mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-20 03:50:37 +02:00
fixed clamav config
This commit is contained in:
parent
4b1d169ccd
commit
fd563cad12
4 changed files with 10 additions and 455 deletions
|
@ -3,21 +3,20 @@
|
||||||
install ()
|
install ()
|
||||||
{
|
{
|
||||||
MODULES=""
|
MODULES=""
|
||||||
BINARIES="clamav-config clamconf clamdscan clamdtop clamscan freshclam sigtool clamd"
|
BINARIES="clamscan freshclam"
|
||||||
FILES=""
|
FILES=""
|
||||||
SCRIPT=""
|
SCRIPT=""
|
||||||
add_file "/etc/rc.d/clamav"
|
|
||||||
add_file "/usr/sbin/clamdwatch.pl"
|
|
||||||
# add /var directories
|
# add /var directories
|
||||||
add_dir "/var/run/clamav"
|
add_dir "/var/run/clamav"
|
||||||
add_dir "/var/lib/clamav"
|
add_dir "/var/lib/clamav"
|
||||||
add_dir "/var/log/clamav"
|
add_dir "/var/log/clamav"
|
||||||
### TODO add perl modules
|
add_file "/usr/share/archboot/clamav/etc/clamav/freshclam.conf" "/etc/clamav/freshclam.conf"
|
||||||
### add config files
|
# get latest virus definitions
|
||||||
clamav /etc/clamav/clamd.conf
|
CLAMAV=$(mktemp -d /tmp/clamav.XXXX)
|
||||||
clamav /etc/clamav/freshclam.conf
|
freshclam --config-file=/usr/share/archboot/clamav/etc/clamav/freshclam.conf --datadir=$CLAMAV
|
||||||
clamav /etc/conf.d/
|
add_file "$CLAMAV/mirrors.dat" "/var/lib/clamav/mirrors.dat"
|
||||||
clamav /etc/conf.d/clamav
|
add_file "$CLAMAV/main.cvd" "/var/lib/clamav/main.cvd"
|
||||||
|
add_file "$CLAMAV/daily.cld" "/var/lib/clamav/daily.cld"
|
||||||
}
|
}
|
||||||
|
|
||||||
help ()
|
help ()
|
||||||
|
|
|
@ -1,436 +0,0 @@
|
||||||
##
|
|
||||||
## Example config file for the Clam AV daemon
|
|
||||||
## Please read the clamd.conf(5) manual before editing this file.
|
|
||||||
##
|
|
||||||
|
|
||||||
|
|
||||||
# Comment or remove the line below.
|
|
||||||
Example
|
|
||||||
|
|
||||||
# Uncomment this option to enable logging.
|
|
||||||
# LogFile must be writable for the user running daemon.
|
|
||||||
# A full path is required.
|
|
||||||
# Default: disabled
|
|
||||||
LogFile /var/log/clamav/clamd.log
|
|
||||||
|
|
||||||
# By default the log file is locked for writing - the lock protects against
|
|
||||||
# running clamd multiple times (if want to run another clamd, please
|
|
||||||
# copy the configuration file, change the LogFile variable, and run
|
|
||||||
# the daemon with --config-file option).
|
|
||||||
# This option disables log file locking.
|
|
||||||
# Default: no
|
|
||||||
#LogFileUnlock yes
|
|
||||||
|
|
||||||
# Maximum size of the log file.
|
|
||||||
# Value of 0 disables the limit.
|
|
||||||
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
|
|
||||||
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
|
|
||||||
# in bytes just don't use modifiers.
|
|
||||||
# Default: 1M
|
|
||||||
#LogFileMaxSize 2M
|
|
||||||
|
|
||||||
# Log time with each message.
|
|
||||||
# Default: no
|
|
||||||
LogTime yes
|
|
||||||
|
|
||||||
# Also log clean files. Useful in debugging but drastically increases the
|
|
||||||
# log size.
|
|
||||||
# Default: no
|
|
||||||
#LogClean yes
|
|
||||||
|
|
||||||
# Use system logger (can work together with LogFile).
|
|
||||||
# Default: no
|
|
||||||
#LogSyslog yes
|
|
||||||
|
|
||||||
# Specify the type of syslog messages - please refer to 'man syslog'
|
|
||||||
# for facility names.
|
|
||||||
# Default: LOG_LOCAL6
|
|
||||||
#LogFacility LOG_MAIL
|
|
||||||
|
|
||||||
# Enable verbose logging.
|
|
||||||
# Default: no
|
|
||||||
#LogVerbose yes
|
|
||||||
|
|
||||||
# This option allows you to save a process identifier of the listening
|
|
||||||
# daemon (main thread).
|
|
||||||
# Default: disabled
|
|
||||||
PidFile /var/run/clamav/clamd.pid
|
|
||||||
|
|
||||||
# Optional path to the global temporary directory.
|
|
||||||
# Default: system specific (usually /tmp or /var/tmp).
|
|
||||||
TemporaryDirectory /tmp
|
|
||||||
|
|
||||||
# Path to the database directory.
|
|
||||||
# Default: hardcoded (depends on installation options)
|
|
||||||
#DatabaseDirectory /var/lib/clamav
|
|
||||||
|
|
||||||
# The daemon can work in local mode, network mode or both.
|
|
||||||
# Due to security reasons we recommend the local mode.
|
|
||||||
|
|
||||||
# Path to a local socket file the daemon will listen on.
|
|
||||||
# Default: disabled (must be specified by a user)
|
|
||||||
LocalSocket /var/lib/clamav/clamd.sock
|
|
||||||
|
|
||||||
# Remove stale socket after unclean shutdown.
|
|
||||||
# Default: yes
|
|
||||||
#FixStaleSocket yes
|
|
||||||
|
|
||||||
# TCP port address.
|
|
||||||
# Default: no
|
|
||||||
#TCPSocket 3310
|
|
||||||
|
|
||||||
# TCP address.
|
|
||||||
# By default we bind to INADDR_ANY, probably not wise.
|
|
||||||
# Enable the following to provide some degree of protection
|
|
||||||
# from the outside world.
|
|
||||||
# Default: no
|
|
||||||
#TCPAddr 127.0.0.1
|
|
||||||
|
|
||||||
# Maximum length the queue of pending connections may grow to.
|
|
||||||
# Default: 15
|
|
||||||
#MaxConnectionQueueLength 30
|
|
||||||
|
|
||||||
# Clamd uses FTP-like protocol to receive data from remote clients.
|
|
||||||
# If you are using clamav-milter to balance load between remote clamd daemons
|
|
||||||
# on firewall servers you may need to tune the options below.
|
|
||||||
|
|
||||||
# Close the connection when the data size limit is exceeded.
|
|
||||||
# The value should match your MTA's limit for a maximum attachment size.
|
|
||||||
# Default: 25M
|
|
||||||
#StreamMaxLength 10M
|
|
||||||
|
|
||||||
# Limit port range.
|
|
||||||
# Default: 1024
|
|
||||||
#StreamMinPort 30000
|
|
||||||
# Default: 2048
|
|
||||||
#StreamMaxPort 32000
|
|
||||||
|
|
||||||
# Maximum number of threads running at the same time.
|
|
||||||
# Default: 10
|
|
||||||
#MaxThreads 20
|
|
||||||
|
|
||||||
# Waiting for data from a client socket will timeout after this time (seconds).
|
|
||||||
# Value of 0 disables the timeout.
|
|
||||||
# Default: 120
|
|
||||||
#ReadTimeout 300
|
|
||||||
|
|
||||||
# This option specifies the time (in seconds) after which clamd should
|
|
||||||
# timeout if a client doesn't provide any initial command after connecting.
|
|
||||||
# Default: 5
|
|
||||||
#CommandReadTimeout 5
|
|
||||||
|
|
||||||
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
|
|
||||||
# Keep this value low to prevent clamd hanging
|
|
||||||
#
|
|
||||||
# Default: 500
|
|
||||||
#SendBufTimeout 200
|
|
||||||
|
|
||||||
# Maximum number of queued items (including those being processed by MaxThreads threads)
|
|
||||||
# It is recommended to have this value at least twice MaxThreads if possible.
|
|
||||||
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
|
|
||||||
# the following condition should hold:
|
|
||||||
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
|
|
||||||
#
|
|
||||||
# Default: 100
|
|
||||||
#MaxQueue 200
|
|
||||||
|
|
||||||
# Waiting for a new job will timeout after this time (seconds).
|
|
||||||
# Default: 30
|
|
||||||
#IdleTimeout 60
|
|
||||||
|
|
||||||
# Don't scan files and directories matching regex
|
|
||||||
# This directive can be used multiple times
|
|
||||||
# Default: scan all
|
|
||||||
#ExcludePath ^/proc/
|
|
||||||
#ExcludePath ^/sys/
|
|
||||||
|
|
||||||
# Maximum depth directories are scanned at.
|
|
||||||
# Default: 15
|
|
||||||
#MaxDirectoryRecursion 20
|
|
||||||
|
|
||||||
# Follow directory symlinks.
|
|
||||||
# Default: no
|
|
||||||
#FollowDirectorySymlinks yes
|
|
||||||
|
|
||||||
# Follow regular file symlinks.
|
|
||||||
# Default: no
|
|
||||||
#FollowFileSymlinks yes
|
|
||||||
|
|
||||||
# Perform a database check.
|
|
||||||
# Default: 600 (10 min)
|
|
||||||
#SelfCheck 600
|
|
||||||
|
|
||||||
# Execute a command when virus is found. In the command string %v will
|
|
||||||
# be replaced with the virus name.
|
|
||||||
# Default: no
|
|
||||||
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
|
|
||||||
|
|
||||||
# Run as another user (clamd must be started by root for this option to work)
|
|
||||||
# Default: don't drop privileges
|
|
||||||
User clamav
|
|
||||||
|
|
||||||
# Initialize supplementary group access (clamd must be started by root).
|
|
||||||
# Default: no
|
|
||||||
#AllowSupplementaryGroups no
|
|
||||||
|
|
||||||
# Stop daemon when libclamav reports out of memory condition.
|
|
||||||
#ExitOnOOM yes
|
|
||||||
|
|
||||||
# Don't fork into background.
|
|
||||||
# Default: no
|
|
||||||
#Foreground yes
|
|
||||||
|
|
||||||
# Enable debug messages in libclamav.
|
|
||||||
# Default: no
|
|
||||||
#Debug yes
|
|
||||||
|
|
||||||
# Do not remove temporary files (for debug purposes).
|
|
||||||
# Default: no
|
|
||||||
#LeaveTemporaryFiles yes
|
|
||||||
|
|
||||||
# Detect Possibly Unwanted Applications.
|
|
||||||
# Default: no
|
|
||||||
#DetectPUA yes
|
|
||||||
|
|
||||||
# Exclude a specific PUA category. This directive can be used multiple times.
|
|
||||||
# See http://www.clamav.net/support/pua for the complete list of PUA
|
|
||||||
# categories.
|
|
||||||
# Default: Load all categories (if DetectPUA is activated)
|
|
||||||
#ExcludePUA NetTool
|
|
||||||
#ExcludePUA PWTool
|
|
||||||
|
|
||||||
# Only include a specific PUA category. This directive can be used multiple
|
|
||||||
# times.
|
|
||||||
# Default: Load all categories (if DetectPUA is activated)
|
|
||||||
#IncludePUA Spy
|
|
||||||
#IncludePUA Scanner
|
|
||||||
#IncludePUA RAT
|
|
||||||
|
|
||||||
# In some cases (eg. complex malware, exploits in graphic files, and others),
|
|
||||||
# ClamAV uses special algorithms to provide accurate detection. This option
|
|
||||||
# controls the algorithmic detection.
|
|
||||||
# Default: yes
|
|
||||||
#AlgorithmicDetection yes
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Executable files
|
|
||||||
##
|
|
||||||
|
|
||||||
# PE stands for Portable Executable - it's an executable file format used
|
|
||||||
# in all 32 and 64-bit versions of Windows operating systems. This option allows
|
|
||||||
# ClamAV to perform a deeper analysis of executable files and it's also
|
|
||||||
# required for decompression of popular executable packers such as UPX, FSG,
|
|
||||||
# and Petite.
|
|
||||||
# Default: yes
|
|
||||||
#ScanPE yes
|
|
||||||
|
|
||||||
# Executable and Linking Format is a standard format for UN*X executables.
|
|
||||||
# This option allows you to control the scanning of ELF files.
|
|
||||||
# Default: yes
|
|
||||||
#ScanELF yes
|
|
||||||
|
|
||||||
# With this option clamav will try to detect broken executables (both PE and
|
|
||||||
# ELF) and mark them as Broken.Executable.
|
|
||||||
# Default: no
|
|
||||||
#DetectBrokenExecutables yes
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Documents
|
|
||||||
##
|
|
||||||
|
|
||||||
# This option enables scanning of OLE2 files, such as Microsoft Office
|
|
||||||
# documents and .msi files.
|
|
||||||
# Default: yes
|
|
||||||
#ScanOLE2 yes
|
|
||||||
|
|
||||||
# This option enables scanning within PDF files.
|
|
||||||
# Default: yes
|
|
||||||
#ScanPDF yes
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Mail files
|
|
||||||
##
|
|
||||||
|
|
||||||
# Enable internal e-mail scanner.
|
|
||||||
# Default: yes
|
|
||||||
#ScanMail yes
|
|
||||||
|
|
||||||
# If an email contains URLs ClamAV can download and scan them.
|
|
||||||
# WARNING: This option may open your system to a DoS attack.
|
|
||||||
# Never use it on loaded servers.
|
|
||||||
# Default: no
|
|
||||||
#MailFollowURLs no
|
|
||||||
|
|
||||||
# Scan RFC1341 messages split over many emails.
|
|
||||||
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
|
|
||||||
# WARNING: This option may open your system to a DoS attack.
|
|
||||||
# Never use it on loaded servers.
|
|
||||||
# Default: no
|
|
||||||
#ScanPartialMessages yes
|
|
||||||
|
|
||||||
|
|
||||||
# With this option enabled ClamAV will try to detect phishing attempts by using
|
|
||||||
# signatures.
|
|
||||||
# Default: yes
|
|
||||||
#PhishingSignatures yes
|
|
||||||
|
|
||||||
# Scan URLs found in mails for phishing attempts using heuristics.
|
|
||||||
# Default: yes
|
|
||||||
#PhishingScanURLs yes
|
|
||||||
|
|
||||||
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
|
|
||||||
# This can lead to false positives.
|
|
||||||
#
|
|
||||||
# Default: no
|
|
||||||
#PhishingAlwaysBlockSSLMismatch no
|
|
||||||
|
|
||||||
# Always block cloaked URLs, even if URL isn't in database.
|
|
||||||
# This can lead to false positives.
|
|
||||||
#
|
|
||||||
# Default: no
|
|
||||||
#PhishingAlwaysBlockCloak no
|
|
||||||
|
|
||||||
# Allow heuristic match to take precedence.
|
|
||||||
# When enabled, if a heuristic scan (such as phishingScan) detects
|
|
||||||
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
|
|
||||||
# scan-time.
|
|
||||||
# When disabled, virus/phish detected by heuristic scans will be reported only at
|
|
||||||
# the end of a scan. If an archive contains both a heuristically detected
|
|
||||||
# virus/phish, and a real malware, the real malware will be reported
|
|
||||||
#
|
|
||||||
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
|
|
||||||
# differently from "real" malware.
|
|
||||||
# If a non-heuristically-detected virus (signature-based) is found first,
|
|
||||||
# the scan is interrupted immediately, regardless of this config option.
|
|
||||||
#
|
|
||||||
# Default: no
|
|
||||||
#HeuristicScanPrecedence yes
|
|
||||||
|
|
||||||
##
|
|
||||||
## Data Loss Prevention (DLP)
|
|
||||||
##
|
|
||||||
|
|
||||||
# Enable the DLP module
|
|
||||||
# Default: No
|
|
||||||
#StructuredDataDetection yes
|
|
||||||
|
|
||||||
# This option sets the lowest number of Credit Card numbers found in a file
|
|
||||||
# to generate a detect.
|
|
||||||
# Default: 3
|
|
||||||
#StructuredMinCreditCardCount 5
|
|
||||||
|
|
||||||
# This option sets the lowest number of Social Security Numbers found
|
|
||||||
# in a file to generate a detect.
|
|
||||||
# Default: 3
|
|
||||||
#StructuredMinSSNCount 5
|
|
||||||
|
|
||||||
# With this option enabled the DLP module will search for valid
|
|
||||||
# SSNs formatted as xxx-yy-zzzz
|
|
||||||
# Default: yes
|
|
||||||
#StructuredSSNFormatNormal yes
|
|
||||||
|
|
||||||
# With this option enabled the DLP module will search for valid
|
|
||||||
# SSNs formatted as xxxyyzzzz
|
|
||||||
# Default: no
|
|
||||||
#StructuredSSNFormatStripped yes
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## HTML
|
|
||||||
##
|
|
||||||
|
|
||||||
# Perform HTML normalisation and decryption of MS Script Encoder code.
|
|
||||||
# Default: yes
|
|
||||||
#ScanHTML yes
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Archives
|
|
||||||
##
|
|
||||||
|
|
||||||
# ClamAV can scan within archives and compressed files.
|
|
||||||
# Default: yes
|
|
||||||
#ScanArchive yes
|
|
||||||
|
|
||||||
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
|
|
||||||
# Default: no
|
|
||||||
#ArchiveBlockEncrypted no
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Limits
|
|
||||||
##
|
|
||||||
|
|
||||||
# The options below protect your system against Denial of Service attacks
|
|
||||||
# using archive bombs.
|
|
||||||
|
|
||||||
# This option sets the maximum amount of data to be scanned for each input file.
|
|
||||||
# Archives and other containers are recursively extracted and scanned up to this
|
|
||||||
# value.
|
|
||||||
# Value of 0 disables the limit
|
|
||||||
# Note: disabling this limit or setting it too high may result in severe damage
|
|
||||||
# to the system.
|
|
||||||
# Default: 100M
|
|
||||||
#MaxScanSize 150M
|
|
||||||
|
|
||||||
# Files larger than this limit won't be scanned. Affects the input file itself
|
|
||||||
# as well as files contained inside it (when the input file is an archive, a
|
|
||||||
# document or some other kind of container).
|
|
||||||
# Value of 0 disables the limit.
|
|
||||||
# Note: disabling this limit or setting it too high may result in severe damage
|
|
||||||
# to the system.
|
|
||||||
# Default: 25M
|
|
||||||
#MaxFileSize 30M
|
|
||||||
|
|
||||||
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
|
|
||||||
# file, all files within it will also be scanned. This options specifies how
|
|
||||||
# deeply the process should be continued.
|
|
||||||
# Note: disabling this limit or setting it too high may result in severe damage
|
|
||||||
# to the system.
|
|
||||||
# Value of 0 disables the limit.
|
|
||||||
# Default: 16
|
|
||||||
#MaxRecursion 10
|
|
||||||
|
|
||||||
# Number of files to be scanned within an archive, a document, or any other
|
|
||||||
# container file.
|
|
||||||
# Value of 0 disables the limit.
|
|
||||||
# Note: disabling this limit or setting it too high may result in severe damage
|
|
||||||
# to the system.
|
|
||||||
# Default: 10000
|
|
||||||
#MaxFiles 15000
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Clamuko settings
|
|
||||||
## WARNING: This is experimental software. It is very likely it will hang
|
|
||||||
## up your system!!!
|
|
||||||
##
|
|
||||||
|
|
||||||
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
|
|
||||||
# Default: no
|
|
||||||
#ClamukoScanOnAccess yes
|
|
||||||
|
|
||||||
# Set access mask for Clamuko.
|
|
||||||
# Default: no
|
|
||||||
#ClamukoScanOnOpen yes
|
|
||||||
#ClamukoScanOnClose yes
|
|
||||||
#ClamukoScanOnExec yes
|
|
||||||
|
|
||||||
# Set the include paths (all files inside them will be scanned). You can have
|
|
||||||
# multiple ClamukoIncludePath directives but each directory must be added
|
|
||||||
# in a seperate line.
|
|
||||||
# Default: disabled
|
|
||||||
#ClamukoIncludePath /home
|
|
||||||
#ClamukoIncludePath /students
|
|
||||||
|
|
||||||
# Set the exclude paths. All subdirectories are also excluded.
|
|
||||||
# Default: disabled
|
|
||||||
#ClamukoExcludePath /home/bofh
|
|
||||||
|
|
||||||
# Don't scan files larger than ClamukoMaxFileSize
|
|
||||||
# Value of 0 disables the limit.
|
|
||||||
# Default: 5M
|
|
||||||
#ClamukoMaxFileSize 10M
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
|
|
||||||
# Comment or remove the line below.
|
# Comment or remove the line below.
|
||||||
Example
|
#Example
|
||||||
|
|
||||||
# Path to the database directory.
|
# Path to the database directory.
|
||||||
# WARNING: It must match clamd.conf's directive!
|
# WARNING: It must match clamd.conf's directive!
|
||||||
|
@ -111,7 +111,7 @@ DatabaseMirror database.clamav.net
|
||||||
|
|
||||||
# Send the RELOAD command to clamd.
|
# Send the RELOAD command to clamd.
|
||||||
# Default: no
|
# Default: no
|
||||||
NotifyClamd /etc/clamav/clamd.conf
|
#NotifyClamd /etc/clamav/clamd.conf
|
||||||
|
|
||||||
# Run command after successful database update.
|
# Run command after successful database update.
|
||||||
# Default: disabled
|
# Default: disabled
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
# clamav startup script config options
|
|
||||||
|
|
||||||
# change these to "yes" to start
|
|
||||||
START_FRESHCLAM="no"
|
|
||||||
START_CLAMD="no"
|
|
||||||
|
|
||||||
# Options to pass to freshclam (man freshclam for more info).
|
|
||||||
FRESHCLAM_OPTS="-c 12"
|
|
Loading…
Reference in a new issue