diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e594810 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.xz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b053f7d --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: smeserver-clamav +# $Id: Makefile,v 1.1 2016/02/05 23:45:20 stephdl Exp $ +NAME := smeserver-clamav +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index aa8e0a9..15c5785 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,20 @@ -# smeserver-clamav +# smeserver-clamav -SMEServer Koozali developed git repo for smeserver-clamav smeserver \ No newline at end of file +SMEServer Koozali developed git repo for smeserver-clamav smeserver + +## Wiki +
https://wiki.koozali.org/Clamav:ConfigurationOptions +
https://wiki.koozali.org/Clamav_unofficial_sigs +
https://wiki.koozali.org/Clamav:freshclam_update +
https://wiki.koozali.org/Esmith::FormMagick::Panel::clamav + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-clamav&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
+ +ClamAV is open source software that provides a powerful antivirus engine for detecting and removing malicious threats such as viruses, trojans, worms, and other malicious software. It can be used as both a standalone antivirus solution as well as an integrated antivirus solution with other security products. It features a regularly updated virus signature database, heuristics scanning, rootkit detection, and advanced rule-based detection. Additionally, it offers a high level of customization, allowing users to tailor the antivirus engine to their specific needs. ClamAV also provides a simple-to-use web-based management console, allowing users to manage ClamAV security features and settings with ease. diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..ef36a67 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +sme10 diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..2002871 --- /dev/null +++ b/createlinks @@ -0,0 +1,65 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +my $panel = "manager"; +panel_link("clamav", $panel); + + +# For templates in all main events + +foreach (qw( + /etc/freshclam.conf + /etc/clamd.d/scan.conf + /etc/logrotate.d/clamd + /etc/logrotate.d/clamav-update + /etc/logrotate.d/freshclam + /usr/lib/tmpfiles.d/clamd.conf + /usr/lib/systemd/system/clamd.service.d/50koozali.conf + )) +{ + templates2events("$_",qw( + post-install + post-upgrade + bootstrap-console-save + console-save + email-update + clamav-update + smeserver-clamav-update + )); +} + +# For templates only in certain individual events + +# Not required now +templates2events("/etc/cron.daily/freshclam", "bootstrap-console-save"); +templates2events("/etc/cron.d/clamav-update", "bootstrap-console-save" ); + +my $event = "clamav-update"; +templates2events("/etc/crontab", $event); +templates2events("/etc/systemd/system-preset/49-koozali.preset", $event ); +templates2events("/etc/cron.daily/freshclam", $event ); +templates2events("/etc/cron.d/clamav-update", $event ); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/clamd"); + + +# clamav-update events +my $event = "smeserver-clamav-update"; +templates2events("/etc/crontab", $event); +templates2events("/etc/systemd/system-preset/49-koozali.preset", $event ); +templates2events("/etc/cron.daily/freshclam", $event ); +templates2events("/etc/cron.d/clamav-update", $event ); + +safe_touch("root/etc/e-smith/templates/etc/cron.d/clamav-update"); +event_link("systemd-default", $event, "88"); # updates all the service files etc +event_link("systemd-reload", $event, "89"); # systemctl daemon-reload +event_link("clamav-update", $event, "99"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/clamd"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/freshclam"); + +# email-update events - required? +$event = "email-update"; +safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/clamd"); + +exit 0; + diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/Checks b/root/etc/e-smith/db/configuration/defaults/clamav/Checks new file mode 100644 index 0000000..a45fd52 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/Checks @@ -0,0 +1 @@ +24 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ConcurrentDatabaseReload b/root/etc/e-smith/db/configuration/defaults/clamav/ConcurrentDatabaseReload new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ConcurrentDatabaseReload @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/DNSDatabaseInfo b/root/etc/e-smith/db/configuration/defaults/clamav/DNSDatabaseInfo new file mode 100644 index 0000000..e30349c --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/DNSDatabaseInfo @@ -0,0 +1 @@ +current.cvd.clamav.net diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/DatabaseMirror b/root/etc/e-smith/db/configuration/defaults/clamav/DatabaseMirror new file mode 100644 index 0000000..c1d4f24 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/DatabaseMirror @@ -0,0 +1 @@ +db.local.clamav.net diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/Debug b/root/etc/e-smith/db/configuration/defaults/clamav/Debug new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/Debug @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScan b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScan new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScan @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanExclude b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanExclude new file mode 100644 index 0000000..0e6ba81 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanExclude @@ -0,0 +1 @@ +/proc,/sys,/usr/share,/var diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanFilesystems b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanFilesystems new file mode 100644 index 0000000..84dc35e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanFilesystems @@ -0,0 +1 @@ +/home/e-smith/files diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanReportTo b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanReportTo new file mode 100644 index 0000000..7fbe952 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanReportTo @@ -0,0 +1 @@ +admin diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanUnofficialSigs b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanUnofficialSigs new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/FilesystemScanUnofficialSigs @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/HeuristicScanPrecedence b/root/etc/e-smith/db/configuration/defaults/clamav/HeuristicScanPrecedence new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/HeuristicScanPrecedence @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/IdleTimeout b/root/etc/e-smith/db/configuration/defaults/clamav/IdleTimeout new file mode 100644 index 0000000..abdfb05 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/IdleTimeout @@ -0,0 +1 @@ +60 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/LeaveTemporaryFiles b/root/etc/e-smith/db/configuration/defaults/clamav/LeaveTemporaryFiles new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/LeaveTemporaryFiles @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/LogClean b/root/etc/e-smith/db/configuration/defaults/clamav/LogClean new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/LogClean @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/LogFileUnlock b/root/etc/e-smith/db/configuration/defaults/clamav/LogFileUnlock new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/LogFileUnlock @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/LogTime b/root/etc/e-smith/db/configuration/defaults/clamav/LogTime new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/LogTime @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/LogVerbose b/root/etc/e-smith/db/configuration/defaults/clamav/LogVerbose new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/LogVerbose @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxAttempts b/root/etc/e-smith/db/configuration/defaults/clamav/MaxAttempts new file mode 100644 index 0000000..1e8b314 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxAttempts @@ -0,0 +1 @@ +6 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxConnectionQueueLength b/root/etc/e-smith/db/configuration/defaults/clamav/MaxConnectionQueueLength new file mode 100644 index 0000000..64bb6b7 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxConnectionQueueLength @@ -0,0 +1 @@ +30 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxDirectoryRecursion b/root/etc/e-smith/db/configuration/defaults/clamav/MaxDirectoryRecursion new file mode 100644 index 0000000..209e3ef --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxDirectoryRecursion @@ -0,0 +1 @@ +20 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxFileSize b/root/etc/e-smith/db/configuration/defaults/clamav/MaxFileSize new file mode 100644 index 0000000..3ce65e7 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxFileSize @@ -0,0 +1 @@ +15M diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxFiles b/root/etc/e-smith/db/configuration/defaults/clamav/MaxFiles new file mode 100644 index 0000000..3d86ec6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxFiles @@ -0,0 +1 @@ +1500 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxRecursion b/root/etc/e-smith/db/configuration/defaults/clamav/MaxRecursion new file mode 100644 index 0000000..45a4fb7 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxRecursion @@ -0,0 +1 @@ +8 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/MaxThreads b/root/etc/e-smith/db/configuration/defaults/clamav/MaxThreads new file mode 100644 index 0000000..209e3ef --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/MaxThreads @@ -0,0 +1 @@ +20 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/Quarantine b/root/etc/e-smith/db/configuration/defaults/clamav/Quarantine new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/Quarantine @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/QuarantineDirectory b/root/etc/e-smith/db/configuration/defaults/clamav/QuarantineDirectory new file mode 100644 index 0000000..47f7d31 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/QuarantineDirectory @@ -0,0 +1 @@ +/var/spool/clamav/quarantine diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ReadTimeout b/root/etc/e-smith/db/configuration/defaults/clamav/ReadTimeout new file mode 100644 index 0000000..697cb3a --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ReadTimeout @@ -0,0 +1 @@ +300 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ScanArchive b/root/etc/e-smith/db/configuration/defaults/clamav/ScanArchive new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ScanArchive @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ScanHTML b/root/etc/e-smith/db/configuration/defaults/clamav/ScanHTML new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ScanHTML @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ScanMail b/root/etc/e-smith/db/configuration/defaults/clamav/ScanMail new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ScanMail @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ScanOLE2 b/root/etc/e-smith/db/configuration/defaults/clamav/ScanOLE2 new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ScanOLE2 @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ScanPE b/root/etc/e-smith/db/configuration/defaults/clamav/ScanPE new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ScanPE @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ScanRAR b/root/etc/e-smith/db/configuration/defaults/clamav/ScanRAR new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ScanRAR @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/SelfCheck b/root/etc/e-smith/db/configuration/defaults/clamav/SelfCheck new file mode 100644 index 0000000..bb08106 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/SelfCheck @@ -0,0 +1 @@ +1800 diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ShowProxySettings b/root/etc/e-smith/db/configuration/defaults/clamav/ShowProxySettings new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ShowProxySettings @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/ShowUpdateSettings b/root/etc/e-smith/db/configuration/defaults/clamav/ShowUpdateSettings new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/ShowUpdateSettings @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/SignaturesUpdated b/root/etc/e-smith/db/configuration/defaults/clamav/SignaturesUpdated new file mode 100644 index 0000000..3546645 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/SignaturesUpdated @@ -0,0 +1 @@ +unknown diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/UpdateNonOfficeHrs b/root/etc/e-smith/db/configuration/defaults/clamav/UpdateNonOfficeHrs new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/UpdateNonOfficeHrs @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/UpdateOfficeHrs b/root/etc/e-smith/db/configuration/defaults/clamav/UpdateOfficeHrs new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/UpdateOfficeHrs @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/UpdateWeekend b/root/etc/e-smith/db/configuration/defaults/clamav/UpdateWeekend new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/UpdateWeekend @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/status b/root/etc/e-smith/db/configuration/defaults/clamav/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamav/type b/root/etc/e-smith/db/configuration/defaults/clamav/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamav/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/clamd/MemLimit b/root/etc/e-smith/db/configuration/defaults/clamd/MemLimit new file mode 100644 index 0000000..3ba50a6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamd/MemLimit @@ -0,0 +1 @@ +1610612736 \ No newline at end of file diff --git a/root/etc/e-smith/db/configuration/defaults/clamd/status b/root/etc/e-smith/db/configuration/defaults/clamd/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamd/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamd/type b/root/etc/e-smith/db/configuration/defaults/clamd/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamd/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/freshclam/status b/root/etc/e-smith/db/configuration/defaults/freshclam/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/freshclam/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/freshclam/type b/root/etc/e-smith/db/configuration/defaults/freshclam/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/freshclam/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/migrate/40clamav93 b/root/etc/e-smith/db/configuration/migrate/40clamav93 new file mode 100644 index 0000000..02cbaf9 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/40clamav93 @@ -0,0 +1,20 @@ +{ + my $smtpd = $DB->get('clamav') or return; + + if (my $maxFileSize = $DB->get_prop_and_delete('clamav', 'ArchiveMaxFileSize')) { + $smtpd->merge_props('MaxFileSize', $maxFileSize); + } + + if (my $maxRecursion = $DB->get_prop_and_delete('clamav', 'ArchiveMaxRecursion')) { + $smtpd->merge_props('MaxRecursion', $maxRecursion); + } + + if (my $maxFiles = $DB->get_prop_and_delete('clamav', 'ArchiveMaxFiles')) { + $smtpd->merge_props('MaxFiles', $maxFiles); + } + + if (my $AlertEncrypted = $DB->get_prop_and_delete('clamav', 'ArchiveBlockEncrypted')) { + $smtpd->merge_props('AlertEncrypted', $AlertEncrypted); + } + +} diff --git a/root/etc/e-smith/db/configuration/migrate/40clamavDatabaseMirror b/root/etc/e-smith/db/configuration/migrate/40clamavDatabaseMirror new file mode 100644 index 0000000..b3b03ae --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/40clamavDatabaseMirror @@ -0,0 +1,7 @@ +{ + my $clamav = $DB->get('clamav') or return; + + return unless ($clamav->prop('DatabaseMirror') eq 'db.us.clamav.net'); + + $clamav->set_prop('DatabaseMirror','db.local.clamav.net'); +} diff --git a/root/etc/e-smith/db/configuration/migrate/clamavLogTime b/root/etc/e-smith/db/configuration/migrate/clamavLogTime new file mode 100644 index 0000000..29293c3 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/clamavLogTime @@ -0,0 +1,7 @@ +{ + my $clamav = $DB->get('clamav'); + return unless $clamav; + + my $LogTime = 'yes'; + $DB->set_prop('clamav', 'LogTime', $LogTime); +} diff --git a/root/etc/e-smith/db/configuration/migrate/clamdMemLimit b/root/etc/e-smith/db/configuration/migrate/clamdMemLimit new file mode 100644 index 0000000..69bc4d4 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/clamdMemLimit @@ -0,0 +1,7 @@ +{ + my $clamd = $DB->get('clamd'); + return unless $clamd; + + my $size = 1610612736; + $DB->set_prop('clamd', 'MemLimit', $size) if $DB->get_prop('clamd','MemLimit') < $size; +} diff --git a/root/etc/e-smith/db/configuration/migrate/clamdSelfCheck b/root/etc/e-smith/db/configuration/migrate/clamdSelfCheck new file mode 100644 index 0000000..e863636 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/clamdSelfCheck @@ -0,0 +1,7 @@ +{ + my $clamd = $DB->get('clamd'); + return unless $clamd; + + my $size = 600; + $DB->set_prop('clamd', 'SelfCheck', $size); +} diff --git a/root/etc/e-smith/db/configuration/migrate/removeBrokenExecutables b/root/etc/e-smith/db/configuration/migrate/removeBrokenExecutables new file mode 100644 index 0000000..8cb0081 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/removeBrokenExecutables @@ -0,0 +1,7 @@ +{ + my $clamav = $DB->get('clamav'); + return unless $clamav; + if ($clamav{'DetectBrokenExecutables'}) { + $DB->get_prop_and_delete( 'clamav', 'DetectBrokenExecutables' ); + } +} diff --git a/root/etc/e-smith/events/actions/clamav-update b/root/etc/e-smith/events/actions/clamav-update new file mode 100644 index 0000000..169e5c8 --- /dev/null +++ b/root/etc/e-smith/events/actions/clamav-update @@ -0,0 +1,2 @@ +#!/usr/bin/bash +#keeping that to help migration from older clamd diff --git a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/clamav b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/clamav new file mode 100644 index 0000000..38fe73e --- /dev/null +++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/clamav @@ -0,0 +1,44 @@ + + + + FORM_TITLE + Antivirus settings + + + LABEL_FILESYSTEM_SCAN_PERIOD + Scan filesystem + + + DESC_FILESYSTEM_SCAN_PERIOD + General Settings + If this option is enabled then the filesystem will be + scanned for viruses. A report of any found viruses will be + emailed to the administrator.]]> + + + LABEL_QUARANTINE + Quarantine infected files + + + LABEL_CLAM_VERSIONS + ClamAV and db versions + + + WEEKLY + Weekly + + + NEVER + Never + + + DAILY + Daily + + + SUCCESS + The new clamav antivirus settings have been saved. + + diff --git a/root/etc/e-smith/templates.metadata/etc/clamd.d/scan.conf b/root/etc/e-smith/templates.metadata/etc/clamd.d/scan.conf new file mode 100644 index 0000000..fb6ee57 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/clamd.d/scan.conf @@ -0,0 +1 @@ +PERMS=0644 \ No newline at end of file diff --git a/root/etc/e-smith/templates.metadata/etc/cron.d/clamav-update b/root/etc/e-smith/templates.metadata/etc/cron.d/clamav-update new file mode 100644 index 0000000..6f31d54 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/cron.d/clamav-update @@ -0,0 +1 @@ +DELETE=DELETE diff --git a/root/etc/e-smith/templates.metadata/etc/cron.daily/freshclam b/root/etc/e-smith/templates.metadata/etc/cron.daily/freshclam new file mode 100644 index 0000000..6f31d54 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/cron.daily/freshclam @@ -0,0 +1 @@ +DELETE=DELETE diff --git a/root/etc/e-smith/templates.metadata/etc/freshclam.conf b/root/etc/e-smith/templates.metadata/etc/freshclam.conf new file mode 100644 index 0000000..3709f0b --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/freshclam.conf @@ -0,0 +1 @@ +PERMS=0644 diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertBrokenExecutables b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertBrokenExecutables new file mode 100644 index 0000000..35dc8fb --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertBrokenExecutables @@ -0,0 +1 @@ +AlertBrokenExecutables {$clamav{AlertBrokenExecutables} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertEncrypted b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertEncrypted new file mode 100644 index 0000000..77e6808 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertEncrypted @@ -0,0 +1 @@ +AlertEncrypted { $clamav{AlertEncrypted} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertExceedsMax b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertExceedsMax new file mode 100644 index 0000000..8f6ee51 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertExceedsMax @@ -0,0 +1 @@ +AlertExceedsMax { $clamav{AlertExceedsMax} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertOLE2Macros b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertOLE2Macros new file mode 100644 index 0000000..305aba4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertOLE2Macros @@ -0,0 +1 @@ +AlertOLE2Macros { $clamav{AlertOLE2Macros} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPartitionIntersection b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPartitionIntersection new file mode 100644 index 0000000..14264ba --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPartitionIntersection @@ -0,0 +1 @@ +AlertPartitionIntersection { $clamav{AlertPartitionIntersection} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPhishingCloak b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPhishingCloak new file mode 100644 index 0000000..305945b --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPhishingCloak @@ -0,0 +1 @@ +AlertPhishingCloak {$clamav{AlertPhishingCloak} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPhishingSSLMismatch b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPhishingSSLMismatch new file mode 100644 index 0000000..8bb7866 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/AlertPhishingSSLMismatch @@ -0,0 +1 @@ +AlertPhishingSSLMismatch {$clamav{AlertPhishingSSLMismatch} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ConcurrentDatabaseReload b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ConcurrentDatabaseReload new file mode 100644 index 0000000..f5b5db5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ConcurrentDatabaseReload @@ -0,0 +1,4 @@ +# Enable for 0.103.x +# This takes a LOT more ram as it has have the DBs loaded twice +# Maybe we should check the memory limit before we allow enabling? +ConcurrentDatabaseReload { $clamav{ConcurrentDatabaseReload} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/DatabaseDirectory b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/DatabaseDirectory new file mode 100644 index 0000000..f27263c --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/DatabaseDirectory @@ -0,0 +1 @@ +DatabaseDirectory /var/lib/clamav diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/Debug b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/Debug new file mode 100644 index 0000000..72cd71b --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/Debug @@ -0,0 +1 @@ +Debug { $clamav{Debug} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/FixStaleSocket b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/FixStaleSocket new file mode 100644 index 0000000..65d0863 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/FixStaleSocket @@ -0,0 +1 @@ +FixStaleSocket yes diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/Foreground b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/Foreground new file mode 100644 index 0000000..b0f3b6a --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/Foreground @@ -0,0 +1 @@ +Foreground no diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/HeuristicAlerts b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/HeuristicAlerts new file mode 100644 index 0000000..82f3fb5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/HeuristicAlerts @@ -0,0 +1 @@ +HeuristicAlerts {$clamav{HeuristicAlerts} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/HeuristicScanPrecedence b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/HeuristicScanPrecedence new file mode 100644 index 0000000..31ee4b8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/HeuristicScanPrecedence @@ -0,0 +1 @@ +HeuristicScanPrecedence { $clamav{HeuristicScanPrecedence} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/IdleTimeout b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/IdleTimeout new file mode 100644 index 0000000..5ffcf45 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/IdleTimeout @@ -0,0 +1,4 @@ +{ +# Waiting for a new job will timeout after this time (seconds). + "IdleTimeout $clamav{IdleTimeout}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LeaveTemporaryFiles b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LeaveTemporaryFiles new file mode 100644 index 0000000..6ce2934 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LeaveTemporaryFiles @@ -0,0 +1 @@ +LeaveTemporaryFiles { $clamav{LeaveTemporaryFiles} || 'no' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LocalSocket b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LocalSocket new file mode 100644 index 0000000..52b2d58 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LocalSocket @@ -0,0 +1 @@ +LocalSocket /run/clamd/clamd.socket diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LocalSocketMode b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LocalSocketMode new file mode 100644 index 0000000..5c14b4f --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LocalSocketMode @@ -0,0 +1 @@ +LocalSocketMode 666 diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogClean b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogClean new file mode 100644 index 0000000..779b392 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogClean @@ -0,0 +1 @@ +LogClean { $clamav{LogClean} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogFile b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogFile new file mode 100644 index 0000000..df9c431 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogFile @@ -0,0 +1 @@ +LogFile /var/log/clamd/current diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogTime b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogTime new file mode 100644 index 0000000..f4b33d8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogTime @@ -0,0 +1 @@ +LogTime { $clamav{LogTime} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogVerbose b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogVerbose new file mode 100644 index 0000000..51b598f --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/LogVerbose @@ -0,0 +1 @@ +LogVerbose { $clamav{LogVerbose} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxConnectionQueueLength b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxConnectionQueueLength new file mode 100644 index 0000000..a724a5a --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxConnectionQueueLength @@ -0,0 +1,4 @@ +{ +# Maximum length the queue of pending connections may grow to. + "MaxConnectionQueueLength $clamav{MaxConnectionQueueLength}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxDirectoryRecursion b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxDirectoryRecursion new file mode 100644 index 0000000..c51f70c --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxDirectoryRecursion @@ -0,0 +1,4 @@ +{ +# Maximal depth directories are scanned at. + "MaxDirectoryRecursion $clamav{MaxDirectoryRecursion}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxFileSize b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxFileSize new file mode 100644 index 0000000..d5a4df6 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxFileSize @@ -0,0 +1,5 @@ +{ +# Files in archives larger than this limit won't be scanned. +# Value of 0 disables the limit. + "MaxFileSize $clamav{MaxFileSize}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxFiles b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxFiles new file mode 100644 index 0000000..0574b9e --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxFiles @@ -0,0 +1,5 @@ +{ +# Number of files to be scanned within an archive. +# Value of 0 disables the limit. + "MaxFiles $clamav{MaxFiles}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxRecursion b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxRecursion new file mode 100644 index 0000000..56aa537 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxRecursion @@ -0,0 +1,7 @@ +{ +# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR +# file, all files within it will also be scanned. This options specifies how +# deep the process should be continued. +# Value of 0 disables the limit. + "MaxRecursion $clamav{MaxRecursion}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxThreads b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxThreads new file mode 100644 index 0000000..e8b51f2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/MaxThreads @@ -0,0 +1,4 @@ +{ +# Maximal number of threads running at the same time. + "MaxThreads $clamav{MaxThreads}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/PidFile b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/PidFile new file mode 100644 index 0000000..e69bcfc --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/PidFile @@ -0,0 +1 @@ +PidFile /run/clamd/clamd.pid diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ReadTimeout b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ReadTimeout new file mode 100644 index 0000000..61bf0f7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ReadTimeout @@ -0,0 +1,5 @@ +{ +# Waiting for data from a client socket will timeout after this time (seconds). +# Value of 0 disables the timeout. + "ReadTimeout $clamav{ReadTimeout}"; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanArchive b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanArchive new file mode 100644 index 0000000..a3d023a --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanArchive @@ -0,0 +1 @@ +ScanArchive { $clamav{ScanArchive} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanHTML b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanHTML new file mode 100644 index 0000000..077010d --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanHTML @@ -0,0 +1 @@ +ScanHTML { $clamav{ScanHTML} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanMail b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanMail new file mode 100644 index 0000000..f867c38 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanMail @@ -0,0 +1 @@ +ScanMail { $clamav{ScanMail} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanOLE2 b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanOLE2 new file mode 100644 index 0000000..2d8f850 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanOLE2 @@ -0,0 +1 @@ +ScanOLE2 { $clamav{ScanOLE2} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanPE b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanPE new file mode 100644 index 0000000..853215a --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/ScanPE @@ -0,0 +1 @@ +ScanPE { $clamav{ScanPE} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/SelfCheck b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/SelfCheck new file mode 100644 index 0000000..75d8ca2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/SelfCheck @@ -0,0 +1,2 @@ +# Perform internal sanity check (database integrity and freshness). +SelfCheck { $clamav{SelfCheck} || '600' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/StreamMaxLength b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/StreamMaxLength new file mode 100644 index 0000000..f04fcea --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/StreamMaxLength @@ -0,0 +1,2 @@ +# Close the connection if this limit is exceeded. +StreamMaxLength { $clamav{StreamMaxLength} || '25M' } diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TCPAddr b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TCPAddr new file mode 100644 index 0000000..f42c9f8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TCPAddr @@ -0,0 +1,7 @@ +{ +# TCP address. +# By default we bind to INADDR_ANY, probably not wise. +# Enable the following to provide some degree of protection +# from the outside world. + $clamav{TCPAddr} ? "TCPAddr $clamav{TCPAddr}" : '#TCPAddr 127.0.0.1'; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TCPSocket b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TCPSocket new file mode 100644 index 0000000..6ef389e --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TCPSocket @@ -0,0 +1,4 @@ +{ +# TCP port address. + $clamav{TCPSocket} ? "TCPSocket $clamav{TCPSocket}" : '#TCPSocket 3310'; +} diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TemporaryDirectory b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TemporaryDirectory new file mode 100644 index 0000000..a3b7c6c --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/TemporaryDirectory @@ -0,0 +1 @@ +TemporaryDirectory /var/tmp diff --git a/root/etc/e-smith/templates/etc/clamd.d/scan.conf/User b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/User new file mode 100644 index 0000000..05c56d3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamd.d/scan.conf/User @@ -0,0 +1 @@ +User clamscan diff --git a/root/etc/e-smith/templates/etc/cron.daily/freshclam/10freshclam b/root/etc/e-smith/templates/etc/cron.daily/freshclam/10freshclam new file mode 100644 index 0000000..167e8c3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/cron.daily/freshclam/10freshclam @@ -0,0 +1,4 @@ +#! /bin/sh +# We do not run freshclam here, because an always-running supervised freshclam +# is used in SME Server +exit 0 diff --git a/root/etc/e-smith/templates/etc/crontab/clamav b/root/etc/e-smith/templates/etc/crontab/clamav new file mode 100644 index 0000000..abcf2d8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/crontab/clamav @@ -0,0 +1,14 @@ +{ + my $min = substr(gmtime,14,2); + + $OUT .= "\n"; + $OUT .= "# smeserver-clamscan filesystem scan\n"; + my $ScanFreq = $clamav{FilesystemScan} || 'disabled'; + if ($ScanFreq eq 'daily') { + $OUT .= $min."\t0\t*\t*\t*\troot\t/sbin/e-smith/smeserver-clamscan\n"; + } elsif ($ScanFreq eq 'weekly') { + $OUT .= $min."\t0\t*\t*\t6\troot\t/sbin/e-smith/smeserver-clamscan\n"; + } else { + $OUT .= "# disabled\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/Checks b/root/etc/e-smith/templates/etc/freshclam.conf/Checks new file mode 100644 index 0000000..16972b3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/Checks @@ -0,0 +1,3 @@ +{ + "Checks $clamav{Checks}"; +} diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/DNSDatabaseInfo b/root/etc/e-smith/templates/etc/freshclam.conf/DNSDatabaseInfo new file mode 100644 index 0000000..12cd7d5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/DNSDatabaseInfo @@ -0,0 +1,7 @@ +{ +# Use DNS to verify virus database version. Freshclam uses DNS TXT records +# to verify database and software versions. We highly recommend enabling +# this option. + "DNSDatabaseInfo $clamav{DNSDatabaseInfo}"; +} + diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseDirectory b/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseDirectory new file mode 100644 index 0000000..f27263c --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseDirectory @@ -0,0 +1 @@ +DatabaseDirectory /var/lib/clamav diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseMirror b/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseMirror new file mode 100644 index 0000000..42412fa --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseMirror @@ -0,0 +1,13 @@ +{ +# Uncomment the following line and replace XY with your country +# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. +# Default: There is no default, which results in an error when running freshclam + + $OUT = "DatabaseMirror $clamav{DatabaseMirror}\n"; + +# database.clamav.net is a round-robin record which points to our most +# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is +# not working. DO NOT TOUCH the following line unless you know what you +# are doing. + $OUT .= "DatabaseMirror database.clamav.net"; +} diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseOwner b/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseOwner new file mode 100644 index 0000000..2a6e2b2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/DatabaseOwner @@ -0,0 +1 @@ +DatabaseOwner clamupdate diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/Foreground b/root/etc/e-smith/templates/etc/freshclam.conf/Foreground new file mode 100644 index 0000000..b0f3b6a --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/Foreground @@ -0,0 +1 @@ +Foreground no diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/LogTime b/root/etc/e-smith/templates/etc/freshclam.conf/LogTime new file mode 100644 index 0000000..f4b33d8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/LogTime @@ -0,0 +1 @@ +LogTime { $clamav{LogTime} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/LogVerbose b/root/etc/e-smith/templates/etc/freshclam.conf/LogVerbose new file mode 100644 index 0000000..51b598f --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/LogVerbose @@ -0,0 +1 @@ +LogVerbose { $clamav{LogVerbose} || 'yes' } diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/MaxAttempts b/root/etc/e-smith/templates/etc/freshclam.conf/MaxAttempts new file mode 100644 index 0000000..75ecbd3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/MaxAttempts @@ -0,0 +1,4 @@ +{ +# How many attempts to make before giving up. + "MaxAttempts $clamav{MaxAttempts}"; +} diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/NotifyClamd b/root/etc/e-smith/templates/etc/freshclam.conf/NotifyClamd new file mode 100644 index 0000000..45cd096 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/NotifyClamd @@ -0,0 +1 @@ +NotifyClamd /etc/clamd.d/scan.conf diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/OnErrorExecute b/root/etc/e-smith/templates/etc/freshclam.conf/OnErrorExecute new file mode 100644 index 0000000..db078ef --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/OnErrorExecute @@ -0,0 +1 @@ +OnErrorExecute "/sbin/e-smith/freshclam-update-failed" diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/OnUpdateExecute b/root/etc/e-smith/templates/etc/freshclam.conf/OnUpdateExecute new file mode 100644 index 0000000..1be5eaf --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/OnUpdateExecute @@ -0,0 +1 @@ +OnUpdateExecute "/sbin/e-smith/freshclam-update-ok" diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/ProxySettings b/root/etc/e-smith/templates/etc/freshclam.conf/ProxySettings new file mode 100644 index 0000000..27e19ba --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/ProxySettings @@ -0,0 +1,14 @@ +{ +# Proxy settings + + $OUT = ''; + + for ( qw(Server Port Username Password) ) + { + my $name = "HTTPProxy$_"; + + next unless $clamav{$name}; + + $OUT .= "$name $clamav{$name}\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/freshclam.conf/UpdateLogFile b/root/etc/e-smith/templates/etc/freshclam.conf/UpdateLogFile new file mode 100644 index 0000000..dd43aa2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/freshclam.conf/UpdateLogFile @@ -0,0 +1 @@ +UpdateLogFile /var/log/freshclam/current diff --git a/root/etc/e-smith/templates/etc/logrotate.d/clamav-update/emptyfile b/root/etc/e-smith/templates/etc/logrotate.d/clamav-update/emptyfile new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/templates/etc/logrotate.d/clamd/clamd.logrotate b/root/etc/e-smith/templates/etc/logrotate.d/clamd/clamd.logrotate new file mode 100644 index 0000000..63ba559 --- /dev/null +++ b/root/etc/e-smith/templates/etc/logrotate.d/clamd/clamd.logrotate @@ -0,0 +1,10 @@ +# + /var/log/clamd/current \{ + monthly + notifempty + missingok + + postrotate + /bin/kill -HUP `cat /var/run/clamd/clamd.pid 2> /dev/null` 2> /dev/null || true + endscript +\} diff --git a/root/etc/e-smith/templates/etc/logrotate.d/freshclam/freshclamd.logrotate b/root/etc/e-smith/templates/etc/logrotate.d/freshclam/freshclamd.logrotate new file mode 100644 index 0000000..1ac95fc --- /dev/null +++ b/root/etc/e-smith/templates/etc/logrotate.d/freshclam/freshclamd.logrotate @@ -0,0 +1,8 @@ +/var/log/freshclam/current \{ + monthly + notifempty + missingok + postrotate + systemctl try-restart freshclam.service + endscript +\} diff --git a/root/etc/e-smith/templates/usr/lib/systemd/system/clamd.service.d/50koozali.conf/40service b/root/etc/e-smith/templates/usr/lib/systemd/system/clamd.service.d/50koozali.conf/40service new file mode 100644 index 0000000..7b6cb9b --- /dev/null +++ b/root/etc/e-smith/templates/usr/lib/systemd/system/clamd.service.d/50koozali.conf/40service @@ -0,0 +1,7 @@ +[Service] +{ + # memory limit to catch any memory leak before it kills the system + $OUT .= "MemoryLimit="; + $OUT .= ($clamd{MemLimit} > "1610612736") ? $clamd{MemLimit} : "1610612736"; +} + diff --git a/root/etc/e-smith/templates/usr/lib/tmpfiles.d/clamd.conf/clamd.conf b/root/etc/e-smith/templates/usr/lib/tmpfiles.d/clamd.conf/clamd.conf new file mode 100644 index 0000000..4eb2b5f --- /dev/null +++ b/root/etc/e-smith/templates/usr/lib/tmpfiles.d/clamd.conf/clamd.conf @@ -0,0 +1 @@ +d /run/clamd 0755 clamscan virusgroup diff --git a/root/etc/e-smith/web/functions/clamav b/root/etc/e-smith/web/functions/clamav new file mode 100644 index 0000000..b2f1251 --- /dev/null +++ b/root/etc/e-smith/web/functions/clamav @@ -0,0 +1,145 @@ +#!/usr/bin/perl -wT + +# vim: ft=xml ts=8 sw=4 noet: +#---------------------------------------------------------------------- +# heading : Configuration +# description : Antivirus (ClamAV) +# navigation : 6000 6720 +# +# copyright (C) 2004 Shad L. Lords +# Copyright (C) 2005 Gordon Rowell +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License or more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +use strict; +use esmith::FormMagick::Panel::clamav; +my $f = esmith::FormMagick::Panel::clamav->new(); +$f->display(); + +__DATA__ +
+ + + + + DESC_FILESYSTEM_SCAN_PERIOD + + + + + + + + + + + + DESC_SECTIONBAR + + + + + DESC_UPDATE_HOURS + + + + + + + + + + + + DESC_SECTIONBAR + + + + + DESC_PROXY_SERVER + + + + + + + + + + + + + + + + + +
diff --git a/root/etc/yum/post-actions/clamd.action b/root/etc/yum/post-actions/clamd.action new file mode 100644 index 0000000..39ceb81 --- /dev/null +++ b/root/etc/yum/post-actions/clamd.action @@ -0,0 +1,7 @@ +#action to avoid freshclam from cron +clamav-update:any:/usr/bin/rm -f /etc/cron.d/clamav-update +#old freshclam +clam*:any:/usr/bin/rm -f /etc/cron.daily/freshclam +#avoid config not needed +clamav-filesystem:any:/sbin/e-smith/expand-template /etc/clamd.d/scan.conf +clamav-update:any:/sbin/e-smith/expand-template /etc/logrotate.d/clamav-update diff --git a/root/run/clamd/.gitignore b/root/run/clamd/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/sbin/clamdscan b/root/sbin/clamdscan new file mode 100644 index 0000000..d22735e --- /dev/null +++ b/root/sbin/clamdscan @@ -0,0 +1,18 @@ +#!/bin/bash +# wrapper for clamdscan to force the --fdpass parameter to avoir failure because of +# no permission to access +allargs=$@ +toadd=" --fdpass " +#parse args +while [ "$#" -gt 0 ]; do + case "$1" in + --fdpass) toadd="" ;; + --stream) toadd="" ;; + esac + shift +done + + +#we return to systemd systemctl command unless this is one of the command we want to handle +/usr/bin/clamdscan $toadd ${allargs[*]} + diff --git a/root/sbin/e-smith/freshclam-update-failed b/root/sbin/e-smith/freshclam-update-failed new file mode 100644 index 0000000..2553525 --- /dev/null +++ b/root/sbin/e-smith/freshclam-update-failed @@ -0,0 +1,29 @@ +#!/bin/sh +#---------------------------------------------------------------------- +# Copyright (C) 2005 Gordon Rowell +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License or more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +ServerHostName=$(/sbin/e-smith/db configuration get SystemName) +DomainName=$(/sbin/e-smith/db configuration get DomainName) + +/usr/bin/tac /var/log/freshclam/current | \ + /bin/sed -n '/Downloading/d;1,/process started/p;/process started/q' | \ + /usr/bin/tac | \ + /usr/local/bin/tai64nlocal | \ + /bin/mail -s "freshclam: Update failed on $ServerHostName.$DomainName" admin + +exit 0 diff --git a/root/sbin/e-smith/freshclam-update-ok b/root/sbin/e-smith/freshclam-update-ok new file mode 100644 index 0000000..8c0e7cf --- /dev/null +++ b/root/sbin/e-smith/freshclam-update-ok @@ -0,0 +1,23 @@ +#!/bin/sh +#---------------------------------------------------------------------- +# Copyright (C) 2005 Gordon Rowell +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License or more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +#tac /var/log/freshclam/current | sed -n '/Downloading/d;1,/process started/p;/process started/q' | tac | tai64nlocal | \ +# mail -s 'freshclam: Virus patterns updated' admin + +exit 0 diff --git a/root/sbin/e-smith/smeserver-clamscan b/root/sbin/e-smith/smeserver-clamscan new file mode 100644 index 0000000..2263733 --- /dev/null +++ b/root/sbin/e-smith/smeserver-clamscan @@ -0,0 +1,71 @@ +#!/usr/bin/perl -w +#---------------------------------------------------------------------- +# Clam Antivirus virus scanner filesystem scanning. +# +# copyright (C) 2004 Shad L. Lords +# Copyright (C) 2005 Gordon Rowell +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License or more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +use strict; +use esmith::ConfigDB; + +my $db = esmith::ConfigDB->open_ro or die "Couldn't open ConfigDB"; + +my $filesystems = $db->get_prop("clamav", "FilesystemScanFilesystems") || '/'; + +my $MailReport = $db->get_prop("clamav", "FilesystemScanReportTo") || 'admin'; + +my $clamscan_opts = " --recursive --infected --stdout" . + " --log /var/log/clamd/clamscan.log"; + +my $quarantine_dir = $db->get_prop("clamav", "QuarantineDirectory") || + "/var/spool/clamav/quarantine"; + +my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || + "/proc,/sys,/usr/share/doc"); + +push @exclude, $quarantine_dir; + +$clamscan_opts .= " --exclude=$_" for (@exclude); + +$clamscan_opts .= " --no-html" + if ($db->get_prop("clamav", "ScanHTML") || "yes") eq "no"; + +$clamscan_opts .= " --no-mail" + if ($db->get_prop("clamav", "ScanMail") || "yes") eq "no"; + +$clamscan_opts .= " --move=$quarantine_dir" + if ($db->get_prop("clamav", "Quarantine") || "disabled") eq "enabled"; + +$clamscan_opts .= " --official-db-only=yes" + if ($db->get_prop("clamav", "FilesystemScanUnofficialSigs") || 'no') ne "yes"; + +open CLAMSCAN, "-|", "nice /usr/bin/clamscan $clamscan_opts $filesystems 2> /var/log/clamd/smeserver-clamscan.log"; + +my @report = ; +close CLAMSCAN; + +my $hostname = $db->get_value("SystemName") . "." . + $db->get_value("DomainName"); + +my $date = localtime; + +open MAIL, "| /bin/mail " . + "-s \"[$hostname] Clam Antivirus Scan Results - $date\" $MailReport"; + +print MAIL @report; +close MAIL; diff --git a/root/usr/lib/systemd/system/clamd.service b/root/usr/lib/systemd/system/clamd.service new file mode 100644 index 0000000..c3306e4 --- /dev/null +++ b/root/usr/lib/systemd/system/clamd.service @@ -0,0 +1,20 @@ +[Unit] +# New service file specifically for SME +# Copied from clamav install file +Description=clamd scanner (%i) daemon +Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ +After=syslog.target nss-lookup.target network.target + +[Service] +Type = forking +ExecStartPre=/sbin/e-smith/service-status clamd +ExecStartPre=-/sbin/e-smith/expand-template /etc/clamd.d/scan.conf +ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf +# Reload the database +ExecReload=/bin/kill -USR2 $MAINPID +Restart=on-failure +TimeoutStartSec=420 + +[Install] +WantedBy=sme-server.target + diff --git a/root/usr/lib/systemd/system/clamd.service.d/.gitignore b/root/usr/lib/systemd/system/clamd.service.d/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/usr/lib/systemd/system/clamd@.service.d/51koozali.conf b/root/usr/lib/systemd/system/clamd@.service.d/51koozali.conf new file mode 100644 index 0000000..34e01f4 --- /dev/null +++ b/root/usr/lib/systemd/system/clamd@.service.d/51koozali.conf @@ -0,0 +1,5 @@ +[Service] +# we do not allow mulitple instance on Koozali SME Server +ExecStart= +ExecStart=/bin/false + diff --git a/root/usr/lib/systemd/system/freshclam.service b/root/usr/lib/systemd/system/freshclam.service new file mode 100644 index 0000000..53c5e98 --- /dev/null +++ b/root/usr/lib/systemd/system/freshclam.service @@ -0,0 +1,19 @@ +[Unit] +Description=ClamAV virus database updater +Documentation=man:freshclam(1) man:freshclam.conf(5) https://www.clamav.net/documents + +# Note we have /etc/cron.d/clamav-update ? +# If user wants it run from cron, don't start the daemon. +ConditionPathExists=!/etc/cron.d/clamav-freshclam +Wants=network-online.target +After=network-online.target + +[Service] +Type=forking +ExecStartPre=/sbin/e-smith/service-status freshclam +ExecStart=/usr/bin/freshclam -d --config-file=/etc/freshclam.conf +Restart=on-failure +StandardOutput=syslog + +[Install] +WantedBy=sme-server.target diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/clamav.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/clamav.pm new file mode 100644 index 0000000..9e133c0 --- /dev/null +++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/clamav.pm @@ -0,0 +1,194 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2004 Shad L. Lords +# Copyright (C) 2005 Gordon Rowell +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +package esmith::FormMagick::Panel::clamav; + +use strict; +use esmith::ConfigDB; +use esmith::FormMagick; +use CGI::FormMagick::TagMaker; +use esmith::util; +use esmith::cgi; +use File::Basename; +use File::stat; +use Exporter; +use Carp; + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw( + get_prop get_value + change_settings domain_name_or_ip portnumber + ); + +our $VERSION = sprintf '%d.%03d', q$Revision: 1.3 $ =~ /: (\d+).(\d+)/; +our $db = esmith::ConfigDB->open +|| warn "Couldn't open configuration database (permissions problems?)"; + +=pod + +=head1 NAME + +esmith::FormMagick::Panels::clamav - useful panel functions + +=head1 SYNOPSIS + +use esmith::FormMagick::Panels::clamav; + +my $panel = esmith::FormMagick::Panel::clamav->new(); +$panel->display(); + +=head1 DESCRIPTION + +=cut + +=head2 new(); + +Exactly as for esmith::FormMagick + +=cut + +sub new { + shift; + my $self = esmith::FormMagick->new(); + $self->{calling_package} = (caller)[0]; + bless $self; + return $self; +} + +=head2 get_prop ITEM PROP + +A simple accessor for esmith::ConfigDB::Record::prop + +=cut + +sub get_prop { + my ($fm, $item, $prop, $default) = @_; + warn "You must specify a record key" unless $item; + warn "You must specify a property name" unless $prop; + my $record = $db->get($item) or warn "Couldn't get record for $item"; + my $value = $record ? $record->prop($prop) : undef; + return defined $value ? $value : $default; +} + +=head2 get_value ITEM + +A simple accessor for esmith::ConfigDB::Record::value + +=cut + +sub get_value { + my ($fm,$item,$default) = @_; + my $record = $db->get($item) or warn "Couldn't get record for $item"; + my $value = $record ? $record->value() : undef; + return defined $value ? $value : $default; +} + +sub change_settings { + my ($fm) = @_; + my $q = $fm->{'cgi'}; + + my $status = $q->param('status'); + + my $FilesystemScan = ( $q->param('FilesystemScan') || 'disabled' ); + my $Quarantine = ( $q->param('Quarantine') || 'disabled' ); + + my $DatabaseMirror = ( $q->param('DatabaseMirror') || 'db.us.clamav.net' ); + my $UpdateOfficeHrs = ( $q->param('UpdateOfficeHrs') || 'disabled' ); + my $UpdateNonOfficeHrs = ( $q->param('UpdateNonOfficeHrs') || 'disabled' ); + my $UpdateWeekend = ( $q->param('UpdateWeekend') || 'disabled' ); + + my $HTTPProxyServer = ( $q->param('HTTPProxyServer') || '' ); + my $HTTPProxyPort = ( $q->param('HTTPProxyPort') || '' ); + my $HTTPProxyUsername = ( $q->param('HTTPProxyUsername') || '' ); + my $HTTPProxyPassword = ( $q->param('HTTPProxyPassword') || '' ); + + my $clamav = $db->get('clamav') || $db->new_record('clamav', {type=>'service'}); + $status ||= $clamav->prop('status'); + + $clamav->merge_props( + status => $status, + FilesystemScan => $FilesystemScan, + Quarantine => $Quarantine, + DatabaseMirror => $DatabaseMirror, + UpdateOfficeHrs => $UpdateOfficeHrs, + UpdateNonOfficeHrs => $UpdateNonOfficeHrs, + UpdateWeekend => $UpdateWeekend, + HTTPProxyServer => $HTTPProxyServer, + HTTPProxyPort => $HTTPProxyPort, + HTTPProxyUsername => $HTTPProxyUsername, + HTTPProxyPassword => $HTTPProxyPassword, + ); + + return $fm->error('ERROR_UPDATING_CONFIGURATION') + unless ( system( "/sbin/e-smith/signal-event", "clamav-update" ) == 0 ); + + $fm->success('SUCCESS'); +} + +sub get_clam_versions +{ + my ($fm) = @_; + + my $version = `/usr/bin/freshclam -V`; + chomp $version; + $version =~ s/^ClamAV //; + + return $version; +} + +sub domain_name_or_ip { + my ($fm, $data) = @_; + + return 'OK' unless $data; + my $response = $fm->domain_name($data); + $response = $fm->ip_number($data) unless ($response eq 'OK'); + $response = 'INVALID_PROXY_SERVER' unless ($response eq 'OK'); + return $response; +} + +sub portnumber +{ + my ($fm, $data) = @_; + + return 'OK' unless $data; + my $response = $fm->number($data); + $response = 'INVALID_PORT_NUMBER' unless ($response eq 'OK'); + return $response; +} + +sub show_proxy_settings +{ + my ($fm, $data) = @_; + + return (($db->get_prop("clamav", "ShowProxySettings") || "no") eq "yes"); +} + +sub show_update_settings +{ + my ($fm, $data) = @_; + + return (($db->get_prop("clamav", "ShowUpdateSettings") || "no") eq "yes"); +} + +1; + + diff --git a/root/var/log/clamd/.gitignore b/root/var/log/clamd/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/log/freshclam/.gitignore b/root/var/log/freshclam/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/spool/clamav/quarantine/.gitignore b/root/var/spool/clamav/quarantine/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/smeserver-clamav.spec b/smeserver-clamav.spec new file mode 100644 index 0000000..4132b6e --- /dev/null +++ b/smeserver-clamav.spec @@ -0,0 +1,484 @@ +# $Id: smeserver-clamav.spec,v 1.20 2022/11/22 20:23:59 jpp Exp $ + +Summary: SME Server module to configure clamav +%define name smeserver-clamav +Name: %{name} +%define version 2.7.0 +%define release 17 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: System Environment/Base +Source: %{name}-%{version}.tar.xz + +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +Requires: e-smith-lib +Requires: e-smith-base >= 5.8.0-63 +Requires: clamav >= 0.103 +Requires: clamd >= 0.103 +Requires: clamav-data +Requires: clamav-update +Requires: e-smith-formmagick >= 1.4.0-12 +Requires: smeserver-spamassassin >= 2.7.0 +Provides: e-smith-clamav +Obsoletes: e-smith-clamav +Obsoletes: e-smith-antivirus +Obsoletes: clamav-es +Obsoletes: clamav-es-libs +BuildRequires: e-smith-devtools + +%description +SME Server enhancement to configure and run clamd and freshclam + +%changelog +* Mon Jul 10 2023 cvs2git.sh aka Brian Read 2.7.0-17.sme +- Roll up patches and move to git repo [SME: 12338] + +* Mon Jul 10 2023 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Tue Nov 22 2022 Jean-Philippe Pialasse 2.7.0-16.sme +- review post-actions [SME: 12184] + +* Wed May 04 2022 Zsolt Vasarhelyi 2.7.0-15.sme +- logrotate clamd keeps logging to old log [SME: 11963] + +* Mon Mar 14 2022 Jean-Philippe Pialasse 2.7.0-14.sme +- remove default property ArchiveBlockEncrypted [SME: 11695] + +* Sat Jan 01 2022 Terry Fage 2.7.0-13.sme +- fix property name error 2.7.0-12.sme [SME: 11695] + +* Mon Dec 20 2021 Jean-Philippe Pialasse 2.7.0-12.sme +- fix spec file error 2.7.0-11.sme [SME: 11474] + +* Mon Dec 20 2021 Jean-Philippe Pialasse 2.7.0-11.sme +- rename property ArchiveBlockEncrypted to AlertEncrypted as per upstream [SME: 11695] + added properties AlertBrokenExecutables AlertExceedsMax AlertOLE2Macros + AlertPartitionIntersection AlertPhishingCloak and AlertPhishingSSLMismatch + with default no + added property HeuristicAlerts with default yes +- fix noise on centos2sme [SME: 11474] + +* Mon Nov 15 2021 Jean-Philippe Pialasse 2.7.0-10.sme +- identify from which server is freshclam error [SME: 11755] + fix from Graeme Fleming + +* Wed Jun 09 2021 Jean-Philippe Pialasse 2.7.0-9.sme +- fix typo in logrotate [SME: 11608] + +* Sun Apr 18 2021 Jean-Philippe Pialasse 2.7.0-8.sme +- fix typo and missing +x [SME: 11520] + +* Wed Apr 07 2021 Jean-Philippe Pialasse 2.7.0-6.sme +- fix issues with non epel standard scan.conf [SME: 11520] + move clamd.conf to scan.conf + remove alias for clamtop + add a wrapper for clamdscan to force --fdpass + +* Fri Jan 08 2021 Jean-Philipe Pialasse 2.7.0-5.sme +- ease use of clamdtop [SME: 11313] + +* Wed Jan 06 2021 Jean-Philipe Pialasse 2.7.0-4.sme +- fix Transaction check error [SME: 11311] + +* Sat Jan 02 2021 Jean-Philipe Pialasse 2.7.0-2.sme +- add pid folder /run/clamd/ [SME: 11103] + few improvements +- create update event [SME: 11162] + +* Wed Dec 16 2020 John Crisp 2.7.0-1 +- Updated to use 0.103+ from EPEL [SME: 11194] +- Updated to use systemd for clamd [SME: 11103] +- Updated to use systemd for freshclam [SME: 11104] + +* Tue Nov 26 2019 Jean-Philipe Pialasse 2.6.0-4.sme +- increase lower memory limit to 1GB [SME: 10833] + +* Thu Oct 24 2019 Jean-Philipe Pialasse 2.6.0-3.sme +- fix for AllowSupplementaryGroups warning [SME: 10813] + thanks to bunkobugsy + +* Thu May 12 2016 Daniel Berteaud 2.6.0-2.sme +- Rebuild for [SME: 9393] + +* Sat Feb 06 2016 stephane de Labrusse 2.6.0-1.sme +- Initial release to sme10 + +* Tue Dec 1 2015 Daniel Berteaud 2.4.0-5.sme +- Disable unofficial sigs for filesystem scans [SME: 9142] + +* Tue Sep 8 2015 Daniel Berteaud 2.4.0-4.sme +- Double the memory limit as we do not have enough room [SME: 8933] + +* Thu Jul 3 2014 Ian Wells 2.4.0-3.sme +- Increase MemLimit to 700M for clamav-0.98 [SME: 8483] + +* Mon Jul 8 2013 Chris Burnat 2.4.0-2.sme +- Move clamscan scheduling to complete before 99-raid-check [SME: 7758] + +* Thu Jan 31 2013 Shad L. Lords 2.4.0-1.sme +- Roll new stream for sme9 + +* Mon Jun 14 2010 Ian Wells 2.2.0-12.sme +- Re-work patch to improve and document template [SME: 6011] + +* Sat Jun 5 2010 Ian Wells 2.2.0-11.sme +- template /etc/cron.daily/freshclam, and make it a NO-OP [SME: 6011] + +* Sun Apr 18 2010 Jonathan Martens 2.2.0-10.sme +- Increase MemLimit to 600M for clamav-0.96 [SME: 5868] + +* Fri Apr 02 2010 Filippo Carletti 2.2.0-9.sme +- Increase MemLimit to 300M for clamav-0.96 [SME: 5868] + +* Sat Feb 6 2010 Stephen Noble 2.2.0-8.sme +- Setup logrotate for /var/log/clamd/clamscan.log [SME: 5570] + +* Fri Nov 6 2009 Jonathan Martens 2.2.0-7.sme +- Remove create option from logrotate configuration [SME: 5570] +- Fix version number in previous changelog entry + +* Fri Nov 6 2009 Jonathan Martens 2.2.0-6.sme +- Setup logrotate for /var/log/clamd/smeserver-clamscan.log [SME: 5570] +- Minor changelog fixes in version number + +* Wed Nov 4 2009 Jonathan Martens 2.2.0-5.sme +- Change default value for HeuristicScanPrecedence to yes [SME: 5204] + +* Tue Jun 2 2009 Shad L. Lords 2.2.0-4.sme +- Fix permissions on freshclam.conf file [SME: 5319] + +* Mon Apr 13 2009 Jonathan Martens 2.2.0-3.sme +- Add HeuristicScanPrecedence option, default disabled [SME: 4598] + +* Thu Nov 27 2008 Stephen Noble 2.2.0-2.sme +- Obsolete e-smith-antivirus [SME: 4786] + +* Tue Oct 7 2008 Shad L. Lords 2.2.0-1.sme +- Roll new stream to separate sme7/sme8 trees [SME: 4633] + +* Mon Sep 22 2008 Stephen Noble 1.2.0-26 +- Remove obsolete locale tags [SME: 4235] + +* Sun Aug 10 2008 Shad L. Lords 1.2.0-25 +- Remove links to crontab in all but clamav-update [SME: 4494] + +* Wed Apr 30 2008 Jonathan Martens 1.2.0-24 +- Remove any /etc/cron.d/clamav file. We moved the content to /etc/crontab + [SME: 1047], but we need to remove any leftover file from earlier template + expansion, which, if present, could cause the nightly file scanning to be + run twice. [SME: 4266] + +* Sun Apr 27 2008 Jonathan Martens 1.2.0-23 +- Add common tags to e-smith-formmagick's general [SME: 4288] + +* Fri Apr 25 2008 Charlie Brady 1.2.0-22 +- Add Obsoletes headers to force removal of clamav-es and + clamav-es-libs. [SME 4167] + +* Fri Apr 18 2008 Shad L. Lords 1.2.0-21 +- Update defaults for clamav 0.93 [SME: 4223] + +* Fri Apr 18 2008 Jonathan Martens 1.2.0-20 +- Move cron template from cron.d to crontab [SME: 1047] + +* Tue Mar 18 2008 Shad L. Lords 1.2.0-19 +- Fix clamav version string [SME: 4060] + +* Wed Feb 13 2008 Stephen Noble 1.2.0-18 +- Remove tags now in general [SME: 3915] + +* Sun Feb 10 2008 Stephen Noble 1.2.0-17 +- Remove duplicate entries [SME: 3890] + +* Mon Jan 07 2008 Stephen Noble 1.2.0-16 +- Cosmetic removal of word entire on panel [SME: 3483] + +* Thu Sep 06 2007 Filippo Carletti 1.2.0-15 +- Fix freshclam.conf permissions [SME: 3375] + +* Fri Jun 08 2007 Charlie Brady 1.2.0-14 +- Use full paths in update-failed script - tai64nlocal was not + being found in $PATH. [SME: 1686] + +* Sun Apr 29 2007 Shad L. Lords +- Clean up spec so package can be built by koji/plague + +* Wed Apr 18 2007 Shad L. Lords 1.2.0-13 +- Up memory limit for clamd again [SME: 2743] + +* Wed Feb 21 2007 Shad L. Lords 1.2.0-12 +- Up memory limit for clamd [SME: 2528] + +* Wed Feb 14 2007 Shad L. Lords 1.2.0-11 +- Update for clamav v0.90 [SME: 2508] + +* Tue Feb 13 2007 Shad L. Lords 1.2.0-10 +- Improve algorithm for displaying errors [SME: 1686] + +* Mon Feb 12 2007 Shad L. Lords 1.2.0-9 +- Improve sed expression for freshclam failures [SME: 1686] + +* Mon Feb 12 2007 Shad L. Lords 1.2.0-8 +- Allow clamav to read freshclam update log [SME: 1686] + +* Fri Jan 26 2007 Shad L. Lords 1.2.0-7 +- Provide more feedback on freshclam events [SME: 1686] + +* Wed Dec 13 2006 Federico Simoncelli 1.2.0-6 +- Added support for options: max-ratio, no-html, no-mail. [SME: 2024] +- Redirected the stderr output to /var/log/clamd/smeserver-clamscan.log. + [SME: 2004] + +* Thu Dec 07 2006 Shad L. Lords +- Update to new release naming. No functional changes. +- Make Packager generic + +* Wed Nov 29 2006 Gordon Rowell 1.2.0-04 +- Restrict filesystem scan to /home/e-smith/files by default [SME: 2082] + +* Sun Aug 27 2006 Charlie Brady 1.2.0-03 +- Fix --exclude arg syntax. [SME: 1889] + +* Fri Jun 16 2006 Gordon Rowell 1.2.0-02 +- Fix typo in ArchiveBlockEntrypted [SME: 1584] + +* Wed Mar 15 2006 Charlie Brady 1.2.0-01 +- Roll stable stream version. [SME: 1016] + +* Tue Mar 14 2006 Gordon Rowell 1.1.2-10 +- Restart crond in clamav-update so cron notices cron.d/clamav [SME: 966] + +* Wed Feb 8 2006 Gavin Weight 1.1.2-09 +- Added migrate fragment for clamav DatabaseMirror. [SME: 83] + +* Fri Jan 27 2006 Gordon Rowell 1.1.2-08 +- Bump release number to ensure patch is in CVS + +* Wed Jan 18 2006 Gordon Rowell 1.1.2-07 +- Expand MEMLIMIT in bootstrap-console-save (and don't attempt to + restart the service there) + +* Wed Jan 18 2006 Gordon Rowell 1.1.2-06 +- Change back to softlimit -a [SME: 426] + +* Wed Jan 18 2006 Gordon Rowell 1.1.2-05 +- Set db default for clamd{MemLimit}==80M and use it in the run script +- Expand templates in events rather than run file [SME: 426] + +* Mon Oct 17 2005 Gordon Rowell 1.1.2-04 +- Fix typos in smeserver-clamscan [SF: 1304217] + +* Fri Oct 14 2005 Gordon Rowell 1.1.2-03 +- Move all L10Ns to smeserver-locale [SF: 1309520] + +* Mon Sep 26 2005 Gordon Rowell 1.1.2-02 +- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266] + +* Mon Sep 26 2005 Gordon Rowell 1.1.2-01 +- Roll patches to 1.1.1-06 +- Add German L10N + +* Mon Sep 26 2005 Gordon Rowell 1.1.1-06 +- Exclude /var and all of /usr/share (not just /usr/share/doc) from + filesystem scan [SF: 1304217] + +* Fri Sep 23 2005 Gordon Rowell 1.1.1-05 +- French L10N fixes [SF: 1242586] + +* Sat Aug 20 2005 Gordon Rowell 1.1.1-04 +- French L10N - Merci Didier Rambeau [SF: 1242586] + +* Sat Aug 20 2005 Gordon Rowell 1.1.1-03 +- Don't scan quarantine area, even if quarantining is disabled [SF: 1245655] + +* Fri Aug 19 2005 Charlie Brady 1.1.1-02 +- Add Provides: header, to satisfy any package which requires defunct + e-smith-clamav. + +* Thu Aug 18 2005 Gordon Rowell +- [1.1.1-01] +- Package renamed to smeserver-clamav [SF: 1263460] + +* Thu Aug 18 2005 Gordon Rowell +- [1.1.0-08sme02] +- Rename /sbin/e-smith/clamscan to smeserver-clamscan [SF: 1263460] + +* Thu Aug 18 2005 Gordon Rowell +- [1.1.0-08sme01] +- Disable quarantining by default, add panel toggle [SF: 1245655] + +* Tue Aug 9 2005 Gordon Rowell +- [1.1.0-08] +- Add --move=$clamav{QuarantineDirectory} to clamscan, + exclude directory from being scanned, add database default + and set permissions in spec file [SF: 1245655] + +* Thu Aug 4 2005 Charlie Brady +- [1.1.0-07] +- Remove freshclam runs from clamav crontab template - we + now run supervised freshclam instance. [SF: 1251944] + +* Thu Aug 4 2005 Shad Lords +- [1.1.0-06] +- Include db entry to exclude /proc, /sys and + /usr/share/doc from scans [SF: 1243741, 1243831] + +* Wed Jul 27 2005 Gordon Rowell +- [1.1.0-05] +- Exclude /proc, /sys and /usr/share/doc from scans + [SF: 1243741, 1243831] +- Run freshclam with --quiet instead of --verbose [SF: 1245602] + +* Fri Jul 22 2005 Charlie Brady +- [1.1.0-04] +- Fix typo in en-us lexicon. [SF: 1242585] + +* Mon May 30 2005 Charlie Brady +- [1.1.0-03] +- Fix last-updated section and labels [Gordon: SF-1200428] + +* Tue May 17 2005 Charlie Brady +- [1.1.0-02] +- Add clamav-update event directory. +- Modify some of the panel code to avoid logging of multiple db property + transactions. + +* Fri May 13 2005 Gordon Rowell +- [1.1.0-01gr06] +- Read the timestamp of the clamav database files in the panel + to show the last updated time [SF:1200428] +- Change /sbin/e-smith/freshclam-update-ok to /bin/sh, with no + content. +- TODO: make the update mails configurable + +* Fri May 6 2005 Gordon Rowell +- [1.1.0-01gr05] +- And hide the sections + +* Fri May 6 2005 Gordon Rowell +- [1.1.0-01gr04] +- Fix up section bars + +* Fri May 6 2005 Gordon Rowell +- [1.1.0-01gr03] +- Removed the qmailscan_integration part of the panel +- Removed the database mirror select box. Anyone who isn't + satisfied with using db.local.clamav.net can set the hostname + in the database directly. +- Hid the updates and proxy sections, based on + $clamav{ShowProxySection} and $clamav{ShowUpdatesSection} + - Panel looks rather bare now +- Read the last updated date from $clamav{SignaturesUpdated} +- Modified /sbin/e-smith/freshclam-update-ok to set the above value +- Morphed /etc/clamscan template into /sbin/e-smith/clamscan, + which can read the db directly. + +* Fri May 6 2005 Gordon Rowell +- [1.1.0-01gr02] +- Use db.local.clamav.net by default (rather than db.us). + +* Fri May 6 2005 Gordon Rowell +- [1.1.0-01gr01] +- Bump version to 1.1.0-01gr01 to upgrade over Shad's 1.0.0 +- Roll new tarball after major merge of Shad's work. + +* Fri May 6 2005 Gordon Rowell +- [0.0.1-06gr02] +- Cleaned up patch and startup symlinks + +* Fri May 6 2005 Gordon Rowell +- [0.0.1-06gr01] +- Merge in Shad Lords' e-smith-spamassassin work (based in part + on work from Damien Curtain) and panel +- Moved freshclam run script options to database defaults +- Created /sbin/e-smith/freshclam-update-{failed,ok} + +* Tue Apr 19 2005 Charlie Brady +- [0.0.1-06] +- Add missing log directories. + +* Tue Apr 19 2005 Charlie Brady +- [0.0.1-05] +- Don't start freshclam or clamd until after bootstrap-console. +- Move all symlink creation into createlinks script. + +* Mon Mar 21 2005 Charlie Brady +- [0.0.1-04] +- Fix data directory in freshclam configuration. + +* Fri Feb 18 2005 Charlie Brady 0.0.1-03 +- Config fixes for clamav-0.83 + +* Wed Feb 09 2005 Charlie Brady +- [0.0.1-02] +- Add Requires headers for clamd and clamav-db. + +* Wed Feb 09 2005 Charlie Brady +- [0.0.1-01] +- Initial + +%prep +%setup +mkdir -p root/run/clamd +rm -rf root/etc/e-smith/templates/usr/lib/systemd/system/freshclam.service.d +rm -rf root/usr/lib/systemd/system/freshclam.service.d + +%build +perl createlinks + +%pre +if [ $1 -gt 1 ] ; then + if [ -e /var/service/clamd/run ] ; then + /usr/bin/sv d clamd + /usr/bin/sv d clamd/log + fi +fi +if [ $1 -gt 1 ] ; then + if [ -e /var/service/freshclam/run ] ; then + /usr/bin/sv d freshclam + /usr/bin/sv d freshclam/log + fi +fi +%post +# removing old conf file +if [[ -f /etc/clamd.d/clamd.conf ]]; then + rm -f /etc/clamd.d/clamd.conf +fi + +#echo "Changing freshclam log owners" +if [[ -d /var/log/freshclam ]]; then + chown -R clamupdate:clamupdate /var/log/freshclam; +fi + +#echo "Changing clamd log owners" +if [[ -d /var/log/clamd ]]; then + chown -R clamscan:clamscan /var/log/clamd; +fi + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --dir /run/clamd 'attr(2775,clamscan,virusgroup)' \ + --dir /var/log/freshclam 'attr(2755,clamupdate,clamupdate)' \ + --dir /var/log/clamd 'attr(2755,clamscan,clamscan)' \ + --dir /var/spool/clamav/quarantine 'attr(2750,clamscan,clamscan)' \ + --file /sbin/clamdscan 'attr(0755,root,root)' \ + --file /sbin/e-smith/freshclam-update-failed 'attr(0755,root,root)' \ + --file /sbin/e-smith/freshclam-update-ok 'attr(0755,root,root)' \ + --file /sbin/e-smith/smeserver-clamscan 'attr(0755,root,root)' \ + --file /usr/lib/systemd/system/clamd.service 'attr(0644,root,root)' \ + --file /usr/lib/systemd/system/freshclam.service 'attr(0644,root,root)' \ + --dir /usr/lib/systemd/system/clamd.service.d 'attr(0755,root,root)' \ + --dir /usr/lib/systemd/system/freshclam.service.d 'attr(0755,root,root)' \ + > %{name}-%{version}-%{release}-filelist + +%clean +rm -rf $RPM_BUILD_ROOT + +%files -f %{name}-%{version}-%{release}-filelist +%defattr(-,root,root)