rpms / clamav

Clone
Source Code
GIT

#31 Update clamav to 1.0.6
Opened 20 days ago by sergiomb. Modified 7 days ago
rpms/ sergiomb/clamav epel8  into  epel8

Merge
README.fedora.md README.fedora
file renamed
+12 -10 
@@ -1,22 +1,25 @@ 
 

+ ## README.fedora.md (mainly clamav-milter) 

+ 

+ 

  Please note for Fedora and EPEL 7+ we use only systemd.
 

  

  A clamav-milter setup consists of the following three components:
 

  

- * the clamav-milter itself
 

+ ### The clamav-milter itself
 

  

    The main configuration is in /etc/mail/clamav-milter.conf and MUST
 

    be changed before first use.
 

  

    This can be enabled with: 'systemctl enable clamav-milter.service'
 

  

- * a clamav scanner daemon
 

+ ### A clamav scanner daemon
 

  

    The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
 

    edited before first use).
 

  

    This can be enabled with: 'systemctl enable clamd@scan.service'
 

  

- * the MTA (sendmail/postfix)
 

+ ### The MTA (sendmail/postfix)
 

  

    --> you should know how to install this...
 

  
@@ -28,13 +31,12 @@ 
 

  

    to your sendmail.mc.
 

  

- * Changing permissions of directory /var/lib/clamav
 

-   Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate
 

-   If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/
 

-   and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ...
 

-   Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion.
 

-   Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes)
 

-   If the executable path is prefixed with "+" then the process is executed with full privileges.
 

+ ### Changing permissions of directory /var/lib/clamav  

+ 

+   - Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate  

+   - If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ...
 

+   - Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion.
 

+   - Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes)  If the executable path is prefixed with "+" then the process is executed with full privileges.
 

  

  

  EXAMPLE

file modified
+37 -37 
@@ -1,6 +1,6 @@ 
 

- diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c
 

- --- clamav-0.103.0/clamconf/clamconf.c.default_confs	2020-09-12 18:27:09.000000000 -0600
 

- +++ clamav-0.103.0/clamconf/clamconf.c	2020-09-17 22:00:20.792879792 -0600
 

+ diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c
 

+ --- clamav-0.104.3/clamconf/clamconf.c.default_confs	2022-05-02 00:24:50.000000000 -0600
 

+ +++ clamav-0.104.3/clamconf/clamconf.c	2022-05-12 22:04:42.883348923 -0600
 

  @@ -63,9 +63,9 @@ static struct _cfgfile {
 

       const char *name;
 

       int tool;
 
@@ -13,66 +13,66 @@ 
 

       {NULL, 0}};
 

   

   static void printopts(struct optstruct *opts, int nondef)
 

- diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in
 

- --- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs	2020-09-12 18:27:09.000000000 -0600
 

- +++ clamav-0.103.0/docs/man/clamav-milter.8.in	2020-09-17 22:00:20.793879800 -0600
 

+ diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in
 

+ --- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs	2022-05-12 22:04:42.885348940 -0600
 

+ +++ clamav-0.104.3/docs/man/clamav-milter.8.in	2022-05-12 22:05:25.031719791 -0600
 

  @@ -27,7 +27,7 @@ Print the version number and exit.
 

   Read configuration from FILE.
 

   .SH "FILES"
 

-  .LP 

- -@CFGDIR@/clamav-milter.conf
 

- +@CFGDIR@/mail/clamav-milter.conf
 

+  .LP
 

+ -@CONFDIR@/clamav-milter.conf
 

+ +@CONFDIR@/mail/clamav-milter.conf
 

   .SH "AUTHOR"
 

-  .LP 

+  .LP
 

   aCaB <acab@clamav.net>
 

- diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in
 

- --- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs	2020-09-12 18:27:09.000000000 -0600
 

- +++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in	2020-09-17 22:00:20.794879808 -0600
 

+ diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in
 

+ --- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs	2022-05-12 22:04:42.887348958 -0600
 

+ +++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in	2022-05-12 22:05:48.834929418 -0600
 

  @@ -239,7 +239,7 @@ Default: no
 

   All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
 

   .SH "FILES"
 

-  .LP 

- -@CFGDIR@/clamav-milter.conf
 

- +@CFGDIR@/mail/clamav-milter.conf
 

+  .LP
 

+ -@CONFDIR@/clamav-milter.conf
 

+ +@CONFDIR@/mail/clamav-milter.conf
 

   .SH "AUTHOR"
 

-  .LP 

+  .LP
 

   aCaB <acab@clamav.net>
 

- diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in
 

- --- clamav-0.103.0/docs/man/clamd.8.in.default_confs	2020-09-12 18:27:09.000000000 -0600
 

- +++ clamav-0.103.0/docs/man/clamd.8.in	2020-09-17 22:00:20.794879808 -0600
 

+ diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in
 

+ --- clamav-0.104.3/docs/man/clamd.8.in.default_confs	2022-05-12 22:04:42.888348967 -0600
 

+ +++ clamav-0.104.3/docs/man/clamd.8.in	2022-05-12 22:07:01.657570942 -0600
 

  @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
 

   clamd [options]
 

   .SH "DESCRIPTION"
 

-  .LP 

- -The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
 

- +The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf
 

+  .LP
 

+ -The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf
 

+ +The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf
 

   .SH "COMMANDS"
 

-  .LP 

+  .LP
 

   It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
 

- @@ -125,7 +125,7 @@ Reload the signature databases.
 

+ @@ -133,7 +133,7 @@ Reload the signature databases.
 

   Perform a clean exit.
 

   .SH "FILES"
 

-  .LP 

- -@CFGDIR@/clamd.conf
 

- +@CFGDIR@/clamd.d/scan.conf
 

+  .LP
 

+ -@CONFDIR@/clamd.conf
 

+ +@CONFDIR@/clamd.d/scan.conf
 

   .SH "CREDITS"
 

   Please check the full documentation for credits.
 

   .SH "AUTHOR"
 

- diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in
 

- --- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs	2020-09-17 22:00:20.795879816 -0600
 

- +++ clamav-0.103.0/docs/man/clamd.conf.5.in	2020-09-17 22:01:21.414353121 -0600
 

- @@ -759,7 +759,7 @@ Default: no
 

+ diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in
 

+ --- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs	2022-05-12 22:04:42.889348976 -0600
 

+ +++ clamav-0.104.3/docs/man/clamd.conf.5.in	2022-05-12 22:06:21.800219822 -0600
 

+ @@ -765,7 +765,7 @@ Default: no
 

   All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
 

   .SH "FILES"
 

   .LP
 

- -@CFGDIR@/clamd.conf
 

- +@CFGDIR@/clamd.d/scan.conf
 

+ -@CONFDIR@/clamd.conf
 

+ +@CONFDIR@/clamd.d/scan.conf
 

   .SH "AUTHORS"
 

   .LP
 

   Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
 

- diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in
 

- --- clamav-0.103.0/platform.h.in.default_confs	2020-09-17 22:00:20.796879824 -0600
 

- +++ clamav-0.103.0/platform.h.in	2020-09-17 22:01:56.842629739 -0600
 

+ diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in
 

+ --- clamav-0.104.3/platform.h.in.default_confs	2022-05-02 00:24:50.000000000 -0600
 

+ +++ clamav-0.104.3/platform.h.in	2022-05-12 22:04:42.891348993 -0600
 

  @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t;
 

   #endif

file modified
+5 -10 
@@ -1,17 +1,12 @@ 
 

- --- ./freshclam/clamav-freshclam.service.in.orig	2021-06-14 10:36:39.029730737 +0100
 

- +++ ./freshclam/clamav-freshclam.service.in	2021-06-14 10:37:53.621423748 +0100
 

- @@ -2,13 +2,12 @@
 

+ diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in
 

+ --- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service	2022-05-12 22:07:25.472780737 -0600
 

+ +++ clamav-0.104.3/freshclam/clamav-freshclam.service.in	2022-05-12 22:08:06.280140224 -0600
 

+ @@ -2,7 +2,7 @@
 

   Description=ClamAV virus database updater
 

   Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/
 

   # If user wants it run from cron, don't start the daemon.
 

  -ConditionPathExists=!/etc/cron.d/clamav-freshclam
 

- +# ConditionPathExists=!/etc/cron.d/clamav-update
 

+ +# ConditionPathExists=!/etc/cron.d/clamav-freshclam
 

   Wants=network-online.target
 

   After=network-online.target
 

   

-  [Service]
 

-  ExecStart=@prefix@/bin/freshclam -d --foreground=true
 

- -StandardOutput=syslog
 

-  

-  [Install]
 

-  WantedBy=multi-user.target

clamav-private.patch clamav-0.99-private.patch
file renamed
+11 -2 
@@ -8,8 +8,17 @@ 
 

  +Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
 

   Cflags: -I${includedir}
 

   

- --- clamav-0.99/clamav-config.in		2015-05-28 23:56:25.000000000 +0200
 

- +++ clamav-0.99/clamav-config.in.private	2015-12-02 01:31:34.933705763 +0100
 

+ diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in
 

+ --- clamav-1.0.0/clamav-config.in.private	2023-01-22 17:40:01.711757908 -0700
 

+ +++ clamav-1.0.0/clamav-config.in	2023-01-22 18:01:06.188743168 -0700
 

+ @@ -4,7 +4,6 @@
 

+  prefix=@prefix@
 

+  exec_prefix=@exec_prefix@
 

+  includedir=@includedir@
 

+ -libdir=@libdir@
 

+  

+  usage()
 

+  {
 

  @@ -54,12 +54,8 @@
 

   	usage 0
 

   	;;

file added
+18 
@@ -0,0 +1,18 @@ 
 

+ diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt
 

+ --- clamav-1.0.0/CMakeLists.txt.rpath	2023-01-15 22:04:58.217120124 -0700
 

+ +++ clamav-1.0.0/CMakeLists.txt	2023-01-15 22:05:57.121818812 -0700
 

+ @@ -180,14 +180,6 @@ endif()
 

+  

+  include(GNUInstallDirs)
 

+  

+ -if (NOT DEFINED CMAKE_INSTALL_RPATH)
 

+ -    if(CMAKE_INSTALL_FULL_LIBDIR)
 

+ -        set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
 

+ -    else()
 

+ -        set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
 

+ -    endif()
 

+ -endif()
 

+ -
 

+  if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang")
 

+    set(USING_CLANG ON)
 

+  else()

file added
+54 
@@ -0,0 +1,54 @@ 
 

+ diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake
 

+ --- clamav-1.0.2/cmake/FindRust.cmake.rustflags	2023-08-15 16:24:07.000000000 -0600
 

+ +++ clamav-1.0.2/cmake/FindRust.cmake	2023-08-17 21:17:03.957070383 -0600
 

+ @@ -236,7 +236,7 @@ function(add_rust_executable)
 

+      # Build the executable.
 

+      add_custom_command(
 

+          OUTPUT "${OUTPUT}"
 

+ -        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS}
 

+ +        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
 

+          WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
 

+          DEPENDS ${EXE_SOURCES}
 

+          COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
 

+ @@ -287,8 +287,8 @@ function(add_rust_library)
 

+      if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$")
 

+          add_custom_command(
 

+              OUTPUT "${OUTPUT}"
 

+ -            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
 

+ -            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
 

+ +            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
 

+ +            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
 

+              COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}"
 

+              COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}"
 

+              WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
 

+ @@ -312,7 +312,7 @@ function(add_rust_library)
 

+      else()
 

+          add_custom_command(
 

+              OUTPUT "${OUTPUT}"
 

+ -            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS}
 

+ +            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
 

+              WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
 

+              DEPENDS ${LIB_SOURCES}
 

+              COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:  ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
 

+ @@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES
 

+      list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET})
 

+  endif()
 

+  

+ -set(RUSTFLAGS "")
 

+ -
 

+  if(NOT CMAKE_BUILD_TYPE)
 

+      set(CARGO_BUILD_TYPE "debug")
 

+  elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel")
 

+ @@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel
 

+  elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo")
 

+      set(CARGO_BUILD_TYPE "release")
 

+      list(APPEND CARGO_ARGS "--release")
 

+ -    set(RUSTFLAGS "-g")
 

+ +    string(APPEND RUSTFLAGS " -g")
 

+  else()
 

+      set(CARGO_BUILD_TYPE "debug")
 

+  endif()
 

+ +string(STRIP "${RUSTFLAGS}" RUSTFLAGS)
 

+  

+  find_package_handle_standard_args(Rust
 

+      REQUIRED_VARS cargo_EXECUTABLE

file removed
-17 
@@ -1,17 +0,0 @@ 
 

- diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c
 

- --- clamav-0.102.0/shared/optparser.c.stats-deprecation	2019-10-10 21:55:31.245995091 -0600
 

- +++ clamav-0.102.0/shared/optparser.c	2019-10-11 20:40:04.580067432 -0600
 

- @@ -524,6 +524,13 @@ const struct clam_option __clam_options[
 

-      {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
 

-      {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
 

-      {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
 

- +    {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
 

- +    {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
 

- +    {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
 

- +    {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
 

- +    {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
 

- +    {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
 

- +    {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
 

-      {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
 

-  

-      /* Milter specific options */

file added
+14 
@@ -0,0 +1,14 @@ 
 

+ #ifndef CLAMAV_TYPES_H_MULTILIB
 

+ #define CLAMAV_TYPES_H_MULTILIB
 

+ 

+ #include <bits/wordsize.h>
 

+ 

+ #if __WORDSIZE == 32
 

+ # include "clamav-types-32.h"
 

+ #elif __WORDSIZE == 64
 

+ # include "clamav-types-64.h"
 

+ #else
 

+ # error "unexpected value for __WORDSIZE macro"
 

+ #endif
 

+ 

+ #endif

file modified
+141 -128 
@@ -1,26 +1,18 @@ 
 

- #global prerelease  rc1
 

+ #global prerelease  -rc2
 

  

  %global _hardened_build 1
 

  

  ## Fedora specific customization below...
 

  %bcond_without  clamonacc
 

  %bcond_with     unrar
 

- %ifnarch ppc64
 

- %bcond_without  llvm
 

- %else
 

- %bcond_with     llvm
 

- %endif
 

- 

- %if 0%{?fedora} || 0%{?rhel} >= 8
 

- %bcond_with old_freshclam
 

- %else
 

- %bcond_without old_freshclam
 

- %endif
 

+ # Failing with llvm 14 https://github.com/Cisco-Talos/clamav/issues/581
 

+ %bcond_with  llvm
 

  

- %ifnarch s390 s390x
 

- %global have_ocaml  1
 

+ # No ocaml on ix86
 

+ %ifarch %{ix86}
 

+ %bcond_with ocaml
 

  %else
 

- %global have_ocaml  0
 

+ %bcond_without ocaml
 

  %endif
 

  

  %global scanuser    clamscan
 
@@ -33,8 +25,8 @@ 
 

  

  Summary:    End-user tools for the Clam Antivirus scanner
 

  Name:       clamav
 

- Version:    0.103.11
 

- Release:    2%{?dist}
 

+ Version:    1.0.6
 

+ Release:    1%{?dist}
 

  License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 

  URL:        https://www.clamav.net/
 

  %if %{with unrar}
 
@@ -46,69 +38,95 @@ 
 

  # tarball was created with update_clamav.sh
 

  Source0:    %{name}-%{version}%{?prerelease}-norar.tar.xz
 

  %endif
 

+ # Multilib headers
 

+ Source1:    clamav-types.h
 

  #for server
 

  Source3:    clamd.logrotate
 

  Source5:    clamd-README
 

- # To download the cvd file run update_clamav.sh 1
 

- # Need file >= 5.33-7 see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
 

+ # To download the *.cvd, go to https://www.clamav.net and use the links
 

+ # there (I renamed the files to add the -version suffix for verifying).
 

+ # Check the first line of the file for version or run file *cvd
 

+ # Attention file < 5.33-7 have bugs see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
 

  #http://database.clamav.net/main.cvd
 

  Source10:   main-62.cvd
 

  #http://database.clamav.net/daily.cvd
 

- Source11:   daily-27075.cvd
 

+ Source11:   daily-27256.cvd
 

  #http://database.clamav.net/bytecode.cvd
 

- Source12:   bytecode-334.cvd
 

+ Source12:   bytecode-335.cvd
 

  #for update
 

  Source200:  freshclam-sleep
 

  Source201:  freshclam.sysconfig
 

  Source202:  clamav-update.crond
 

  Source203:  clamav-update.logrotate
 

  #for milter
 

- Source300:  README.fedora
 

+ Source300:  README.fedora.md
 

  #for clamav-milter.systemd
 

  Source330:  clamav-milter.systemd
 

  #for scanner-systemd/server-systemd
 

  Source530:  clamd@.service
 

  

- # Restore some options removed in 0.100 as deprecated
 

- # Could be dropped in F32 with a note
 

- # https://bugzilla.redhat.com/show_bug.cgi?id=1565381#c1
 

- Patch0:     clamav-stats-deprecation.patch
 

+ # Accept RUSTFLAGS
 

+ # https://github.com/Cisco-Talos/clamav/pull/835
 

+ Patch0:     clamav-rustflags.patch
 

  # Change default config locations for Fedora
 

  Patch1:     clamav-default_confs.patch
 

  # Fix pkg-config flags for static linking, multilib
 

- Patch2:     clamav-0.99-private.patch
 

+ Patch2:     clamav-private.patch
 

+ # Remove rpath
 

+ Patch3:     clamav-rpath.patch
 

  # Modify clamav-clamonacc.service for Fedora compatibility
 

  Patch5:     clamav-clamonacc-service.patch
 

- 

+ # Allow freshclam service to run if cron.d file is present
 

  Patch6:     clamav-freshclam.service.patch
 

+ # Debian patch to fix big-endian
 

+ Patch7:     https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch
 

  

- BuildRequires:  autoconf
 

- BuildRequires:  automake
 

+ BuildRequires:  cmake3
 

  BuildRequires:  gettext-devel
 

- BuildRequires:  libtool
 

- BuildRequires:  libtool-ltdl-devel
 

  BuildRequires:  make
 

  BuildRequires:  gcc-c++
 

+ BuildRequires:  rust
 

+ %if 0%{?fedora} || 0%{?rhel} >= 9
 

+ BuildRequires:  rust-packaging
 

+ %else
 

+ # Undefining the appropriate __cmake*_in_source_build macro causes the
 

+ # build to use a separate build path, so the build does not output to
 

+ # the source path.  This separate build path is the default behavior
 

+ # for >=EL9 and fedora.
 

+ %if 0%{?rhel} == 8
 

+ # EL8 defines cmake_in_source_build
 

+ %undefine __cmake_in_source_build
 

+ %else
 

+ # EL7 defines cmake3_in_source_build
 

+ %undefine __cmake3_in_source_build
 

+ %endif
 

+ BuildRequires:  rust-toolset
 

+ %endif
 

+ BuildRequires:  cargo
 

  BuildRequires:  bzip2-devel
 

+ BuildRequires:  check-devel
 

  BuildRequires:  curl-devel
 

+ BuildRequires:  git-core
 

  BuildRequires:  gmp-devel
 

  BuildRequires:  json-c-devel
 

  BuildRequires:  libprelude-devel
 

  # libprelude-config --libs brings in gnutls, pcre
 

  # https://bugzilla.redhat.com/show_bug.cgi?id=1830473
 

  BuildRequires:  gnutls-devel
 

- BuildRequires:  pcre2-devel
 

  BuildRequires:  libxml2-devel
 

  BuildRequires:  ncurses-devel
 

  BuildRequires:  openssl-devel
 

  BuildRequires:  pcre2-devel
 

+ # Explicitly needed on EL8
 

+ BuildRequires:  python3
 

+ BuildRequires:  python3-pytest
 

  BuildRequires:  zlib-devel
 

  #BuildRequires:  %%{_includedir}/tcpd.h
 

  BuildRequires:  bc
 

  BuildRequires:  tcl
 

  BuildRequires:  groff
 

  BuildRequires:  graphviz
 

- %{?have_ocaml:BuildRequires: ocaml}
 

+ %{?with_ocaml:BuildRequires: ocaml}
 

  # nc required for tests
 

  BuildRequires:  nc
 

  %{?systemd_requires}
 
@@ -117,6 +135,9 @@ 
 

  BuildRequires:  systemd-rpm-macros
 

  #for milter
 

  BuildRequires:  sendmail-devel
 

+ %ifarch %{valgrind_arches}
 

+ BuildRequires:  valgrind
 

+ %endif
 

  

  Requires:   clamav-filesystem = %{version}-%{release}
 

  Requires:   clamav-lib = %{version}-%{release}
 
@@ -191,26 +212,24 @@ 
 

  This package contains the documentation for clamav.
 

  

  

- %package update
 

+ %package freshclam
 

  Summary:    Auto-updater for the Clam Antivirus scanner data-files
 

  Requires:   clamav-filesystem = %{version}-%{release}
 

  Requires:   clamav-lib        = %{version}-%{release}
 

- %if %{with old_freshclam}
 

- Requires:   crontabs
 

- Requires:   /etc/cron.d
 

- Requires(post): %{__chown} %{__chmod}
 

+ %if 0%{?fedora} || 0%{?rhel} >= 8
 

+ Supplements:clamd
 

  %endif
 

  Provides:   data(clamav) = empty
 

  Provides:   clamav-data-empty = %{version}-%{release}
 

  Obsoletes:  clamav-data-empty < %{version}-%{release}
 

+ Provides:   clamav-update = %{version}-%{release}
 

+ Obsoletes:  clamav-update < %{version}-%{release}
 

  

- %description update
 

- This package contains programs which can be used to update the clamav
 

- anti-virus database automatically. It uses the freshclam(1) utility for
 

- this task. To activate it use, uncomment the entry in /etc/cron.d/clamav-update.
 

- Use this package when you go updating the virus database regulary and
 

- do not want to download a >160MB sized rpm-package with outdated virus
 

- definitions.
 

+ %description freshclam
 

+ This package contains the freshclam(1) program and clamav-freshclam
 

+ service which can be used to update the clamav anti-virus database
 

+ automatically. Most users should install this package in order to
 

+ keep their definitions up to date.
 

  

  

  %package -n clamd
 
@@ -250,15 +269,25 @@ 
 

  

  %prep
 

  %setup -q -n %{name}-%{version}%{?prerelease}
 

- 

- # No longer support deprecated options in F32+ and EL8+
 

- %if (0%{?fedora} && 0%{?fedora} < 32) || (0%{?rhel} && 0%{?rhel} < 8)
 

- %patch -P0 -p1 -b .stats-deprecation
 

+ %if 0%{?fedora} || 0%{?rhel} >= 9
 

+ # EL8 and earlier do not have the Rust cargo dependencies that are
 

+ # defined by the generate_buildrequires stage in EL9 and later, so the
 

+ # vendored packages included in the ClamAV sources suffice.
 

+ sed -i -e '/cbindgen/s/version = *"0.20"/version = "0.24"/' -e '/^bindgen *=/s/= .*/= "0.63"/' libclamav_rust/Cargo.toml
 

+ %cargo_prep
 

+ cd libclamav_rust
 

+ rm -r .cargo
 

+ %cargo_prep
 

+ cd ..
 

  %endif
 

+ 

+ %patch -P0 -p1 -b .rustflags
 

  %patch -P1 -p1 -b .default_confs
 

  %patch -P2 -p1 -b .private
 

+ %patch -P3 -p1 -b .rpath
 

  %patch -P5 -p1 -b .clamonacc-service
 

  %patch -P6 -p1 -b .freshclam-service
 

+ %patch -P7 -p1 -b .big-endian
 

  

  install -p -m0644 %{SOURCE300} clamav-milter/
 

  
@@ -266,47 +295,49 @@ 
 

  %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}}
 

  

  

+ %if 0%{?fedora} || 0%{?rhel} >= 9
 

+ %generate_buildrequires
 

+ # The generate_buildrequires stage doesn't exist prior to EL9, so this
 

+ # section is conditionally removed in these build environments.
 

+ cd libclamav_rust
 

+ %cargo_generate_buildrequires
 

+ %endif
 

+ 

+ 

  %build
 

  # add -Wl,--as-needed if not exist
 

  export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/')
 

  # IPv6 check is buggy and does not work when there are no IPv6 interface on build machine
 

  export have_cv_ipv6=yes
 

  

- rm -rf libltdl autom4te.cache Makefile.in
 

- autoreconf -i
 

- %configure \
 

-     --enable-milter \
 

-     --disable-clamav \
 

-     --disable-static \
 

-     --disable-zlib-vcheck \
 

-     %{!?with_unrar:--disable-unrar} \
 

-     --enable-id-check \
 

-     --enable-dns \
 

-     --with-dbdir=%{homedir} \
 

-     --with-group=%{updateuser} \
 

-     --with-user=%{updateuser} \
 

-     --disable-rpath \
 

-     --disable-silent-rules \
 

-     --enable-clamdtop \
 

-     --enable-prelude \
 

-     %{!?with_clamonacc:--disable-clamonacc} \
 

-     %{!?with_llvm:--disable-llvm}
 

+ %cmake3 \
 

+ %if 0%{?fedora} || 0%{?rhel} >= 9
 

+     -DRUSTFLAGS="%build_rustflags" \
 

+ %else
 

+     -DRUSTFLAGS="%__global_rustflags" \
 

+ %endif
 

+     -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \
 

+     -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
 

+     -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \
 

+     -DDATABASE_DIRECTORY=%{homedir} \
 

+     %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \
 

+     %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \
 

+     %{!?with_unrar:-DENABLE_UNRAR=OFF}
 

  

  # TODO: check periodically that CLAMAVUSER is used for freshclam only
 

  

- %make_build
 

+ %cmake3_build
 

  

  

  %install
 

- %make_install
 

+ rm -rf _doc*
 

+ %cmake3_install
 

  

  install -d -m 0755 \
 

      %{buildroot}%{_tmpfilesdir} \
 

      %{buildroot}%{homedir} \
 

      %{buildroot}%{quarantinedir}
 

  

- rm -f %{buildroot}%{_libdir}/*.la
 

- 

  ### data
 

  install -D -m 0644 -p %{SOURCE10}     %{buildroot}%{homedir}/main.cvd
 

  install -D -m 0644 -p %{SOURCE11}     %{buildroot}%{homedir}/daily.cvd
 
@@ -322,15 +353,6 @@ 
 

  # Can contain HTTPProxyPassword (bugz#1733112)
 

  chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf
 

  

- %if %{with old_freshclam}
 

- install -d -m 0755 %{buildroot}%{_var}/log
 

- install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
 

- install -D -p -m 0755 %{SOURCE200}    %{buildroot}%{_datadir}/%{name}/freshclam-sleep
 

- install -D -p -m 0644 %{SOURCE201}    %{buildroot}%{_sysconfdir}/sysconfig/freshclam
 

- install -D -p -m 0600 %{SOURCE202}    %{buildroot}%{_sysconfdir}/cron.d/clamav-update
 

- install -D -m 0644 -p %{SOURCE203}    %{buildroot}%{_sysconfdir}/logrotate.d/clamav-update
 

- %endif
 

- 

  ### The scanner stuff
 

  install -D -m 0644 -p %{SOURCE3}      _doc_server/clamd.logrotate
 

  install -D -m 0644 -p %{SOURCE5}      _doc_server/README
 
@@ -381,12 +403,24 @@ 
 

  d %{_rundir}/clamav-milter 0710 %{milteruser} %{milteruser}
 

  EOF
 

  

+ #Fixup headers and scripts for multilib
 

+ %if 0%{?__isa_bits} == 64
 

+ mv %{buildroot}%{_includedir}/clamav-types.h \
 

+    %{buildroot}%{_includedir}/clamav-types-64.h
 

+ %else
 

+ mv %{buildroot}%{_includedir}/clamav-types.h \
 

+    %{buildroot}%{_includedir}/clamav-types-32.h
 

+ %endif
 

+ install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h
 

+ 

  # TODO: Evaluate using upstream's unit with clamav-daemon.socket
 

  rm %{buildroot}%{_unitdir}/clamav-daemon.*
 

  

  

  %check
 

- make check
 

+ %ctest3 -- -E valgrind
 

+ # valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584
 

+ %ctest3 -- -R valgrind || :
 

  

  

  %post
 
@@ -399,6 +433,17 @@ 
 

  %systemd_postun_with_restart clamav-clamonacc.service
 

  

  

+ %post data
 

+ # nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves
 

+ shopt -s nullglob
 

+ # Let newer .cld files take precedence over the shipped .cvd files
 

+ for f in %{homedir}/*.cld
 

+ do
 

+     cvd=${f/.cld/.cvd}
 

+     [ -f $f -a $f -nt $cvd ] && rm -f $cvd || :
 

+ done
 

+ 

+ 

  %pre filesystem
 

  getent group %{updateuser} >/dev/null || groupadd -r %{updateuser}
 

  getent passwd %{updateuser} >/dev/null || \
 
@@ -422,12 +467,6 @@ 
 

  [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] &&
 

      ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || :
 

  %systemd_post clamd@scan.service
 

- %if 0%{?rhel}
 

- if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then
 

- # Initial installation
 

- /bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamd.scan.conf
 

- fi
 

- %endif
 

  

  %preun -n clamd
 

  %systemd_preun clamd@scan.service
 
@@ -451,12 +490,6 @@ 
 

  

  %post milter
 

  %systemd_post clamav-milter.service
 

- %if 0%{?rhel}
 

- if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then
 

- # Initial installation
 

- /bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamav-milter.conf || :
 

- fi
 

- %endif
 

  

  %preun milter
 

  %systemd_preun clamav-milter.service
 
@@ -464,28 +497,13 @@ 
 

  %postun milter
 

  %systemd_postun_with_restart clamav-milter.service
 

  

- %post update
 

- %if %{with old_freshclam}
 

- test -e %{freshclamlog} || {
 

-     touch %{freshclamlog}
 

-     %{__chmod} 0664 %{freshclamlog}
 

-     %{__chown} root:%{updateuser} %{freshclamlog}
 

-     ! test -x /sbin/restorecon || /sbin/restorecon %{freshclamlog}
 

- }
 

- #%%else
 

- #if [ $1 -eq 2 ] ; then
 

- #   echo "Warning: clamav-update package changed"
 

- #   echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry."
 

- #   echo "Unfortunately this may break existing unattended installations."
 

- #   echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again."
 

- #fi
 

- %endif
 

+ %post freshclam
 

  %systemd_post clamav-freshclam.service
 

  

- %preun update
 

+ %preun freshclam
 

  %systemd_preun clamav-freshclam.service
 

  

- %postun update
 

+ %postun freshclam
 

  %systemd_postun_with_restart clamav-freshclam.service
 

  

  %ldconfig_scriptlets   lib
 
@@ -514,10 +532,10 @@ 
 

  

  

  %files lib
 

- %{_libdir}/libclamav.so.9*
 

+ %{_libdir}/libclamav.so.11*
 

  %{_libdir}/libclammspack.so.0*
 

  %if %{with unrar}
 

- %{_libdir}/libclamunrar*.so.9*
 

+ %{_libdir}/libclamunrar*.so.11*
 

  %endif
 

  

  
@@ -545,27 +563,22 @@ 
 

  

  %files doc
 

  %license COPYING
 

- %doc docs/html
 

+ %{_pkgdocdir}/html/
 

  

  

- %files update
 

+ %files freshclam
 

  %{_bindir}/freshclam
 

  %{_libdir}/libfreshclam.so.2*
 

  %{_mandir}/*/freshclam*
 

  %{_unitdir}/clamav-freshclam.service
 

  %config(noreplace) %verify(not mtime)    %{_sysconfdir}/freshclam.conf
 

- %if %{with old_freshclam}
 

- %{_datadir}/%{name}/freshclam-sleep
 

- %config(noreplace) %{_sysconfdir}/cron.d/clamav-update
 

- %config(noreplace) %{_sysconfdir}/sysconfig/freshclam
 

- %config(noreplace) %verify(not mtime)  %{_sysconfdir}/logrotate.d/*
 

- # freshclamlog file is created in post
 

- %ghost %attr(0664,root,%{updateuser}) %verify(not size md5 mtime) %{freshclamlog}
 

- %endif
 

- %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd
 

+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
 

+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd
 

  %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat
 

  %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld
 

- %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
 

+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd
 

+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld
 

+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd
 

  

  

  %files -n clamd
 
@@ -578,7 +591,7 @@ 
 

  

  

  %files milter
 

- %doc clamav-milter/README.fedora
 

+ %doc clamav-milter/README.fedora.md
 

  %{_sbindir}/*milter*
 

  %{_unitdir}/clamav-milter.service
 

  %{_mandir}/man8/clamav-milter*

file added
+86 
@@ -0,0 +1,86 @@ 
 

+ Update 2021: Log to syslog is obsolete, journalctl superseded it
 

+ 

+   By default, clamd provides a general "scan" service that requires minimal
 

+ configuration.  To configure, edit /etc/clamd/scan.conf and:
 

+ 

+   * set LocalSocket for localhost access or TCPSocket for network access.
 

+ 

+   Default configuration will:
 

+ 

+   * Log to syslog
 

+   * Run as the user "clamscan"
 

+ 

+   When LogFile feature is wanted, it must be writable for the assigned
 

+ User.  The recommended way is to:
 

+ 

+   * make it owned by the User's *group*
 

+   * assign at least 0620 (u+rw,g+w) permissions
 

+ 

+   A suitable command might be
 

+   | # touch <logfile>
 

+   | # chgrp <user> <logfile>
 

+   | # chmod 0620   <logfile>
 

+   | # restorecon <logfile>
 

+ 

+   NEVER use 'clamav' as the user since it can modify the database.  This is
 

+ the user who is running the application; e.g. for mimedefang
 

+ (http://www.roaringpenguin.com/mimedefang), the user might be 'defang'.
 

+ Theoretically, distinct users could be used, but it must be made sure that
 

+ the application-user can write into the socket-file, and that the clamd-user
 

+ can access the files asked by the application to be checked.
 

+ 

+   The default service can be enabled and started with:
 

+ 

+   systemctl enable clamd@scan.service
 

+   systemctl start clamd@scan.service
 

+ 

+   To create other individual clamd-instances take the following files in
 

+ /usr/share/doc/clamd/ and modify/copy them in the suggested way:
 

+ 

+ clamd.conf, copy to /etc/clamd.d/<SERVICE>.conf
 

+   * Change <SERVICE> as to match name of config file
 

+   * Any other changes as noted above
 

+ 

+ clamd.logrotate: (only when LogFile feature is used)
 

+   * set the correct value for the logfile
 

+   * place it into /etc/logrotate.d
 

+ 

+   Additionally, when using LocalSocket instead of TCPSocket, the directory
 

+ for the socket file must be created.  For tmpfiles based systems, you might
 

+ want to create a file /etc/tmpfiles.d/clamd.<SERVICE>.conf with a content of
 

+ 

+  | d /run/clamd.<SERVICE> <MODE> <USER> <GROUP>
 

+ 

+   Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
 

+ so that the socket can be accessed by clamd and by the applications using
 

+ clamd. Make sure that the socket is not world accessible; else, DOS attacks
 

+ or worse are trivial.
 

+ 

+   After emulating these steps by hand (or else rebooting), you still need set
 

+ SELinux:
 

+ 

+  chcon -t clamd_var_run_t /run/clamd.<SERVICE>
 

+ or
 

+  restorecon -R -v "/run/clamd.<SERVICE>"
 

+ 

+ More SELinux notes:
 

+ you may need run:
 

+ 

+  setsebool -P antivirus_can_scan_system 1
 

+ 

+ and also maybe this one (I need to confirm that is obsolete)
 

+ 

+  setsebool -P antivirus_use_jit 1
 

+ 

+   The new service can be enabled and started with:
 

+ 

+   systemctl enable clamd@<SERVICE>.service
 

+   systemctl start clamd@<SERVICE>.service
 

+ 

+ 

+ [Disclaimer:
 

+  this file and the script/configfiles are not part of the official
 

+  clamav package.
 

+ 

+  Please send complaints and comments to
 

+  https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=clamav]

file added
+91 
@@ -0,0 +1,91 @@ 
 

+ From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001
 

+ From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
 

+ Date: Fri, 6 Jan 2023 21:42:30 +0100
 

+ Subject: libclamav/pe: Use endian wrapper in more places.
 

+ 

+ A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir
 

+ don't use the endian wrapper while other places do. This leads to
 

+ testsuite failures on big endian machines.
 

+ 

+ Use the endian wrapper in all places across pe.c for the two members.
 

+ 

+ Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch
 

+ Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
 

+ ---
 

+  libclamav/pe.c | 18 +++++++++---------
 

+  1 file changed, 9 insertions(+), 9 deletions(-)
 

+ 

+ diff --git a/libclamav/pe.c b/libclamav/pe.c
 

+ index f5dcea9..19cd2d4 100644
 

+ --- a/libclamav/pe.c
 

+ +++ b/libclamav/pe.c
 

+ @@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
 

+  

+      /* If the PE doesn't have an import table then skip it. This is an
 

+       * uncommon case but can happen. */
 

+ -    if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) {
 

+ +    if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) {
 

+          cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n");
 

+          status = CL_BREAK;
 

+          goto done;
 

+      }
 

+  

+      // TODO Add EC32 wrappers
 

+ -    impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
 

+ -    if (err || impoff + peinfo->dirs[1].Size > fsize) {
 

+ +    impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
 

+ +    if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) {
 

+          cli_dbgmsg("scan_pe: invalid rva for import table data\n");
 

+          status = CL_BREAK;
 

+          goto done;
 

+      }
 

+  

+      // TODO Add EC32 wrapper
 

+ -    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size);
 

+ +    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size));
 

+      if (impdes == NULL) {
 

+          cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
 

+          status = CL_EREAD;
 

+ @@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
 

+  

+      /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
 

+       * would have failed if the size exceeds the end of the fmap. */
 

+ -    left = peinfo->dirs[1].Size;
 

+ +    left = EC32(peinfo->dirs[1].Size);
 

+  

+      if (genhash[CLI_HASH_MD5]) {
 

+          hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
 

+ @@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
 

+  

+  done:
 

+      if (needed_impoff) {
 

+ -        fmap_unneed_off(map, impoff, peinfo->dirs[1].Size);
 

+ +        fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size));
 

+      }
 

+  

+      for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
 

+ @@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx)
 

+  

+      /* Trojan.Swizzor.Gen */
 

+      if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
 

+ -        if (peinfo->dirs[2].Size) {
 

+ +        if (EC32(peinfo->dirs[2].Size)) {
 

+              struct swizz_stats *stats = cli_calloc(1, sizeof(*stats));
 

+              unsigned int m            = 1000;
 

+              ret                       = CL_CLEAN;
 

+ @@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts,
 

+          cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
 

+      }
 

+  

+ -    if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size)
 

+ +    if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
 

+          peinfo->res_addr = 0;
 

+      else
 

+          peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress);
 

+  

+      while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
 

+ -           peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {
 

+ +           peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) {
 

+          struct vinfo_list vlist;
 

+          const uint8_t *vptr, *baseptr;
 

+          uint32_t rva, res_sz;

file modified
+3 -3 
@@ -1,4 +1,4 @@ 
 

- SHA512 (clamav-0.103.11-norar.tar.xz) = a215a48be417d351353babf8a54778f35a2ce88c8b90431f983d890a1cfa19715896bab7655c5fa50961997861884a09193e1a0da76dc22817b9b144b400778f
 

+ SHA512 (clamav-1.0.6-norar.tar.xz) = 8e056ec657f379a5de3cd62dfb90dfc9bac5814497ee8e917484b4203f04d5765b23691415b11eafbd084d1e55c6c864b7424e82a760993765194360d0acb609
 

  SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e
 

- SHA512 (daily-27075.cvd) = 4cc826f58a45ceb28faba4bf7dd9f8c5ec47f5c0467e73c70d76f415ba3e36cb8585c8924fad59e8818a6e33499744e04378adc27abcca018d2b5ece4cd6a52f
 

- SHA512 (bytecode-334.cvd) = 83478af4e097b4b3fe136c943d3dd018f3e678c6859873dc1aef527db40a018b77439be2113ac251dfb797074ef8c201336570c3fe03c7ac507d5b94ab6d61c9
 

+ SHA512 (daily-27256.cvd) = cafb9ee0228662b512614d75f8d13585ce55ffb3aafca809cca247adf5e8bb21f39c2beb29ca6030b7a4df3e0ece835601396fe26c40564f6bc5e9b693b4b700
 

+ SHA512 (bytecode-335.cvd) = 9177c0533658b21584de0623ff9b7c70b2ec92ce9f6fecf98a881902c98025930430415715e9914ce7c0c6fb91aad532b4c907677c3010a0da47583b7ad24d4f

file modified
+6 -27 
@@ -1,6 +1,5 @@ 
 

- # this script is to run on branch f37
 

- VERSION=0.103.11
 

- REPOS="epel8 epel7"
 

+ VERSION=1.0.6
 

+ REPOS="f40 f39 f38 epel9"
 

  

  if [ -z "$1" ]
 

  then
 
@@ -30,38 +29,18 @@ 
 

  wget -c https://www.clamav.net/downloads/production/${TARBALL}.sig
 

  gpg --verify ${TARBALL}.sig ${TARBALL}
 

  zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN}
 

- git checkout f37
 

+ git checkout rawhide
 

  git pull
 

  rpmdev-bumpspec -n $VERSION -c "Update to $VERSION" clamav.spec
 

  fi
 

  fi
 

  

- #python3 -m pip install --user cvdupdate
 

- #python -m cvdupdate.cvdupdate --help
 

- cvd config set --dbdir my_dbs
 

- cvdupdate list
 

- cvdupdate update
 

- pushd my_dbs
 

- main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/')
 

- daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/')
 

- bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/')
 

- popd
 

- 

  if test $stage -le 1
 

  then
 

  echo STAGE 1
 

  echo Press enter convert cvd into spec or n to skip ; read dummy;
 

  if [[ "$dummy" != "n" ]]; then
 

- 

- pushd my_dbs
 

- cp -f main.cvd ../$main_ver
 

- cp -f daily.cvd ../$daily_ver
 

- cp -f bytecode.cvd ../$bytecode_ver
 

- popd
 

- 

- sed -i "s|^Source10: .*|Source10:   $main_ver|" clamav.spec
 

- sed -i "s|^Source11: .*|Source11:   $daily_ver|" clamav.spec
 

- sed -i "s|^Source12: .*|Source12:   $bytecode_ver|" clamav.spec
 

+ ./update_clamav_data.sh
 

  fi
 

  fi
 

  
@@ -84,7 +63,7 @@ 
 

  if test $stage -le 3
 

  then
 

  echo STAGE 3
 

- echo Press enter to build f37 or n to skip; read dummy;
 

+ echo Press enter to build rawhide or n to skip; read dummy;
 

  if [[ "$dummy" != "n" ]]; then
 

  git push && fedpkg build --nowait
 

  fi
 
@@ -94,7 +73,7 @@ 
 

  for repo in $REPOS ; do
 

  echo Press enter to build on branch $repo or n to skip; read dummy;
 

  if [[ "$dummy" != "n" ]]; then
 

- git checkout $repo && git merge f37 && fedpkg push && fedpkg build --nowait; git checkout f37
 

+ git checkout $repo && git merge rawhide && fedpkg push && fedpkg build --nowait; git checkout rawhide
 

  fi
 

  done

file added
+20 
@@ -0,0 +1,20 @@ 
 

+ # dnf install python3-cvdupdate
 

+ # python -m cvdupdate.cvdupdate --help
 

+ cvd config set --dbdir my_dbs
 

+ cvdupdate list
 

+ cvdupdate update
 

+ pushd my_dbs
 

+ main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/')
 

+ daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/')
 

+ bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/')
 

+ popd
 

+ 

+ pushd my_dbs
 

+ cp -f main.cvd ../$main_ver
 

+ cp -f daily.cvd ../$daily_ver
 

+ cp -f bytecode.cvd ../$bytecode_ver
 

+ popd
 

+ 

+ sed -i "s|^Source10: .*|Source10:   $main_ver|" clamav.spec
 

+ sed -i "s|^Source11: .*|Source11:   $daily_ver|" clamav.spec
 

+ sed -i "s|^Source12: .*|Source12:   $bytecode_ver|" clamav.spec

no initial comment

epel7 use old_freshclam but epel 8 don't [1]
what to do for epel7 ?

on post the old fresclam (epel7)

%post freshclam
%if %{with old_freshclam}
if [ $1 -eq 2 ] ; then
echo "Warning: clamav-update package changed"
echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry."
echo "Unfortunately this may break existing unattended installations."
echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again."
fi
%endif

[1]
%if 0%{?fedora} || 0%{?rhel} >= 8
%bcond_with old_freshclam
%else
%bcond_without old_freshclam
%endif

rebased onto 581479a
19 days ago

rebased onto b2ad030
19 days ago

[citest]

[citest]

We should not be changing the way that freshclam works in EPEL7 at this point.

We should not be changing the way that freshclam works in EPEL7 at this point.

Yes, please do not change the behaviour for EPEL 7.

It give me more work ...
but one test fails on s390x only [1]

what to do ? should I ignore it ?

[1]
FAIL: test_freshclam_06_cdiff_partial_minus_1 (freshclam_test.TC.test_freshclam_06_cdiff_partial_minus_1)

I say just ignore it. It doesn't fail in copr - https://copr.fedorainfracloud.org/coprs/g/clamav/clamav-1.0/build/7373782/ and debian reports no issues, so it think it is something peculiar with our koji builders. And who knows if anyone actually runs it on s390x.

There's also no need to have el7 conditionals in the main branches - it's going away quite soon anyway.
Metadata
None
No Tags
Changes Summary 14
+12 -10
file renamed
README.fedora
README.fedora.md
+37 -37
file changed
clamav-default_confs.patch
+5 -10
file changed
clamav-freshclam.service.patch
+11 -2
file renamed
clamav-0.99-private.patch
clamav-private.patch
+18
file added
clamav-rpath.patch
+54
file added
clamav-rustflags.patch
-17
file removed
clamav-stats-deprecation.patch
+14
file added
clamav-types.h
+141 -128
file changed
clamav.spec
+86
file added
clamd-README.md
+91
file added
libclamav-pe-Use-endian-wrapper-in-more-places.patch
+3 -3
file changed
sources
+6 -27
file changed
update_clamav.sh
+20
file added
update_clamav_data.sh
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.