pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a2ea93b424
clamav/clamav-conf.patch
Reinhard Max b6dec3dc1b Accepting request 883689 from home:adkorte 
- Update to 0.103.2
  * CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.
    Affects 0.103.1 and prior on Windows only.
  * CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects
    0.103.0 and 0.103.1 only.
  * CVE-2021-1404: Fix for PDF parser buffer over-read; possible
    crash. Affects 0.103.0 and 0.103.1 only.
  * CVE-2021-1405: Fix for mail parser NULL-dereference crash.
    Affects 0.103.1 and prior.
  * Fix possible memory leak in PNG parser.
  * Fix ClamOnAcc scan on file-creation race condition so files are
    scanned after their contents are written.
  * FreshClam: Deprecate the SafeBrowsing config option. The
    SafeBrowsing option will no longer do anything.
  * For more details, see our blog post from last year about the
    future of the ClamAV Safe Browsing database.
  * FreshClam: Improved HTTP 304, 403, & 429 handling.
  * FreshClam: Added back the mirrors.dat file to the database directory.
  * FreshClam will now exit with a failure in daemon mode if an HTTP 403
    (Forbidden) was received, because retrying later won't help any. The
    FreshClam user will have to take actions to get unblocked.
  * Fix the FreshClam mirror-sync issue where a downloaded database is
    "older than the version advertised."
- Update package signing key (from https://www.clamav.net/downloads)
  % clamav.keyring

- Package clamav-milter in a subpackage
- Remove virus signatures upon uninstall
- Check for database existence before starting clamd
- Restart clamd when it exits

OBS-URL: https://build.opensuse.org/request/show/883689
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=219
2021-04-08 08:27:46 +00:00

165 lines
4.5 KiB
Diff
Raw Blame History

--- etc/clamav-milter.conf.sample.orig
+++ etc/clamav-milter.conf.sample
@@ -2,10 +2,6 @@
## Example config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,8 +13,7 @@ Example
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /tmp/clamav-milter.socket
-#MilterSocket inet:7357
+MilterSocket /run/clamav/clamav-milter-socket
# Define the group ownership for the (unix) milter socket.
# Default: disabled (the primary group of the user running clamd)
@@ -37,7 +32,7 @@ Example
# to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout.
@@ -61,7 +56,7 @@ Example
# also owned by root to keep other users from tampering with it.
#
# Default: disabled
-#PidFile /var/run/clamav-milter.pid
+PidFile /run/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -88,7 +83,7 @@ Example
# fashion.
#
# Default: no default
-#ClamdSocket tcp:scanner.mydomain:7357
+ClamdSocket unix:/run/clamav/clamd-socket
##
@@ -238,13 +233,13 @@ Example
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
--- etc/clamd.conf.sample.orig
+++ etc/clamd.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for the Clam AV daemon
+## Config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
@@ -41,12 +37,12 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
@@ -71,7 +67,7 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /var/run/clamd.pid
+PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -90,7 +86,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /tmp/clamd.socket
+LocalSocket /run/clamav/clamd-socket
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
@@ -204,7 +200,7 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User vscan
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
--- etc/freshclam.conf.sample.orig
+++ etc/freshclam.conf.sample
@@ -1,12 +1,8 @@
##
-## Example config file for freshclam
+## Config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
@@ -48,12 +44,12 @@ Example
# It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it.
# Default: disabled
-#PidFile /var/run/freshclam.pid
+#PidFile /run/clamav/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner vscan
# Use DNS to verify virus database version. FreshClam uses DNS TXT records
# to verify database and software versions. With this directive you can change
@@ -127,7 +123,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
-#NotifyClamd /path/to/clamd.conf
+NotifyClamd /etc/clamd.conf
# Run command after successful database update.
# Use EXIT_1 to return 1 after successful database update.
Reference in New Issue View Git Blame Copy Permalink