--- clamav-0.99/etc/clamd.conf.sample 2015-11-24 00:13:46.000000000 +0100
+++ clamav-0.99/etc/clamd.conf.sample.jitoff 2015-12-02 01:36:11.766462183 +0100
@@ -614,6 +614,16 @@
# Default: yes
#Bytecode yes
+# Bytecode mode
+#
+# This option has been set to 'ForceInterpreter' in Fedora due to
+# security concerns by default. You might need to enable the
+# 'clamd_use_jit' SELinux boolean after setting this option to the
+# more efficient 'ForceJIT' value.
+#
+# Default: ForceInterpreter
+#ByteCodeMode ForceInterpreter
+
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
--- clamav-0.99/shared/optparser.c 2015-12-02 01:35:26.632828082 +0100
+++ clamav-0.99/shared/optparser.c.jitoff 2015-12-02 01:36:54.249117737 +0100
@@ -298,7 +298,7 @@
{ "BytecodeUnsigned", "bytecode-unsigned", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Allow loading bytecode from outside digitally signed .c[lv]d files.","no"},
- { "BytecodeMode", "bytecode-mode", 0, CLOPT_TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
+ { "BytecodeMode", "bytecode-mode", 0, CLOPT_TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "ForceInterpreter", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
"Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceInterpreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal.","Auto"},
{ "Statistics", "statistics", 0, CLOPT_TYPE_STRING, "^(none|None|bytecode|Bytecode|pcre|PCRE)$", -1, NULL, FLAG_MULTIPLE, OPT_CLAMSCAN | OPT_CLAMBC, "Collect and print execution statistics.\nPossible values:\n\tBytecode - reports bytecode statistics\nPCRE - reports PCRE execution statistics\nNone - reports no statistics", "None" },