove the line below.
|
|
|
|
|
-Example
|
|
|
|
|
-
|
|
|
|
|
# Uncomment this option to enable logging.
|
|
|
|
|
# LogFile must be writable for the user running daemon.
|
|
|
|
|
# A full path is required.
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -41,12 +37,12 @@ Example
|
2007-01-16 00:07:16 +01:00
|
|
|
|
|
|
|
|
# Use system logger (can work together with LogFile).
|
2007-02-25 12:09:43 +01:00
|
|
|
# Default: no
|
|
|
|
|
-#LogSyslog yes
|
|
|
|
|
+LogSyslog yes
|
2007-01-16 00:07:16 +01:00
|
|
|
|
|
|
|
|
# Specify the type of syslog messages - please refer to 'man syslog'
|
|
|
|
|
# for facility names.
|
|
|
|
|
# Default: LOG_LOCAL6
|
|
|
|
|
-#LogFacility LOG_MAIL
|
|
|
|
|
+LogFacility LOG_MAIL
|
|
|
|
|
|
|
|
|
|
# Enable verbose logging.
|
2007-02-25 12:09:43 +01:00
|
|
|
# Default: no
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -71,7 +67,7 @@ Example
|
2020-09-18 16:19:44 +02:00
|
|
|
# It is recommended that the directory where this file is stored is
|
|
|
|
|
# also owned by root to keep other users from tampering with it.
|
2007-01-16 00:07:16 +01:00
|
|
|
# Default: disabled
|
|
|
|
|
-#PidFile /var/run/clamd.pid
|
2020-05-12 20:00:54 +02:00
|
|
|
+PidFile /run/clamav/clamd.pid
|
2007-01-16 00:07:16 +01:00
|
|
|
|
|
|
|
|
# Optional path to the global temporary directory.
|
|
|
|
|
# Default: system specific (usually /tmp or /var/tmp).
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -90,7 +86,7 @@ Example
|
2007-01-16 00:07:16 +01:00
|
|
|
|
|
|
|
|
# Path to a local socket file the daemon will listen on.
|
2007-02-25 12:09:43 +01:00
|
|
|
# Default: disabled (must be specified by a user)
|
2010-04-08 22:11:51 +02:00
|
|
|
-#LocalSocket /tmp/clamd.socket
|
2020-05-12 20:00:54 +02:00
|
|
|
+LocalSocket /run/clamav/clamd-socket
|
2007-01-16 00:07:16 +01:00
|
|
|
|
2010-04-08 22:11:51 +02:00
|
|
|
# Sets the group ownership on the unix socket.
|
|
|
|
|
# Default: disabled (the primary group of the user running clamd)
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -204,7 +200,7 @@ Example
|
2008-02-25 17:07:24 +01:00
|
|
|
|
|
|
|
|
# Run as another user (clamd must be started by root for this option to work)
|
2007-02-25 12:09:43 +01:00
|
|
|
# Default: don't drop privileges
|
2007-01-16 00:07:16 +01:00
|
|
|
-#User clamav
|
|
|
|
|
+User vscan
|
|
|
|
|
|
2018-04-13 17:16:49 +02:00
|
|
|
# Stop daemon when libclamav reports out of memory condition.
|
|
|
|
|
#ExitOnOOM yes
|
|
|
|
|
--- etc/freshclam.conf.sample.orig
|
|
|
|
|
+++ etc/freshclam.conf.sample
|
2007-02-25 12:09:43 +01:00
|
|
|
@@ -1,12 +1,8 @@
|
|
|
|
|
##
|
|
|
|
|
-## Example config file for freshclam
|
|
|
|
|
+## Config file for freshclam
|
|
|
|
|
## Please read the freshclam.conf(5) manual before editing this file.
|
2007-01-16 00:07:16 +01:00
|
|
|
##
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
-# Comment or remove the line below.
|
|
|
|
|
-Example
|
|
|
|
|
-
|
|
|
|
|
# Path to the database directory.
|
|
|
|
|
# WARNING: It must match clamd.conf's directive!
|
|
|
|
|
# Default: hardcoded (depends on installation options)
|
2018-04-13 17:16:49 +02:00
|
|
|
@@ -48,12 +44,12 @@ Example
|
2020-09-18 16:19:44 +02:00
|
|
|
# It is recommended that the directory where this file is stored is
|
|
|
|
|
# also owned by root to keep other users from tampering with it.
|
2007-01-16 00:07:16 +01:00
|
|
|
# Default: disabled
|
|
|
|
|
-#PidFile /var/run/freshclam.pid
|
2021-02-22 19:54:31 +01:00
|
|
|
+#PidFile /run/clamav/freshclam.pid
|
2007-01-16 00:07:16 +01:00
|
|
|
|
|
|
|
|
# By default when started freshclam drops privileges and switches to the
|
|
|
|
|
# "clamav" user. This directive allows you to change the database owner.
|
|
|
|
|
# Default: clamav (may depend on installation options)
|
|
|
|
|
-#DatabaseOwner clamav
|
|
|
|
|
+DatabaseOwner vscan
|
|
|
|
|
|
2018-04-13 17:16:49 +02:00
|
|
|
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
|
|
|
|
|
# to verify database and software versions. With this directive you can change
|
2019-01-21 18:35:52 +01:00
|
|
|
@@ -127,7 +123,7 @@ DatabaseMirror database.clamav.net
|
2007-01-16 00:07:16 +01:00
|
|
|
|
|
|
|
|
# Send the RELOAD command to clamd.
|
2007-02-25 12:09:43 +01:00
|
|
|
# Default: no
|
|
|
|
|
-#NotifyClamd /path/to/clamd.conf
|
|
|
|
|
+NotifyClamd /etc/clamd.conf
|
|
|
|
|
|
|
|
|
|
# Run command after successful database update.
|
Accepting request 869944 from home:adkorte:branches:security
- Update to 0.103.1
* Added a new scan option to alert on broken media (graphics) file
formats. This feature mitigates the risk of malformed media files
intended to exploit vulnerabilities in other software. At present
media validation exists for JPEG, TIFF, PNG, and GIF files. To
enable this feature, set AlertBrokenMedia yes in clamd.conf, or
use the --alert-broken-media option when using clamscan. These
options are disabled by default in this patch release, but may be
enabled in a subsequent release. Application developers may enable
this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for
the heuristic scan option bit field.
* Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing
behavior. BMP and JPEG 2000 files will continue to detect as
CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG
2000 format checking capabilities.
* Fixed PNG parser logic bugs that caused an excess of parsing
errors and fixed a stack exhaustion issue affecting some systems
when scanning PNG files. PNG file type detection was disabled via
signature database update for ClamAV version 0.103.0 to mitigate
the effects from these bugs.
* Fixed an issue where PNG and GIF files no longer work with
Target:5 graphics signatures if detected as CL_TYPE_PNG/GIF rather
than as CL_TYPE_GRAPHICS. Target types now support up to 10
possible file types to make way for additional graphics types in
future releases.
* Fixed clamonacc's --fdpass option.
- Interprocess file descriptor passing for clamonacc was broken
since version 0.102.0 due to a bug introduced by the switch to
curl for communicating with clamd. On Linux, passing file
descriptors from one process to another is handled by the
kernel, so we reverted clamonacc to use standard system calls
for socket communication when fd passing is enabled.
* Fixed a clamonacc stack corruption issue on some systems when
using an older version of libcurl.
* Allow clamscan and clamdscan scans to proceed even if the
realpath lookup failed. This alleviates an issue on Windows
scanning files hosted on file- systems that do not support the
GetMappedFileNameW() API such as on ImDisk RAM-disks.
* Fixed freshclam --on-update-execute=EXIT_1 temporary directory
cleanup issue.
* clamd's log output and VirusEvent now provide the scan target's
file path instead of a file descriptor. The clamd socket API for
submitting a scan by FD-passing doesn't include a file path, this
feature works by looking up the file path by file descriptor.
This feature works on Mac and Linux but is not yet implemented
for other UNIX operating systems. FD-passing is not available for
Windows.
* Fixed an issue where freshclam database validation didn't work
correctly when run in daemon mode on Linux/Unix.
OBS-URL: https://build.opensuse.org/request/show/869944
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=216
2021-02-09 15:32:05 +01:00
|
|
|
# Use EXIT_1 to return 1 after successful database update.
|
