diff --git a/README.fedora b/README.fedora index b9f572e..d46b193 100644 --- a/README.fedora +++ b/README.fedora @@ -1,5 +1,42 @@ -Add +A clamav-milter setup consists of the following three components: - INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m')dnl +* the clamav-milter itself -to your sendmail.mc. + --> this is provided by the 'clamav-milter' package plus (alternatively) + 'clamav-milter-upstart' or 'clamav-milter-sysvinit' + + The main configuration is in /etc/mail/clamav-milter.conf and MUST + be changed before first use. + + The -sysvinit package is managed by the traditional tools, but + -upstart requires modification of /etc/event.d/clamav-milter to + enable automatic startup. See comments there for more details. + +* a clamav scanner daemon + + --> this package is called 'clamav-scanner' plus (alternatively) + 'clamav-scanner-upstart' or 'clamav-scanner-sysvinit' + + The daemon is configured by /etc/clamd.d/scan.conf (which MUST be + edited before first use). + + The -sysvinit package is managed by the traditional tools, but + -upstart requires modification of /etc/event.d/clamd.scan to enable + automatic startup. See comments there for more details. + +* the MDA (sendmail/postfix) + + --> you should know how to install this... + + When communicating across unix sockets with the clamav-milter, it is + suggested to use the /var/run/clamav-milter/clamav.sock path. You + have to add something like + + INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m')dnl + + to your sendmail.mc. + + + +It is suggested that components communicate through TCP sockets as +this eases setup. Please add corresponding packet filter rules! diff --git a/clamav-0.95rc1-umask.patch b/clamav-0.95rc1-umask.patch new file mode 100644 index 0000000..8a46216 --- /dev/null +++ b/clamav-0.95rc1-umask.patch @@ -0,0 +1,39 @@ +Index: clamav-0.95rc1/clamav-milter/clamav-milter.c +=================================================================== +--- clamav-0.95rc1.orig/clamav-milter/clamav-milter.c ++++ clamav-0.95rc1/clamav-milter/clamav-milter.c +@@ -287,7 +287,7 @@ int main(int argc, char **argv) { + + if((opt = optget(opts, "PidFile"))->enabled) { + FILE *fd; +- mode_t old_umask = umask(0006); ++ mode_t old_umask = umask(0022); + + if((fd = fopen(opt->strarg, "w")) == NULL) { + logg("!Can't save PID in file %s\n", opt->strarg); +Index: clamav-0.95rc1/shared/output.c +=================================================================== +--- clamav-0.95rc1.orig/shared/output.c ++++ clamav-0.95rc1/shared/output.c +@@ -250,7 +250,7 @@ int logg(const char *str, ...) + #endif + if(logg_file) { + if(!logg_fp) { +- old_umask = umask(0037); ++ old_umask = umask(0077); + if((logg_fp = fopen(logg_file, "at")) == NULL) { + umask(old_umask); + #ifdef CL_THREAD_SAFE +Index: clamav-0.95rc1/freshclam/freshclam.c +=================================================================== +--- clamav-0.95rc1.orig/freshclam/freshclam.c ++++ clamav-0.95rc1/freshclam/freshclam.c +@@ -102,7 +102,7 @@ static void writepid(const char *pidfile + { + FILE *fd; + int old_umask; +- old_umask = umask(0006); ++ old_umask = umask(0022); + if((fd = fopen(pidfile, "w")) == NULL) { + logg("!Can't save PID to file %s: %s\n", pidfile, strerror(errno)); + } else { diff --git a/clamav-milter.sysv b/clamav-milter.sysv index 8ff51b3..c0fad96 100644 --- a/clamav-milter.sysv +++ b/clamav-milter.sysv @@ -11,7 +11,7 @@ exec=/usr/sbin/clamav-milter prog="clamav-milter" -OPTS= +OPTS='-c /etc/mail/clamav-milter.conf' [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog pidfile=/var/run/clamav-milter/milter.pid @@ -21,8 +21,7 @@ start() { [ -x $exec ] || exit 5 [ -f $config ] || exit 6 echo -n $"Starting $prog: " - daemon --pidfile=${pidfile} \ - $exec $OPTS --nofork=no --pid=${pidfile} && success || failure + daemon --pidfile=${pidfile} $exec $OPTS --nofork=no --pid=${pidfile} retval=$? echo [ $retval -eq 0 ] && touch $lockfile @@ -31,7 +30,7 @@ start() { stop() { echo -n $"Stopping $prog: " - killproc -o "${pidfile} $exec && success || failure + killproc -p "${pidfile}" $exec retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile @@ -53,7 +52,7 @@ force_reload() { rh_status() { # run checks to determine if the service is running or use generic status - status $prog + status -p "${pidfile}" $prog } rh_status_q() { diff --git a/clamav-milter.upstart b/clamav-milter.upstart index f211818..12a5d0c 100644 --- a/clamav-milter.upstart +++ b/clamav-milter.upstart @@ -16,4 +16,4 @@ stop on runlevel 1 stop on runlevel 6 respawn -exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter --nofork=yes +exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --nofork=yes diff --git a/clamav.spec b/clamav.spec index 8b5758c..f6c79f5 100644 --- a/clamav.spec +++ b/clamav.spec @@ -21,7 +21,7 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav Version: 0.95 -Release: %release_func 0.0.3%{?snapshot:.%snapshot} +Release: %release_func 0.1%{?snapshot:.%snapshot} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} Group: Applications/File diff --git a/clamd-wrapper b/clamd-wrapper index 5baca59..ec785d0 100644 --- a/clamd-wrapper +++ b/clamd-wrapper @@ -42,7 +42,8 @@ prog="clamd.${CLAMD_SERVICE}" start () { echo -n $"Starting $prog: " daemon --pidfile=${CLAMD_PIDFILE} \ - $procname ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE} + exec -a $procname /usr/sbin/clamd \ + ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE} RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile diff --git a/clamd.scan.upstart b/clamd.scan.upstart index e96b37e..6c769e0 100644 --- a/clamd.scan.upstart +++ b/clamd.scan.upstart @@ -12,4 +12,4 @@ stop on runlevel 1 stop on runlevel 6 respawn -exec /usr/sbin/clamd -c /etc/clamd.d/clamd.scan --nofork=yes +exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes