diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..710e602e5fc30b2284fb14b6fa8c3729366ff0cd --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.cvd filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..2bcbdc763b77b6020221d3c60d96898510e2fbf8 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/clamav diff --git a/bytecode-335.cvd b/bytecode-335.cvd index 61c2c4e1887fde1888620c174080885a0efef16a..ebd8b04b313459846f29eb2a5184e4d1627e2597 100644 Binary files a/bytecode-335.cvd and b/bytecode-335.cvd differ diff --git a/clamav-0.103.12.tar.gz b/clamav-0.103.12.tar.gz deleted file mode 100644 index e14829821a150cca0b6a6cbffa93811a0718ac7f..0000000000000000000000000000000000000000 Binary files a/clamav-0.103.12.tar.gz and /dev/null differ diff --git a/clamav-1.4.2.tar.gz b/clamav-1.4.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a3178aa41ca6413bd80c2ac4646c4d0e422724b2 --- /dev/null +++ b/clamav-1.4.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8c92f8ade2a8f2c9d6688d1d63ee57f6caf965d74dce06d0971c6709c8e6c04c +size 50096874 diff --git a/clamav-clamonacc-service.patch b/clamav-clamonacc-service.patch index c72e80645cf623bb72658caf63d569a842795139..b376dbab8cc97c783c49d9bfec65eca45713a4f1 100644 --- a/clamav-clamonacc-service.patch +++ b/clamav-clamonacc-service.patch @@ -1,5 +1,6 @@ ---- ./clamonacc/clamav-clamonacc.service.in.clamonacc-service 2022-05-05 22:36:27.572671129 +0100 -+++ ./clamonacc/clamav-clamonacc.service.in 2022-05-05 22:43:05.204324524 +0100 +diff -up clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-1.4.0/clamonacc/clamav-clamonacc.service.in +--- clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service 2024-08-15 20:12:56.950984705 -0600 ++++ clamav-1.4.0/clamonacc/clamav-clamonacc.service.in 2024-08-15 20:14:19.088770747 -0600 @@ -4,14 +4,12 @@ [Unit] Description=ClamAV On-Access Scanner @@ -14,6 +15,6 @@ -ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done" -ExecStart=@prefix@/sbin/clamonacc -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine +ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf + ExecStop=/bin/kill -SIGKILL $MAINPID [Install] - WantedBy=multi-user.target diff --git a/clamav-clamonacc-version-return.patch b/clamav-clamonacc-version-return.patch deleted file mode 100644 index 38fa29e8044e127e7d6a2a6c450b1800c41fb448..0000000000000000000000000000000000000000 --- a/clamav-clamonacc-version-return.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3a8b69890960aae06a51da2ac6833fbf8cfeeb72 Mon Sep 17 00:00:00 2001 -From: caodongxia <315816521@qq.com> -Date: Mon, 9 Aug 2021 15:18:51 +0800 -Subject: [PATCH] clamav-clamonacc-version-return - ---- - clamonacc/clamonacc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clamonacc/clamonacc.c b/clamonacc/clamonacc.c -index ec689f5..9ea95ad 100644 ---- a/clamonacc/clamonacc.c -+++ b/clamonacc/clamonacc.c -@@ -358,7 +358,7 @@ static int startup_checks(struct onas_context *ctx) - - if (optget(ctx->opts, "version")->enabled) { - onas_print_server_version(&ctx); -- ret = 2; -+ ret = 0; - goto done; - } - --- -2.27.0 - diff --git a/clamav-default_confs.patch b/clamav-default_confs.patch index 97bbc1028d465bec76d40766f8f6b63828c58d1b..5b06f9efa4254f3318ef3f7528eb746dcb8a15b8 100644 --- a/clamav-default_confs.patch +++ b/clamav-default_confs.patch @@ -1,6 +1,6 @@ -diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c ---- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600 +diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c +--- clamav-0.104.3/clamconf/clamconf.c.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/clamconf/clamconf.c 2022-05-12 22:04:42.883348923 -0600 @@ -63,9 +63,9 @@ static struct _cfgfile { const char *name; int tool; @@ -13,66 +13,66 @@ diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamcon {NULL, 0}}; static void printopts(struct optstruct *opts, int nondef) -diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in ---- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in +--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs 2022-05-12 22:04:42.885348940 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.8.in 2022-05-12 22:05:25.031719791 -0600 @@ -27,7 +27,7 @@ Print the version number and exit. Read configuration from FILE. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in ---- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in +--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs 2022-05-12 22:04:42.887348958 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in 2022-05-12 22:05:48.834929418 -0600 @@ -239,7 +239,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in ---- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in +--- clamav-0.104.3/docs/man/clamd.8.in.default_confs 2022-05-12 22:04:42.888348967 -0600 ++++ clamav-0.104.3/docs/man/clamd.8.in 2022-05-12 22:07:01.657570942 -0600 @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon clamd [options] .SH "DESCRIPTION" - .LP --The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf -+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf + .LP +-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf ++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf .SH "COMMANDS" - .LP + .LP It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. -@@ -125,7 +125,7 @@ Reload the signature databases. +@@ -133,7 +133,7 @@ Reload the signature databases. Perform a clean exit. .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf + .LP +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "CREDITS" Please check the full documentation for credits. .SH "AUTHOR" -diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in ---- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600 -+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600 -@@ -759,7 +759,7 @@ Default: no +diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in +--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs 2022-05-12 22:04:42.889348976 -0600 ++++ clamav-0.104.3/docs/man/clamd.conf.5.in 2022-05-12 22:06:21.800219822 -0600 +@@ -765,7 +765,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "AUTHORS" .LP Tomasz Kojm , Kevin Lin -diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in ---- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600 -+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600 +diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in +--- clamav-0.104.3/platform.h.in.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/platform.h.in 2022-05-12 22:04:42.891348993 -0600 @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t; #endif diff --git a/clamav-freshclam.service.patch b/clamav-freshclam.service.patch index 2c29f03305d7e8f2add4e02ea0a86182a5d4181d..24295cefbc1a94e4e71408666b1947206ea855eb 100644 --- a/clamav-freshclam.service.patch +++ b/clamav-freshclam.service.patch @@ -1,17 +1,12 @@ ---- ./freshclam/clamav-freshclam.service.in.orig 2021-06-14 10:36:39.029730737 +0100 -+++ ./freshclam/clamav-freshclam.service.in 2021-06-14 10:37:53.621423748 +0100 -@@ -2,13 +2,12 @@ +diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in +--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service 2022-05-12 22:07:25.472780737 -0600 ++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in 2022-05-12 22:08:06.280140224 -0600 +@@ -2,7 +2,7 @@ Description=ClamAV virus database updater Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ # If user wants it run from cron, don't start the daemon. -ConditionPathExists=!/etc/cron.d/clamav-freshclam -+# ConditionPathExists=!/etc/cron.d/clamav-update ++# ConditionPathExists=!/etc/cron.d/clamav-freshclam Wants=network-online.target After=network-online.target - [Service] - ExecStart=@prefix@/bin/freshclam -d --foreground=true --StandardOutput=syslog - - [Install] - WantedBy=multi-user.target diff --git a/clamav-milter.sysv b/clamav-milter.sysv deleted file mode 100644 index 3e37ae0e20059ef8cc86609374572284e8e572f4..0000000000000000000000000000000000000000 --- a/clamav-milter.sysv +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash -# -# clamav-milter Starts/stop the "clamav-milter" daemon -# -# chkconfig: - 79 31 -# description: A virus scanning milter - -# Source function library. -. /etc/rc.d/init.d/functions - -exec=/usr/sbin/clamav-milter -prog="clamav-milter" - -OPTS='-c /etc/mail/clamav-milter.conf' -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -pidfile=/var/run/clamav-milter/milter.pid -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $prog: " - daemon --pidfile=${pidfile} $exec $OPTS --foreground=no --pid=${pidfile} - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - killproc -p "${pidfile}" $exec - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p "${pidfile}" $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/clamav-milter.upstart b/clamav-milter.upstart deleted file mode 100644 index 1a10b8ea0fcc591a0666ee3a11052abe80613099..0000000000000000000000000000000000000000 --- a/clamav-milter.upstart +++ /dev/null @@ -1,14 +0,0 @@ -### !!! Uncomment only *one* of the 'start on' statements !!! - -### Uncomment these lines when you want clamav-milter to be a milter -### for a locally running MTA -#start on (starting sendmail or starting postfix) - -### Uncomment these lines when you want clamav-milter to be a milter -### for a remotely running MTA -#start on runlevel [345] and starting local - -stop on runlevel [!345] - -respawn -exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes diff --git a/clamav-0.99-private.patch b/clamav-private.patch similarity index 64% rename from clamav-0.99-private.patch rename to clamav-private.patch index 7f9f563eaa99f3d8f2e3ea6d537b62ea87a45261..41dd4c55cfc93de432ab396425a3b4cc124f9207 100644 --- a/clamav-0.99-private.patch +++ b/clamav-private.patch @@ -8,8 +8,17 @@ +Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@ Cflags: -I${includedir} ---- clamav-0.99/clamav-config.in 2015-05-28 23:56:25.000000000 +0200 -+++ clamav-0.99/clamav-config.in.private 2015-12-02 01:31:34.933705763 +0100 +diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in +--- clamav-1.0.0/clamav-config.in.private 2023-01-22 17:40:01.711757908 -0700 ++++ clamav-1.0.0/clamav-config.in 2023-01-22 18:01:06.188743168 -0700 +@@ -4,7 +4,6 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +-libdir=@libdir@ + + usage() + { @@ -54,12 +54,8 @@ usage 0 ;; diff --git a/clamav-stats-deprecation.patch b/clamav-stats-deprecation.patch deleted file mode 100644 index a12f138e00ca19f43ef95dffbdbde374b1929e3a..0000000000000000000000000000000000000000 --- a/clamav-stats-deprecation.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c ---- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600 -+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600 -@@ -524,6 +524,13 @@ const struct clam_option __clam_options[ - {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, - {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, -+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, - {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - - /* Milter specific options */ diff --git a/clamav-types.h b/clamav-types.h new file mode 100644 index 0000000000000000000000000000000000000000..ffa83b777e2b5fb9518e0b5f9bef2a7ffa980b21 --- /dev/null +++ b/clamav-types.h @@ -0,0 +1,14 @@ +#ifndef CLAMAV_TYPES_H_MULTILIB +#define CLAMAV_TYPES_H_MULTILIB + +#include + +#if __WORDSIZE == 32 +# include "clamav-types-32.h" +#elif __WORDSIZE == 64 +# include "clamav-types-64.h" +#else +# error "unexpected value for __WORDSIZE macro" +#endif + +#endif diff --git a/clamav.spec b/clamav.spec index 2c311168b6e08204c3caec5b769fe361059fe40f..4ee7c89115f82596e0112c75e67aa1053cb5302d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,292 +1,393 @@ -Name: clamav -Summary: End-user tools for the Clam Antivirus scanner -Version: 0.103.12 -Release: 1 - -License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0 -URL: https://www.clamav.net/ -Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz -Source1: clamd.sysconfig -Source2: clamd.logrotate -Source3: main-62.cvd -Source4: daily-27388.cvd -Source5: bytecode-335.cvd -Source7: freshclam-sleep -Source8: freshclam.sysconfig -Source9: clamav-update.crond -Source10: clamav-update.logrotate -Source11: clamav-milter.upstart -Source12: clamav-milter.systemd -Source13: clamd.scan.upstart -Source14: clamd@scan.service -Source15: clamd@.service - -Patch0001: clamav-stats-deprecation.patch -Patch0002: clamav-default_confs.patch -Patch0003: clamav-0.99-private.patch -Patch0005: clamav-clamonacc-service.patch -Patch0006: clamav-freshclam.service.patch -Patch0007: clamav-clamonacc-version-return.patch -Patch0008: fix-clamonacc-w-error.patch -Patch0019: fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch - -BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel -BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel -BuildRequires: ncurses-devel openssl-devel libxml2-devel pcre2-devel libmilter-devel -BuildRequires: bc tcl groff graphviz ocaml nc systemd-devel sendmail-devel -Requires: data(clamav) -Provides: bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav - -Provides: %{name}-lib = %{version}-%{release} -Obsoletes: %{name}-lib < %{version}-%{release} +%global _hardened_build 1 + +%bcond_without clamonacc +%bcond_with llvm + +%bcond_without ocaml + +%global scanuser clamscan +%global updateuser clamupdate +%global milteruser clamilt + +%global homedir %{_var}/lib/clamav +%global quarantinedir %{_var}/spool/quarantine +%global freshclamlog %{_var}/log/freshclam.log + +Summary: End-user tools for the Clam Antivirus scanner +Name: clamav +Version: 1.4.2 +Release: 2 +License: GPL-2.0-only +URL: https://www.clamav.net/ +Source0: https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz +# Multilib headers +Source1: clamav-types.h +#for server +Source3: clamd.logrotate +Source5: clamd-README +# To download the *.cvd, go to https://www.clamav.net and use the links +# there (I renamed the files to add the -version suffix for verifying). +# Check the first line of the file for version or run file *cvd +# Attention file < 5.33-7 have bugs see https://bugzilla.redhat.com/show_bug.cgi?id=1539107 +#http://database.clamav.net/main.cvd +Source10: main-62.cvd +#http://database.clamav.net/daily.cvd +Source11: daily-27526.cvd +#http://database.clamav.net/bytecode.cvd +Source12: bytecode-335.cvd +#for update +Source200: freshclam-sleep +Source201: freshclam.sysconfig +Source202: clamav-update.crond +Source203: clamav-update.logrotate +#for clamav-milter.systemd +Source330: clamav-milter.systemd +#for scanner-systemd/server-systemd +Source530: clamd@.service + +# Change default config locations for Fedora +Patch1: clamav-default_confs.patch +# Fix pkg-config flags for static linking, multilib +Patch2: clamav-private.patch +# Modify clamav-clamonacc.service for Fedora compatibility +Patch5: clamav-clamonacc-service.patch +# Allow freshclam service to run if cron.d file is present +Patch6: clamav-freshclam.service.patch +# Debian patch to fix big-endian +# https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch +Patch7: libclamav-pe-Use-endian-wrapper-in-more-places.patch + +BuildRequires: cmake +BuildRequires: gettext-devel +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: rust +BuildRequires: cargo +BuildRequires: bzip2-devel +BuildRequires: check-devel +BuildRequires: curl-devel +BuildRequires: git-core +BuildRequires: gmp-devel +BuildRequires: json-c-devel +BuildRequires: gnutls-devel +BuildRequires: libxml2-devel +BuildRequires: ncurses-devel +BuildRequires: openssl-devel +BuildRequires: pcre2-devel +BuildRequires: python3 +BuildRequires: python3-pytest +BuildRequires: zlib-devel +BuildRequires: bc +BuildRequires: tcl +BuildRequires: groff +BuildRequires: graphviz +%{?with_ocaml:BuildRequires: ocaml} +# nc required for tests +BuildRequires: nc +%{?systemd_requires} +BuildRequires: systemd +BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros +#for milter +BuildRequires: sendmail-devel +BuildRequires: libmilter-devel +%ifarch %{valgrind_arches} +BuildRequires: valgrind +%endif + +Requires: clamav-filesystem = %{version}-%{release} +Requires: clamav-lib = %{version}-%{release} +Requires: data(clamav) %description +Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this +software is the integration with mail servers (attachment scanning). The +package provides a flexible and scalable multi-threaded daemon, a command +line scanner, and a tool for automatic updating via Internet. The programs +are based on a shared library distributed with the Clam AntiVirus package, +which you can use with your own software. The virus database is based on +the virus database from OpenAntiVirus, but contains additional signatures +(including signatures for popular polymorphic viruses, too) and is KEPT UP +TO DATE. + +%package filesystem +Summary: Filesystem structure for clamav +# Prevent version mix +Conflicts: %{name} < %{version}-%{release} +Conflicts: %{name} > %{version}-%{release} +Requires(pre): shadow-utils +BuildArch: noarch + +%description filesystem +This package provides the filesystem structure and contains the +user-creation scripts required by clamav. + -Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, -viruses, malware & other malicious threats. The main purpose of this software is -the integration with mail servers (attachment scanning). The package provides a -flexible and scalable multi-threaded daemon, a command line scanner, and a tool -for automatic updating via Internet. The programs are based on a shared library -distributed with the Clam AntiVirus package, which you can use with your own software. -he virus database is based on the virus database from OpenAntiVirus, but contains -additional signatures and is KEPT UP TO DATE. +%package lib +Summary: Dynamic libraries for the Clam Antivirus scanner +Provides: bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav +License: (GPL-2.0-only AND (0BSD OR MIT OR Apache-2.0) AND Apache-2.0 AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND (MIT OR Zlib OR Apache-2.0) AND (Unlicense OR MIT) AND Zlib) +%description lib +This package contains dynamic libraries shared between applications +using the Clam Antivirus scanner. -%package devel -Summary: Header files and libraries for the Clam Antivirus scanner -Requires: %{name} = %{version}-%{release} %{name}-filesystem = %{version}-%{release} openssl-devel + +%package devel +Summary: Header files and libraries for the Clam Antivirus scanner +Requires: clamav-lib = %{version}-%{release} +Requires: clamav-filesystem = %{version}-%{release} +Requires: openssl-devel %description devel -The clamav-devel package contains headerfiles and libraries -which are needed to build applications using clamav. +This package contains headerfiles and libraries which are needed to +build applications using clamav. -%package_help +%package data +Summary: Virus signature data for the Clam Antivirus scanner +Requires: clamav-filesystem = %{version}-%{release} +Provides: data(clamav) = full +Provides: clamav-db = %{version}-%{release} +Obsoletes: clamav-db < %{version}-%{release} +BuildArch: noarch -%package filesystem -Summary: Filesystem structure for clamav -Conflicts: %{name} < %{version}-%{release} %{name} > %{version}-%{release} +%description data +This package contains the virus-database needed by clamav. This +database should be updated regularly; the 'clamav-update' package +ships a corresponding cron-job. Use this package when you want a +working (but perhaps outdated) virus scanner immediately after package +installation. + + +%package doc +Summary: Documentation for the Clam Antivirus scanner +Requires: clamav-filesystem = %{version}-%{release} +Requires: clamav = %{version}-%{release} +BuildArch: noarch +Provides: %{name}-help = %{version}-%{release} +Obsoletes: %{name}-help <= %{version}-%{release} + +%description doc +This package contains the documentation for clamav. + + +%package freshclam +Summary: Auto-updater for the Clam Antivirus scanner data-files +Requires: clamav-filesystem = %{version}-%{release} +Requires: clamav-lib = %{version}-%{release} +Supplements:clamd +Provides: data(clamav) = empty +Provides: clamav-data-empty = %{version}-%{release} +Obsoletes: clamav-data-empty < %{version}-%{release} +Provides: clamav-update = %{version}-%{release} +Obsoletes: clamav-update < %{version}-%{release} + +%description freshclam +This package contains the freshclam(1) program and clamav-freshclam +service which can be used to update the clamav anti-virus database +automatically. Most users should install this package in order to +keep their definitions up to date. + + +%package -n clamd +Summary: The Clam AntiVirus Daemon +Requires: data(clamav) +Requires: clamav-filesystem = %{version}-%{release} +Requires: clamav-lib = %{version}-%{release} +Requires: coreutils Requires(pre): shadow-utils -BuildArch: noarch +# This is still used by clamsmtp and exim-clamav +Provides: clamav-server = %{version}-%{release} +Provides: clamav-scanner-systemd = %{version}-%{release} +Provides: clamav-server-systemd = %{version}-%{release} +Obsoletes: clamav-scanner-systemd < %{version}-%{release} +Obsoletes: clamav-server-systemd < %{version}-%{release} -%description filesystem -The clamav-filesystem package provides the filesystem structure and -contains the user-creation scripts required by clamav. +%description -n clamd +The Clam AntiVirus Daemon +See the README file how this can be done with a minimum of effort. +This package contains a generic system wide clamd service which is +e.g. used by the clamav-milter package. + + +%package milter +Summary: Milter module for the Clam Antivirus scanner +# clamav-milter could work without clamd and without sendmail +#Requires: clamd = %%{version}-%%{release} +#Requires: /usr/sbin/sendmail +Requires: clamav-filesystem = %{version}-%{release} +Requires(pre): shadow-utils +Provides: clamav-milter-systemd = %{version}-%{release} +Obsoletes: clamav-milter-systemd < %{version}-%{release} +%description milter +This package contains files which are needed to run the clamav-milter. -%package data -Summary: Virus signature data for the Clam Antivirus scanner -Requires: %{name}-filesystem = %{version}-%{release} -Provides: data(clamav) = full %{name}-db = %{version}-%{release} -Obsoletes: %{name}-db < %{version}-%{release} -BuildArch: noarch -%description data -The clamav-data package contains the virus-database needed by clamav. -This database should be updated regularly; Use this package when you -want a working (but perhaps outdated) virus scanner immediately after -package installation. - - -%package update -Summary: Auto-updater for the Clam Antivirus scanner data-files -Requires: %{name}-filesystem = %{version}-%{release} crontabs cronie -Provides: data(clamav) = empty %{name}-data-empty = %{version}-%{release} -Obsoletes: %{name}-data-empty < %{version}-%{release} -Requires(post): %__chown %__chmod - -%description update -The clamav-update package contains programs which can be used to update -the clamav anti-virus database automatically. It uses the freshclam(1) -utility for this task. Use this package when you go updating the virus -database regulary and do not want to download a >120MB sized rpm-package -with outdated virus definitions. - - -%package -n clamd -Summary: The Clam AntiVirus Daemon -Requires: data(clamav) coreutils %{name}-filesystem = %{version}-%{release} -Requires: %{name} = %{version}-%{release} -Requires(pre): shadow-utils -Obsoletes: %{name}-server-sysvinit < %{version}-%{release} -Obsoletes: %{name}-scanner-sysvinit < %{version}-%{release} -Obsoletes: %{name}-scanner-upstart < %{version}-%{release} -Provides: %{name}-scanner-systemd = %{version}-%{release} -Obsoletes: %{name}-scanner-systemd < %{version}-%{release} -Provides: %{name}-server-systemd = %{version}-%{release} -Obsoletes: %{name}-server-systemd < %{version}-%{release} - -Provides: %{name}-server = %{version}-%{release} %{name}-server-sysv = %{version}-%{release} -Obsoletes: %{name}-server < %{version}-%{release} %{name}-server-sysv < %{version}-%{release} -Provides: %{name}-scanner = %{version}-%{release} %{name}-scanner-upstart = %{version}-%{release} -Obsoletes: %{name}-scanner < %{version}-%{release} %{name}-scanner-upstart < %{version}-%{release} -Provides: %{name}-server-sysvinit = %{version}-%{release} -Obsoletes: %{name}-server-sysvinit < %{version}-%{release} +%prep +%setup -q -n %{name}-%{version} +%patch -P1 -p1 -b .default_confs +%patch -P2 -p1 -b .private +%patch -P5 -p1 -b .clamonacc-service +%patch -P6 -p1 -b .freshclam-service +%patch -P7 -p1 -b .big-endian +mkdir -p libclamunrar{,_iface} +touch libclamunrar/{Makefile.in,all,install -%description -n clamd -The Clam AntiVirus Daemon. The clamd package contains a generic system -wide clamd service which is e.g. used by the clamav-milter package. +%build +# IPv6 check is buggy and does not work when there are no IPv6 interface on build machine +export have_cv_ipv6=yes +%cmake \ + -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \ + -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \ + -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \ + -DDATABASE_DIRECTORY=%{homedir} \ + -DDO_NOT_SET_RPATH=ON \ + %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \ + %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \ + -DENABLE_UNRAR=OFF -%package milter -Summary: Milter module for the clamav scanner -Requires: %{name}-filesystem = %{version}-%{release} -Requires(post): coreutils -Requires(pre): shadow-utils +# TODO: check periodically that CLAMAVUSER is used for freshclam only -Obsoletes: %{name}-milter-sysvinit < %{version}-%{release} -Obsoletes: %{name}-milter-upstart < %{version}-%{release} -Provides: %{name}-milter-systemd = %{version}-%{release} -Obsoletes: %{name}-milter-systemd < %{version}-%{release} +%cmake_build -%description milter -The clamav-milter package contains files which are needed to run the clamav-milter. +%install +rm -rf _doc* +%cmake_install +install -d -m 0755 \ + %{buildroot}%{_tmpfilesdir} \ + %{buildroot}%{homedir} \ + %{buildroot}%{quarantinedir} -%prep -%autosetup -n %{name}-%{version}%{?prerelease} -p1 +### data +install -D -m 0644 -p %{SOURCE10} %{buildroot}%{homedir}/main.cvd +install -D -m 0644 -p %{SOURCE11} %{buildroot}%{homedir}/daily.cvd +install -D -m 0644 -p %{SOURCE12} %{buildroot}%{homedir}/bytecode.cvd -install -d libclamunrar{,_iface} -touch libclamunrar/{Makefile.in,all,install} +### The freshclam stuff +sed -ri \ + -e 's!^Example!#Example!' \ + -e 's!^#?(UpdateLogFile )!#\1!g;' \ + -e 's!(DatabaseOwner *)clamav$!\1%{updateuser}!g' %{buildroot}%{_sysconfdir}/freshclam.conf.sample -sed -ri -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ +mv %{buildroot}%{_sysconfdir}/freshclam.conf{.sample,} +# Can contain HTTPProxyPassword (bugz#1733112) +chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf + +### The scanner stuff +install -D -m 0644 -p %{SOURCE3} _doc_server/clamd.logrotate +install -D -m 0644 -p %{SOURCE5} _doc_server/README + +## For compatibility with 0.102.2-7 +ln -s clamav-clamonacc.service %{buildroot}%{_unitdir}/clamonacc.service + +install -D -p -m 0644 %{SOURCE530} %{buildroot}%{_unitdir}/clamd@.service + +sed -ri \ + -e 's!^Example!#Example!' \ + -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ -e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd./clamd.sock!g' \ -e 's!^(#?PidFile ).*!\1%{_rundir}/clamd./clamd.pid!g' \ -e 's!^#?(User ).*!\1!g' \ -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \ - -e 's! /usr/local/share/clamav,! %_var/lib/clamav,!g' etc/clamd.conf.sample - -sed -ri -e 's!^Example!#Example!' -e 's!^#?(UpdateLogFile )!#\1!g;' \ - -e 's!^#?(LogSyslog).*!\1 yes!g' -e 's!(DatabaseOwner *)clamav$!\1clamav!g' \ - etc/freshclam.conf.sample + -e 's! /usr/local/share/clamav,! %{homedir},!g' \ + %{buildroot}%{_sysconfdir}/clamd.conf.sample +install -d -m 0755 %{buildroot}%{_sysconfdir}/clamd.d +sed -e 's!!scan!g;s!!%{scanuser}!g' \ + %{buildroot}%{_sysconfdir}/clamd.conf.sample > %{buildroot}%{_sysconfdir}/clamd.d/scan.conf -%build -export LDFLAGS='%{?__global_ldflags} -Wl,--as-needed' -export have_cv_ipv6=yes +mv %{buildroot}%{_sysconfdir}/clamd.conf.sample _doc_server/clamd.conf -rm -rf libltdl autom4te.cache Makefile.in -autoreconf -i -%configure --enable-milter --disable-clamav --disable-static --disable-zlib-vcheck \ - --disable-unrar --enable-id-check --enable-dns --with-dbdir=%_var/lib/clamav \ - --with-group=clamav --with-user=clamav --disable-rpath \ - --disable-silent-rules --enable-clamdtop +cat << EOF > %{buildroot}%{_tmpfilesdir}/clamd.scan.conf +d %{_rundir}/clamd.scan 0710 %{scanuser} virusgroup +EOF -sed -i -e 's! -shared ! -Wl,--as-needed\0!g' \ - -e '/sys_lib_dlsearch_path_spec=\"\/lib \/usr\/lib /s!\"\/lib \/usr\/lib !/\"/%_lib /usr/%_lib !g' \ - libtool +### The milter stuff +sed -ri \ + -e 's!^#?(User).*!\1 %{milteruser}!g' \ + -e 's!^#?(AllowSupplementaryGroups|LogSyslog) .*!\1 yes!g' \ + -e 's! /tmp/clamav-milter.socket! %{_rundir}/clamav-milter/clamav-milter.socket!g' \ + -e 's! /var/run/clamav-milter.pid! %{_rundir}/clamav-milter/clamav-milter.pid!g' \ + -e 's!:/var/run/clamd/clamd.socket!:%{_rundir}/clamd.scan/clamd.sock!g' \ + -e 's! /tmp/clamav-milter.log! %{_var}/log/clamav-milter.log!g' \ + %{buildroot}%{_sysconfdir}/clamav-milter.conf.sample -%make_build +install -d -m 0755 %{buildroot}%{_sysconfdir}/mail +mv %{buildroot}%{_sysconfdir}/clamav-milter.conf.sample %{buildroot}%{_sysconfdir}/mail/clamav-milter.conf +install -D -p -m 0644 %{SOURCE330} %{buildroot}%{_unitdir}/clamav-milter.service -%install -rm -rf _doc* -%make_install - -function smartsubst() { - local tmp - local regexp=$1 - shift - - tmp=$(mktemp /tmp/%name-subst.XXXXXX) - for i; do - sed -e "$regexp" "$i" >$tmp - cmp -s $tmp "$i" || cat $tmp >"$i" - rm -f $tmp - done -} - -install -d -m 0755 $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \ - $RPM_BUILD_ROOT%_tmpfilesdir $RPM_BUILD_ROOT%_rundir $RPM_BUILD_ROOT%_var/log \ - $RPM_BUILD_ROOT%_rundir/clamav-milter $RPM_BUILD_ROOT%_datadir/%name/template \ - $RPM_BUILD_ROOT%_initrddir $RPM_BUILD_ROOT%_var/lib/clamav $RPM_BUILD_ROOT%_rundir/clamd.scan - -%delete_la - -touch $RPM_BUILD_ROOT%_var/lib/clamav/{daily,main,bytecode}.cld -touch $RPM_BUILD_ROOT%_var/lib/clamav/mirrors.dat - -install -D -m 0644 -p %SOURCE3 $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd -install -D -m 0644 -p %SOURCE4 $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd -install -D -m 0644 -p %SOURCE5 $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd -install -D -m 0644 -p %SOURCE1 _doc_server/clamd.sysconfig -install -D -m 0644 -p %SOURCE2 _doc_server/clamd.logrotate -install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf -install -D -p _doc_server/* $RPM_BUILD_ROOT%_datadir/%name/template -install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_unitdir/clamd@.service -install -D -m 0644 -p %SOURCE10 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update -touch $RPM_BUILD_ROOT%_var/log/freshclam.log -install -D -p -m 0755 %SOURCE7 $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep -install -D -p -m 0644 %SOURCE8 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam -install -D -p -m 0600 %SOURCE9 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update -mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,} -chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf - -smartsubst 's!webmaster,clamav!webmaster,clamav!g; - s!/usr/share/clamav!%_datadir/%name!g; - s!/usr/bin!%_bindir!g; - s!/usr/sbin!%_sbindir!g;' \ - $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update \ - $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep - -sed -e 's!!scan!g;s!!clamscan!g' \ - etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf - -install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf - -cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf -d %_rundir/clamd.scan 0710 clamscan virusgroup +cat << EOF > %{buildroot}%{_tmpfilesdir}/clamav-milter.conf +d %{_rundir}/clamav-milter 0710 %{milteruser} %{milteruser} EOF -touch $RPM_BUILD_ROOT%_rundir/clamd.scan/clamd.{sock,pid} +#Fixup headers and scripts for multilib +%if 0%{?__isa_bits} == 64 +mv %{buildroot}%{_includedir}/clamav-types.h \ + %{buildroot}%{_includedir}/clamav-types-64.h +%else +mv %{buildroot}%{_includedir}/clamav-types.h \ + %{buildroot}%{_includedir}/clamav-types-32.h +%endif +install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h +# TODO: Evaluate using upstream's unit with clamav-daemon.socket +rm %{buildroot}%{_unitdir}/clamav-daemon.* -sed -r -e 's!^#?(User).*!\1 clamilt!g' \ - -e 's!^#?(AllowSupplementaryGroups|LogSyslog) .*!\1 yes!g' \ - -e 's! /tmp/clamav-milter.socket! %_rundir/clamav-milter/clamav-milter.socket!g' \ - -e 's! /var/run/clamav-milter.pid! %_rundir/clamav-milter/clamav-milter.pid!g' \ - -e 's! /var/run/clamd/clamd.socket! %_rundir/clamd.scan/clamd.sock!g' \ - -e 's! /tmp/clamav-milter.log! %_var/log/clamav-milter.log!g' \ - etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf -install -D -p -m 0644 %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf -install -D -p -m 0644 %SOURCE12 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service +%check +%ctest -E valgrind -cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamav-milter.conf -d %_rundir/clamav-milter 0710 clamilt clamilt -EOF -touch $RPM_BUILD_ROOT{%_rundir/clamav-milter/clamav-milter.{socket,pid},%_var/log/clamav-milter.log} +%post +%systemd_post clamav-clamonacc.service +%preun +%systemd_preun clamav-clamonacc.service -%check -%make_build check +%postun +%systemd_postun_with_restart clamav-clamonacc.service + + +%post data +# nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves +shopt -s nullglob +# Let newer .cld files take precedence over the shipped .cvd files +for f in %{homedir}/*.cld +do + cvd=${f/.cld/.cvd} + [ -f $f -a $f -nt $cvd ] && rm -f $cvd || : +done %pre filesystem -getent group clamav >/dev/null || groupadd -r clamav -getent passwd clamav >/dev/null || \ - useradd -r -g clamav -d %_var/lib/clamav -s /sbin/nologin \ - -c "Clamav database update user" clamav +getent group %{updateuser} >/dev/null || groupadd -r %{updateuser} +getent passwd %{updateuser} >/dev/null || \ + useradd -r -g %{updateuser} -d %{homedir} -s /sbin/nologin \ + -c "Clamav database update user" %{updateuser} getent group virusgroup >/dev/null || groupadd -r virusgroup -usermod clamav -a -G virusgroup +usermod %{updateuser} -a -G virusgroup exit 0 %pre -n clamd -getent group clamscan >/dev/null || groupadd -r clamscan -getent passwd clamscan >/dev/null || \ - useradd -r -g clamscan -d / -s /sbin/nologin \ - -c "Clamav scanner user" clamscan -usermod clamscan -a -G virusgroup +getent group %{scanuser} >/dev/null || groupadd -r %{scanuser} +getent passwd %{scanuser} >/dev/null || \ + useradd -r -g %{scanuser} -d / -s /sbin/nologin \ + -c "Clamav scanner user" %{scanuser} +usermod %{scanuser} -a -G virusgroup exit 0 %post -n clamd +# Point to the new service unit [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && - ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : + ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : %systemd_post clamd@scan.service -/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || : %preun -n clamd %systemd_preun clamd@scan.service @@ -294,34 +395,22 @@ exit 0 %postun -n clamd %systemd_postun_with_restart clamd@scan.service -%post update -test -e %_var/log/freshclam.log || { - touch %_var/log/freshclam.log - %__chmod 0664 %_var/log/freshclam.log - %__chown root:clamav %_var/log/freshclam.log - ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/freshclam.log -} %triggerin milter -- clamav-scanner -/usr/sbin/groupmems -g clamscan -a clamilt &>/dev/null || : +# Add the milteruser to the scanuser group; this is required when +# milter and clamd communicate through local sockets +/usr/sbin/groupmems -g %{scanuser} -a %{milteruser} &>/dev/null || : %pre milter -getent group clamilt >/dev/null || groupadd -r clamilt -getent passwd clamilt >/dev/null || \ - useradd -r -g clamilt -d %_rundir/clamav-milter -s /sbin/nologin \ - -c "Clamav Milter user" clamilt -usermod clamilt -a -G virusgroup +getent group %{milteruser} >/dev/null || groupadd -r %{milteruser} +getent passwd %{milteruser} >/dev/null || \ + useradd -r -g %{milteruser} -d %{_rundir}/clamav-milter -s /sbin/nologin \ + -c "Clamav Milter user" %{milteruser} +usermod %{milteruser} -a -G virusgroup exit 0 %post milter -test -e %_var/log/clamav-milter.log || { - touch %_var/log/clamav-milter.log - chmod 0620 %_var/log/clamav-milter.log - chown root:clamilt %_var/log/clamav-milter.log - ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/clamav-milter.log -} %systemd_post clamav-milter.service -/bin/systemd-tmpfiles --create %_tmpfilesdir/clamav-milter.conf || : %preun milter %systemd_preun clamav-milter.service @@ -329,75 +418,109 @@ test -e %_var/log/clamav-milter.log || { %postun milter %systemd_postun_with_restart clamav-milter.service +%post freshclam +%systemd_post clamav-freshclam.service + +%preun freshclam +%systemd_preun clamav-freshclam.service + +%postun freshclam +%systemd_postun_with_restart clamav-freshclam.service + %files -%exclude %_unitdir/clamav-{daemon,freshclam}.* -%exclude %_rundir/*/*.pid %license COPYING -%doc NEWS.md README.md docs/html -%_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool} -%_libdir/libclamav.so.9* -%_libdir/libclammspack.so.0* -%_sbindir/clamonacc -%_unitdir/clamav-clamonacc.service - +%doc NEWS.md README.md +%{_bindir}/clambc +%{_bindir}/clamconf +%{_bindir}/clamdscan +%{_bindir}/clamdtop +%{_bindir}/clamscan +%{_bindir}/clamsubmit +%{_bindir}/sigtool +%if %{with clamonacc} +%{_sbindir}/clamonacc +%endif +%{_mandir}/man[15]/* +%{_mandir}/man8/clamonacc.8* +%exclude %{_mandir}/*/freshclam* +%exclude %{_mandir}/man5/clamd.conf.5* +%{_unitdir}/clamonacc.service +%{_unitdir}/clamav-clamonacc.service +%attr(0750,root,root) %dir %{quarantinedir} + +%files lib +%{_libdir}/libclamav.so.12* +%{_libdir}/libclammspack.so.0* %files devel -%_includedir/* -%_libdir/*.so -%_datadir/%name/template -%_libdir/pkgconfig/* -%_bindir/clamav-config +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/libclamav_rust.a +%{_libdir}/pkgconfig/* +%{_bindir}/clamav-config -%files help -%_mandir/man?/* %files filesystem -%attr(-,clamav,clamav) %dir %_var/lib/clamav -%attr(-,root,root) %dir %_datadir/%name -%exclude %_sysconfdir/clamd.conf.sample -%exclude %_sysconfdir/clamav-milter.conf.sample -%exclude %_sysconfdir/init -%dir %_sysconfdir/clamd.d +%attr(-,%{updateuser},%{updateuser}) %dir %{homedir} +%dir %{_sysconfdir}/clamd.d +# Used by both clamd, clamdscan, and clamonacc +%config(noreplace) %{_sysconfdir}/clamd.d/scan.conf + %files data -%defattr(-,clamav,clamav,-) -%config %verify(not size md5 mtime) %_var/lib/clamav/*.cvd - -%files update -%_bindir/freshclam -%_libdir/libfreshclam.so.2* -%_datadir/%name/freshclam-sleep -%config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf -%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/* -%config(noreplace) %_sysconfdir/cron.d/clamav-update -%config(noreplace) %_sysconfdir/sysconfig/freshclam -%ghost %attr(0664,root,clamav) %verify(not size md5 mtime) %_var/log/freshclam.log -%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/*.cld -%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/mirrors.dat +%defattr(-,%{updateuser},%{updateuser},-) +# use %%config to keep files which were updated by 'freshclam' +# already. Without this tag, they would be overridden with older +# versions whenever a new -data package is installed. +%config %verify(not size md5 mtime) %{homedir}/*.cvd + + +%files doc +%license COPYING +%{_pkgdocdir}/html/ + + +%files freshclam +%{_bindir}/freshclam +%{_libdir}/libfreshclam.so.3* +%{_mandir}/*/freshclam* +%{_unitdir}/clamav-freshclam.service +%{_unitdir}/clamav-freshclam-once.service +%{_unitdir}/clamav-freshclam-once.timer +%config(noreplace) %verify(not mtime) %{_sysconfdir}/freshclam.conf +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd + %files -n clamd %doc _doc_server/* -%_sbindir/clamd -%_unitdir/clamd@.service - -%config(noreplace) %_sysconfdir/clamd.d/scan.conf -%ghost %_rundir/clamd.scan/clamd.sock -%_tmpfilesdir/clamd.scan.conf -%ghost %dir %attr(0710,clamscan,virusgroup) %_rundir/clamd.scan +%{_mandir}/man5/clamd.conf.5* +%{_mandir}/man8/clamd.8* +%{_sbindir}/clamd +%{_unitdir}/clamd@.service +%{_tmpfilesdir}/clamd.scan.conf %files milter -%_sbindir/*milter* -%dir %_sysconfdir/mail -%config(noreplace) %_sysconfdir/mail/clamav-milter.conf -%ghost %attr(0620,root,clamilt) %verify(not size md5 mtime) %_var/log/clamav-milter.log -%ghost %_rundir/clamav-milter/clamav-milter.socket -%_tmpfilesdir/clamav-milter.conf -%ghost %dir %attr(0710,clamilt,clamilt) %_rundir/clamav-milter -%_unitdir/clamav-milter.service - +%{_sbindir}/*milter* +%{_unitdir}/clamav-milter.service +%{_mandir}/man8/clamav-milter* +%dir %{_sysconfdir}/mail +%config(noreplace) %{_sysconfdir}/mail/clamav-milter.conf +%{_tmpfilesdir}/clamav-milter.conf %changelog +* Wed Apr 09 2025 wangkai <13474090681@163.com> - 1.4.2-2 +- Update buildrequires and patch + +* Tue Feb 11 2025 Funda Wang - 1.4.2-1 +- Update to 1.4.2 + * Fri Sep 06 2024 Funda Wang - 0.103.12-1 - Upgrade to 0.103.12 diff --git a/clamav.yaml b/clamav.yaml deleted file mode 100644 index 06cb95252ae55c760964eb050998e59541fa3bcb..0000000000000000000000000000000000000000 --- a/clamav.yaml +++ /dev/null @@ -1,4 +0,0 @@ -version_control: github -src_repo: Cisco-Talos/clamav-devel -tag_prefix: clamav- -seperator: . diff --git a/clamd-README b/clamd-README new file mode 100644 index 0000000000000000000000000000000000000000..371a39e906cff5cf9ed25b6578387655ed4566e8 --- /dev/null +++ b/clamd-README @@ -0,0 +1,86 @@ +Update 2021: Log to syslog is obsolete, journalctl superseded it + + By default, clamd provides a general "scan" service that requires minimal +configuration. To configure, edit /etc/clamd/scan.conf and: + + * set LocalSocket for localhost access or TCPSocket for network access. + + Default configuration will: + + * Log to syslog + * Run as the user "clamscan" + + When LogFile feature is wanted, it must be writable for the assigned +User. The recommended way is to: + + * make it owned by the User's *group* + * assign at least 0620 (u+rw,g+w) permissions + + A suitable command might be + | # touch + | # chgrp + | # chmod 0620 + | # restorecon + + NEVER use 'clamav' as the user since it can modify the database. This is +the user who is running the application; e.g. for mimedefang +(http://www.roaringpenguin.com/mimedefang), the user might be 'defang'. +Theoretically, distinct users could be used, but it must be made sure that +the application-user can write into the socket-file, and that the clamd-user +can access the files asked by the application to be checked. + + The default service can be enabled and started with: + + systemctl enable clamd@scan.service + systemctl start clamd@scan.service + + To create other individual clamd-instances take the following files in +/usr/share/doc/clamd/ and modify/copy them in the suggested way: + +clamd.conf, copy to /etc/clamd.d/.conf + * Change as to match name of config file + * Any other changes as noted above + +clamd.logrotate: (only when LogFile feature is used) + * set the correct value for the logfile + * place it into /etc/logrotate.d + + Additionally, when using LocalSocket instead of TCPSocket, the directory +for the socket file must be created. For tmpfiles based systems, you might +want to create a file /etc/tmpfiles.d/clamd..conf with a content of + + | d /run/clamd. + + Adjust (0710 should suffice for most cases) and + +so that the socket can be accessed by clamd and by the applications using +clamd. Make sure that the socket is not world accessible; else, DOS attacks +or worse are trivial. + + After emulating these steps by hand (or else rebooting), you still need set +SELinux: + + chcon -t clamd_var_run_t /run/clamd. +or + restorecon -R -v "/run/clamd." + +More SELinux notes: +you may need run: + + setsebool -P antivirus_can_scan_system 1 + +and also maybe this one (I need to confirm that is obsolete) + + setsebool -P antivirus_use_jit 1 + + The new service can be enabled and started with: + + systemctl enable clamd@.service + systemctl start clamd@.service + + +[Disclaimer: + this file and the script/configfiles are not part of the official + clamav package. + + Please send complaints and comments to + https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=clamav] diff --git a/clamd-wrapper b/clamd-wrapper deleted file mode 100644 index 0a3062839839faf5f718cba55d64163603676611..0000000000000000000000000000000000000000 --- a/clamd-wrapper +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# -# Xchkconfig: - 75 35 -# Xdescription: The clamd daemon listens for incoming connections on \ -# Unix or TCP socket and scans files or directories on demand. - -test "$CLAMD_SERVICE" || { - echo $"*** $0 can not be called in this way" - echo $"*** Please see /usr/share/doc/clamav-server-*/README how" - echo $"*** the clamav-server can be configured" - exit 6 -} - -# Source function library. -. /etc/init.d/functions - -# Get config. -test -r /etc/sysconfig/network && . /etc/sysconfig/network - -# Check that networking is up. -test "$NETWORKING" != "no" || exit 6 - -lockfile=/var/lock/subsys/clamd.${CLAMD_SERVICE} -sysconffile=/etc/sysconfig/clamd.${CLAMD_SERVICE} -procname=clamd.${CLAMD_SERVICE} - -CLAMD_CONFIGFILE=/etc/clamd.d/${CLAMD_SERVICE}.conf -CLAMD_OPTIONS= -CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid -## backward-compatibility check... -for i in /var/run/clamd.${CLAMD_SERVICE}/clamd.sock \ - /var/run/clamav.${CLAMD_SERVICE}/clamd.sock; do - CLAMD_SOCKET=$i - test ! -e "$i" || break -done -test -f "$sysconffile" && . "$sysconffile" - - -RETVAL=0 -prog="clamd.${CLAMD_SERVICE}" - -start () { - echo -n $"Starting $prog: " - daemon --pidfile=${CLAMD_PIDFILE} \ - exec -a $procname /usr/sbin/clamd \ - ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE} - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch $lockfile - return $RETVAL -} - -stop () { - echo -n $"Stopping $prog: " - killproc -p ${CLAMD_PIDFILE} $procname - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f $lockfile - return $RETVAL -} - -reload() { - rc=0 - echo -n $"Reloading $prog: " - killproc -p ${CLAMD_PIDFILE} $procname -HUP || rc=$? - echo - echo -n $"Loading new virus-database: " - killproc -p ${CLAMD_PIDFILE} $procname -USR2 || rc=$? - echo - return $rc -} - -restart () { - stop - start -} - -# See how we were called. -case "$1" in - start|stop|restart|reload) - $1 ;; - status) - status -p ${CLAMD_PIDFILE} $procname ;; - condrestart) - test ! -f $lockfile || restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}" - exit 2 -esac diff --git a/clamd.SERVICE.init b/clamd.SERVICE.init deleted file mode 100644 index f2f91918fb2b489a772882b098025969793b4a08..0000000000000000000000000000000000000000 --- a/clamd.SERVICE.init +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# -# chkconfig: - 75 35 -# description: The clamd server running for - -CLAMD_SERVICE= -. /usr/share/clamav/clamd-wrapper diff --git a/clamd.logrotate b/clamd.logrotate index 45dc48d3b1ab6ebb5e7176ff7b5066ec6e20f441..dde4e445b467064109c6138600070394961beead 100644 --- a/clamd.logrotate +++ b/clamd.logrotate @@ -4,6 +4,6 @@ missingok postrotate - pkill -u -HUP -f '/usr/sbin/clamd -c /etc/clamd.d/.conf >/dev/null 2>&1 || : + pkill -u -HUP -f "/usr/sbin/clamd -c /etc/clamd.d/.conf" >/dev/null 2>&1 || : endscript } diff --git a/clamd.scan.upstart b/clamd.scan.upstart deleted file mode 100644 index 54482e695df62b980bb5da801e99a4953316221b..0000000000000000000000000000000000000000 --- a/clamd.scan.upstart +++ /dev/null @@ -1,14 +0,0 @@ -### !!! Uncomment only *one* of the 'start on' statements !!! - -### Uncomment this line when you want clamd.scan to be a scanner for a -### locally running clamav-milter -#start on starting clamav-milter - -### Uncomment this line when you want clamd.scan to be a generic -### scanner service -#start on runlevel [345] and starting local - -stop on runlevel [!345] - -respawn -exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes diff --git a/clamd.sysconfig b/clamd.sysconfig deleted file mode 100644 index 4933e7e760c4a74335196e71f20192a8b79e32e9..0000000000000000000000000000000000000000 --- a/clamd.sysconfig +++ /dev/null @@ -1,3 +0,0 @@ -#CLAMD_CONFIGFILE=/etc/clamd.d/.conf -#CLAMD_SOCKET=/var/run/clamd./clamd.sock -#CLAMD_OPTIONS= diff --git a/clamd@scan.service b/clamd@scan.service deleted file mode 100644 index c3296127d1eddd790fa12fcf89c0c1aae870192f..0000000000000000000000000000000000000000 --- a/clamd@scan.service +++ /dev/null @@ -1,7 +0,0 @@ -.include /lib/systemd/system/clamd@.service - -[Unit] -Description = Generic clamav scanner daemon - -[Install] -WantedBy = multi-user.target diff --git a/daily-27388.cvd b/daily-27388.cvd deleted file mode 100644 index a93d3793c3cbe828f4de54878345da5ad64289be..0000000000000000000000000000000000000000 Binary files a/daily-27388.cvd and /dev/null differ diff --git a/daily-27526.cvd b/daily-27526.cvd new file mode 100644 index 0000000000000000000000000000000000000000..bdbbdfb144eb89e718c9698c2ae8fd1fe85aa055 --- /dev/null +++ b/daily-27526.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30fd12cd494d874ccf0515abc15a407223c6846e14e59c74240fda37d4a0c9de +size 64519701 diff --git a/fix-clamonacc-w-error.patch b/fix-clamonacc-w-error.patch deleted file mode 100644 index b4245d5d22c5b5561ff38962de8beed41e64cf57..0000000000000000000000000000000000000000 --- a/fix-clamonacc-w-error.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e5de0bd90f856ed8c9b4e05e6e9c4f46920112a6 Mon Sep 17 00:00:00 2001 -From: chen-jan -Date: Tue, 7 Dec 2021 08:18:21 +0000 -Subject: [PATCH] fix clamonacc -w error - ---- - clamonacc/client/client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clamonacc/client/client.c b/clamonacc/client/client.c -index 347070f..f507eee 100644 ---- a/clamonacc/client/client.c -+++ b/clamonacc/client/client.c -@@ -205,7 +205,7 @@ int16_t onas_ping_clamd(struct onas_context **ctx) - /* ping command takes the form --ping [attempts[:interval]] */ - opt = optget((*ctx)->opts, "ping"); - -- if (opt) { -+ if (opt && opt->strarg) { - attempt_str = cli_strdup(opt->strarg); - if (attempt_str) { - if (NULL == attempt_str) { --- -2.30.0 - diff --git a/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch b/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch deleted file mode 100644 index 572855bf5f1da03af22bf553fc3bb55027c113a5..0000000000000000000000000000000000000000 --- a/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur clamav-0.103.6/clambc/bcrun.c clamav-0.103.6_bak/clambc/bcrun.c ---- clamav-0.103.6/clambc/bcrun.c 2022-05-02 12:46:41.000000000 +0800 -+++ clamav-0.103.6_bak/clambc/bcrun.c 2022-05-26 10:02:06.307956926 +0800 -@@ -406,7 +406,7 @@ - // ctx was memset, so recursion_level starts at 0. - cctx.recursion_stack[cctx.recursion_level].fmap = map; - cctx.recursion_stack[cctx.recursion_level].type = CL_TYPE_ANY; /* ANY for the top level, because we don't yet know the type. */ -- cctx.recursion_stack[cctx.recursion_level].size = map->len; -+ //cctx.recursion_stack[cctx.recursion_level].size = map->len; - - cctx.fmap = cctx.recursion_stack[cctx.recursion_level].fmap; - diff --git a/freshclam-sleep b/freshclam-sleep old mode 100644 new mode 100755 diff --git a/libclamav-pe-Use-endian-wrapper-in-more-places.patch b/libclamav-pe-Use-endian-wrapper-in-more-places.patch new file mode 100644 index 0000000000000000000000000000000000000000..729f71d7a84d9b7a52a69b98ec8ab059b0e798c9 --- /dev/null +++ b/libclamav-pe-Use-endian-wrapper-in-more-places.patch @@ -0,0 +1,73 @@ +diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c +--- clamav-1.4.0/libclamav/pe.c.big-endian 2024-08-13 14:24:46.000000000 -0600 ++++ clamav-1.4.0/libclamav/pe.c 2024-08-15 20:16:02.017730419 -0600 +@@ -2424,22 +2424,22 @@ static cl_error_t hash_imptbl(cli_ctx *c + + /* If the PE doesn't have an import table then skip it. This is an + * uncommon case but can happen. */ +- if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) { ++ if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) { + cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrappers +- impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); +- if (err || impoff + peinfo->dirs[1].Size > fsize) { ++ impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); ++ if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) { + cli_dbgmsg("scan_pe: invalid rva for import table data\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrapper +- impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size); ++ impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size)); + if (impdes == NULL) { + cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n"); + status = CL_EREAD; +@@ -2449,7 +2449,7 @@ static cl_error_t hash_imptbl(cli_ctx *c + + /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above) + * would have failed if the size exceeds the end of the fmap. */ +- left = peinfo->dirs[1].Size; ++ left = EC32(peinfo->dirs[1].Size); + + if (genhash[CLI_HASH_MD5]) { + hashctx[CLI_HASH_MD5] = cl_hash_init("md5"); +@@ -2556,7 +2556,7 @@ static cl_error_t hash_imptbl(cli_ctx *c + + done: + if (needed_impoff) { +- fmap_unneed_off(map, impoff, peinfo->dirs[1].Size); ++ fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size)); + } + + for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) { +@@ -3241,7 +3241,7 @@ int cli_scanpe(cli_ctx *ctx) + + /* Trojan.Swizzor.Gen */ + if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) { +- if (peinfo->dirs[2].Size) { ++ if (EC32(peinfo->dirs[2].Size)) { + struct swizz_stats *stats = calloc(1, sizeof(*stats)); + unsigned int m = 1000; + ret = CL_CLEAN; +@@ -5250,13 +5250,13 @@ cl_error_t cli_peheader(fmap_t *map, str + cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep); + } + +- if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size) ++ if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size)) + peinfo->res_addr = 0; + else + peinfo->res_addr = peinfo->dirs[2].VirtualAddress; + + while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO && +- peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) { ++ peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) { + struct vinfo_list vlist; + const uint8_t *vptr, *baseptr; + uint32_t rva, res_sz; diff --git a/main-62.cvd b/main-62.cvd index 9a117207e20b7ca7d2f09d58ab2b7d6ecbac405f..6d54b1f797305fa8b359e69d4b4c810ed875a999 100644 Binary files a/main-62.cvd and b/main-62.cvd differ