diff --git a/clamav-0.94.2.tar.bz2 b/clamav-0.94.2.tar.bz2 deleted file mode 100644 index 8c72124..0000000 --- a/clamav-0.94.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:42f64f3686190c86b15c6d8c05bf8dca12e67680f78a686dd8781d04aa9b7100 -size 21974576 diff --git a/clamav-0.95.tar.bz2 b/clamav-0.95.tar.bz2 new file mode 100644 index 0000000..ebe4291 --- /dev/null +++ b/clamav-0.95.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5f4ad3db46fa7d19b530c5651d04334e39ec24a1223f79c93612aaeb413b24d5 +size 23934489 diff --git a/clamav-conf.patch b/clamav-conf.patch index e777585..0297388 100644 --- a/clamav-conf.patch +++ b/clamav-conf.patch @@ -1,3 +1,69 @@ +--- etc/clamav-milter.conf ++++ etc/clamav-milter.conf +@@ -2,10 +2,6 @@ + ## Example config file for clamav-milter + ## + +-# Comment or remove the line below. +-Example +- +- + ## + ## Main options + ## +@@ -17,8 +13,7 @@ + # inet6:port@[hostname|ip-address] - to specify an ipv6 socket + # + # Default: no default +-#MilterSocket /tmp/clamav-milter.socket +-#MilterSocket inet:7357 ++MilterSocket /var/lib/clamav/clamav-milter-socket + + # Remove stale socket after unclean shutdown. + # +@@ -28,7 +23,7 @@ + # Run as another user (clamav-milter must be started by root for this option to work) + # + # Default: unset (don't drop privileges) +-#User clamav ++User vscan + + # Initialize supplementary group access (clamav-milter must be started by root). + # +@@ -56,7 +51,7 @@ + # daemon (main thread). + # + # Default: disabled +-#PidFile /var/run/clamav-milter.pid ++PidFile /var/lib/clamav/clamav-milter.pid + + # Optional path to the global temporary directory. + # Default: system specific (usually /tmp or /var/tmp). +@@ -82,7 +77,7 @@ + # with the same socket: clamd servers will be selected in a round-robin fashion. + # + # Default: no default +-#ClamdSocket tcp:scanner.mydomain:7357 ++ClamdSocket unix:/var/lib/clamav/clamd-socket + + + ## +@@ -193,13 +188,13 @@ + # Use system logger (can work together with LogFile). + # + # Default: no +-#LogSyslog yes ++LogSyslog yes + + # Specify the type of syslog messages - please refer to 'man syslog' + # for facility names. + # + # Default: LOG_LOCAL6 +-#LogFacility LOG_MAIL ++LogFacility LOG_MAIL + + # Enable verbose logging. + # --- etc/clamd.conf +++ etc/clamd.conf @@ -1,12 +1,8 @@ diff --git a/clamav-milter-sysconfig b/clamav-milter-sysconfig deleted file mode 100644 index e6b8fe8..0000000 --- a/clamav-milter-sysconfig +++ /dev/null @@ -1,12 +0,0 @@ -## Path: Applications/ClamAV -## Description: Command line options for clamav-milter -## Type: string -## Service-Restart: clamav-milter -CLAMAV_MILTER_OPTIONS="" - -## Path: Applications/ClamAV -## Description: Socket address for clamav-milter -## Type: string -## Default: /var/lib/clamav/clamav-milter-socket -## Service-Restart: clamav-milter -CLAMAV_MILTER_SOCKET="/var/lib/clamav/clamav-milter-socket" diff --git a/clamav-milter.patch b/clamav-milter.patch index 73d82c0..9d95360 100644 --- a/clamav-milter.patch +++ b/clamav-milter.patch @@ -1,15 +1,397 @@ +--- clamav-milter/Makefile.in ++++ clamav-milter/Makefile.in +@@ -58,10 +58,11 @@ + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/argz.m4 $(top_srcdir)/m4/fdpassing.m4 \ +- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ +- $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \ +- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ +- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ ++ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ ++ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ ++ $(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \ ++ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ ++ $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/mmap_private.m4 $(top_srcdir)/m4/resolv.m4 \ + $(top_srcdir)/configure.in + am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ --- clamav-milter/clamav-milter.c +++ clamav-milter/clamav-milter.c -@@ -2085,12 +2085,7 @@ - logg(_("!Can't save PID in file %s\n"), pidfile); - return EX_CONFIG; +@@ -211,6 +211,14 @@ + return 1; + } + ++ if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) { ++ localnets_free(); ++ whitelist_free(); ++ logg_close(); ++ optfree(opts); ++ return 1; ++ } ++ + if(optget(opts, "AddHeader")->enabled) { + char myname[255]; + +--- clamav-milter/clamfi.c ++++ clamav-milter/clamfi.c +@@ -61,6 +61,7 @@ + } loginfected; + + #define CLAMFIBUFSZ 1424 ++static const char *HDR_UNAVAIL = "UNKNOWN"; + + struct CLAMFI { + char buffer[CLAMFIBUFSZ]; +@@ -74,6 +75,7 @@ + unsigned int totsz; + unsigned int bufsz; + unsigned int all_whitelisted; ++ unsigned int gotbody; + }; + + +@@ -91,12 +93,15 @@ + }; + + +-void makesanehdr(char *hdr) { ++static const char *makesanehdr(char *hdr) { ++ char *ret = hdr; ++ if(!hdr) return HDR_UNAVAIL; + while(*hdr) { + if(*hdr=='\'' || *hdr=='\t' || *hdr=='\r' || *hdr=='\n' || !isprint(*hdr)) + *hdr = ' '; + hdr++; + } ++ return ret; + } + + static void nullify(SMFICTX *ctx, struct CLAMFI *cf, enum CFWHAT closewhat) { +@@ -113,9 +118,22 @@ + + + static sfsistat sendchunk(struct CLAMFI *cf, unsigned char *bodyp, size_t len, SMFICTX *ctx) { +- if(cf->totsz >= maxfilesize) ++ if(cf->totsz >= maxfilesize || len == 0) + return SMFIS_CONTINUE; + ++ if(!cf->totsz) { ++ sfsistat ret; ++ if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) { ++ logg("!Failed to initiate streaming/fdpassing\n"); ++ nullify(ctx, cf, CF_NONE); ++ return FailAction; ++ } ++ cf->totsz = 1; /* do not infloop */ ++ if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE) ++ return ret; ++ cf->totsz -= 1; ++ } ++ + if(cf->totsz + len > maxfilesize) + len = maxfilesize - cf->totsz; + +@@ -166,35 +184,28 @@ + if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx))) + return SMFIS_CONTINUE; /* whatever */ + +- if(loginfected == LOGINF_FULL) { +- if(headerf && !strcasecmp(headerf, "Subject") && !cf->msg_subj) +- cf->msg_subj = strdup(headerv); +- if(headerf && !strcasecmp(headerf, "Date") && !cf->msg_date) +- cf->msg_date = strdup(headerv); +- if(headerf && !strcasecmp(headerf, "Message-ID") && !cf->msg_id) +- cf->msg_id = strdup(headerv); ++ if(!cf->totsz && cf->all_whitelisted) { ++ logg("*Skipping scan (all destinations whitelisted)\n"); ++ nullify(ctx, cf, CF_NONE); ++ return SMFIS_ACCEPT; + } + +- if(!cf->totsz) { +- if(cf->all_whitelisted) { +- logg("*Skipping scan (all destinations whitelisted)\n"); +- nullify(ctx, cf, CF_NONE); +- return SMFIS_ACCEPT; +- } +- if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) { +- logg("!Failed to initiate streaming/fdpassing\n"); +- nullify(ctx, cf, CF_NONE); +- return FailAction; +- } +- if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE) +- return ret; ++ if(!headerf) return SMFIS_CONTINUE; /* just in case */ ++ ++ if(loginfected == LOGINF_FULL) { ++ if(!cf->msg_subj && !strcasecmp(headerf, "Subject")) ++ cf->msg_subj = strdup(headerv ? headerv : ""); ++ if(!cf->msg_date && !strcasecmp(headerf, "Date")) ++ cf->msg_date = strdup(headerv ? headerv : ""); ++ if(!cf->msg_id && !strcasecmp(headerf, "Message-ID")) ++ cf->msg_id = strdup(headerv ? headerv : ""); + } + + if((ret = sendchunk(cf, (unsigned char *)headerf, strlen(headerf), ctx)) != SMFIS_CONTINUE) + return ret; + if((ret = sendchunk(cf, (unsigned char *)": ", 2, ctx)) != SMFIS_CONTINUE) + return ret; +- if((ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE) ++ if(headerv && (ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE) + return ret; + return sendchunk(cf, (unsigned char *)"\r\n", 2, ctx); + } +@@ -205,6 +216,14 @@ + + if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx))) + return SMFIS_CONTINUE; /* whatever */ ++ ++ if(!cf->gotbody) { ++ sfsistat ret = sendchunk(cf, (unsigned char *)"\r\n", 2, ctx); ++ if(ret != SMFIS_CONTINUE) ++ return ret; ++ cf->gotbody = 1; ++ } ++ + return sendchunk(cf, bodyp, len, ctx); + } + +@@ -225,6 +244,14 @@ + if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx))) + return SMFIS_CONTINUE; /* whatever */ + ++ if(!cf->totsz) { ++ /* got no headers and no body */ ++ logg("*Not scanning an empty message\n"); ++ ret = CleanAction(ctx); ++ nullify(ctx, cf, CF_NONE); ++ return ret; ++ } ++ + if(cf->local) { + if(nc_send(cf->main, "nFILDES\n", 8)) { + logg("!FD scan request failed\n"); +@@ -286,18 +313,19 @@ } --#ifdef C_LINUX -- /* Ensure that all threads are kill()ed */ -- fprintf(fd, "-%d\n", (int)getpgrp()); --#else - fprintf(fd, "%d\n", (int)getpid()); --#endif - fclose(fd); - umask(old_umask); - } else if(tmpdir) { + + if(loginfected) { +- const char *from = smfi_getsymval(ctx, "{mail_addr}"), *to = smfi_getsymval(ctx, "{rcpt_addr}"); +- +- if(!from) from = "UNKNOWN"; +- if(!to) to = "UNKNOWN"; +- ++ const char *from = smfi_getsymval(ctx, "{mail_addr}"); ++ const char *to = smfi_getsymval(ctx, "{rcpt_addr}"); ++ ++ if(!from) from = HDR_UNAVAIL; ++ if(!to) to = HDR_UNAVAIL; + if(loginfected == LOGINF_FULL) { + const char *id = smfi_getsymval(ctx, "{i}"); ++ const char *msg_subj = makesanehdr(cf->msg_subj); ++ const char *msg_date = makesanehdr(cf->msg_date); ++ const char *msg_id = makesanehdr(cf->msg_id); + +- makesanehdr(cf->msg_subj); +- makesanehdr(cf->msg_date); +- makesanehdr(cf->msg_id); +- logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id ? id : "UNKNOWN", from, to, cf->msg_subj, cf->msg_id, cf->msg_date, vir); ++ if(!id) id = HDR_UNAVAIL; ++ logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id, from, to, msg_subj, msg_id, msg_date, vir); + } else logg("~Message from <%s> to <%s> infected by %s\n", from, to, vir); + } + } +@@ -504,12 +532,18 @@ + + sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv) { + struct CLAMFI *cf; ++ const char *login = smfi_getsymval(ctx, "{auth_authen}"); ++ ++ if(login && smtpauthed(login)) { ++ logg("*Skipping scan for authenticated user %s\n", login); ++ return SMFIS_ACCEPT; ++ } + + if(whitelisted(argv[0], 1)) { + logg("*Skipping scan for %s (whitelisted from)\n", argv[0]); + return SMFIS_ACCEPT; + } +- ++ + if(!(cf = (struct CLAMFI *)malloc(sizeof(*cf)))) { + logg("!Failed to allocate CLAMFI struct\n"); + return FailAction; +@@ -518,6 +552,7 @@ + cf->bufsz = 0; + cf->main = cf->alt = -1; + cf->all_whitelisted = 1; ++ cf->gotbody = 0; + cf->msg_subj = cf->msg_date = cf->msg_id = NULL; + smfi_setpriv(ctx, (void *)cf); + +--- clamav-milter/netcode.c ++++ clamav-milter/netcode.c +@@ -129,7 +129,7 @@ + close(s); + return -1; + } +- if (getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) { ++ if(getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) { + logg("*Failed to establish a connection to clamd\n"); + close(s); + return -1; +@@ -163,8 +163,6 @@ + tv.tv_usec = 0; + while(1) { + fd_set fds; +- int s_err; +- socklen_t s_len = sizeof(s_err); + + FD_ZERO(&fds); + FD_SET(s, &fds); +@@ -177,12 +175,10 @@ + tv.tv_usec = 0; + continue; + } +- logg("!Failed stream to clamd\n"); ++ logg("!Failed to stream to clamd\n"); + close(s); + return 1; + } +- len-=s_len; +- buf+=s_len; + break; + } + } +--- clamav-milter/whitelist.c ++++ clamav-milter/whitelist.c +@@ -25,8 +25,8 @@ + #include + #include + #include +-#include + ++#include "libclamav/regex/regex.h" + #include "shared/output.h" + #include "whitelist.h" + +@@ -38,17 +38,20 @@ + struct WHLST *wfrom = NULL; + struct WHLST *wto = NULL; + ++int skipauth = 0; ++regex_t authreg; ++ + void whitelist_free(void) { + struct WHLST *w; + while(wfrom) { + w = wfrom->next; +- regfree(&wfrom->preg); ++ cli_regfree(&wfrom->preg); + free(wfrom); + wfrom = w; + } + while(wto) { + w = wto->next; +- regfree(&wto->preg); ++ cli_regfree(&wto->preg); + free(wto); + wto = w; + } +@@ -85,14 +88,14 @@ + } + if(!len) continue; + if (!(w = (struct WHLST *)malloc(sizeof(*w)))) { +- logg("!Out of memory loading whitelist\n"); ++ logg("!Out of memory loading whitelist file\n"); + whitelist_free(); + return 1; + } + w->next = (*addto); + (*addto) = w; +- if (regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) { +- logg("!Failed to compile regex '%s'\n", ptr); ++ if (cli_regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) { ++ logg("!Failed to compile regex '%s' in whitelist file\n", ptr); + whitelist_free(); + return 1; + } +@@ -108,13 +111,30 @@ + else w = wto; + + while(w) { +- if(!regexec(&w->preg, addr, 0, NULL, 0)) ++ if(!cli_regexec(&w->preg, addr, 0, NULL, 0)) + return 1; + w = w->next; + } + return 0; + } + ++ ++int smtpauth_init(const char *r) { ++ if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) { ++ logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r); ++ return 1; ++ } ++ skipauth = 1; ++ return 0; ++} ++ ++ ++int smtpauthed(const char *login) { ++ if(skipauth && !cli_regexec(&authreg, login, 0, NULL, 0)) ++ return 1; ++ return 0; ++} ++ + + /* + * Local Variables: +--- clamav-milter/whitelist.h ++++ clamav-milter/whitelist.h +@@ -24,4 +24,6 @@ + int whitelist_init(const char *fname); + void whitelist_free(void); + int whitelisted(const char *addr, int from); ++int smtpauth_init(const char *r); ++int smtpauthed(const char *login); + #endif +--- etc/clamav-milter.conf ++++ etc/clamav-milter.conf +@@ -94,7 +94,7 @@ + #LocalNet 192.168.0.0/24 + #LocalNet 1111:2222:3333::/48 + +-# This option specifies a file which contains a list of POSIX regular ++# This option specifies a file which contains a list of basic POSIX regular + # expressions. Addresses (sent to or from - see below) matching these regexes + # will not be scanned. Optionally each line can start with the string "From:" + # or "To:" (note: no whitespace after the colon) indicating if it is, +@@ -105,6 +105,13 @@ + # Default unset (no exclusion applied) + #Whitelist /etc/whitelisted_addresses + ++# Messages from authenticated SMTP users matching this extended POSIX ++# regular expression (egrep-like) will not be scanned. ++# Note: this is the AUTH login name! ++# ++# Default: unset (no whitelisting based on SMTP auth) ++#SkipAuthenticated ^(tom|dick|henry)$ ++ + + ## + ## Actions +--- shared/optparser.c ++++ shared/optparser.c +@@ -382,7 +382,9 @@ + + { "Chroot", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Chroot to the specified directory.\nChrooting is performed just after reading the config file and before\ndropping privileges.", "/newroot" }, + +- { "Whitelist", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" }, ++ { "Whitelist", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of basic POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" }, ++ ++ { "SkipAuthenticated", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" }, + + { "LogInfected", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option allows to tune what is logged when a message is infected.\nPossible values are Off (the default - nothing is logged),\nBasic (minimal info logged), Full (verbose info logged)", "Basic" }, + diff --git a/clamav-rcclamd b/clamav-rcclamd index f77c8ad..401fec7 100644 --- a/clamav-rcclamd +++ b/clamav-rcclamd @@ -150,14 +150,19 @@ rc_reset case "$1" in start) echo -n "Starting Clam AntiVirus daemon " - if ! test -f $CLAMD_DBDIR/main.cvd -o -f $CLAMD_DBDIR/main.cld ; then - rc_failed - rc_status -v - echo " ClamAV Virus definition files are missing from $CLAMD_DBDIR." - echo " Either install the clamav-db package or run freshclam." - else - startproc -p $CLAMD_PIDFILE $CLAMD_BIN - rc_status -v + OUT=$(startproc -p $CLAMD_PIDFILE $CLAMD_BIN 2>&1) + rc_status -v && rc_exit + # If clamd failed to start, check if the reason is + # missing virus database files. + clamscan - < /dev/null &> /dev/null + if test "$?" -eq "50"; then + echo " !!" + echo " !! ClamAV Virus definition files are missing from $CLAMD_DBDIR." + echo " !! Plase run freshclam manually to download the latest version (>20MB)" + echo " !! or install the clamav-db package." + echo " !!" + else + echo "$OUT" fi ;; stop) diff --git a/clamav-rcmilter b/clamav-rcmilter index 054aa8b..2363ed2 100644 --- a/clamav-rcmilter +++ b/clamav-rcmilter @@ -39,20 +39,12 @@ # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance BIN=/usr/sbin/clamav-milter -PIDFILE=/var/lib/clamav/clamav-milter.pid +# Read the pidfile from the config +PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf) test -x $BIN || { echo "$BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } -# Check for existence of needed config file and read it -CONFIG=/etc/sysconfig/clamav-milter -test -r $CONFIG || { echo "$CONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } - -# Read config -. $CONFIG - # Source LSB init functions . /etc/rc.status @@ -78,10 +70,11 @@ rc_reset case "$1" in start) echo -n "Starting clamav-milter " + # make sure everybody can access the local socket + umask 0 ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. - /sbin/startproc -p $PIDFILE -q \ - $BIN -i $PIDFILE $CLAMAV_MILTER_OPTIONS $CLAMAV_MILTER_SOCKET + /sbin/startproc ${PIDFILE:+-p $PIDFILE} $BIN # Remember status and be verbose rc_status -v @@ -91,7 +84,7 @@ case "$1" in ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. - /sbin/killproc -TERM -p $PIDFILE -G $BIN + /sbin/killproc -TERM ${PIDFILE:+-p $PIDFILE} -G $BIN # Remember status and be verbose rc_status -v @@ -150,7 +143,7 @@ case "$1" in # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. - /sbin/checkproc -p $PIDFILE $BIN + /sbin/checkproc ${PIDFILE:+-p $PIDFILE} $BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v diff --git a/clamav-valgrind.patch b/clamav-valgrind.patch index 0b1eef3..b57a112 100644 --- a/clamav-valgrind.patch +++ b/clamav-valgrind.patch @@ -1,8 +1,8 @@ --- unit_tests/valgrind.supp +++ unit_tests/valgrind.supp -@@ -246,6 +246,12 @@ - fun: _setjmp - fun: clone +@@ -335,6 +335,12 @@ + Helgrind:Race + fun:recvloop_th } +{ + glibc-iconv_open diff --git a/clamav.changes b/clamav.changes index 9de24fc..0861a19 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Mon Apr 6 17:14:47 CEST 2009 - max@suse.de + +- Version 0.95 also fixes two security issues: + bnc#491935 and bnc#491938. +- Removed unneeded tcpd build dependency. +- Removed obsolete configure switches. +- ncurses-devel is needed for building clamtop. +- Patched clamav-milter up to the latest upstream version to fix + the non-detection of virus code outside of attachments. + (bnc#445137) +- Improved rcclamd to print a more instructive message when the + virus database files are missing. + +------------------------------------------------------------------- +Tue Mar 24 18:33:34 CET 2009 - max@suse.de + +- New version 0.95 (bnc#488317): + + * clamav-milter got rewritten. Standalone mode got dropped and + using multiple instances of clamd in parallel got added for + load sharing and fail-safety. The command lin + + * Changes to the libclamav API will make future changes less + likely, but require adjustment of applications linking to + libclamav. + + * Numerous other bug fixes and improvements. + + * libGMP is no longer needed. + +- Drop support for versions older than 9.1/SLES9. + +- Improve init script of clamav-milter (bnc#445137). + ------------------------------------------------------------------- Mon Dec 1 16:32:27 CET 2008 - max@suse.de diff --git a/clamav.spec b/clamav.spec index 68d58b1..a011c6c 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,7 +1,7 @@ # -# spec file for package clamav (Version 0.94.2) +# spec file for package clamav (Version 0.95) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,11 +19,9 @@ Name: clamav -%if 0%{?suse_version} >= 0910 -BuildRequires: sed sendmail sendmail-devel tcpd-devel -%endif +BuildRequires: ncurses-devel sed sendmail sendmail-devel %if 0%{?suse_version} >= 1010 -BuildRequires: bc gmp-devel pkgconfig zlib-devel +BuildRequires: bc pkgconfig zlib-devel %endif %if 0%{?suse_version} >= 1030 BuildRequires: check-devel pwdutils @@ -32,7 +30,7 @@ BuildRequires: check-devel pwdutils %define clamav_check --disable-check %endif Summary: Antivirus Toolkit -Version: 0.94.2 +Version: 0.95 Release: 1 License: GPL v2 or later Group: Productivity/Security @@ -41,14 +39,13 @@ Requires: latex2html-pngicons Obsoletes: clamav-db < 0.88.3 PreReq: %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod PreReq: /usr/bin/awk /bin/sed /bin/tar -PreReq: %insserv_prereq %fillup_prereq +PreReq: %insserv_prereq Source0: %{name}-%{version}.tar.bz2 Source1: clamav-rcclamd Source2: clamav-rcfreshclam Source3: clamav-updateclamconf Source4: clamav-rpmlintrc Source5: clamav-rcmilter -Source6: clamav-milter-sysconfig Patch1: clamav-conf.patch Patch2: clamav-milter.patch Patch3: clamav-valgrind.patch @@ -98,6 +95,10 @@ Authors: CFLAGS="-fstack-protector" %endif export CFLAGS="%optflags -fno-strict-aliasing $CFLAGS" +%if 0%{?suse_version} == 0910 +# SLES9 needs this macro to enable the quarantine feature in libmilter +CFLAGS="$CFLAGS -D_FFR_QUARANTINE" +%endif ./configure \ --prefix=%_prefix \ --libdir=%_libdir \ @@ -108,19 +109,12 @@ export CFLAGS="%optflags -fno-strict-aliasing $CFLAGS" --with-dbdir=/var/lib/clamav \ --with-user=vscan \ --with-group=vscan \ - --with-tcpwrappers \ - --with-libcurl \ -%if 0%{?suse_version} >= 0910 --enable-milter \ -%endif %clamav_check \ --disable-zlib-vcheck make %{?jobs:-j%jobs} -# SLES8 does not support %check -%if 0%{?suse_version} > 810 || 0%{!?suse_version:1} %check -%endif VALGRIND_GENSUP=1 make check %install @@ -133,8 +127,6 @@ install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter -mkdir -p %buildroot/var/adm/fillup-templates -install -m644 %SOURCE6 %buildroot/var/adm/fillup-templates/sysconfig.clamav-milter install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid for f in %buildroot/var/lib/clamav/*.cvd; do @@ -146,10 +138,8 @@ mkdir -p %buildroot/var/spool/amavis %if 0%{?suse_version} > 1020 rm %buildroot/%_libdir/*.la %endif -%if 0%{?suse_version} > 0810 # Remove bogus dependencies from libclamav.pc sed -i 's/^Libs: .*/Libs: -lclamav/' %buildroot%_libdir/pkgconfig/libclamav.pc -%endif %clean rm -rf %buildroot @@ -172,7 +162,6 @@ rm -rf %buildroot %ghost /var/lib/clamav/*.pid %ghost /var/lib/clamav/*.cld %ghost /var/lib/clamav/*.cvd -/var/adm/fillup-templates/* %files db %defattr(-,vscan,vscan) @@ -186,11 +175,10 @@ rm -rf %buildroot %post /sbin/ldconfig -%{?fillup_only:%fillup_only -n clamav-milter} # merge config files on update test "0$1" -lt 2 && exit 0 umask 022 -for f in /etc/clamd.conf /etc/freshclam.conf; do +for f in /etc/clamd.conf /etc/freshclam.conf /etc/clamav-milter.conf; do if test -e $f.rpmnew; then echo "Merging $f and $f.rpmnew" %_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp @@ -273,6 +261,29 @@ for f in main daily; do done %changelog +* Mon Apr 06 2009 max@suse.de +- Version 0.95 also fixes two security issues: + bnc#491935 and bnc#491938. +- Removed unneeded tcpd build dependency. +- Removed obsolete configure switches. +- ncurses-devel is needed for building clamtop. +- Patched clamav-milter up to the latest upstream version to fix + the non-detection of virus code outside of attachments. + (bnc#445137) +- Improved rcclamd to print a more instructive message when the + virus database files are missing. +* Tue Mar 24 2009 max@suse.de +- New version 0.95 (bnc#488317): + * clamav-milter got rewritten. Standalone mode got dropped and + using multiple instances of clamd in parallel got added for + load sharing and fail-safety. The command lin + * Changes to the libclamav API will make future changes less + likely, but require adjustment of applications linking to + libclamav. + * Numerous other bug fixes and improvements. + * libGMP is no longer needed. +- Drop support for versions older than 9.1/SLES9. +- Improve init script of clamav-milter (bnc#445137). * Mon Dec 01 2008 max@suse.de - New version 0.94.2 fixes recursion limits in JPEG scanning code (bnc#450207). @@ -381,7 +392,7 @@ done - Stability and bugfix update: 0.91.1 (#292297) - Run ldconfig on (un)installation. - Make %%check conditional to fix building on SLES8. -* Sat Jul 14 2007 lrupp@suse.de +* Sun Jul 15 2007 lrupp@suse.de - add zlib-devel to build requires - suppress some false positives from rpmlint - added %%check section and remove unneeded INSTALL file from %%doc