pool/clamav
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=21

Browse Source
This commit is contained in:
OBS User unknown 2009-04-07 10:45:24 +00:00 committed by Git OBS Bridge
parent 57d28ced06
commit 5d80382027
10 changed files with 556 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clamav-0.94.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:42f64f3686190c86b15c6d8c05bf8dca12e67680f78a686dd8781d04aa9b7100
size 21974576

3
clamav-0.95.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5f4ad3db46fa7d19b530c5651d04334e39ec24a1223f79c93612aaeb413b24d5
size 23934489

66
clamav-conf.patch
View File

@ -1,3 +1,69 @@
--- etc/clamav-milter.conf
+++ etc/clamav-milter.conf
@@ -2,10 +2,6 @@
## Example config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,8 +13,7 @@
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /tmp/clamav-milter.socket
-#MilterSocket inet:7357
+MilterSocket /var/lib/clamav/clamav-milter-socket
# Remove stale socket after unclean shutdown.
#
@@ -28,7 +23,7 @@
# Run as another user (clamav-milter must be started by root for this option to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Initialize supplementary group access (clamav-milter must be started by root).
#
@@ -56,7 +51,7 @@
# daemon (main thread).
#
# Default: disabled
-#PidFile /var/run/clamav-milter.pid
+PidFile /var/lib/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -82,7 +77,7 @@
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
-#ClamdSocket tcp:scanner.mydomain:7357
+ClamdSocket unix:/var/lib/clamav/clamd-socket
##
@@ -193,13 +188,13 @@
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
--- etc/clamd.conf
+++ etc/clamd.conf
@@ -1,12 +1,8 @@

12
clamav-milter-sysconfig
View File

@ -1,12 +0,0 @@
## Path: Applications/ClamAV
## Description: Command line options for clamav-milter
## Type: string
## Service-Restart: clamav-milter
CLAMAV_MILTER_OPTIONS=""
## Path: Applications/ClamAV
## Description: Socket address for clamav-milter
## Type: string
## Default: /var/lib/clamav/clamav-milter-socket
## Service-Restart: clamav-milter
CLAMAV_MILTER_SOCKET="/var/lib/clamav/clamav-milter-socket"

406
clamav-milter.patch
View File

@ -1,15 +1,397 @@
--- clamav-milter/Makefile.in
+++ clamav-milter/Makefile.in
@@ -58,10 +58,11 @@
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \
$(top_srcdir)/m4/argz.m4 $(top_srcdir)/m4/fdpassing.m4 \
- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
- $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/mmap_private.m4 $(top_srcdir)/m4/resolv.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
--- clamav-milter/clamav-milter.c
+++ clamav-milter/clamav-milter.c
@@ -2085,12 +2085,7 @@
logg(_("!Can't save PID in file %s\n"), pidfile);
return EX_CONFIG;
@@ -211,6 +211,14 @@
return 1;
}
-#ifdef C_LINUX
- /* Ensure that all threads are kill()ed */
- fprintf(fd, "-%d\n", (int)getpgrp());
-#else
fprintf(fd, "%d\n", (int)getpid());
-#endif
fclose(fd);
umask(old_umask);
} else if(tmpdir) {
+ if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) {
+ localnets_free();
+ whitelist_free();
+ logg_close();
+ optfree(opts);
+ return 1;
+ }
+
if(optget(opts, "AddHeader")->enabled) {
char myname[255];
--- clamav-milter/clamfi.c
+++ clamav-milter/clamfi.c
@@ -61,6 +61,7 @@
} loginfected;
#define CLAMFIBUFSZ 1424
+static const char *HDR_UNAVAIL = "UNKNOWN";
struct CLAMFI {
char buffer[CLAMFIBUFSZ];
@@ -74,6 +75,7 @@
unsigned int totsz;
unsigned int bufsz;
unsigned int all_whitelisted;
+ unsigned int gotbody;
};
@@ -91,12 +93,15 @@
};
-void makesanehdr(char *hdr) {
+static const char *makesanehdr(char *hdr) {
+ char *ret = hdr;
+ if(!hdr) return HDR_UNAVAIL;
while(*hdr) {
if(*hdr=='\'' || *hdr=='\t' || *hdr=='\r' || *hdr=='\n' || !isprint(*hdr))
*hdr = ' ';
hdr++;
}
+ return ret;
}
static void nullify(SMFICTX *ctx, struct CLAMFI *cf, enum CFWHAT closewhat) {
@@ -113,9 +118,22 @@
static sfsistat sendchunk(struct CLAMFI *cf, unsigned char *bodyp, size_t len, SMFICTX *ctx) {
- if(cf->totsz >= maxfilesize)
+ if(cf->totsz >= maxfilesize || len == 0)
return SMFIS_CONTINUE;
+ if(!cf->totsz) {
+ sfsistat ret;
+ if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
+ logg("!Failed to initiate streaming/fdpassing\n");
+ nullify(ctx, cf, CF_NONE);
+ return FailAction;
+ }
+ cf->totsz = 1; /* do not infloop */
+ if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
+ return ret;
+ cf->totsz -= 1;
+ }
+
if(cf->totsz + len > maxfilesize)
len = maxfilesize - cf->totsz;
@@ -166,35 +184,28 @@
if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
return SMFIS_CONTINUE; /* whatever */
- if(loginfected == LOGINF_FULL) {
- if(headerf && !strcasecmp(headerf, "Subject") && !cf->msg_subj)
- cf->msg_subj = strdup(headerv);
- if(headerf && !strcasecmp(headerf, "Date") && !cf->msg_date)
- cf->msg_date = strdup(headerv);
- if(headerf && !strcasecmp(headerf, "Message-ID") && !cf->msg_id)
- cf->msg_id = strdup(headerv);
+ if(!cf->totsz && cf->all_whitelisted) {
+ logg("*Skipping scan (all destinations whitelisted)\n");
+ nullify(ctx, cf, CF_NONE);
+ return SMFIS_ACCEPT;
}
- if(!cf->totsz) {
- if(cf->all_whitelisted) {
- logg("*Skipping scan (all destinations whitelisted)\n");
- nullify(ctx, cf, CF_NONE);
- return SMFIS_ACCEPT;
- }
- if(nc_connect_rand(&cf->main, &cf->alt, &cf->local)) {
- logg("!Failed to initiate streaming/fdpassing\n");
- nullify(ctx, cf, CF_NONE);
- return FailAction;
- }
- if((ret = sendchunk(cf, (unsigned char *)"From clamav-milter\n", 19, ctx)) != SMFIS_CONTINUE)
- return ret;
+ if(!headerf) return SMFIS_CONTINUE; /* just in case */
+
+ if(loginfected == LOGINF_FULL) {
+ if(!cf->msg_subj && !strcasecmp(headerf, "Subject"))
+ cf->msg_subj = strdup(headerv ? headerv : "");
+ if(!cf->msg_date && !strcasecmp(headerf, "Date"))
+ cf->msg_date = strdup(headerv ? headerv : "");
+ if(!cf->msg_id && !strcasecmp(headerf, "Message-ID"))
+ cf->msg_id = strdup(headerv ? headerv : "");
}
if((ret = sendchunk(cf, (unsigned char *)headerf, strlen(headerf), ctx)) != SMFIS_CONTINUE)
return ret;
if((ret = sendchunk(cf, (unsigned char *)": ", 2, ctx)) != SMFIS_CONTINUE)
return ret;
- if((ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
+ if(headerv && (ret = sendchunk(cf, (unsigned char *)headerv, strlen(headerv), ctx)) != SMFIS_CONTINUE)
return ret;
return sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
}
@@ -205,6 +216,14 @@
if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
return SMFIS_CONTINUE; /* whatever */
+
+ if(!cf->gotbody) {
+ sfsistat ret = sendchunk(cf, (unsigned char *)"\r\n", 2, ctx);
+ if(ret != SMFIS_CONTINUE)
+ return ret;
+ cf->gotbody = 1;
+ }
+
return sendchunk(cf, bodyp, len, ctx);
}
@@ -225,6 +244,14 @@
if(!(cf = (struct CLAMFI *)smfi_getpriv(ctx)))
return SMFIS_CONTINUE; /* whatever */
+ if(!cf->totsz) {
+ /* got no headers and no body */
+ logg("*Not scanning an empty message\n");
+ ret = CleanAction(ctx);
+ nullify(ctx, cf, CF_NONE);
+ return ret;
+ }
+
if(cf->local) {
if(nc_send(cf->main, "nFILDES\n", 8)) {
logg("!FD scan request failed\n");
@@ -286,18 +313,19 @@
}
if(loginfected) {
- const char *from = smfi_getsymval(ctx, "{mail_addr}"), *to = smfi_getsymval(ctx, "{rcpt_addr}");
-
- if(!from) from = "UNKNOWN";
- if(!to) to = "UNKNOWN";
-
+ const char *from = smfi_getsymval(ctx, "{mail_addr}");
+ const char *to = smfi_getsymval(ctx, "{rcpt_addr}");
+
+ if(!from) from = HDR_UNAVAIL;
+ if(!to) to = HDR_UNAVAIL;
if(loginfected == LOGINF_FULL) {
const char *id = smfi_getsymval(ctx, "{i}");
+ const char *msg_subj = makesanehdr(cf->msg_subj);
+ const char *msg_date = makesanehdr(cf->msg_date);
+ const char *msg_id = makesanehdr(cf->msg_id);
- makesanehdr(cf->msg_subj);
- makesanehdr(cf->msg_date);
- makesanehdr(cf->msg_id);
- logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id ? id : "UNKNOWN", from, to, cf->msg_subj, cf->msg_id, cf->msg_date, vir);
+ if(!id) id = HDR_UNAVAIL;
+ logg("~Message %s from <%s> to <%s> with subject '%s' message-id '%s' date '%s' infected by %s\n", id, from, to, msg_subj, msg_id, msg_date, vir);
} else logg("~Message from <%s> to <%s> infected by %s\n", from, to, vir);
}
}
@@ -504,12 +532,18 @@
sfsistat clamfi_envfrom(SMFICTX *ctx, char **argv) {
struct CLAMFI *cf;
+ const char *login = smfi_getsymval(ctx, "{auth_authen}");
+
+ if(login && smtpauthed(login)) {
+ logg("*Skipping scan for authenticated user %s\n", login);
+ return SMFIS_ACCEPT;
+ }
if(whitelisted(argv[0], 1)) {
logg("*Skipping scan for %s (whitelisted from)\n", argv[0]);
return SMFIS_ACCEPT;
}
-
+
if(!(cf = (struct CLAMFI *)malloc(sizeof(*cf)))) {
logg("!Failed to allocate CLAMFI struct\n");
return FailAction;
@@ -518,6 +552,7 @@
cf->bufsz = 0;
cf->main = cf->alt = -1;
cf->all_whitelisted = 1;
+ cf->gotbody = 0;
cf->msg_subj = cf->msg_date = cf->msg_id = NULL;
smfi_setpriv(ctx, (void *)cf);
--- clamav-milter/netcode.c
+++ clamav-milter/netcode.c
@@ -129,7 +129,7 @@
close(s);
return -1;
}
- if (getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
+ if(getsockopt(s, SOL_SOCKET, SO_ERROR, &s_err, &s_len) || s_err) {
logg("*Failed to establish a connection to clamd\n");
close(s);
return -1;
@@ -163,8 +163,6 @@
tv.tv_usec = 0;
while(1) {
fd_set fds;
- int s_err;
- socklen_t s_len = sizeof(s_err);
FD_ZERO(&fds);
FD_SET(s, &fds);
@@ -177,12 +175,10 @@
tv.tv_usec = 0;
continue;
}
- logg("!Failed stream to clamd\n");
+ logg("!Failed to stream to clamd\n");
close(s);
return 1;
}
- len-=s_len;
- buf+=s_len;
break;
}
}
--- clamav-milter/whitelist.c
+++ clamav-milter/whitelist.c
@@ -25,8 +25,8 @@
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
-#include <regex.h>
+#include "libclamav/regex/regex.h"
#include "shared/output.h"
#include "whitelist.h"
@@ -38,17 +38,20 @@
struct WHLST *wfrom = NULL;
struct WHLST *wto = NULL;
+int skipauth = 0;
+regex_t authreg;
+
void whitelist_free(void) {
struct WHLST *w;
while(wfrom) {
w = wfrom->next;
- regfree(&wfrom->preg);
+ cli_regfree(&wfrom->preg);
free(wfrom);
wfrom = w;
}
while(wto) {
w = wto->next;
- regfree(&wto->preg);
+ cli_regfree(&wto->preg);
free(wto);
wto = w;
}
@@ -85,14 +88,14 @@
}
if(!len) continue;
if (!(w = (struct WHLST *)malloc(sizeof(*w)))) {
- logg("!Out of memory loading whitelist\n");
+ logg("!Out of memory loading whitelist file\n");
whitelist_free();
return 1;
}
w->next = (*addto);
(*addto) = w;
- if (regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
- logg("!Failed to compile regex '%s'\n", ptr);
+ if (cli_regcomp(&w->preg, ptr, REG_ICASE|REG_NOSUB)) {
+ logg("!Failed to compile regex '%s' in whitelist file\n", ptr);
whitelist_free();
return 1;
}
@@ -108,13 +111,30 @@
else w = wto;
while(w) {
- if(!regexec(&w->preg, addr, 0, NULL, 0))
+ if(!cli_regexec(&w->preg, addr, 0, NULL, 0))
return 1;
w = w->next;
}
return 0;
}
+
+int smtpauth_init(const char *r) {
+ if (cli_regcomp(&authreg, r, REG_ICASE|REG_NOSUB|REG_EXTENDED)) {
+ logg("!Failed to compile regex '%s' for SkipAuthSenders\n", r);
+ return 1;
+ }
+ skipauth = 1;
+ return 0;
+}
+
+
+int smtpauthed(const char *login) {
+ if(skipauth && !cli_regexec(&authreg, login, 0, NULL, 0))
+ return 1;
+ return 0;
+}
+
/*
* Local Variables:
--- clamav-milter/whitelist.h
+++ clamav-milter/whitelist.h
@@ -24,4 +24,6 @@
int whitelist_init(const char *fname);
void whitelist_free(void);
int whitelisted(const char *addr, int from);
+int smtpauth_init(const char *r);
+int smtpauthed(const char *login);
#endif
--- etc/clamav-milter.conf
+++ etc/clamav-milter.conf
@@ -94,7 +94,7 @@
#LocalNet 192.168.0.0/24
#LocalNet 1111:2222:3333::/48
-# This option specifies a file which contains a list of POSIX regular
+# This option specifies a file which contains a list of basic POSIX regular
# expressions. Addresses (sent to or from - see below) matching these regexes
# will not be scanned. Optionally each line can start with the string "From:"
# or "To:" (note: no whitespace after the colon) indicating if it is,
@@ -105,6 +105,13 @@
# Default unset (no exclusion applied)
#Whitelist /etc/whitelisted_addresses
+# Messages from authenticated SMTP users matching this extended POSIX
+# regular expression (egrep-like) will not be scanned.
+# Note: this is the AUTH login name!
+#
+# Default: unset (no whitelisting based on SMTP auth)
+#SkipAuthenticated ^(tom|dick|henry)$
+
##
## Actions
--- shared/optparser.c
+++ shared/optparser.c
@@ -382,7 +382,9 @@
{ "Chroot", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Chroot to the specified directory.\nChrooting is performed just after reading the config file and before\ndropping privileges.", "/newroot" },
- { "Whitelist", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" },
+ { "Whitelist", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of basic POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" },
+
+ { "SkipAuthenticated", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" },
{ "LogInfected", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option allows to tune what is logged when a message is infected.\nPossible values are Off (the default - nothing is logged),\nBasic (minimal info logged), Full (verbose info logged)", "Basic" },

19
clamav-rcclamd
View File

@ -150,14 +150,19 @@ rc_reset
case "$1" in
start)
echo -n "Starting Clam AntiVirus daemon "
if ! test -f $CLAMD_DBDIR/main.cvd -o -f $CLAMD_DBDIR/main.cld ; then
rc_failed
rc_status -v
echo " ClamAV Virus definition files are missing from $CLAMD_DBDIR."
echo " Either install the clamav-db package or run freshclam."
OUT=$(startproc -p $CLAMD_PIDFILE $CLAMD_BIN 2>&1)
rc_status -v && rc_exit
# If clamd failed to start, check if the reason is
# missing virus database files.
clamscan - < /dev/null &> /dev/null
if test "$?" -eq "50"; then
echo " !!"
echo " !! ClamAV Virus definition files are missing from $CLAMD_DBDIR."
echo " !! Plase run freshclam manually to download the latest version (>20MB)"
echo " !! or install the clamav-db package."
echo " !!"
else
startproc -p $CLAMD_PIDFILE $CLAMD_BIN
rc_status -v
echo "$OUT"
fi
;;
stop)

21
clamav-rcmilter
View File

@ -39,20 +39,12 @@
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
BIN=/usr/sbin/clamav-milter
PIDFILE=/var/lib/clamav/clamav-milter.pid
# Read the pidfile from the config
PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf)
test -x $BIN || { echo "$BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
CONFIG=/etc/sysconfig/clamav-milter
test -r $CONFIG || { echo "$CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Read config
. $CONFIG
# Source LSB init functions
. /etc/rc.status
@ -78,10 +70,11 @@ rc_reset
case "$1" in
start)
echo -n "Starting clamav-milter "
# make sure everybody can access the local socket
umask 0
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
/sbin/startproc -p $PIDFILE -q \
$BIN -i $PIDFILE $CLAMAV_MILTER_OPTIONS $CLAMAV_MILTER_SOCKET
/sbin/startproc ${PIDFILE:+-p $PIDFILE} $BIN
# Remember status and be verbose
rc_status -v
@ -91,7 +84,7 @@ case "$1" in
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
/sbin/killproc -TERM -p $PIDFILE -G $BIN
/sbin/killproc -TERM ${PIDFILE:+-p $PIDFILE} -G $BIN
# Remember status and be verbose
rc_status -v
@ -150,7 +143,7 @@ case "$1" in
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc -p $PIDFILE $BIN
/sbin/checkproc ${PIDFILE:+-p $PIDFILE} $BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v

6
clamav-valgrind.patch
View File

@ -1,8 +1,8 @@
--- unit_tests/valgrind.supp
+++ unit_tests/valgrind.supp
@@ -246,6 +246,12 @@
fun: _setjmp
fun: clone
@@ -335,6 +335,12 @@
Helgrind:Race
fun:recvloop_th
}
+{
+ glibc-iconv_open

35
clamav.changes
View File

@ -1,3 +1,38 @@
-------------------------------------------------------------------
Mon Apr 6 17:14:47 CEST 2009 - max@suse.de
- Version 0.95 also fixes two security issues:
bnc#491935 and bnc#491938.
- Removed unneeded tcpd build dependency.
- Removed obsolete configure switches.
- ncurses-devel is needed for building clamtop.
- Patched clamav-milter up to the latest upstream version to fix
the non-detection of virus code outside of attachments.
(bnc#445137)
- Improved rcclamd to print a more instructive message when the
virus database files are missing.
-------------------------------------------------------------------
Tue Mar 24 18:33:34 CET 2009 - max@suse.de
- New version 0.95 (bnc#488317):
* clamav-milter got rewritten. Standalone mode got dropped and
using multiple instances of clamd in parallel got added for
load sharing and fail-safety. The command lin
* Changes to the libclamav API will make future changes less
likely, but require adjustment of applications linking to
libclamav.
* Numerous other bug fixes and improvements.
* libGMP is no longer needed.
- Drop support for versions older than 9.1/SLES9.
- Improve init script of clamav-milter (bnc#445137).
-------------------------------------------------------------------
Mon Dec 1 16:32:27 CET 2008 - max@suse.de

59
clamav.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package clamav (Version 0.94.2)
# spec file for package clamav (Version 0.95)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -19,11 +19,9 @@
Name: clamav
%if 0%{?suse_version} >= 0910
BuildRequires: sed sendmail sendmail-devel tcpd-devel
%endif
BuildRequires: ncurses-devel sed sendmail sendmail-devel
%if 0%{?suse_version} >= 1010
BuildRequires: bc gmp-devel pkgconfig zlib-devel
BuildRequires: bc pkgconfig zlib-devel
%endif
%if 0%{?suse_version} >= 1030
BuildRequires: check-devel pwdutils
@ -32,7 +30,7 @@ BuildRequires: check-devel pwdutils
%define clamav_check --disable-check
%endif
Summary: Antivirus Toolkit
Version: 0.94.2
Version: 0.95
Release: 1
License: GPL v2 or later
Group: Productivity/Security
@ -41,14 +39,13 @@ Requires: latex2html-pngicons
Obsoletes: clamav-db < 0.88.3
PreReq: %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod
PreReq: /usr/bin/awk /bin/sed /bin/tar
PreReq: %insserv_prereq %fillup_prereq
PreReq: %insserv_prereq
Source0: %{name}-%{version}.tar.bz2
Source1: clamav-rcclamd
Source2: clamav-rcfreshclam
Source3: clamav-updateclamconf
Source4: clamav-rpmlintrc
Source5: clamav-rcmilter
Source6: clamav-milter-sysconfig
Patch1: clamav-conf.patch
Patch2: clamav-milter.patch
Patch3: clamav-valgrind.patch
@ -98,6 +95,10 @@ Authors:
CFLAGS="-fstack-protector"
%endif
export CFLAGS="%optflags -fno-strict-aliasing $CFLAGS"
%if 0%{?suse_version} == 0910
# SLES9 needs this macro to enable the quarantine feature in libmilter
CFLAGS="$CFLAGS -D_FFR_QUARANTINE"
%endif
./configure \
--prefix=%_prefix \
--libdir=%_libdir \
@ -108,19 +109,12 @@ export CFLAGS="%optflags -fno-strict-aliasing $CFLAGS"
--with-dbdir=/var/lib/clamav \
--with-user=vscan \
--with-group=vscan \
--with-tcpwrappers \
--with-libcurl \
%if 0%{?suse_version} >= 0910
--enable-milter \
%endif
%clamav_check \
--disable-zlib-vcheck
make %{?jobs:-j%jobs}
# SLES8 does not support %check
%if 0%{?suse_version} > 810 || 0%{!?suse_version:1}
%check
%endif
VALGRIND_GENSUP=1 make check
%install
@ -133,8 +127,6 @@ install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam
ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
mkdir -p %buildroot/var/adm/fillup-templates
install -m644 %SOURCE6 %buildroot/var/adm/fillup-templates/sysconfig.clamav-milter
install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
for f in %buildroot/var/lib/clamav/*.cvd; do
@ -146,10 +138,8 @@ mkdir -p %buildroot/var/spool/amavis
%if 0%{?suse_version} > 1020
rm %buildroot/%_libdir/*.la
%endif
%if 0%{?suse_version} > 0810
# Remove bogus dependencies from libclamav.pc
sed -i 's/^Libs: .*/Libs: -lclamav/' %buildroot%_libdir/pkgconfig/libclamav.pc
%endif
%clean
rm -rf %buildroot
@ -172,7 +162,6 @@ rm -rf %buildroot
%ghost /var/lib/clamav/*.pid
%ghost /var/lib/clamav/*.cld
%ghost /var/lib/clamav/*.cvd
/var/adm/fillup-templates/*
%files db
%defattr(-,vscan,vscan)
@ -186,11 +175,10 @@ rm -rf %buildroot
%post
/sbin/ldconfig
%{?fillup_only:%fillup_only -n clamav-milter}
# merge config files on update
test "0$1" -lt 2 && exit 0
umask 022
for f in /etc/clamd.conf /etc/freshclam.conf; do
for f in /etc/clamd.conf /etc/freshclam.conf /etc/clamav-milter.conf; do
if test -e $f.rpmnew; then
echo "Merging $f and $f.rpmnew"
%_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp
@ -273,6 +261,29 @@ for f in main daily; do
done
%changelog
* Mon Apr 06 2009 max@suse.de
- Version 0.95 also fixes two security issues:
bnc#491935 and bnc#491938.
- Removed unneeded tcpd build dependency.
- Removed obsolete configure switches.
- ncurses-devel is needed for building clamtop.
- Patched clamav-milter up to the latest upstream version to fix
the non-detection of virus code outside of attachments.
(bnc#445137)
- Improved rcclamd to print a more instructive message when the
virus database files are missing.
* Tue Mar 24 2009 max@suse.de
- New version 0.95 (bnc#488317):
* clamav-milter got rewritten. Standalone mode got dropped and
using multiple instances of clamd in parallel got added for
load sharing and fail-safety. The command lin
* Changes to the libclamav API will make future changes less
likely, but require adjustment of applications linking to
libclamav.
* Numerous other bug fixes and improvements.
* libGMP is no longer needed.
- Drop support for versions older than 9.1/SLES9.
- Improve init script of clamav-milter (bnc#445137).
* Mon Dec 01 2008 max@suse.de
- New version 0.94.2 fixes recursion limits in JPEG scanning code
(bnc#450207).
@ -381,7 +392,7 @@ done
- Stability and bugfix update: 0.91.1 (#292297)
- Run ldconfig on (un)installation.
- Make %%check conditional to fix building on SLES8.
* Sat Jul 14 2007 lrupp@suse.de
* Sun Jul 15 2007 lrupp@suse.de
- add zlib-devel to build requires
- suppress some false positives from rpmlint
- added %%check section and remove unneeded INSTALL file from %%doc