From fd563cad1204c62301809324ff8bfb748f331c0d Mon Sep 17 00:00:00 2001 From: Tobias Powalowski Date: Sat, 25 Jul 2009 09:18:44 +0200 Subject: [PATCH] fixed clamav config --- lib/initcpio/install/arch_clamav | 17 +- .../archboot/clamav/etc/clamav/clamd.conf | 436 ------------------ .../archboot/clamav/etc/clamav/freshclam.conf | 4 +- usr/share/archboot/clamav/etc/conf.d/clamav | 8 - 4 files changed, 10 insertions(+), 455 deletions(-) delete mode 100644 usr/share/archboot/clamav/etc/clamav/clamd.conf delete mode 100644 usr/share/archboot/clamav/etc/conf.d/clamav diff --git a/lib/initcpio/install/arch_clamav b/lib/initcpio/install/arch_clamav index e60e638ac..085737986 100644 --- a/lib/initcpio/install/arch_clamav +++ b/lib/initcpio/install/arch_clamav @@ -3,21 +3,20 @@ install () { MODULES="" - BINARIES="clamav-config clamconf clamdscan clamdtop clamscan freshclam sigtool clamd" + BINARIES="clamscan freshclam" FILES="" SCRIPT="" - add_file "/etc/rc.d/clamav" - add_file "/usr/sbin/clamdwatch.pl" # add /var directories add_dir "/var/run/clamav" add_dir "/var/lib/clamav" add_dir "/var/log/clamav" - ### TODO add perl modules - ### add config files -clamav /etc/clamav/clamd.conf -clamav /etc/clamav/freshclam.conf -clamav /etc/conf.d/ -clamav /etc/conf.d/clamav + add_file "/usr/share/archboot/clamav/etc/clamav/freshclam.conf" "/etc/clamav/freshclam.conf" + # get latest virus definitions + CLAMAV=$(mktemp -d /tmp/clamav.XXXX) + freshclam --config-file=/usr/share/archboot/clamav/etc/clamav/freshclam.conf --datadir=$CLAMAV + add_file "$CLAMAV/mirrors.dat" "/var/lib/clamav/mirrors.dat" + add_file "$CLAMAV/main.cvd" "/var/lib/clamav/main.cvd" + add_file "$CLAMAV/daily.cld" "/var/lib/clamav/daily.cld" } help () diff --git a/usr/share/archboot/clamav/etc/clamav/clamd.conf b/usr/share/archboot/clamav/etc/clamav/clamd.conf deleted file mode 100644 index 055653cae..000000000 --- a/usr/share/archboot/clamav/etc/clamav/clamd.conf +++ /dev/null @@ -1,436 +0,0 @@ -## -## Example config file for the Clam AV daemon -## Please read the clamd.conf(5) manual before editing this file. -## - - -# Comment or remove the line below. -Example - -# Uncomment this option to enable logging. -# LogFile must be writable for the user running daemon. -# A full path is required. -# Default: disabled -LogFile /var/log/clamav/clamd.log - -# By default the log file is locked for writing - the lock protects against -# running clamd multiple times (if want to run another clamd, please -# copy the configuration file, change the LogFile variable, and run -# the daemon with --config-file option). -# This option disables log file locking. -# Default: no -#LogFileUnlock yes - -# Maximum size of the log file. -# Value of 0 disables the limit. -# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) -# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size -# in bytes just don't use modifiers. -# Default: 1M -#LogFileMaxSize 2M - -# Log time with each message. -# Default: no -LogTime yes - -# Also log clean files. Useful in debugging but drastically increases the -# log size. -# Default: no -#LogClean yes - -# Use system logger (can work together with LogFile). -# Default: no -#LogSyslog yes - -# Specify the type of syslog messages - please refer to 'man syslog' -# for facility names. -# Default: LOG_LOCAL6 -#LogFacility LOG_MAIL - -# Enable verbose logging. -# Default: no -#LogVerbose yes - -# This option allows you to save a process identifier of the listening -# daemon (main thread). -# Default: disabled -PidFile /var/run/clamav/clamd.pid - -# Optional path to the global temporary directory. -# Default: system specific (usually /tmp or /var/tmp). -TemporaryDirectory /tmp - -# Path to the database directory. -# Default: hardcoded (depends on installation options) -#DatabaseDirectory /var/lib/clamav - -# The daemon can work in local mode, network mode or both. -# Due to security reasons we recommend the local mode. - -# Path to a local socket file the daemon will listen on. -# Default: disabled (must be specified by a user) -LocalSocket /var/lib/clamav/clamd.sock - -# Remove stale socket after unclean shutdown. -# Default: yes -#FixStaleSocket yes - -# TCP port address. -# Default: no -#TCPSocket 3310 - -# TCP address. -# By default we bind to INADDR_ANY, probably not wise. -# Enable the following to provide some degree of protection -# from the outside world. -# Default: no -#TCPAddr 127.0.0.1 - -# Maximum length the queue of pending connections may grow to. -# Default: 15 -#MaxConnectionQueueLength 30 - -# Clamd uses FTP-like protocol to receive data from remote clients. -# If you are using clamav-milter to balance load between remote clamd daemons -# on firewall servers you may need to tune the options below. - -# Close the connection when the data size limit is exceeded. -# The value should match your MTA's limit for a maximum attachment size. -# Default: 25M -#StreamMaxLength 10M - -# Limit port range. -# Default: 1024 -#StreamMinPort 30000 -# Default: 2048 -#StreamMaxPort 32000 - -# Maximum number of threads running at the same time. -# Default: 10 -#MaxThreads 20 - -# Waiting for data from a client socket will timeout after this time (seconds). -# Value of 0 disables the timeout. -# Default: 120 -#ReadTimeout 300 - -# This option specifies the time (in seconds) after which clamd should -# timeout if a client doesn't provide any initial command after connecting. -# Default: 5 -#CommandReadTimeout 5 - -# This option specifies how long to wait (in miliseconds) if the send buffer is full. -# Keep this value low to prevent clamd hanging -# -# Default: 500 -#SendBufTimeout 200 - -# Maximum number of queued items (including those being processed by MaxThreads threads) -# It is recommended to have this value at least twice MaxThreads if possible. -# WARNING: you shouldn't increase this too much to avoid running out of file descriptors, -# the following condition should hold: -# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) -# -# Default: 100 -#MaxQueue 200 - -# Waiting for a new job will timeout after this time (seconds). -# Default: 30 -#IdleTimeout 60 - -# Don't scan files and directories matching regex -# This directive can be used multiple times -# Default: scan all -#ExcludePath ^/proc/ -#ExcludePath ^/sys/ - -# Maximum depth directories are scanned at. -# Default: 15 -#MaxDirectoryRecursion 20 - -# Follow directory symlinks. -# Default: no -#FollowDirectorySymlinks yes - -# Follow regular file symlinks. -# Default: no -#FollowFileSymlinks yes - -# Perform a database check. -# Default: 600 (10 min) -#SelfCheck 600 - -# Execute a command when virus is found. In the command string %v will -# be replaced with the virus name. -# Default: no -#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" - -# Run as another user (clamd must be started by root for this option to work) -# Default: don't drop privileges -User clamav - -# Initialize supplementary group access (clamd must be started by root). -# Default: no -#AllowSupplementaryGroups no - -# Stop daemon when libclamav reports out of memory condition. -#ExitOnOOM yes - -# Don't fork into background. -# Default: no -#Foreground yes - -# Enable debug messages in libclamav. -# Default: no -#Debug yes - -# Do not remove temporary files (for debug purposes). -# Default: no -#LeaveTemporaryFiles yes - -# Detect Possibly Unwanted Applications. -# Default: no -#DetectPUA yes - -# Exclude a specific PUA category. This directive can be used multiple times. -# See http://www.clamav.net/support/pua for the complete list of PUA -# categories. -# Default: Load all categories (if DetectPUA is activated) -#ExcludePUA NetTool -#ExcludePUA PWTool - -# Only include a specific PUA category. This directive can be used multiple -# times. -# Default: Load all categories (if DetectPUA is activated) -#IncludePUA Spy -#IncludePUA Scanner -#IncludePUA RAT - -# In some cases (eg. complex malware, exploits in graphic files, and others), -# ClamAV uses special algorithms to provide accurate detection. This option -# controls the algorithmic detection. -# Default: yes -#AlgorithmicDetection yes - - -## -## Executable files -## - -# PE stands for Portable Executable - it's an executable file format used -# in all 32 and 64-bit versions of Windows operating systems. This option allows -# ClamAV to perform a deeper analysis of executable files and it's also -# required for decompression of popular executable packers such as UPX, FSG, -# and Petite. -# Default: yes -#ScanPE yes - -# Executable and Linking Format is a standard format for UN*X executables. -# This option allows you to control the scanning of ELF files. -# Default: yes -#ScanELF yes - -# With this option clamav will try to detect broken executables (both PE and -# ELF) and mark them as Broken.Executable. -# Default: no -#DetectBrokenExecutables yes - - -## -## Documents -## - -# This option enables scanning of OLE2 files, such as Microsoft Office -# documents and .msi files. -# Default: yes -#ScanOLE2 yes - -# This option enables scanning within PDF files. -# Default: yes -#ScanPDF yes - - -## -## Mail files -## - -# Enable internal e-mail scanner. -# Default: yes -#ScanMail yes - -# If an email contains URLs ClamAV can download and scan them. -# WARNING: This option may open your system to a DoS attack. -# Never use it on loaded servers. -# Default: no -#MailFollowURLs no - -# Scan RFC1341 messages split over many emails. -# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. -# WARNING: This option may open your system to a DoS attack. -# Never use it on loaded servers. -# Default: no -#ScanPartialMessages yes - - -# With this option enabled ClamAV will try to detect phishing attempts by using -# signatures. -# Default: yes -#PhishingSignatures yes - -# Scan URLs found in mails for phishing attempts using heuristics. -# Default: yes -#PhishingScanURLs yes - -# Always block SSL mismatches in URLs, even if the URL isn't in the database. -# This can lead to false positives. -# -# Default: no -#PhishingAlwaysBlockSSLMismatch no - -# Always block cloaked URLs, even if URL isn't in database. -# This can lead to false positives. -# -# Default: no -#PhishingAlwaysBlockCloak no - -# Allow heuristic match to take precedence. -# When enabled, if a heuristic scan (such as phishingScan) detects -# a possible virus/phish it will stop scan immediately. Recommended, saves CPU -# scan-time. -# When disabled, virus/phish detected by heuristic scans will be reported only at -# the end of a scan. If an archive contains both a heuristically detected -# virus/phish, and a real malware, the real malware will be reported -# -# Keep this disabled if you intend to handle "*.Heuristics.*" viruses -# differently from "real" malware. -# If a non-heuristically-detected virus (signature-based) is found first, -# the scan is interrupted immediately, regardless of this config option. -# -# Default: no -#HeuristicScanPrecedence yes - -## -## Data Loss Prevention (DLP) -## - -# Enable the DLP module -# Default: No -#StructuredDataDetection yes - -# This option sets the lowest number of Credit Card numbers found in a file -# to generate a detect. -# Default: 3 -#StructuredMinCreditCardCount 5 - -# This option sets the lowest number of Social Security Numbers found -# in a file to generate a detect. -# Default: 3 -#StructuredMinSSNCount 5 - -# With this option enabled the DLP module will search for valid -# SSNs formatted as xxx-yy-zzzz -# Default: yes -#StructuredSSNFormatNormal yes - -# With this option enabled the DLP module will search for valid -# SSNs formatted as xxxyyzzzz -# Default: no -#StructuredSSNFormatStripped yes - - -## -## HTML -## - -# Perform HTML normalisation and decryption of MS Script Encoder code. -# Default: yes -#ScanHTML yes - - -## -## Archives -## - -# ClamAV can scan within archives and compressed files. -# Default: yes -#ScanArchive yes - -# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). -# Default: no -#ArchiveBlockEncrypted no - - -## -## Limits -## - -# The options below protect your system against Denial of Service attacks -# using archive bombs. - -# This option sets the maximum amount of data to be scanned for each input file. -# Archives and other containers are recursively extracted and scanned up to this -# value. -# Value of 0 disables the limit -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 100M -#MaxScanSize 150M - -# Files larger than this limit won't be scanned. Affects the input file itself -# as well as files contained inside it (when the input file is an archive, a -# document or some other kind of container). -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 25M -#MaxFileSize 30M - -# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR -# file, all files within it will also be scanned. This options specifies how -# deeply the process should be continued. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Value of 0 disables the limit. -# Default: 16 -#MaxRecursion 10 - -# Number of files to be scanned within an archive, a document, or any other -# container file. -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10000 -#MaxFiles 15000 - - -## -## Clamuko settings -## WARNING: This is experimental software. It is very likely it will hang -## up your system!!! -## - -# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. -# Default: no -#ClamukoScanOnAccess yes - -# Set access mask for Clamuko. -# Default: no -#ClamukoScanOnOpen yes -#ClamukoScanOnClose yes -#ClamukoScanOnExec yes - -# Set the include paths (all files inside them will be scanned). You can have -# multiple ClamukoIncludePath directives but each directory must be added -# in a seperate line. -# Default: disabled -#ClamukoIncludePath /home -#ClamukoIncludePath /students - -# Set the exclude paths. All subdirectories are also excluded. -# Default: disabled -#ClamukoExcludePath /home/bofh - -# Don't scan files larger than ClamukoMaxFileSize -# Value of 0 disables the limit. -# Default: 5M -#ClamukoMaxFileSize 10M diff --git a/usr/share/archboot/clamav/etc/clamav/freshclam.conf b/usr/share/archboot/clamav/etc/clamav/freshclam.conf index 9f1962d9c..86734d68a 100644 --- a/usr/share/archboot/clamav/etc/clamav/freshclam.conf +++ b/usr/share/archboot/clamav/etc/clamav/freshclam.conf @@ -5,7 +5,7 @@ # Comment or remove the line below. -Example +#Example # Path to the database directory. # WARNING: It must match clamd.conf's directive! @@ -111,7 +111,7 @@ DatabaseMirror database.clamav.net # Send the RELOAD command to clamd. # Default: no -NotifyClamd /etc/clamav/clamd.conf +#NotifyClamd /etc/clamav/clamd.conf # Run command after successful database update. # Default: disabled diff --git a/usr/share/archboot/clamav/etc/conf.d/clamav b/usr/share/archboot/clamav/etc/conf.d/clamav deleted file mode 100644 index 9cd44d9f8..000000000 --- a/usr/share/archboot/clamav/etc/conf.d/clamav +++ /dev/null @@ -1,8 +0,0 @@ -# clamav startup script config options - -# change these to "yes" to start -START_FRESHCLAM="no" -START_CLAMD="no" - -# Options to pass to freshclam (man freshclam for more info). -FRESHCLAM_OPTS="-c 12"