diff --git a/README.fedora b/README.fedora deleted file mode 100644 index 7abd1909a93afe0aa30a3a227e7402faf39c92e0..0000000000000000000000000000000000000000 --- a/README.fedora +++ /dev/null @@ -1,119 +0,0 @@ -Please note since el7 and Fedora 15 or 19 we use only systemd. -upstart and sysv was dropped, this document may still applies to el6. - -A clamav-milter setup consists of the following three components: - -* the clamav-milter itself - - --> this is provided by the 'clamav-milter' package plus (alternatively) - 'clamav-milter-upstart' or 'clamav-milter-sysvinit' - - The main configuration is in /etc/mail/clamav-milter.conf and MUST - be changed before first use. - - The -sysvinit package is managed by the traditional tools, but - -upstart requires modification of /etc/event.d/clamav-milter to - enable automatic startup. See comments there for more details. - -* a clamav scanner daemon - - --> this package is called 'clamav-scanner' plus (alternatively) - 'clamav-scanner-upstart' or 'clamav-scanner-sysvinit' - - The daemon is configured by /etc/clamd.d/scan.conf (which MUST be - edited before first use). - - The -sysvinit package is managed by the traditional tools, but - -upstart requires modification of /etc/event.d/clamd.scan to enable - automatic startup. See comments there for more details. - -* the MTA (sendmail/postfix) - - --> you should know how to install this... - - When communicating across unix sockets with the clamav-milter, it is - suggested to use the /var/run/clamav-milter/clamav-milter.socket - path. You have to add something like - - INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl - - to your sendmail.mc. - - - -It is suggested that components communicate through TCP sockets as -this eases setup. Please add corresponding packet filter rules! - - -EXAMPLE -======= - -For clamav-milter, a possible setup might be created by - -A) On the MTA (assumed hostname 'host-mta') - - 1. Add to sendmail.mc - - | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl - - 2. Rebuild sendmail.cf - - -B) On the clamav-milter host (assumed hostname 'host-milter') - - 1. Install clamav-milter + clamav-milter-upstart packages - - 2. Set in /etc/mail/clamav-milter.conf - - | MilterSocket inet:6666 - | ClamdSocket tcp:host-scanner:6665 - - and all the other options which are required on your system - - 3. Edit /etc/event.d/clamav-milter and uncomment the - - | start on starting local - - line. Restart your system or execute - - | initctl emit starting local - - 4. Add something like - - | iptables -N IN-cmilt - | iptables -A IN-cmilt -s host-mta -j ACCEPT - | iptables -A IN-cmilt -j DROP - - | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt - - to your firewall setup - -C) On the clamav-scanner host (assumed hostname 'host-scanner') - - 1. Install clamav-scanner + clamav-scanner-upstart packages - - 2. Add to /etc/clamd.d/scan.conf - - | TCPSocket 6665 - | TCPAddr host-scanner - - comment out possible 'LocalSocket' lines and set all the other - options which are required on your system - - 3. Edit /etc/event.d/clamav-scanner and uncomment the - - | start on starting local - - line. Restart your system or execute - - | initctl emit starting local - - 4. Add something like - - | iptables -N IN-cscan - | iptables -A IN-cscan -s host-milter -j ACCEPT - | iptables -A IN-cscan -j DROP - - | iptables -A INPUT -p tcp --dport 6665 -j IN-csan - - to your firewall setup diff --git a/clamav.spec b/clamav.spec index c145805db485cb62058ad546860bcab08399e46a..f90c458693ec862cb0d87bf83d4bfda45a4d605b 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,27 +1,25 @@ Name: clamav Summary: End-user tools for the Clam Antivirus scanner Version: 0.101.4 -Release: 2 +Release: 3 License: GPLv2 URL: https://www.clamav.net/ Source0: clamav-0.101.4-norar.tar.xz Source1: clamd.sysconfig Source2: clamd.logrotate -Source3: clamd-README -Source4: main-58.cvd -Source5: daily-25550.cvd -Source6: bytecode-330.cvd -Source7: clamd-gen -Source8: freshclam-sleep -Source9: freshclam.sysconfig -Source10: clamav-update.crond -Source11: clamav-update.logrotate -Source12: README.fedora -Source13: clamav-milter.upstart -Source14: clamav-milter.systemd -Source15: clamd.scan.upstart -Source16: clamd@scan.service -Source17: clamd@.service +Source3: main-58.cvd +Source4: daily-25550.cvd +Source5: bytecode-330.cvd +Source6: clamd-gen +Source7: freshclam-sleep +Source8: freshclam.sysconfig +Source9: clamav-update.crond +Source10: clamav-update.logrotate +Source11: clamav-milter.upstart +Source12: clamav-milter.systemd +Source13: clamd.scan.upstart +Source14: clamd@scan.service +Source15: clamd@.service Patch0001: clamav-0.100.0-stats-deprecation.patch Patch0002: clamav-0.100.1-defaults_locations.patch @@ -150,7 +148,6 @@ The clamav-milter package contains files which are needed to run the clamav-milt %prep %autosetup -n %{name}-%{version}%{?prerelease} -p1 -install -p -m0644 %SOURCE12 clamav-milter/ install -d libclamunrar{,_iface} touch libclamunrar/{Makefile.in,all,install} @@ -212,21 +209,20 @@ install -d -m 0755 $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \ touch $RPM_BUILD_ROOT%_var/lib/clamav/{daily,main,bytecode}.cld touch $RPM_BUILD_ROOT%_var/lib/clamav/mirrors.dat -install -D -m 0644 -p %SOURCE4 $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd -install -D -m 0644 -p %SOURCE5 $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd -install -D -m 0644 -p %SOURCE6 $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd +install -D -m 0644 -p %SOURCE3 $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd +install -D -m 0644 -p %SOURCE4 $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd +install -D -m 0644 -p %SOURCE5 $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd install -D -m 0644 -p %SOURCE1 _doc_server/clamd.sysconfig install -D -m 0644 -p %SOURCE2 _doc_server/clamd.logrotate -install -D -m 0644 -p %SOURCE3 _doc_server/README install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf -install -m 0755 -p %SOURCE7 $RPM_BUILD_ROOT%_datadir/%name/ +install -m 0755 -p %SOURCE6 $RPM_BUILD_ROOT%_datadir/%name/ install -D -p _doc_server/* $RPM_BUILD_ROOT%_datadir/%name/template -install -D -p -m 0644 %SOURCE17 $RPM_BUILD_ROOT%_unitdir/clamd@.service -install -D -m 0644 -p %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update +install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_unitdir/clamd@.service +install -D -m 0644 -p %SOURCE10 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update touch $RPM_BUILD_ROOT%_var/log/freshclam.log -install -D -p -m 0755 %SOURCE8 $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep -install -D -p -m 0644 %SOURCE9 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam -install -D -p -m 0600 %SOURCE10 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update +install -D -p -m 0755 %SOURCE7 $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep +install -D -p -m 0644 %SOURCE8 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam +install -D -p -m 0600 %SOURCE9 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,} chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf @@ -240,8 +236,8 @@ smartsubst 's!webmaster,clamav!webmaster,clamav!g; sed -e 's!!scan!g;s!!clamscan!g' \ etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf -install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf -install -D -p -m 0644 %SOURCE16 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service +install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf +install -D -p -m 0644 %SOURCE14 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf d %_rundir/clamd.scan 0710 clamscan virusgroup @@ -258,8 +254,8 @@ sed -r -e 's!^#?(User).*!\1 clamilt!g' \ -e 's! /tmp/clamav-milter.log! %_var/log/clamav-milter.log!g' \ etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf -install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf -install -D -p -m 0644 %SOURCE14 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service +install -D -p -m 0644 %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf +install -D -p -m 0644 %SOURCE12 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamav-milter.conf d %_rundir/clamav-milter 0710 clamilt clamilt @@ -401,7 +397,6 @@ test -e %_var/log/clamav-milter.log || { %files milter -%doc clamav-milter/README.fedora %_sbindir/*milter* %dir %_sysconfdir/mail %config(noreplace) %_sysconfdir/mail/clamav-milter.conf diff --git a/clamd-README b/clamd-README deleted file mode 100644 index ca2d102b862cd4a0e222486521883cbafee9a209..0000000000000000000000000000000000000000 --- a/clamd-README +++ /dev/null @@ -1,74 +0,0 @@ -To create individual clamd-instance take the following files and -modify/copy them in the suggested way: - -clamd.conf: - * set LocalSocket (or better: TCPSocket) and User to suitable values; - avoid PidFile unless it is required by system monitoring or something - else. Logging through syslog is usually better than an individual - Logfile. - * place this file into /etc/clamd.d with an unique service-name; - e.g. as /etc/clamd.d/.conf - - When using TCPSocket, create iptables rules which are limiting the - access by source and/or by using '-m owner'. - - When LogFile feature is wanted, it must be writable for the assigned - User. Recommended way to reach this, is to: - * make it owned by the User's *group* - * assign at least 0620 (u+rw,g+w) permissions - - A suitable command might be - | # touch - | # chgrp - | # chmod 0620 - | # restorecon - - NEVER use 'clamav' as the user since he can modify the database. - This is the user who is running the application; e.g. for mimedefang - (http://www.roaringpenguin.com/mimedefang), the user might be - 'defang'.Theoretically, distinct users could be used, but it must be - made sure that the application-user can write into the socket-file, - and that the clamd-user can access the files asked by the - application to be checked. - -clamd.logrotate: (only when LogFile feature is used) - * set the correct value for the logfile - * place it into /etc/logrotate.d - -clamd@.service: (systemd instance) - * instance of clamd@.service - -Additionally, when using LocalSocket instead of TCPSocket, the directory -for the socket file must be created. For tmpfiles based systems, you -might want to create a file /usr/lib/tmpfiles.d/clamd..conf -with a content of - - | d /var/run/clamd. - -Adjust (0710 should suffice for most cases) and + -so that the socket can be accessed by clamd and by the applications -using clamd. Make sure that the socket is not world accessible; else, -DOS attacks or worse are trivial. - -After emulating these steps by hand (or else rebooting), you still need set -SELinux: - - chcon -t clamd_var_run_t /var/run/clamd. -or - restorecon -R -v "/var/run/clamd." - -More SELinux notes: -you may need run: - - setsebool -P antivirus_can_scan_system 1 - -and also maybe this one (I need to confirm that is obsolete) - - setsebool -P antivirus_use_jit 1 - -[Disclaimer: - this file and the script/configfiles are not part of the official - clamav package. - - Please send complaints and comments to - https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav]