pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33b181b0e5
clamav/clamav-conf.patch
Reinhard Max 4be77ca9be - New version 1.4.1: 
* [CVE-2024-20506, bsc#1230162]: Changed the logging module to
    disable following symlinks on Linux and Unix systems so as to
    prevent an attacker with existing access to the 'clamd' or
    'freshclam' services from using a symlink to corrupt system
    files.
  * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds
    read bug in the PDF file parser that could cause a
    denial-of-service (DoS) condition.
  * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- New version 1.4.0:
  * Added support for extracting ALZ archives.
  * Added support for extracting LHA/LZH archives.
  * Added the ability to disable image fuzzy hashing, if needed.
    For context, image fuzzy hashing is a detection mechanism
    useful for identifying malware by matching images included with
    the malware or phishing email/document.
  * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=264
2024-09-10 13:35:10 +00:00

184 lines
5.1 KiB
Diff
Raw Blame History

--- etc/clamav-milter.conf.sample.orig
+++ etc/clamav-milter.conf.sample
@@ -1,11 +1,7 @@
##
-## Example config file for clamav-milter
+## config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,7 +13,7 @@ Example
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /run/clamav/clamav-milter.sock
+MilterSocket /run/clamav/clamav-milter.sock
#MilterSocket /tmp/clamav-milter.sock
#MilterSocket inet:7357
@@ -38,7 +34,7 @@ Example
# to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout.
@@ -65,7 +61,7 @@ Example
# also owned by root to keep other users from tampering with it.
#
# Default: disabled
-#PidFile /run/clamav/clamav-milter.pid
+PidFile /run/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -93,7 +89,7 @@ Example
#
# Default: no default
#ClamdSocket tcp:scanner.mydomain:7357
-#ClamdSocket unix:/run/clamav/clamd.sock
+ClamdSocket unix:/run/clamav/clamd.sock
##
@@ -243,13 +239,13 @@ Example
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
--- etc/clamd.conf.sample.orig
+++ etc/clamd.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for the Clam AV daemon
+## Config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
@@ -41,12 +37,12 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
@@ -74,7 +70,7 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /run/clamav/clamd.pid
+PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -98,7 +94,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /run/clamav/clamd.sock
+LocalSocket /run/clamav/clamd.sock
#LocalSocket /tmp/clamd.sock
# Sets the group ownership on the unix socket.
@@ -230,7 +226,7 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User vscan
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
@@ -727,7 +723,7 @@ Example
# multiple OnAccessIncludePath directives but each directory must be added
# in a separate line.
# Default: disabled
-#OnAccessIncludePath /home
+OnAccessIncludePath /home
#OnAccessIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
@@ -797,7 +793,7 @@ Example
# It has the same potential race condition limitations of the
# OnAccessExcludeUID option.
# Default: disabled
-#OnAccessExcludeUname clamav
+OnAccessExcludeUname vscan
# Number of times the OnAccess client will retry a failed scan due to
# connection problems (or other issues).
--- etc/freshclam.conf.sample.orig
+++ etc/freshclam.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for freshclam
+## Config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# WARNING: It must already exist, be an absolute path, be writeable by
@@ -54,12 +50,12 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /run/clamav/freshclam.pid
+PidFile /run/clamav/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner vscan
# Use DNS to verify virus database version. FreshClam uses DNS TXT records
# to verify database and software versions. With this directive you can change
@@ -150,7 +146,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
-#NotifyClamd /path/to/clamd.conf
+NotifyClamd /etc/clamd.conf
# Run command after successful database update.
# Use EXIT_1 to return 1 after successful database update.
Reference in New Issue View Git Blame Copy Permalink