pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
896f44d06a
clamav/clamav-conf.patch
Reinhard Max 896f44d06a Accepting request 1198813 from home:adkorte:branches:security 
- New version 1.3.2:
  * CVE-2024-20506: Changed the logging module to disable following
    symlinks on Linux and Unix systems so as to prevent an attacker
    with existing access to the 'clamd' or 'freshclam' services from
    using a symlink to corrupt system files.
  * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
    file parser that could cause a denial-of-service condition.
  * Removed unused Python modules from freshclam tests including
    deprecated 'cgi' module that is expected to cause test failures in
    Python 3.13.
  * Fix unit test caused by expiring signing certificate.
  * Fixed a build issue on Windows with newer versions of Rust. Also
    upgraded GitHub Actions imports to fix CI failures.
  * Fixed an unaligned pointer dereference issue on select architectures.
  * Fixes to Jenkins CI pipeline.
- Remove upstreamed 1305.patch

OBS-URL: https://build.opensuse.org/request/show/1198813
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=263
2024-09-09 12:39:53 +00:00

184 lines
5.1 KiB
Diff
Raw Blame History

--- etc/clamav-milter.conf.sample.orig
+++ etc/clamav-milter.conf.sample
@@ -1,11 +1,7 @@
##
-## Example config file for clamav-milter
+## config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,7 +13,7 @@ Example
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /run/clamav/clamav-milter.sock
+MilterSocket /run/clamav/clamav-milter.sock
#MilterSocket /tmp/clamav-milter.sock
#MilterSocket inet:7357
@@ -38,7 +34,7 @@ Example
# to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout.
@@ -65,7 +61,7 @@ Example
# also owned by root to keep other users from tampering with it.
#
# Default: disabled
-#PidFile /run/clamav/clamav-milter.pid
+PidFile /run/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -93,7 +89,7 @@ Example
#
# Default: no default
#ClamdSocket tcp:scanner.mydomain:7357
-#ClamdSocket unix:/run/clamav/clamd.sock
+ClamdSocket unix:/run/clamav/clamd.sock
##
@@ -243,13 +239,13 @@ Example
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
--- etc/clamd.conf.sample.orig
+++ etc/clamd.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for the Clam AV daemon
+## Config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
@@ -41,12 +37,12 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
@@ -74,7 +70,7 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /run/clamav/clamd.pid
+PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -98,7 +94,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /run/clamav/clamd.sock
+LocalSocket /run/clamav/clamd.sock
#LocalSocket /tmp/clamd.sock
# Sets the group ownership on the unix socket.
@@ -230,7 +226,7 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User vscan
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
@@ -708,7 +704,7 @@ Example
# multiple OnAccessIncludePath directives but each directory must be added
# in a separate line.
# Default: disabled
-#OnAccessIncludePath /home
+OnAccessIncludePath /home
#OnAccessIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
@@ -778,7 +774,7 @@ Example
# It has the same potential race condition limitations of the
# OnAccessExcludeUID option.
# Default: disabled
-#OnAccessExcludeUname clamav
+OnAccessExcludeUname vscan
# Number of times the OnAccess client will retry a failed scan due to
# connection problems (or other issues).
--- etc/freshclam.conf.sample.orig
+++ etc/freshclam.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for freshclam
+## Config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
@@ -52,12 +48,12 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /run/clamav/freshclam.pid
+PidFile /run/clamav/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner vscan
# Use DNS to verify virus database version. FreshClam uses DNS TXT records
# to verify database and software versions. With this directive you can change
@@ -148,7 +144,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
-#NotifyClamd /path/to/clamd.conf
+NotifyClamd /etc/clamd.conf
# Run command after successful database update.
# Use EXIT_1 to return 1 after successful database update.
Reference in New Issue View Git Blame Copy Permalink