pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fb45a6895c
clamav/clamav-conf.patch
Marcus Meissner fb45a6895c Accepting request 125380 from home:AndreasStieger:branches:security 
- update to 0.95.5 [bnc#767574]
- addresses possible evasion cases in some archive formats
- CVE-2012-1457: allows to bypass malware detection via a TAR archive
  entry with a length field that exceeds the total TAR file size
- CVE-2012-1458: allows to bypass malware detection via a crafted
  reset interval in the LZXC header of a CHM file
- CVE-2012-1459: allows to bypass malware detection via a TAR archive
  entry with a length field corresponding to that entire entry, plus
  part of the header of the next entry
- also addresses stability issues in portions of the bytecode engine
- update clamav-conf.patch for moved lines
- add a definitions snapshot as {main,daily}.cvd no longer in tarball
- fix file-contains-date-and-time rpmlint warning

OBS-URL: https://build.opensuse.org/request/show/125380
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=62
2012-06-19 20:15:38 +00:00

219 lines
6.4 KiB
Diff
Raw Blame History

Index: etc/clamav-milter.conf
===================================================================
--- etc/clamav-milter.conf.orig 2012-06-12 14:36:05.000000000 +0100
+++ etc/clamav-milter.conf 2012-06-18 22:49:23.000000000 +0100
@@ -2,10 +2,6 @@
## Example config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,8 +13,7 @@ Example
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /tmp/clamav-milter.socket
-#MilterSocket inet:7357
+MilterSocket /var/lib/clamav/clamav-milter-socket
# Define the group ownership for the (unix) milter socket.
# Default: disabled (the primary group of the user running clamd)
@@ -36,7 +31,7 @@ Example
# Run as another user (clamav-milter must be started by root for this option to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Initialize supplementary group access (clamav-milter must be started by root).
#
@@ -64,7 +59,7 @@ Example
# daemon (main thread).
#
# Default: disabled
-#PidFile /var/run/clamav-milter.pid
+PidFile /var/lib/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -90,7 +85,7 @@ Example
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
-#ClamdSocket tcp:scanner.mydomain:7357
+ClamdSocket unix:/var/lib/clamav/clamd-socket
##
@@ -238,13 +233,13 @@ Example
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
Index: etc/clamd.conf
===================================================================
--- etc/clamd.conf.orig 2012-06-12 14:03:26.000000000 +0100
+++ etc/clamd.conf 2012-06-18 22:49:23.000000000 +0100
@@ -1,12 +1,8 @@
##
-## Example config file for the Clam AV daemon
+## Config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
@@ -40,12 +36,12 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
@@ -58,7 +54,7 @@ Example
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
-#PidFile /var/run/clamd.pid
+PidFile /var/lib/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -77,7 +73,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /tmp/clamd.socket
+LocalSocket /var/lib/clamav/clamd-socket
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
@@ -93,14 +89,14 @@ Example
# TCP port address.
# Default: no
-#TCPSocket 3310
+TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
-#TCPAddr 127.0.0.1
+TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
@@ -186,7 +182,7 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User vscan
# Initialize supplementary group access (clamd must be started by root).
# Default: no
@@ -440,6 +436,10 @@ Example
# Enable Clamuko. Dazuko must be configured and running. Clamuko supports
# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
# is the preferred option. For more information please visit www.dazuko.org
+#
+# When enabling this, you most probably have to set "User root" above,
+# so that clamav can access the files to be scanned.
+#
# Default: no
#ClamukoScanOnAccess yes
Index: etc/freshclam.conf
===================================================================
--- etc/freshclam.conf.orig 2012-06-12 14:36:05.000000000 +0100
+++ etc/freshclam.conf 2012-06-18 22:49:23.000000000 +0100
@@ -1,12 +1,8 @@
##
-## Example config file for freshclam
+## Config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
@@ -34,21 +30,21 @@ Example
# Use system logger (can work together with UpdateLogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
-#PidFile /var/run/freshclam.pid
+PidFile /var/lib/clamav/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner vscan
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
@@ -118,7 +114,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
-#NotifyClamd /path/to/clamd.conf
+NotifyClamd /etc/clamd.conf
# Run command after successful database update.
# Default: disabled
@@ -161,7 +157,7 @@ DatabaseMirror database.clamav.net
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
-#SubmitDetectionStats /path/to/clamd.conf
+#SubmitDetectionStats /etc/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
Reference in New Issue View Git Blame Copy Permalink