pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- bsc#1232242: Start clamonacc with --fdpass to avoid errors due to

Browse Source 
clamd not being able to access user files.

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=270
This commit is contained in:
Reinhard Max 2025-01-10 13:08:05 +00:00 committed by Git OBS Bridge
commit 017c761fff
24 changed files with 5618 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

2255
1305.patch Normal file
View File

File diff suppressed because it is too large Load Diff

10
_constraints Normal file
View File

@ -0,0 +1,10 @@
<constraints>
<hardware>
<disk>
<size unit="G">6</size>
</disk>
<memory>
<size unit="G">8</size>
</memory>
</hardware>
</constraints>

3
clamav-1.3.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:12a3035bf26f55f71e3106a51a5fa8d7b744572df98a63920a9cff876a7dcce4
size 54554712

16
clamav-1.3.1.tar.gz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJmH9VrAAoJEMzg39Iewam/XfwP/ic9ZUe5KxhdFroBzjm4arRp
+/oMZ68d5sa5TVyDvCDOa1b+ttcV7KtUw6/h3itPKAJ4DHt9gq1qtFK9C5GSjIgI
jGCzwOzD0tPM56hPQQ5fo6md9fb5np1UQAG+tKmd02v1Yq80eQTimdpQr6TuHcI7
PBg7ku7c3lfqmXgGbb+AsBQr/x+MJTN8QH2VUP3L6iUkl96iSaYN9FTr0VkjeU13
Ir77fXd4jfcgpBdSJtLjBuCBpjyCSvw2x0Vp3TIjKi4FRGp5x0YkAdoQ/UDMh4+Y
u1gICsROL967/9gEr4d7zwBv5UNPDWO4HNUC5+uBurUfF1WCoF0WAqtuzNpdAYGE
2sMQc7HnRJKo6KchtU5kLZeAqgqL+k70VBTBjgqdi4YzvsX62SatJPHdRvkaf00H
LojUD7f0CpPFtkfftZ16SPAb65x3mtdFfYSXaIVKhWsTJoCFy/HnuXNWnW4W/HwX
RSQTFE3rUad/MEhJzfo8debwVWPAHf4RrNmkOkQ/co/NswUB+3rsZLpcj3ULEcqL
WDx8/lPDZsyvaosB4JIZLJaECq8TTUZswHsV/K7vdO/S994Ndc+QhXPF75lg33hu
eCIUF/6ZxMfKyeJre3KWeUmBKRMZZ4WJ6MEmSomL2BSYLSeRkvHY21v9InOK0w1f
VUaK04HxPJTun12AFAZk
=9gDC
-----END PGP SIGNATURE-----

3
clamav-1.4.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a318e780ac39a6b3d6c46971382f96edde97ce48b8e361eb80e63415ed416ad8
size 50078871

16
clamav-1.4.1.tar.gz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJm12IWAAoJEMzg39Iewam/rIQQAKv+zANPKfIta+VJRKkD0Wxa
LJGDBKKifqyM1HiR+YxGMUuElgmpRvozfZ7ifBGvz/IxjPmUag/BNfOl4JVsSAnL
WsOhUMSEYxLtpJUywFakI58O/yDSvYlpzfcks0nAIjfeQkhTz0vqqYlyEXR7aDCe
G/5yOGJtuwAiKclgLCTwqlevZ15ff+3z/UIJ9yAfqM9WPXPQA/lJk1Mp1FmIwVfw
T/0p8kJJj4Z8aH+jXqOXrKnw9L4Acig3axSneN8QcL5tNosMAQOxhkQuYc6g4V+h
vDX7N3G5UdPo6jpGoF8NmLu2VFGfWEymBzftMqYZ84Jli9t9RGN8UBEueGERjMsh
9/3NSAdxeDlR5ELB565a+x/pIOOjovERZdXs9UW8U8NXPeDnIuTTFnqip3e21OGY
WP3ioP85ixzLFDfZVTaLN97ym2+STiPt+KN7QBEUW0cP/wJFlEcXgRHyY3uQ/iET
grCTApBuNdOzzgm9lSka653AexhaFTAXtp4NJ5xXThQcFzJ+urDAc6LfPzyknHDx
+lfI5bMeW9I6E7CbkFOELqInzAk6uMZFxbp4Qte8so3GFdCTPtFVTbS4v+Ctx3oi
r6oIEFLzhbbNz8lX4JrmXTO1WLiy8uoS4xCEEpITAG9iDvPZ2N7iaTiBgI1B4jNN
W/t/iIUkO7udL0eyZBzF
=6wKd
-----END PGP SIGNATURE-----

183
clamav-conf.patch Normal file
View File

@ -0,0 +1,183 @@
--- etc/clamav-milter.conf.sample.orig
+++ etc/clamav-milter.conf.sample
@@ -1,11 +1,7 @@
##
-## Example config file for clamav-milter
+## config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,7 +13,7 @@ Example
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /run/clamav/clamav-milter.sock
+MilterSocket /run/clamav/clamav-milter.sock
#MilterSocket /tmp/clamav-milter.sock
#MilterSocket inet:7357
@@ -38,7 +34,7 @@ Example
# to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout.
@@ -65,7 +61,7 @@ Example
# also owned by root to keep other users from tampering with it.
#
# Default: disabled
-#PidFile /run/clamav/clamav-milter.pid
+PidFile /run/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -93,7 +89,7 @@ Example
#
# Default: no default
#ClamdSocket tcp:scanner.mydomain:7357
-#ClamdSocket unix:/run/clamav/clamd.sock
+ClamdSocket unix:/run/clamav/clamd.sock
##
@@ -243,13 +239,13 @@ Example
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
--- etc/clamd.conf.sample.orig
+++ etc/clamd.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for the Clam AV daemon
+## Config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
@@ -41,12 +37,12 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
@@ -74,7 +70,7 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /run/clamav/clamd.pid
+PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -98,7 +94,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /run/clamav/clamd.sock
+LocalSocket /run/clamav/clamd.sock
#LocalSocket /tmp/clamd.sock
# Sets the group ownership on the unix socket.
@@ -230,7 +226,7 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User vscan
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
@@ -727,7 +723,7 @@ Example
# multiple OnAccessIncludePath directives but each directory must be added
# in a separate line.
# Default: disabled
-#OnAccessIncludePath /home
+OnAccessIncludePath /home
#OnAccessIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
@@ -797,7 +793,7 @@ Example
# It has the same potential race condition limitations of the
# OnAccessExcludeUID option.
# Default: disabled
-#OnAccessExcludeUname clamav
+OnAccessExcludeUname vscan
# Number of times the OnAccess client will retry a failed scan due to
# connection problems (or other issues).
--- etc/freshclam.conf.sample.orig
+++ etc/freshclam.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for freshclam
+## Config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# WARNING: It must already exist, be an absolute path, be writeable by
@@ -54,12 +50,12 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /run/clamav/freshclam.pid
+PidFile /run/clamav/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner vscan
# Use DNS to verify virus database version. FreshClam uses DNS TXT records
# to verify database and software versions. With this directive you can change
@@ -150,7 +146,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
-#NotifyClamd /path/to/clamd.conf
+NotifyClamd /etc/clamd.conf
# Run command after successful database update.
# Use EXIT_1 to return 1 after successful database update.

41
clamav-document-maxsize.patch Normal file
View File

@ -0,0 +1,41 @@
--- docs/man/clamscan.1.in.orig
+++ docs/man/clamscan.1.in
@@ -8,6 +8,18 @@ clamscan [options] [file/directory/\-]
.SH "DESCRIPTION"
.LP
clamscan is a command line anti\-virus scanner.
+.SH "NOTE"
+.LP
+If a file or an archive is larger than the default or configured size (see \-\-max\-filesize and \-\-max-scansize options) scanning will abort at the limit, and the file will be marked as "OK".
+.TP
+The archive scan limits are currently set to 25MB or 100MB respectively.
+.TP
+There are more options that limit scanning, please check all the \-\-max\-something options.
+.TP
+To report files that are exceeding these limits, you need to specify \-\-alert\-exceeds\-max=yes option. This will then report a "Heuristics.Limits.Exceeded FOUND" for such files.
+
+.TP
+Please note that such a FOUND message does not imply infection, and your tooling should be able to handle this.
.SH "OPTIONS"
.LP
Most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting for a given option.
--- docs/man/clamdscan.1.in.orig
+++ docs/man/clamdscan.1.in
@@ -8,6 +8,17 @@ clamdscan [options] [file/directory]
.SH "DESCRIPTION"
.LP
clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd.
+.SH "NOTE"
+.LP
+If a file or an archive is larger than the default or configured size (see MaxFileSize and MaxScanSize options in clamd.conf) scanning will abort at the limit, and the file will be marked as "OK".
+.TP
+The archive scan limits are currently set to 25MB or 100MB respectively.
+.TP
+There are more options that limit scanning, please check all the MaxSomething options in clamd.conf.
+.TP
+To report files that are exceeding these limits, you need to specify AlertExceedsMax TRUE in clamd.conf. This will then report a "Heuristics.Limits.Exceeded FOUND" for such files.
+.TP
+Please note that such a FOUND message does not imply infection, and your tooling should be able to handle this.
.SH "OPTIONS"
.LP

12
clamav-fips.patch Normal file
View File

@ -0,0 +1,12 @@
--- libclamav/crypto.c.orig
+++ libclamav/crypto.c
@@ -145,6 +145,9 @@ int cl_initialize_crypto(void)
ERR_load_crypto_strings();
#endif
+ /* avoid fips issues */
+ EVP_add_digest(EVP_md5());
+
return 0;
}

165
clamav-format.patch Normal file
View File

@ -0,0 +1,165 @@
--- clamdscan/client.c.orig
+++ clamdscan/client.c
@@ -239,14 +239,14 @@ int16_t ping_clamd(const struct optstruc
if (i + 1 < attempts) {
if (optget(opts, "wait")->enabled) {
if (interval == 1)
- logg(LOGG_DEBUG, "Could not connect, will try again in %lu second\n", interval);
+ logg(LOGG_DEBUG, "Could not connect, will try again in %" PRIu64 " second\n", interval);
else
- logg(LOGG_DEBUG, "Could not connect, will try again in %lu seconds\n", interval);
+ logg(LOGG_DEBUG, "Could not connect, will try again in %" PRIu64 " seconds\n", interval);
} else {
if (interval == 1)
- logg(LOGG_INFO, "Could not connect, will PING again in %lu second\n", interval);
+ logg(LOGG_INFO, "Could not connect, will PING again in %" PRIu64 " second\n", interval);
else
- logg(LOGG_INFO, "Could not connect, will PING again in %lu seconds\n", interval);
+ logg(LOGG_INFO, "Could not connect, will PING again in %" PRIu64 " seconds\n", interval);
}
sleep(interval);
}
--- clamonacc/client/client.c.orig
+++ clamonacc/client/client.c
@@ -254,14 +254,14 @@ int16_t onas_ping_clamd(struct onas_cont
if (i + 1 < attempts) {
if (optget((*ctx)->opts, "wait")->enabled) {
if (interval == 1)
- logg(LOGG_DEBUG, "Will try again in %lu second\n", interval);
+ logg(LOGG_DEBUG, "Will try again in %" PRIu64 " second\n", interval);
else
- logg(LOGG_DEBUG, "Will try again in %lu seconds\n", interval);
+ logg(LOGG_DEBUG, "Will try again in %" PRIu64 " seconds\n", interval);
} else {
if (interval == 1)
- logg(LOGG_INFO, "PINGing again in %lu second\n", interval);
+ logg(LOGG_INFO, "PINGing again in %" PRIu64 " second\n", interval);
else
- logg(LOGG_INFO, "PINGing again in %lu seconds\n", interval);
+ logg(LOGG_INFO, "PINGing again in %" PRIu64 " seconds\n", interval);
}
sleep(interval);
}
--- clamonacc/fanotif/fanotif.c.orig
+++ clamonacc/fanotif/fanotif.c
@@ -141,7 +141,7 @@ cl_error_t onas_setup_fanotif(struct ona
/* Load other options. */
(*ctx)->sizelimit = optget((*ctx)->clamdopts, "OnAccessMaxFileSize")->numarg;
if ((*ctx)->sizelimit) {
- logg(LOGG_DEBUG, "ClamFanotif: max file size limited to %lu bytes\n", (*ctx)->sizelimit);
+ logg(LOGG_DEBUG, "ClamFanotif: max file size limited to %" PRIu64 " bytes\n", (*ctx)->sizelimit);
} else {
logg(LOGG_DEBUG, "ClamFanotif: file size limit disabled\n");
}
--- libclamav/mew.c.orig
+++ libclamav/mew.c
@@ -787,7 +787,7 @@ int unmew11(char *src, uint32_t off, uin
}
if (((size_t)(src + off) < (size_t)(src)) ||
((size_t)(src + off) < (size_t)(off))) {
- cli_dbgmsg("MEW: Buffer pointer (%08zx) + offset (%08zx) exceeds max size of pointer (%08lx)\n",
+ cli_dbgmsg("MEW: Buffer pointer (%08zx) + offset (%08zx) exceeds max size of pointer (%08zx)\n",
(size_t)src, (size_t)off, SIZE_MAX);
return -1;
}
--- libclamav/pe.c.orig
+++ libclamav/pe.c
@@ -5117,12 +5117,12 @@ cl_error_t cli_peheader(fmap_t *map, str
/* If a section is truncated, adjust its size value */
if (!CLI_ISCONTAINED_0_TO(fsize, section->raw, section->rsz)) {
- cli_dbgmsg("cli_peheader: PE Section %zu raw+rsz extends past the end of the file by %lu bytes\n", section_pe_idx, (section->raw + section->rsz) - fsize);
+ cli_dbgmsg("cli_peheader: PE Section %zu raw+rsz extends past the end of the file by %zu bytes\n", section_pe_idx, (section->raw + section->rsz) - fsize);
section->rsz = fsize - section->raw;
}
if (!CLI_ISCONTAINED_0_TO(fsize, section->uraw, section->ursz)) {
- cli_dbgmsg("cli_peheader: PE Section %zu uraw+ursz extends past the end of the file by %lu bytes\n", section_pe_idx, (section->uraw + section->ursz) - fsize);
+ cli_dbgmsg("cli_peheader: PE Section %zu uraw+ursz extends past the end of the file by %zu bytes\n", section_pe_idx, (section->uraw + section->ursz) - fsize);
section->ursz = fsize - section->uraw;
}
}
--- libfreshclam/libfreshclam_internal.c.orig
+++ libfreshclam/libfreshclam_internal.c
@@ -229,7 +229,7 @@ fc_error_t load_freshclam_dat(void)
if (-1 == lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET)) {
char error_message[260];
cli_strerror(errno, error_message, 260);
- logg(LOGG_ERROR, "Can't seek to %lu, error: %s\n", strlen(MIRRORS_DAT_MAGIC), error_message);
+ logg(LOGG_ERROR, "Can't seek to %zu, error: %s\n", strlen(MIRRORS_DAT_MAGIC), error_message);
goto done;
}
--- unit_tests/check_clamav.c.orig
+++ unit_tests/check_clamav.c
@@ -1925,7 +1925,7 @@ void diff_file_mem(int fd, const char *r
ck_assert_msg(!!buf, "unable to malloc buffer: %zu", len);
p = read(fd, buf, len);
- ck_assert_msg(p == len, "file is smaller: %lu, expected: %lu", p, len);
+ ck_assert_msg(p == len, "file is smaller: %zu, expected: %zu", p, len);
p = 0;
while (len > 0) {
c1 = ref[p];
@@ -1936,10 +1936,10 @@ void diff_file_mem(int fd, const char *r
len--;
}
if (len > 0)
- ck_assert_msg(c1 == c2, "file contents mismatch at byte: %lu, was: %c, expected: %c", p, c2, c1);
+ ck_assert_msg(c1 == c2, "file contents mismatch at byte: %zu, was: %c, expected: %c", p, c2, c1);
free(buf);
p = lseek(fd, 0, SEEK_END);
- ck_assert_msg(p == reflen, "trailing garbage, file size: %ld, expected: %ld", p, reflen);
+ ck_assert_msg(p == reflen, "trailing garbage, file size: %zd, expected: %zd", p, reflen);
close(fd);
}
@@ -1955,7 +1955,7 @@ void diff_files(int fd, int ref_fd)
ck_assert_msg(lseek(ref_fd, 0, SEEK_SET) == 0, "lseek failed");
nread = read(ref_fd, ref, siz);
- ck_assert_msg(nread == siz, "short read, expected: %ld, was: %ld", siz, nread);
+ ck_assert_msg(nread == siz, "short read, expected: %ld, was: %zd", siz, nread);
close(ref_fd);
diff_file_mem(fd, ref, siz);
free(ref);
--- unit_tests/check_clamd.c.orig
+++ unit_tests/check_clamd.c
@@ -363,7 +363,7 @@ START_TEST(test_stats)
recvdata = (char *)recvfull(sockd, &len);
- ck_assert_msg(len > strlen(STATS_REPLY), "Reply has wrong size: %lu, minimum %lu, reply: %s\n",
+ ck_assert_msg(len > strlen(STATS_REPLY), "Reply has wrong size: %zu, minimum %zu, reply: %s\n",
len, strlen(STATS_REPLY), recvdata);
if (len > strlen(STATS_REPLY))
@@ -416,7 +416,7 @@ START_TEST(test_instream)
recvdata = (char *)recvfull(sockd, &len);
expect_len = strlen(EXPECT_INSTREAM);
- ck_assert_msg(len == expect_len, "Reply has wrong size: %lu, expected %lu, reply: %s\n",
+ ck_assert_msg(len == expect_len, "Reply has wrong size: %zu, expected %zu, reply: %s\n",
len, expect_len, recvdata);
rc = memcmp(recvdata, EXPECT_INSTREAM, expect_len);
@@ -494,7 +494,7 @@ static void tst_fildes(const char *cmd,
ck_assert_msg(sscanf(recvdata, "fd[%u]", &rc) == 1, "Reply doesn't contain fd: %s\n", recvdata);
len -= p - recvdata;
- ck_assert_msg(len == expect_len, "Reply has wrong size: %lu, expected %lu, reply: %s, expected: %s\n",
+ ck_assert_msg(len == expect_len, "Reply has wrong size: %zu, expected %zu, reply: %s, expected: %s\n",
len, expect_len, p, expect);
rc = memcmp(p, expect, expect_len);
--- libclamav/others_common.c.orig
+++ libclamav/others_common.c
@@ -362,7 +362,7 @@ char *cli_safer_strdup(const char *s)
}
alloc = strdup(s);
-
+
if (!alloc) {
perror("strdup_problem");
cli_errmsg("cli_safer_strdup(): Can't allocate memory (%u bytes).\n", (unsigned int)strlen(s));

16
clamav-obsolete-config.patch Normal file
View File

@ -0,0 +1,16 @@
--- common/optparser.c.orig
+++ common/optparser.c
@@ -602,6 +602,13 @@ const struct clam_option __clam_options[
{"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
{"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
{"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
+ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
/* Milter specific options */

4
clamav-rpmlintrc Normal file
View File

@ -0,0 +1,4 @@
addFilter("obsolete-not-provided")
addFilter("systemd-service-without-service_.* freshclam.service")
addFilter("missing-call-to-setgroups-before-setuid /usr/bin/clamscan")
addFilter("files-duplicated-waste")

2
clamav-tmpfiles.conf Normal file
View File

@ -0,0 +1,2 @@
# clamav needs a directory in /run:
d /run/clamav 0755 vscan vscan -

2358
clamav.changes Normal file
View File

File diff suppressed because it is too large Load Diff

63
clamav.keyring Normal file
View File

@ -0,0 +1,63 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGQPO58BEACsF0vtWepeSZRklvCG170RKuZL+9aH8U3zVVtQgDlmcboVRiFf
+fgraQCRVh8cbRM76mqqGoMT0BlwZ1OfrzpZcrNUg5uAgok51P7SoCy3zummnv4M
TadwDLEHNf/38HSnrJe196IiwMEtyuKMGDfzyjQnr357Owem+7FgT2/sU7XwWD2B
+tn/yhbw+HpJuUjdmxmEqJr/4okRSj9OSWV+EFhS9owMNK8zntwHkJzmv4ctS1Ak
Zryh/J3jEnPqzSJDsH729XzKpG4BxCxnybP5WuMsJuNvSlVhVko1PaSi84Dy003w
WoQIgtQHNm6i8CcetrpNCULELTU8sViwdBQXIlGjCa3N+dq1ZOErasp4QzlCVOus
iOkm1KltvbJWPfVDW0A0Z4mP19YRlQTc0jn4w9R5ROmwcLf6Co8nBD2AV8MFjVJA
E21Mfj6LfksplmYg/DEa4kCe8KYPSATq6LFSf+o96fkmnsZovOi6zZ6RtV9l4Aya
pkcvk9iO2cvJMDYJ6iA2dC8EHC2m1tt1Rs2abJqOmsUJATo7MUpK7MD7NyhVvkjJ
j5QRES25uV4OY9ck091GB+XXAf3gGf3Pi2jop1gauGoxyBqLT4SkwqsnsrFF8eEh
A8UdBmo4K6MWFaxw6JsBPpIM63Qe848RzlQRanxS2n50ZZwMLIJrI2MEFQARAQAB
tDtUYWxvcyAoVGFsb3MsIENpc2NvIFN5c3RlbXMgSW5jLikgPHJlc2VhcmNoQHNv
dXJjZWZpcmUuY29tPokCPgQTAQIAKAUCZA87nwIbAwUJA8JnAAYLCQgHAwIGFQgC
CQoLBBYCAwECHgECF4AACgkQzODf0h7Bqb8gjw/9FYbuwzBjuVCVhHfoY4rfCDoj
eh3NVaTdHIWO1yp6JSM/ny+Z3wDzZLtyQlBcnaJlerncS961iOEG2gBA3v8fZudN
JFpvRC1gxd9IEhGXIDDg+BeOAJUbY9LQTc/dnzWBB04nun20+lM/Rad2BlkQ+YSz
uRUaFsgk0lQPCSDQfoahtoap14jWFsa19aOjTXhAF1MGEDXuoCXM6ByH6wJjtz+z
QJrXvmHS4v8yh8z/pibLGV7IgNrtoW2ej4jFadzEEn/MDajI+5N3C2w5rD41L7Lm
j1uCIBe1G54fgJSstvBxZcnAj9qTF2FBBUpQ1q/ONFfUjpAGQKG2qh1UNBiOZNS3
gDVN2T8h083WRN2gQvNJnJwXaF4Nm6zhmX4sUqE9nexUrDF8VG8xXJwPgZijaHPV
nZdgDZvQ47BKiJOUj80O9/qYyWo89pX6Rr/YmfbURhRe/kiPon9kIVFCzDDFPniJ
svICjpdkz7wZ0kUN+L7BtDQJfjFjTJPNA2nOV6l64DcdCiyutOFSz4Zf85GoT9wK
Mqv1UmpLwsq2FnF+Gpk1GLZCLprSCu3n16pr+gdRshnE93cvJbMGlP0+jcuFF5hr
Lsvujl7O81JrIjmGXrulHHpdrZQ4J2A3UpDDc60DOHG9ubnBnN7k2kQPY+9a1rzf
WPkMQKaxVo3uH1XRO/GJAhwEEAECAAYFAmQPQKgACgkQYJsCTys+3QcvuA//cuJX
LDfsGn9pWTCU83cF6eiQ5Id5FPKldyhSqYRgavgRov0fwD6ZU79dpURf+YsWxxtI
pIntn9hUgSgmdyUw+0GcAmFq6gJOQxWY2nij6X0A9Pskr2qW+WhMGKKVbYez65qw
fgGdlDFT/4nzVBGpIlRGGuOC0aT3jDhBXbp8Eusxi+5He7Kx2Chem7kCX9xBpUYS
FrujMlaMs8O1bsBW3xTWLpHhX6O6bpEY8zDfWavSAqCmzw5RtytAJWsAG1clU9AK
FwSKC+10ODo5VFzmRSgF727Gtuow1WnPhFM/7Cn+M+knCTm2vRz6Vz29/a6DUrZl
CbyKGPR8a9C3UG4VT8C3+fi1boZ+/trUw27YtrKp70FDy3UdgLDF2eO9B77vs35n
+hf2EipG407CGBqb8q6boOdxC0BN/Fcy30Oms4DSUTqEiqvSA/35BhyGfOmJb5tt
kMEHLPveJvilICKBMQdYHemR3mk+muzAO7+y4VOKl+rP0xXCp6y6PAiEu14lzxzI
isQu6omEJBOUiad2iZz+4OUU1Dil0YgUpNgJQyKaDUOR0MSzFU9IM5pzZJ14XkdG
6iriPEX1V9SlfZlaJDNlN11vFlVFeu02vJTcddAaHYad2tKD09GAEuZkib0ToWxz
S+4cBxojti6vMUHVSIlbov7ZMHd/WMqQUb1tSl65Ag0EZA87nwEQALkEL5rxEnv7
rcwcF3KwcppfHTWjkTV0dyMmE/kLf9e3QnMdCaiZMypxmYipOe9Z/9G6YGH+Qujp
N0mzenNgKljs961VTbOUYTusgwTz1qFienX8lg+eYRQIpqPjisb1xGlISojI7vWO
FZT/LrxVI6Y+HLSXkZjPD7TqyefgOlP2YchmFAjC/e+rtKAZ+FLlguotvDRxl/zp
AA8LLFup8Y8+BvQIWiy6jwwAjJMiJdwBtUz1OxpMuGU/C6bWCkAAFKjhC5F9JQEI
9jHh7/cQEGabDmjIGfywj9jniJrP79hrLfuryFvo6qbw7EwirJbKpoHJwS03ei29
Uwttw2Dn41dZ0MvjfpYwI61cE5NpvKCBJkkEho6SDXGvLABerEu3ASGlYybQOzrg
aHO9AxGXgD2tFjI0NNunVxy/0KQ+kWcdQ1p/dk/O2U6w5CfFHU68aZgAxmj7jngx
YKjs3IAUy8mwkxtyyFiLJ3E19NdB8+t0cjJMtDVtXOgmoi7HaP8RghdaitaI4q/z
ocIAWhJhN7IkzrYWJ/Bkq4j0doKmaDR8GPP3i5Keg1c1z4yGX1c9MWTMy49l5Nwl
/bUjUiIRocCc33dZCqL5KPMBdtLJOUiIG/KZoMqr6Ozxyriv4Nn/CT2/SSvatYtP
SN91kt61c2FmoBBSltiFwncbUVmB3HmDABEBAAGJAiUEGAECAA8FAmQPO58CGwwF
CQPCZwAACgkQzODf0h7Bqb/ueQ/7BofldLW0/GqvTMEDnysUB/tchWzae6LnBeur
EhIB6smOVkMiuzrRLl2/vFVmv6H1UZK2fRPpaI/3V2mg+ML5ioVVgBrg3IQxcDpY
sYiictUFXJQ9y/ygAl8zxbkE4v4BWAwk5kIFWw1q/sb3IUc07GeK16PLY0+ocPdV
vMyiV8w5wKBlkyPwdntjuJEyfU3lsIeR2iBcQe4HL1Y0/pm6Ilpn+uj2ZYlYZzhN
zBuLy9HB3it161KP/RyxWNB1AEAAx8Mh0IhHOEWLvbfjHJxkJ2GX0TgL5wa45l2a
3clP4Dw2MpLfzIHs+CxG7t6IdSvoX1+0gZPvmo9JXDsLNa7+uu/lcCUjXY9TWdvc
VIZRwlSBQQC8WnGpbkvsBDsJ2BskPWOmv0ol3aiiekJJhVT1K9M1ZwDGX1ts8hLr
mf0kCFDq0RImCg6WZAM6z3Fg/1pPGPRktJ4tmSui3GYzrVA34gTunvlqPYKCFYHA
EdUdqycz7UAroj7k3OndZGnnT2r/qKaIYF53/u+6SXM/lUSrJfwxG9eXiw80P/YW
K9VjT3CbQA74vz7pC1bxpYDas6w39DRpkYR1bn1GIhmJhK2CUj5FQla+opVN2Wmg
sk0O7hoet7RDvKpoUyBHxHOJseDQEzWc38bOxD+x0vz/MirBnLdBx8g836tgqy7h
ab6V2qU=
=X+5e
-----END PGP PUBLIC KEY BLOCK-----

374
clamav.spec Normal file
View File

@ -0,0 +1,374 @@
#
# spec file for package clamav
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%bcond_without clammspack
%bcond_with valgrind
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400
%bcond_without sysuser_vscan
%endif
%if 0%{?suse_version} <= 1500
%define vgcc 13
%if 0%{?sle_version} < 150400
%define vrust 1.78
%define vcmake 3
%endif
%endif
%global confdir %_prefix%_sysconfdir
Name: clamav
Version: 1.4.1
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
Group: Productivity/Security
URL: https://www.clamav.net
Source0: https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz
Source1: https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig
Source4: clamav-rpmlintrc
Source6: clamav-tmpfiles.conf
Source7: service.clamd
Source8: service.freshclam
Source9: service.clamav-milter
Source10: timer.freshclam
# w3m https://www.clamav.net/downloads | sed -n '/-BEGIN /,/-END /p'
Source11: clamav.keyring
Source12: service.clamonacc
Source65: system-user-vscan.conf
Patch1: clamav-conf.patch
Patch5: clamav-obsolete-config.patch
Patch12: clamav-fips.patch
Patch14: clamav-document-maxsize.patch
Patch15: clamav-format.patch
ExcludeArch: %{arml}
BuildRequires: cargo%{?vrust}
BuildRequires: cmake%{?vcmake}
BuildRequires: gcc%{?vgcc}
BuildRequires: gcc%{?vgcc}-c++
BuildRequires: libbz2-devel
BuildRequires: libjson-c-devel
BuildRequires: libopenssl-devel >= 1.0.2
BuildRequires: libxml2-devel
BuildRequires: make
BuildRequires: rust%{?vrust}
#BuildRequires: rust+cargo >= 1.61.0
#BuildRequires: rust+rustc >= 1.61.0
BuildRequires: sendmail-devel
BuildRequires: systemd
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(check)
BuildRequires: pkgconfig(libcurl) >= 7.45
BuildRequires: pkgconfig(libpcre2-8) >= 10.30
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(ncurses)
BuildRequires: pkgconfig(zlib)
BuildRequires: python(abi) >= 3.6
%if 0%{?suse_version} >= 1500
BuildRequires: python3-pytest
%endif
#
# Workaround to keep "make check" from using an existing libclamav
# instead of the just built one. This should rather be fixed
# by keeping libtool from adding libdir to rpath and LD_LIBRARY_PATH
# of the test binaries.
#
#!BuildIgnore: clamav
Obsoletes: clamav-db < 0.88.3
Provides: clamav-nodb = %{version}
Obsoletes: clamav-nodb < %{version}
%if %{without clammspack}
BuildRequires: pkgconfig(libmspack)
%endif
%if %{with valgrind}
BuildRequires: valgrind
%endif
%if %{with sysuser_vscan}
Requires(pre): group(vscan)
Requires(pre): user(vscan)
%else
BuildRequires: sysuser-tools
%sysusers_requires
%endif
%{?systemd_ordering}
%description
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats. It is the de-facto
standard for mail gateway scanning. It provides a multi-threaded
scanning daemon, command line utilities for on-demand file scanning,
and a tool for automatic signature updates. The core ClamAV library
provides numerous file format detection mechanisms, file unpacking
support, archive support, and multiple signature languages for
detecting threats.
%package docs-html
Summary: Documentation for ClamAV in HTML format
Group: Productivity/Security
Requires: %{name} = %{version}
BuildArch: noarch
%description docs-html
Optional HTML documentation for ClamAV antivirus engine
%package milter
Summary: ClamAV Milter compatible mail scanner
Group: Productivity/Security
Requires: %{name} = %{version}
Provides: %{name}:/usr/sbin/clamav-milter
%description milter
ClamAV-milter is a filter for sendmail(1) mail server. It uses a
mail scanning engine built into clamd(8). ClamAV-milter can use
load balancing and fault tolerant techniques to connect to more
than one clamd(8) server and seamlessly hot-swap to even the load
between different machines and to keep scanning for viruses even
when a server goes down.
%package -n libclamav12
Summary: ClamAV antivirus engine runtime
Group: System/Libraries
%description -n libclamav12
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package -n libfreshclam3
Summary: ClamAV updater library
Group: System/Libraries
%description -n libfreshclam3
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package -n libclammspack0
Summary: ClamAV antivirus engine runtime
Group: System/Libraries
%description -n libclammspack0
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package devel
Summary: Development files for libclamav, an antivirus engine
Group: Development/Libraries/C and C++
Requires: libclamav12 = %{version}
Requires: libfreshclam3 = %{version}
%description devel
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
This subpackage contains header files for developing applications
that want to make use of libclamav.
%prep
%setup -q
%patch -P 1
%patch -P 5
%patch -P 12
%patch -P 14
%patch -P 15
chmod -x docs/html/images/flamegraph.svg
%build
%if %{without sysuser_vscan}
# Create vscan user
%sysusers_generate_pre %{SOURCE65} vscan
%endif
%cmake \
%if "%{?vgcc}" != ""
-DCMAKE_C_COMPILER=gcc-%{vgcc} \
-DCMAKE_CXX_COMPILER=g++-%{vgcc} \
%endif
-DCMAKE_BUILD_TYPE=DEBUG \
-DCLAMAV_USER=vscan \
-DCLAMAV_GROUP=vscan \
-DCMAKE_INSTALL_DOCDIR:PATH=%{_docdir}/%name \
-DAPP_CONFIG_DIRECTORY:PATH=%_sysconfdir \
-DDATABASE_DIRECTORY:PATH=%_localstatedir/lib/clamav \
-DENABLE_CLAMONACC=ON \
-DENABLE_MILTER=ON \
-DSYSTEMD_UNIT_DIR=%{_unitdir} \
-DPCRE2_LIBRARY=%{_libdir}/libpcre2-8.so \
%if %{without clammspack}
-DENABLE_EXTERNAL_MSPACK=ON
%endif
%install
%cmake_install
install -d -m755 %{buildroot}%{_localstatedir}/lib/clamav
install -d -m755 %{buildroot}%{_tmpfilesdir}
install -m644 %SOURCE6 %{buildroot}%{_tmpfilesdir}/clamav.conf
%if 0%{?suse_version} <= 1500
mkdir -p %{buildroot}%{_localstatedir}/spool/amavis
%endif
mkdir -p -m 0755 %{buildroot}{%_sysconfdir,/run/clamav}
find %{buildroot} -type f -name "*.la" -delete -print
for f in %{buildroot}%{_sysconfdir}/*.conf.sample;
do
mv $f ${f%.sample}
done
# Systemd...
rm -f %{buildroot}%{_unitdir}/clamav-*
install -m 0644 %SOURCE7 %{buildroot}%{_unitdir}/clamd.service
install -m 0644 %SOURCE8 %{buildroot}%{_unitdir}/freshclam.service
install -m 0644 %SOURCE9 %{buildroot}%{_unitdir}/clamav-milter.service
install -m 0644 %SOURCE10 %{buildroot}%{_unitdir}/freshclam.timer
install -m 0644 %SOURCE12 %{buildroot}%{_unitdir}/clamonacc.service
for srvname in clamd freshclam clamav-milter clamonacc; do
(export PATH=%_prefix/sbin:/sbin:$PATH ;ln -sf service %{buildroot}/%{_sbindir}/rc${srvname})
done
%check
# regression tests
%if !0%{?qemu_user_space_build:1} && ( 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150500 )
# Run ctest with a single job to avoid failures
# due to race conditions, e.g. on s390x.
%define _smp_mflags -j1
%ctest
%undefine _smp_mflags
%endif
%if %{with sysuser_vscan}
%pre
%else
%pre -f vscan.pre
%endif
%service_add_pre clamd.service clamonacc.service
%post
%tmpfiles_create %{_tmpfilesdir}/clamav.conf
%service_add_post clamd.service clamonacc.service
%preun
if [ $1 -eq 0 ]; then
# package will be uninstalled
rm -f %{_localstatedir}/lib/clamav/*
fi
%service_del_preun clamd.service clamonacc.service
%postun
%service_del_postun clamd.service clamonacc.service
%pre milter
%service_add_pre clamav-milter.service
%post milter
%service_add_post clamav-milter.service
%preun milter
%service_del_preun clamav-milter.service
%postun milter
%service_del_postun clamav-milter.service
%if 0%{?suse_version} > 1500
%ldconfig_scriptlets -n libclamav12
%ldconfig_scriptlets -n libfreshclam3
%if %{with clammspack}
%ldconfig_scriptlets -n libclammspack0
%endif
%else
%post -n libclamav12 -p /sbin/ldconfig
%postun -n libclamav12 -p /sbin/ldconfig
%post -n libfreshclam3 -p /sbin/ldconfig
%postun -n libfreshclam3 -p /sbin/ldconfig
%if %{with clammspack}
%post -n libclammspack0 -p /sbin/ldconfig
%postun -n libclammspack0 -p /sbin/ldconfig
%endif
%endif
%files
%license COPYING*
%config(noreplace) %{_sysconfdir}/clamd.conf
%config(noreplace) %{_sysconfdir}/freshclam.conf
%{_bindir}/clamav-config
%{_bindir}/clambc
%{_bindir}/clamconf
%{_bindir}/clamdscan
%{_bindir}/clamdtop
%{_bindir}/clamscan
%{_bindir}/clamsubmit
%{_bindir}/freshclam
%{_bindir}/sigtool
%{_sbindir}/clamd
%{_sbindir}/clamonacc
%{_sbindir}/rcclamd
%{_sbindir}/rcfreshclam
%{_sbindir}/rcclamonacc
%{_mandir}/man1/clambc.1%{?ext_man}
%{_mandir}/man1/clamconf.1%{?ext_man}
%{_mandir}/man1/clamdscan.1%{?ext_man}
%{_mandir}/man1/clamdtop.1%{?ext_man}
%{_mandir}/man1/clamscan.1%{?ext_man}
%{_mandir}/man1/clamsubmit.1%{?ext_man}
%{_mandir}/man1/freshclam.1%{?ext_man}
%{_mandir}/man1/sigtool.1%{?ext_man}
%{_mandir}/man5/clamd.conf.5%{?ext_man}
%{_mandir}/man5/freshclam.conf.5%{?ext_man}
%{_mandir}/man8/clamd.8%{?ext_man}
%{_mandir}/man8/clamonacc.8%{?ext_man}
%{_tmpfilesdir}/*
%{_unitdir}/clamd.service
%{_unitdir}/freshclam.service
%{_unitdir}/freshclam.timer
%{_unitdir}/clamonacc.service
%defattr(-,vscan,vscan)
%dir %{_localstatedir}/lib/clamav
%if 0%{?suse_version} <= 1500
%dir %attr(750,vscan,vscan) %{_localstatedir}/spool/amavis
%endif
%ghost %attr(755,vscan,vscan) /run/clamav
%files docs-html
%doc %_docdir/%name
%files milter
%config(noreplace) %{_sysconfdir}/clamav-milter.conf
%{_unitdir}/clamav-milter.service
%{_sbindir}/clamav-milter
%{_sbindir}/rcclamav-milter
%{_mandir}/man5/clamav-milter.conf.5%{?ext_man}
%{_mandir}/man8/clamav-milter.8%{?ext_man}
%files -n libclamav12
%{_libdir}/libclam*.so.12*
%files -n libfreshclam3
%{_libdir}/libfreshclam.so.3*
%if %{with clammspack}
%files -n libclammspack0
%{_libdir}/libclammspack.so.0*
%endif
%files devel
%{_includedir}/*
%{_libdir}/pkgconfig/*
%{_libdir}/libclam*.so
%{_libdir}/libfreshclam*.so
%{_libdir}/libclamav_rust.a
%changelog

15
service.clamav-milter Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Clamav antivirus milter daemon
After=network.target clamd.service
Requires=clamd.service
[Service]
Type=forking
ExecStart=/usr/sbin/clamav-milter
; it will switch to vscan user
;User=vscan
;Group=vscan
;PrivateTmp=yes
[Install]
WantedBy=multi-user.target

20
service.clamd Normal file
View File

@ -0,0 +1,20 @@
[Unit]
Description=Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After=network.target
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
[Service]
Type=forking
ExecStart=/usr/sbin/clamd
TimeoutStartSec=5min
Restart=always
ExecReload=/bin/kill -USR2 $MAINPID
;User=vscan
;Group=vscan
;PrivateTmp=yes
[Install]
WantedBy=multi-user.target

13
service.clamonacc Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=ClamAV On-Access Scanner
Documentation=man:clamonacc(8) man:clamd.conf(5) https://docs.clamav.net/
Requires=clamd.service
After=clamd.service syslog.target network.target
[Service]
Type=forking
User=root
ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait --fdpass
[Install]
WantedBy=multi-user.target

12
service.freshclam Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Clam AntiVirus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents/
After=network-online.target nss-lookup.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/bin/freshclam
;User=vscan
;Group=vscan
;PrivateTmp=yes

3
system-user-vscan.conf Normal file
View File

@ -0,0 +1,3 @@
# Type Name ID GECOS [HOME]
g vscan 65 - -
u vscan 65 "Vscan account" /var/spool/amavis

10
timer.freshclam Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Timer for freshclam virus definitions downloader
[Timer]
OnBootSec=5m
OnUnitActiveSec=2h
Persistent=true
[Install]
WantedBy=timers.target