Hello community,
here is the log from the commit of package clamav.1667 for openSUSE:12.2:Update checked in at 2013-05-21 15:05:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/clamav.1667 (Old)
and /work/SRC/openSUSE:12.2:Update/.clamav.1667.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav.1667"
Changes:
--------
New Changes file:
--- /dev/null 2013-05-15 01:32:43.420028506 +0200
+++ /work/SRC/openSUSE:12.2:Update/.clamav.1667.new/clamav.changes 2013-05-21 15:05:24.000000000 +0200
@@ -0,0 +1,1000 @@
+-------------------------------------------------------------------
+Fri May 3 17:59:11 CEST 2013 - max@suse.de
+
+- New version 0.97.8 (bnc#816865):
+ * CVE-2013-2020: Fix heap corruption
+ * CVE-2013-2021: Fix overflow due to PDF key length computation.
+
+-------------------------------------------------------------------
+Wed Mar 20 17:32:19 UTC 2013 - max@suse.com
+
+- Version 0.97.7 (bnc#809945)
+ * several hardening fixes.
+
+-------------------------------------------------------------------
+Wed Sep 19 11:48:48 UTC 2012 - toganm@opensuse.org
+
+- update to 0.97.6
+ * libclamav: bb#5751 - cl_scansis() may returan a file descriptor
+ instead of a valid return code
+
+-------------------------------------------------------------------
+Tue Jun 19 00:31:03 UTC 2012 - andreas.stieger@gmx.de
+
+- update to 0.95.5 [bnc#767574]
+- addresses possible evasion cases in some archive formats
+- CVE-2012-1457: allows to bypass malware detection via a TAR archive
+ entry with a length field that exceeds the total TAR file size
+- CVE-2012-1458: allows to bypass malware detection via a crafted
+ reset interval in the LZXC header of a CHM file
+- CVE-2012-1459: allows to bypass malware detection via a TAR archive
+ entry with a length field corresponding to that entire entry, plus
+ part of the header of the next entry
+- also addresses stability issues in portions of the bytecode engine
+- update clamav-conf.patch for moved lines
+- add a definitions snapshot as {main,daily}.cvd no longer in tarball
+- fix file-contains-date-and-time rpmlint warning
+
+-------------------------------------------------------------------
+Sat Mar 17 19:36:17 UTC 2012 - dimstar@opensuse.org
+
+- Add clamav-gcc47.patch: Fix build with gcc 4.7.
+
+-------------------------------------------------------------------
+Sat Mar 17 14:18:48 UTC 2012 - toganm@opensuse.org
+
+- New version 0.97.4
+ * libclamav/bytecode.c: reset to BYTECODE_AUTO mode at db reload
+ so that we don't fail to re-enable or re-disable it again
+ (bb#3789)
+ * misc: performance improvement for HP-UX PA-RISC - patch from
+ Michael Pelletier
+ (bb#3926)
+ * libclamav/pe.c: parse vinfo where varfileinfo occours before
+ stringfileinfo (bb#3062)
+ * clamd: add support for on-access scanning on OS X with ClamAuth
+ (beta)
+ * libclamav/bytecode_api*: Fix Sparc crash (bb #4324)
+ * libclamav: fix bytecode whitelisting
+ * libclamav: fix macro detection in OLE2BlockMacros (bb#4269)
+ * libclamav/readdb.c: allow comments in all db files (bb#3930)
+ * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922)
+ * libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian)
+ architectures (bb #3894).
+
+-------------------------------------------------------------------
+Tue Oct 18 09:17:51 UTC 2011 - max@suse.com
+
+- New version 0.97.3 (bnc#724856, CVE-2011-3627):
+ * freshclam/manager.c: fix error when compiling without DNS
+ support (bb#3056)
+ * libclamav/pdf.c: flag and dump PDF objects with /Launch
+ (bb #3514)
+ * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash
+ (bb #3706).
+ * docs: clarify behavior of --scan-*/Scan* options (bb#3134)
+ * libclamav/bytecode_vm.c: fix opcode 20 error (bb #3100)
+ * freshclam: fix pidfile removal (bb#3499)
+ * libclamav/pdf.c: fix incorrect blocking of some encrypted PDF
+ with empty user passwords. (bb #3364)
+ * sigtool/sigtool.c: fix calculation of max signature length
+
+-------------------------------------------------------------------
+Tue Jul 26 08:55:27 UTC 2011 - max@novell.com
+
+- New version 0.97.2 (bnc#708263):
+ * libclamav/matcher-hash.c: off by one read in cli_hm_scan
+ (bb#2818, CVE-2011-2721).
+ * libclamav/pdf.c: fix encrypted pdf detection (bb #2988)
+ * clamav-milter/clamfi.c: fix typo in error message (bb#3040)
+ * libclamav/lzma_iface.c: shut up huge alloc warns for 7z/lzma
+ (bb#2913)
+ * libclamav/c++/bytecode2llvm.cpp: fix use of unaddressable data
+ in bytecode_watchdog.
+ * libclamav/phishcheck.c: fix safebrowsing detection on certain
+ URLs
+
+-------------------------------------------------------------------
+Thu Jun 9 10:04:22 UTC 2011 - max@novell.com
+
+- New version 0.97.1 (bnc#698999):
+ * libclamav/mew.c: harden boundary check on e8/e9 fixup
+ * libclamav/matcher-hash.c: in hm_sort don't swap an item with
+ itself (bb#2818)
+ * freshclam/manager.c: fix return code of Rfc2822DateTime()
+ (bb#2809)
+ * libclamav/pdf.c: better detection for encrypted PDFs
+ (bb #2448)
+ * libclamav/c++: add support for building with external LLVM 2.9,
+ and drop external 2.8 support
+ * clamd: log request ip address for instream scans #bb2592
+ * libclamav/c++/llvm/lib/Target/X86/X86InstrInfo.td: bb #2763
+ don't assert on AVX chips (Intel Core i5 and i7)
+ * sigtool: properly normalize html files (bb#2764)
+ * sigtool/sigtool.c: fix formatting of hash dbs (bb#2765)
+ * freshclam: add mirror statistics mechanism
+ * libclamav/pe_icons.c: don't sigbus on sparc (bb#2695)
+ * libclamav/pe.c: reset corrupted status before bytecode
+ hooks (bb#2544)
+ * sigtool, freshclam: put .info on top of container to speed
+ up loading
+ * sigtool: fix --verify-cdiff
+ * sigtool: allow arbitrary names for --build
+ * clamdscan: fix file exclusion (bb#2579)
+ * clamd: add new option ClamukoExcludeUID (bb#2260)
+ * libclamav/elf.c: fix incorrect detection of Broken.Executable
+ (bb#2580)
+ * shared/output.c: fix empty lines in syslog (bb#2578)
+ * clamd: update description of ReadTimeout (bb#2565)
+ * clamd: add new config option BytecodeUnsigned (bb#2537);
+ drop "None" from BytecodeSecurity
+ * clamscan: add new switch --bytecode-unsigned and drop
+ --bytecode-trust-all
+ * sigtool/sigtool.c: improve handling of bytecode.info (bb#2292)
+ * libclamav/others.c: make sure TLS key is initializer
+ (bb #2588).
+ * configure: check for enable_extended_FILE_stdio (bb #2542)
+ * sigtool/sigtool.c: handle all signature formats with
+ --(list|find)-sigs (bb#2534)
+
+-------------------------------------------------------------------
+Wed Feb 9 09:20:42 UTC 2011 - max@novell.com
+
+- Security update 0.9.7 (bnc#673753):
+ ClamAV 0.97 brings many improvements, including complete Windows
+ support, support for signatures based on SHA1 and SHA256, better
+ error detection, as well as speed and memory optimizations. The
+ complete list of changes is available in the ChangeLog file. For
+ upgrade notes and tips please see:
+ https://wiki.clamav.net/Main/UpgradeNotes097
+
+-------------------------------------------------------------------
+Wed Dec 1 17:42:03 UTC 2010 - max@novell.com
+
+- New version 0.96.5 (bnc#656548):
+ * libclamav/pdf.c: fix crashes (bb #2358, bb #2380, bb #2396).
+ * libclamav/pe_icons.c: off by one while (bb#2344)
+ * libclamav: fix detection of embedded executables
+ * libclamav/matcher-ac.c: fix offset handling for sigs with {x-y}
+ * freshclam/manager.c: fix error path infinite loop (bb#2389)
+ * freshclam: improve mirror management
+ * libclamav: fix possible use of uninitialized values (bb#2291)
+ * libclamav: Set the unreliability flag on (un)packed files
+ (bb#2307)
+ * libclamav/c++: Update embedded copy of LLVM to version 2.8
+ (bb #2327)
+ * freshclam: make query format backward compatible
+ * freshclam: get detection stats directly from clamd (bb#2312)
+ * libclamav/cache.c,c++/bytecode2llvm.cpp}: make cl_load thread
+ safe (bb #2333).
+ * freshclam: load database in subprocess (bb #2147).
+ * clamd: add new commands DETSTATS and DETSTATSCLEAR
+ (part of bb#2312)
+ * libclamav/7z.c: fix file descriptor leak (bb #2347)
+ * clamd, libclamavll: add ability to logg messages from libclamav
+ (bb #1965)
+ * libclamav/builtin_bytecodes.h: Don't disable JIT on pentium4
+ (bb #2345)
+ * clamav-for-windows: displace clamav-for-windows to a separate
+ solution and directory
+ * clamd: add new option OLE2BlockMacros (requested by Mike)
+ * freshclam: DatabaseCustomURL: add support for
+ If-Modified-Since
+ * freshclam: add initial support for DatabaseCustomURL
+
+-------------------------------------------------------------------
+Thu Oct 28 16:34:29 CEST 2010 - max@suse.de
+
+- New version: 0.96.4 (bnc#649631):
+ * sigtool/sigtool.c: don't use of sizeof() for malloc'ed buffer
+ (bb#2283)
+ * shared/cdiff.c, sigtool/sigtool.c: fix error path double frees
+ (bb#2280, bb#2281)
+ * See /usr/share/doc/packages/clamav/ChangeLog for the full list
+ of changes.
+
+-------------------------------------------------------------------
+Wed Sep 22 15:32:10 UTC 2010 - max@novell.com
++++ 803 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.2:Update/.clamav.1667.new/clamav.changes
New:
----
clamav-0.97.8.tar.gz
clamav-conf.patch
clamav-gcc47.patch
clamav-rcclamd
clamav-rcfreshclam
clamav-rcmilter
clamav-rpmlintrc
clamav-sles9.patch
clamav-updateclamconf
clamav.changes
clamav.spec
daily-15055.cvd
main-54.cvd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ clamav.spec ++++++
#
# spec file for package clamav
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: clamav
BuildRequires: ncurses-devel
BuildRequires: sed
BuildRequires: sendmail
BuildRequires: sendmail-devel
%define llvm --disable-llvm
%if 0%{?suse_version} >= 1010
BuildRequires: bc
BuildRequires: pkgconfig
BuildRequires: zlib-devel
%ifarch %ix86 x86_64
%define llvm --enable-llvm
# Needed for compiling LLVM.
BuildRequires: gcc-c++
%endif
%endif
%if 0%{?suse_version} >= 1030
BuildRequires: check-devel
BuildRequires: libbz2-devel
BuildRequires: pwdutils
BuildRequires: python-devel
%define clamav_check --enable-check
%else
BuildRequires: bzip2
%define clamav_check --disable-check
%endif
Summary: Antivirus Toolkit
License: GPL-2.0
Group: Productivity/Security
Version: 0.97.8
Release: 0
Url: http://www.clamav.net
Requires: latex2html-pngicons
Obsoletes: clamav-db < 0.88.3
PreReq: %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod
PreReq: /usr/bin/awk /bin/sed /bin/tar
PreReq: %insserv_prereq
Source0: %{name}-%{version}.tar.gz
Source1: clamav-rcclamd
Source2: clamav-rcfreshclam
Source3: clamav-updateclamconf
Source4: clamav-rpmlintrc
Source5: clamav-rcmilter
# http://db.local.clamav.net/main.cvd
Source6: main-54.cvd
# http://db.local.clamav.net/daily.cvd
Source7: daily-15055.cvd
Patch1: clamav-conf.patch
Patch2: clamav-sles9.patch
Patch3: clamav-gcc47.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways. It provides a
number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic database
updates. The core of the package is an anti-virus engine available in a
form of shared library.
Here is a list of the main features:
* command-line scanner
* fast, multi-threaded daemon with support for on-access scanning
* milter interface for sendmail
* advanced database updater with support for scripted updates and
digital signatures
* virus scanner C library
* on-access scanning (Linux and FreeBSD)
* virus database updated multiple times per day (see home page for
total number of signatures)
* built-in support for various archive formats, including Zip, RAR,
Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
* built-in support for almost all mail file formats
* built-in support for ELF executables and Portable Executable files
compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack
and obfuscated with SUE, Y0da Cryptor and others
* built-in support for popular document formats including MS Office and
MacOffice files, HTML, RTF and PDF
%package db
Summary: Virus Database for ClamAV
License: BSD-3-Clause and GPL-2.0+ and LGPL-2.1+ and SUSE-Public-Domain and MIT
Group: Productivity/Security
PreReq: clamav sed /bin/cp /usr/bin/awk /bin/rm
%if 0%{?suse_version} > 1120
BuildArch: noarch
%endif
%description db
This package contains a snapshot of the virus description database for
ClamAV. It is not needed if you use freshclam to keep your virus
database up to date.
Authors:
--------
Tomasz Kojm
Nigel Horne
%prep
%setup -q
%patch1
%if 0%{?suse_version} == 0910
# SLES9's libmilter doesn't have smfi_insheader()
%patch2
%endif
%patch3 -p1
%build
%if 0%{?suse_version} >= 1010
CFLAGS="-fstack-protector"
CXXFLAGS="-fstack-protector"
%endif
export CFLAGS="%optflags $CFLAGS"
export CXXFLAGS="%optflags $CXXFLAGS"
%if 0%{?suse_version} == 0910
# SLES9 needs this macro to enable the quarantine feature in libmilter
CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET"
%endif
./configure \
--prefix=%_prefix \
--libdir=%_libdir \
--mandir=%_mandir \
--sysconfdir=%_sysconfdir \
--disable-clamav \
--disable-static \
--with-dbdir=/var/lib/clamav \
--with-user=vscan \
--with-group=vscan \
--enable-milter \
%clamav_check \
%llvm \
--disable-zlib-vcheck \
--enable-clamdtop \
--disable-timestamps
make %{?jobs:-j%jobs}
%check
VALGRIND_GENSUP=1 make check
%install
%makeinstall
ln -sf docs/html/{clamdoc,index}.html
mkdir -p %buildroot/etc/init.d
install -m755 %SOURCE1 %buildroot/etc/init.d/clamd
ln -s /etc/init.d/clamd %buildroot%_sbindir/rcclamd
install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam
ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
install -d -m755 %buildroot/var/lib/clamav
touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
install -m755 %SOURCE6 %buildroot/var/lib/clamav/main.cvd
install -m755 %SOURCE7 %buildroot/var/lib/clamav/daily.cvd
for f in %buildroot/var/lib/clamav/*.cvd; do
mv $f $f.dist
touch $f
done
touch %buildroot/var/lib/clamav/{main,daily}.cld
mkdir -p %buildroot/var/spool/amavis
%if 0%{?suse_version} > 1020
rm %buildroot/%_libdir/*.la
%endif
# Remove bogus dependencies from libclamav.pc
sed -i 's/^Libs: .*/Libs: -lclamav/' %buildroot%_libdir/pkgconfig/libclamav.pc
%files
%defattr(-,root,root,-)
%config(noreplace) %_sysconfdir/*.conf
%config %attr(744,root,root)/etc/init.d/*
%doc AUTHORS BUGS ChangeLog COPYING FAQ NEWS README UPGRADE
%doc docs/*.pdf docs/html
%doc %_mandir/*/*
%_bindir/*
%_sbindir/*
%_includedir/*
%_libdir/lib*
%_libdir/pkgconfig/libclamav.pc
%defattr(-,vscan,vscan)
%dir %attr(700,vscan,root) /var/spool/amavis
%dir /var/lib/clamav
%ghost /var/lib/clamav/*.pid
%ghost /var/lib/clamav/*.cld
%ghost /var/lib/clamav/*.cvd
%files db
%defattr(-,vscan,vscan)
%dir /var/lib/clamav
/var/lib/clamav/*.cvd.dist
%pre
%_sbindir/groupadd -r vscan 2> /dev/null || :
%_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false -c "Vscan account" -d /var/spool/amavis vscan 2> /dev/null || :
%_sbindir/usermod vscan -g vscan 2> /dev/null || :
%post
/sbin/ldconfig
# merge config files on update
test "0$1" -lt 2 && exit 0
umask 022
for f in /etc/clamd.conf /etc/freshclam.conf /etc/clamav-milter.conf; do
if test -e $f.rpmnew; then
echo "Merging $f and $f.rpmnew"
%_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp
if test $? == 0; then
mv $f $f.old
mv $f.tmp $f
else
echo "Merging $f with $f.rpmnew failed"
fi
fi
done
# convert virus database file format when updating from < 0.93
DBDIR=$(awk '/^[[:space:]]*DatabaseDirectory/{print $NF}' /etc/clamd.conf)
cd ${DBDIR:=/var/lib/clamav}
umask 022
TMPFILE=$PWD/tmp.$$
for type in main daily; do
rm -f $TMPFILE
if test ! -f $type.cvd -a ! -f $type.cld -a -d $type.inc; then
cd $type.inc
test -f COPYING -a -f $type.info -a -f $type.db \
-a -f $type.hdb -a -f $type.mdb -a -f $type.ndb \
-a -f $type.zmd -a -f $type.fp || continue
awk 'NR==1{printf $0; for (i=length($0); i<512; i++) printf " "}' \
$type.info > $TMPFILE || continue
tar -c -f- COPYING $type.info $type.db $type.hdb $type.mdb \
$type.ndb $type.zmd $type.fp >> $TMPFILE || continue
cd ..
if test -f $TMPFILE; then
chown --reference $type.inc $TMPFILE 2>/dev/null
mv $TMPFILE $type.cld
fi
fi
done
rm -f $TMPFILE
%triggerpostun -- %name < 0.88.3
# Move clamav.conf to clamd.conf when updating from an old version
# and inform the admin about the rename.
cd /etc
if test -e clamav.conf.rpmsave -a ! -e clamd.conf.rpmnew; then
mv clamd.conf clamd.conf.rpmnew
mv clamav.conf.rpmsave clamd.conf
cat > clamav.conf <<-EOF
# clamd.conf has been renamed to clamav.conf.
# This file can be removed.
EOF
%restart_on_update clamd
fi
%preun
%stop_on_removal clamd freshclam
%postun
/sbin/ldconfig
%restart_on_update clamd freshclam
%insserv_cleanup
%post db
# determine the version number of a given database file
getversion() {
if test -f "$1"; then
/usr/bin/sigtool -i "$1" | sed -n '/^Version: /s///gp'
else
# a non-existing file is assumed to have version 0
echo 0
fi
}
DBDIR=$(awk '/^[[:space:]]*DatabaseDirectory/{print $NF}' /etc/clamd.conf)
cd ${DBDIR:=/var/lib/clamav}
for f in main daily; do
vdist=$(getversion $f.cvd.dist)
vcvd=$(getversion $f.cvd)
vcld=$(getversion $f.cld)
v=$((vcld > vcvd ? vcld : vcvd))
if test $vdist -gt $v; then
cp -a $f.cvd.dist $f.cvd
rm -f $f.cld
fi
done
%changelog
++++++ clamav-conf.patch ++++++
Index: etc/clamav-milter.conf
===================================================================
--- etc/clamav-milter.conf.orig 2012-06-12 14:36:05.000000000 +0100
+++ etc/clamav-milter.conf 2012-06-18 22:49:23.000000000 +0100
@@ -2,10 +2,6 @@
## Example config file for clamav-milter
##
-# Comment or remove the line below.
-Example
-
-
##
## Main options
##
@@ -17,8 +13,7 @@ Example
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
#
# Default: no default
-#MilterSocket /tmp/clamav-milter.socket
-#MilterSocket inet:7357
+MilterSocket /var/lib/clamav/clamav-milter-socket
# Define the group ownership for the (unix) milter socket.
# Default: disabled (the primary group of the user running clamd)
@@ -36,7 +31,7 @@ Example
# Run as another user (clamav-milter must be started by root for this option to work)
#
# Default: unset (don't drop privileges)
-#User clamav
+User vscan
# Initialize supplementary group access (clamav-milter must be started by root).
#
@@ -64,7 +59,7 @@ Example
# daemon (main thread).
#
# Default: disabled
-#PidFile /var/run/clamav-milter.pid
+PidFile /var/lib/clamav/clamav-milter.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -90,7 +85,7 @@ Example
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
-#ClamdSocket tcp:scanner.mydomain:7357
+ClamdSocket unix:/var/lib/clamav/clamd-socket
##
@@ -238,13 +233,13 @@ Example
# Use system logger (can work together with LogFile).
#
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
#
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
#
Index: etc/clamd.conf
===================================================================
--- etc/clamd.conf.orig 2012-06-12 14:03:26.000000000 +0100
+++ etc/clamd.conf 2012-06-18 22:49:23.000000000 +0100
@@ -1,12 +1,8 @@
##
-## Example config file for the Clam AV daemon
+## Config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
@@ -40,12 +36,12 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
@@ -58,7 +54,7 @@ Example
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
-#PidFile /var/run/clamd.pid
+PidFile /var/lib/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -77,7 +73,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /tmp/clamd.socket
+LocalSocket /var/lib/clamav/clamd-socket
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
@@ -93,14 +89,14 @@ Example
# TCP port address.
# Default: no
-#TCPSocket 3310
+TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
-#TCPAddr 127.0.0.1
+TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
@@ -186,7 +182,7 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User vscan
# Initialize supplementary group access (clamd must be started by root).
# Default: no
@@ -440,6 +436,10 @@ Example
# Enable Clamuko. Dazuko must be configured and running. Clamuko supports
# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
# is the preferred option. For more information please visit www.dazuko.org
+#
+# When enabling this, you most probably have to set "User root" above,
+# so that clamav can access the files to be scanned.
+#
# Default: no
#ClamukoScanOnAccess yes
Index: etc/freshclam.conf
===================================================================
--- etc/freshclam.conf.orig 2012-06-12 14:36:05.000000000 +0100
+++ etc/freshclam.conf 2012-06-18 22:49:23.000000000 +0100
@@ -1,12 +1,8 @@
##
-## Example config file for freshclam
+## Config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
-
-# Comment or remove the line below.
-Example
-
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
@@ -34,21 +30,21 @@ Example
# Use system logger (can work together with UpdateLogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
-#PidFile /var/run/freshclam.pid
+PidFile /var/lib/clamav/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner vscan
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
@@ -118,7 +114,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
-#NotifyClamd /path/to/clamd.conf
+NotifyClamd /etc/clamd.conf
# Run command after successful database update.
# Default: disabled
@@ -161,7 +157,7 @@ DatabaseMirror database.clamav.net
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
-#SubmitDetectionStats /path/to/clamd.conf
+#SubmitDetectionStats /etc/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
++++++ clamav-gcc47.patch ++++++
Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
===================================================================
--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
@@ -15,6 +15,7 @@
//
//===----------------------------------------------------------------------===//
+#include
#include "JIT.h"
#include "llvm/Support/ErrorHandling.h"
#include "llvm/System/DynamicLibrary.h"
++++++ clamav-rcclamd ++++++
#! /bin/sh
# Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/clamd
# and its symbolic link
# /(usr/)sbin/rcclamd
#
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides: clamd
# Required-Start: $syslog $remote_fs
# Required-Stop: $syslog $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: virus scanner daemon
# Description: Start the clamd virus scanner daemon
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- for us) according to LSB.
#
# Notes on Required-Start/X-UnitedLinux-Should-Start:
# * There are two different issues that are solved by Required-Start
# and X-UnitedLinux-Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
# which services absolutely need to be started to make the start of
# this service make sense. Example: nfsserver should have
# Required-Start: $portmap
# Also, required services are started before the dependent ones.
# The runlevel editor will warn about such missing hard dependencies
# and suggest enabling. During system startup, you may expect an error,
# if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
# This is needed by insserv to determine which service should be
# started first (and at a later stage what services can be started
# in parallel). The tag X-UnitedLinux-Should-Start: is used for this.
# It tells, that if a service is available, it should be started
# before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
# use names of services (contents of their Provides: section)
# or pseudo names starting with a $. The following ones are available
# according to LSB (1.1):
# $local_fs all local file systems are mounted
# (most services should need this!)
# $remote_fs all remote file systems are mounted
# (note that /usr may be remote, so
# many services should Require this!)
# $syslog system logging facility up
# $network low level networking (eth card, ...)
# $named hostname resolution available
# $netdaemons all network daemons are running
# The $netdaemons pseudo service has been removed in LSB 1.2.
# For now, we still offer it for backward compatibility.
# These are new (LSB 1.2):
# $time the system time has been set correctly
# $portmap SunRPC portmapping service available
# UnitedLinux extensions:
# $ALL indicates that a script should be inserted
# at the end
# * The services specified in the stop tags
# (Required-Stop/X-UnitedLinux-Should-Stop)
# specify which services need to be still running when this service
# is shut down. Often the entries there are just copies or a subset
# from the respective start tag.
# * X-UnitedLinux-Should-Start/Stop are not part of LSB (as of 1.3)
# but official Should-Start/Stop tags are in discussion (1.9).
# insserv does support these as well.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
# a startup script should default to be enabled after installation.
# It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
CLAMD_BIN=/usr/sbin/clamd
test -x $CLAMD_BIN || { echo "$CLAMD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
CLAMD_DBDIR=$(clamconf | sed -n '/DatabaseDirectory = /{s///;s/"//g;p;q}')
CLAMD_PIDFILE=/var/lib/clamav/clamd.pid
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
# rc_splash arg sets the boot splash screen to arg (if active)
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting Clam AntiVirus daemon "
OUT=$(startproc -p $CLAMD_PIDFILE $CLAMD_BIN 2>&1)
rc_status -v && rc_exit
# If clamd failed to start, check if the reason is
# missing virus database files.
clamscan - < /dev/null &> /dev/null
if test "$?" -eq "50"; then
echo " !!"
echo " !! ClamAV Virus definition files are missing from $CLAMD_DBDIR."
echo " !! Plase run freshclam manually to download the latest version (>20MB)"
echo " !! or install the clamav-db package."
echo " !!"
else
echo "$OUT"
fi
;;
stop)
echo -n "Shutting down Clam AntiVirus daemon "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
killproc -p $CLAMD_PIDFILE -TERM $CLAMD_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart | condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
reload | force-reload)
## Signal the daemon to reload its config.
echo -n "Reloading Clam AntiVirus daemon "
checkproc -p $CLAMD_PIDFILE $CLAMD_BIN && echo RELOAD > /dev/tcp/127.0.0.1/3310
rc_status -v
;;
status)
echo -n "Checking for Clam AntiVirus daemon "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $CLAMD_PIDFILE $CLAMD_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
exit 1
;;
esac
rc_exit
++++++ clamav-rcfreshclam ++++++
#! /bin/sh
# Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/freshclam
# and its symbolic link
# /(usr/)sbin/rcfreshclam
#
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides: freshclam
# Required-Start: $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop: $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: virus scanner daemon
# Description: Start the freshclam virus database update daemon
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- for us) according to LSB.
#
# Notes on Required-Start/X-UnitedLinux-Should-Start:
# * There are two different issues that are solved by Required-Start
# and X-UnitedLinux-Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
# which services absolutely need to be started to make the start of
# this service make sense. Example: nfsserver should have
# Required-Start: $portmap
# Also, required services are started before the dependent ones.
# The runlevel editor will warn about such missing hard dependencies
# and suggest enabling. During system startup, you may expect an error,
# if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
# This is needed by insserv to determine which service should be
# started first (and at a later stage what services can be started
# in parallel). The tag X-UnitedLinux-Should-Start: is used for this.
# It tells, that if a service is available, it should be started
# before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
# use names of services (contents of their Provides: section)
# or pseudo names starting with a $. The following ones are available
# according to LSB (1.1):
# $local_fs all local file systems are mounted
# (most services should need this!)
# $remote_fs all remote file systems are mounted
# (note that /usr may be remote, so
# many services should Require this!)
# $syslog system logging facility up
# $network low level networking (eth card, ...)
# $named hostname resolution available
# $netdaemons all network daemons are running
# The $netdaemons pseudo service has been removed in LSB 1.2.
# For now, we still offer it for backward compatibility.
# These are new (LSB 1.2):
# $time the system time has been set correctly
# $portmap SunRPC portmapping service available
# UnitedLinux extensions:
# $ALL indicates that a script should be inserted
# at the end
# * The services specified in the stop tags
# (Required-Stop/X-UnitedLinux-Should-Stop)
# specify which services need to be still running when this service
# is shut down. Often the entries there are just copies or a subset
# from the respective start tag.
# * X-UnitedLinux-Should-Start/Stop are not part of LSB (as of 1.3)
# but official Should-Start/Stop tags are in discussion (1.9).
# insserv does support these as well.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
# a startup script should default to be enabled after installation.
# It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
FRESHCLAM_BIN=/usr/bin/freshclam
test -x $FRESHCLAM_BIN || {
echo "$FRESHCLAM_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi;
}
FRESHCLAM_PIDFILE=/var/lib/clamav/freshclam.pid
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
# rc_splash arg sets the boot splash screen to arg (if active)
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting Clam AntiVirus database update daemon "
# Check if there is a virus definition file
startproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN -d
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down Clam AntiVirus database update daemon "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
killproc -p $FRESHCLAM_PIDFILE -TERM $FRESHCLAM_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart | condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
reload | force-reload)
## Signal the daemon to reload its config.
echo -n "Reloading Clam AntiVirus database update daemon "
checkproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN &&
killproc -p $FRESHCLAM_PIDFILE -HUP $FRESHCLAM_BIN
rc_status -v
;;
status)
echo -n "Checking for Clam AntiVirus database update daemon "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
exit 1
;;
esac
rc_exit
++++++ clamav-rcmilter ++++++
#!/bin/sh
#
# SUSE system startup script for clamav-milter
# Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc.
# Copyright (C) 2007 Reinhard Max, SUSE / Novell Inc.
#
# This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or (at
# your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
# USA.
#
# /etc/init.d/clamav-milter
# and its symbolic link
# /(usr/)sbin/rcclamav-milter
#
### BEGIN INIT INFO
# Provides: clamav-milter
# Required-Start: clamd $syslog $remote_fs
# Required-Stop: clamd $syslog $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: milter compatible mail scanner
# Description: Start clamav-milter, which is needed to
# use ClamAV for virus scanning in a sendmail environment.
### END INIT INFO
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
BIN=/usr/sbin/clamav-milter
# Read the pidfile from the config
PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf)
test -x $BIN || { echo "$BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Source LSB init functions
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting clamav-milter "
# make sure everybody can access the local socket
umask 0
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
/sbin/startproc ${PIDFILE:+-p $PIDFILE} $BIN
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down clamav-milter "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
/sbin/killproc -TERM ${PIDFILE:+-p $PIDFILE} -G $BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart the service if it
## is running.
$0 try-restart
rc_status
;;
reload)
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
rc_failed 3
rc_status -v
;;
status)
echo -n "Checking for clamav-milter "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc ${PIDFILE:+-p $PIDFILE} $BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test /etc/clamd.conf -nt $PIDFILE -o \
/etc/sysconfig/clamav-milter -nt $PIDFILE \
&& echo restart
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit
++++++ clamav-rpmlintrc ++++++
addFilter("non-standard-uid.*")
addFilter("devel-file-in-non-devel-package.*")
addFilter("obsolete-not-provided")
++++++ clamav-sles9.patch ++++++
Index: clamav-milter/clamfi.c
===================================================================
--- clamav-milter/clamfi.c.orig
+++ clamav-milter/clamfi.c
@@ -90,16 +90,11 @@ static void add_x_header(SMFICTX *ctx, c
while(status)
if(smfi_chgheader(ctx, (char *)"X-Virus-Status", status--, NULL) != MI_SUCCESS)
logg("^Failed to remove existing X-Virus-Status header\n");
+ }
if(smfi_addheader(ctx, (char *)"X-Virus-Scanned", xvirushdr) != MI_SUCCESS)
logg("^Failed to add X-Virus-Scanned header\n");
if(smfi_addheader(ctx, (char *)"X-Virus-Status", st) != MI_SUCCESS)
logg("^Failed to add X-Virus-Status header\n");
- } else { /* Add */
- if(smfi_insheader(ctx, 1, (char *)"X-Virus-Scanned", xvirushdr) != MI_SUCCESS)
- logg("^Failed to insert X-Virus-Scanned header\n");
- if(smfi_insheader(ctx, 1, (char *)"X-Virus-Status", st) != MI_SUCCESS)
- logg("^Failed to insert X-Virus-Status header\n");
- }
}
enum CFWHAT {
--- clamav-milter/clamav-milter.c
+++ clamav-milter/clamav-milter.c
@@ -282,7 +282,7 @@
}
opt = optget(opts, "FixStaleSocket");
umsk = umask(0777); /* socket is created with 000 to avoid races */
- if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
+ if(smfi_opensocket() == MI_FAILURE) {
logg("!Failed to create socket %s\n", my_socket);
localnets_free();
whitelist_free();
++++++ clamav-updateclamconf ++++++
#!/usr/bin/awk -f
#
# updateclamconf
#
# Merge two clamd.conf or freshclam.conf files and write the result to
# the standard output. The result file contains all comments from the
# second file with the active (i.e. not commented-out) settings from
# the first file merged into it. Settings which were only in the first
# file file and not mentioned in the second file any more, are appended
# at the end, but commented out.
#
# Any comment must start with a hash and a space:
# # comment
# while any commented out setting must start with a hash and no space:
# #settingname settingvalue
#
# The first file may optionally have the format that was used up to
# version 0.88.7. In that case the settings will be converted to the
# format that is used in version 0.90 and newer.
#
# Known issues:
#
# If an option exists more than once in eiter file, only the first
# occurance will be moved over from the first file. AFAIK this
# currently only applies to the DatabaseMirror option in
# freshclam.conf.
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# Authors: Reinhard Max
# Kurt Keller
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
BEGIN {
if (ARGC != 3) {
print "usage: updateclamconf oldfile newfile" > "/dev/stderr"
exit 1
}
# some options may be overridden from the command line
$0 = override
for (i=1; i<=NF; i+=2) {
options[$i] = $i " " $(i+1)
}
pass = 0
}
lastname != FILENAME {
lastname = FILENAME
pass++
}
# collect options from the first file
pass == 1 && $0 ~ /^[[:space:]]*[^#]/ {
if (NF == 1) {
$2 = "yes"
}
if (!($1 in options)) {
options[$1] = $0
}
}
# merge options into the content of the second file
pass == 2 {
# copy $1, so that sub() doesn't modify $0
o = $1
sub("^#", "", o)
if (o in options) {
if (o == "NotifyClamd" && options[o] ~ / yes$/) {
sub("^#", "")
options[o] = $0
}
print options[o]
delete options[o]
} else {
print
}
}
# print out any options that were only found in the first file
END {
for (o in options) {
print "\n# These options weren't found in the new config file"
for (o in options) {
print "# " o, options[o]
}
break
}
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org