summaryrefslogtreecommitdiffstats
path: root/recipes-security
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2020-03-18 02:30:11 +0000
committerArmin Kuster <akuster808@gmail.com>2020-03-27 16:53:25 -0700
commite4a2dd0b4a7985c650d976931bb468c32a948dc4 (patch)
treee00bbac7d90dbc652e21d52318d7ac5c9312856d /recipes-security
parent4447296ca32c1d1835ef05f6e7afcf9c3f61453f (diff)
downloadmeta-security-e4a2dd0b4a7985c650d976931bb468c32a948dc4.tar.gz
clamav: move to recipes-scanners
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
-rw-r--r--recipes-security/clamav/clamav_0.101.5.bb169
-rw-r--r--recipes-security/clamav/files/clamav-freshclam.service12
-rw-r--r--recipes-security/clamav/files/clamav-milter.conf.sample293
-rw-r--r--recipes-security/clamav/files/clamav.service17
-rw-r--r--recipes-security/clamav/files/clamd.conf595
-rw-r--r--recipes-security/clamav/files/freshclam-native.conf224
-rw-r--r--recipes-security/clamav/files/freshclam.conf224
-rw-r--r--recipes-security/clamav/files/tmpfiles.clamav3
-rw-r--r--recipes-security/clamav/files/volatiles.03_clamav3
9 files changed, 0 insertions, 1540 deletions
diff --git a/recipes-security/clamav/clamav_0.101.5.bb b/recipes-security/clamav/clamav_0.101.5.bb
deleted file mode 100644
index f4625b1..0000000
--- a/recipes-security/clamav/clamav_0.101.5.bb
+++ /dev/null
@@ -1,169 +0,0 @@
1SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface"
2DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats."
3HOMEPAGE = "http://www.clamav.net/index.html"
4SECTION = "security"
5LICENSE = "LGPL-2.1"
6
7DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
8DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
9
10LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
11
12SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
13
14SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
15 file://clamd.conf \
16 file://freshclam.conf \
17 file://volatiles.03_clamav \
18 file://tmpfiles.clamav \
19 file://${BPN}.service \
20 file://freshclam-native.conf \
21 "
22
23S = "${WORKDIR}/git"
24
25LEAD_SONAME = "libclamav.so"
26SO_VER = "9.0.2"
27
28inherit autotools pkgconfig useradd systemd
29
30CLAMAV_UID ?= "clamav"
31CLAMAV_GID ?= "clamav"
32INSTALL_CLAMAV_CVD ?= "1"
33
34CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
35CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
36
37PACKAGECONFIG_class-target ?= "ncurses bz2"
38PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
39PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
40
41PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
42PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
43PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
44PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
45PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
46PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "
47
48EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
49 --disable-mempool \
50 --program-prefix="" \
51 --disable-zlib-vcheck \
52 --with-xml=${CLAMAV_USR_DIR} \
53 --with-zlib=${CLAMAV_USR_DIR} \
54 --with-openssl=${CLAMAV_USR_DIR} \
55 --with-libcurl=${CLAMAV_USR_DIR} \
56 --with-system-libmspack=${CLAMAV_USR_DIR} \
57 --with-iconv=no \
58 --enable-check=no \
59 "
60
61EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
62EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
63
64do_configure () {
65 ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
66}
67
68do_configure_class-native () {
69 ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
70}
71
72do_compile_append_class-target() {
73 if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
74 bbnote "CLAMAV creating cvd"
75 install -d ${S}/clamav_db
76 ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
77 fi
78}
79
80do_install_append_class-target () {
81 install -d ${D}/${sysconfdir}
82 install -d ${D}/${localstatedir}/lib/clamav
83 install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
84
85 install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
86 install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
87 install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
88 sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
89 rm ${D}/${libdir}/libclamav.so
90 install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
91 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
92 install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
93 install -d ${D}${sysconfdir}/tmpfiles.d
94 install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf
95 fi
96}
97
98pkg_postinst_ontarget_${PN} () {
99 if command -v systemd-tmpfiles >/dev/null; then
100 systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf
101 elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
102 ${sysconfdir}/init.d/populate-volatile.sh update
103 fi
104 mkdir -p ${localstatedir}/lib/clamav
105 chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
106}
107
108
109PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
110 ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"
111
112FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
113 ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
114 ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
115 ${docdir}/clamav/* "
116
117FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
118 ${docdir}/clamdscan/* \
119 ${mandir}/man1/clamdscan* \
120 "
121
122FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
123 ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
124 ${mandir}/man5/clamd* ${mandir}/man8/clamd* \
125 ${sysconfdir}/clamd.conf* \
126 ${systemd_unitdir}/system/clamav-daemon/* \
127 ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
128 ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "
129
130FILES_${PN}-freshclam = "${bindir}/freshclam \
131 ${sysconfdir}/freshclam.conf* \
132 ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
133 ${sysconfdir}/tmpfiles.d/*.conf \
134 ${localstatedir}/lib/clamav \
135 ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \
136 ${mandir}/man5/freshclam.conf.* \
137 ${systemd_unitdir}/system/clamav-freshclam.service"
138
139FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \
140 ${libdir}/pkgconfig/*.pc \
141 ${mandir}/man1/clamav-config.* \
142 ${includedir}/*.h ${docdir}/libclamav* "
143
144FILES_${PN}-staticdev = "${libdir}/*.a"
145
146FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
147 ${docdir}/libclamav/* "
148
149FILES_${PN}-doc = "${mandir}/man/* \
150 ${datadir}/man/* \
151 ${docdir}/* "
152
153FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat"
154
155USERADD_PACKAGES = "${PN}"
156GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}"
157USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \
158 ${localstatedir}/spool/${BPN} \
159 --no-create-home --shell /bin/false ${BPN}"
160
161RPROVIDES_${PN} += "${PN}-systemd"
162RREPLACES_${PN} += "${PN}-systemd"
163RCONFLICTS_${PN} += "${PN}-systemd"
164SYSTEMD_SERVICE_${PN} = "${BPN}.service"
165
166RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
167RDEPENDS_${PN}_class-native = ""
168
169BBCLASSEXTEND = "native"
diff --git a/recipes-security/clamav/files/clamav-freshclam.service b/recipes-security/clamav/files/clamav-freshclam.service
deleted file mode 100644
index 0c909fb..0000000
--- a/recipes-security/clamav/files/clamav-freshclam.service
+++ /dev/null
@@ -1,12 +0,0 @@
1[Unit]
2Description=ClamAV virus database updater
3Documentation=man:freshclam(1) man:freshclam.conf(5) http://www.clamav.net/lang/en/doc/
4# If user wants it run from cron, don't start the daemon.
5ConditionPathExists=!/etc/cron.d/clamav-freshclam
6
7[Service]
8ExecStart=/usr/bin/freshclam -d --foreground=true
9StandardOutput=syslog
10
11[Install]
12WantedBy=multi-user.target
diff --git a/recipes-security/clamav/files/clamav-milter.conf.sample b/recipes-security/clamav/files/clamav-milter.conf.sample
deleted file mode 100644
index ed0d519..0000000
--- a/recipes-security/clamav/files/clamav-milter.conf.sample
+++ /dev/null
@@ -1,293 +0,0 @@
1##
2## Example config file for clamav-milter
3##
4
5# Comment or remove the line below.
6Example
7
8
9##
10## Main options
11##
12
13# Define the interface through which we communicate with sendmail
14# This option is mandatory! Possible formats are:
15# [[unix|local]:]/path/to/file - to specify a unix domain socket
16# inet:port@[hostname|ip-address] - to specify an ipv4 socket
17# inet6:port@[hostname|ip-address] - to specify an ipv6 socket
18#
19# Default: no default
20#MilterSocket /tmp/clamav-milter.socket
21#MilterSocket inet:7357
22
23# Define the group ownership for the (unix) milter socket.
24# Default: disabled (the primary group of the user running clamd)
25#MilterSocketGroup virusgroup
26
27# Sets the permissions on the (unix) milter socket to the specified mode.
28# Default: disabled (obey umask)
29#MilterSocketMode 660
30
31# Remove stale socket after unclean shutdown.
32#
33# Default: yes
34#FixStaleSocket yes
35
36# Run as another user (clamav-milter must be started by root for this option to work)
37#
38# Default: unset (don't drop privileges)
39#User clamav
40
41# Initialize supplementary group access (clamav-milter must be started by root).
42#
43# Default: no
44#AllowSupplementaryGroups no
45
46# Waiting for data from clamd will timeout after this time (seconds).
47# Value of 0 disables the timeout.
48#
49# Default: 120
50#ReadTimeout 300
51
52# Don't fork into background.
53#
54# Default: no
55#Foreground yes
56
57# Chroot to the specified directory.
58# Chrooting is performed just after reading the config file and before dropping privileges.
59#
60# Default: unset (don't chroot)
61#Chroot /newroot
62
63# This option allows you to save a process identifier of the listening
64# daemon (main thread).
65#
66# Default: disabled
67#PidFile /var/run/clamav/clamav-milter.pid
68
69# Optional path to the global temporary directory.
70# Default: system specific (usually /tmp or /var/tmp).
71#
72#TemporaryDirectory /var/tmp
73
74##
75## Clamd options
76##
77
78# Define the clamd socket to connect to for scanning.
79# This option is mandatory! Syntax:
80# ClamdSocket unix:path
81# ClamdSocket tcp:host:port
82# The first syntax specifies a local unix socket (needs an absolute path) e.g.:
83# ClamdSocket unix:/var/run/clamd/clamd.socket
84# The second syntax specifies a tcp local or remote tcp socket: the
85# host can be a hostname or an ip address; the ":port" field is only required
86# for IPv6 addresses, otherwise it defaults to 3310, e.g.:
87# ClamdSocket tcp:192.168.0.1
88#
89# This option can be repeated several times with different sockets or even
90# with the same socket: clamd servers will be selected in a round-robin fashion.
91#
92# Default: no default
93ClamdSocket /var/run/clamav/clamd
94
95
96##
97## Exclusions
98##
99
100# Messages originating from these hosts/networks will not be scanned
101# This option takes a host(name)/mask pair in CIRD notation and can be
102# repeated several times. If "/mask" is omitted, a host is assumed.
103# To specify a locally orignated, non-smtp, email use the keyword "local"
104#
105# Default: unset (scan everything regardless of the origin)
106#LocalNet local
107#LocalNet 192.168.0.0/24
108#LocalNet 1111:2222:3333::/48
109
110# This option specifies a file which contains a list of basic POSIX regular
111# expressions. Addresses (sent to or from - see below) matching these regexes
112# will not be scanned. Optionally each line can start with the string "From:"
113# or "To:" (note: no whitespace after the colon) indicating if it is,
114# respectively, the sender or recipient that is to be whitelisted.
115# If the field is missing, "To:" is assumed.
116# Lines starting with #, : or ! are ignored.
117#
118# Default unset (no exclusion applied)
119#Whitelist /etc/whitelisted_addresses
120
121# Messages from authenticated SMTP users matching this extended POSIX
122# regular expression (egrep-like) will not be scanned.
123# As an alternative, a file containing a plain (not regex) list of names (one
124# per line) can be specified using the prefix "file:".
125# e.g. SkipAuthenticated file:/etc/good_guys
126#
127# Note: this is the AUTH login name!
128#
129# Default: unset (no whitelisting based on SMTP auth)
130#SkipAuthenticated ^(tom|dick|henry)$
131
132# Messages larger than this value won't be scanned.
133# Make sure this value is lower or equal than StreamMaxLength in clamd.conf
134#
135# Default: 25M
136#MaxFileSize 10M
137
138
139##
140## Actions
141##
142
143# The following group of options controls the delievery process under
144# different circumstances.
145# The following actions are available:
146# - Accept
147# The message is accepted for delievery
148# - Reject
149# Immediately refuse delievery (a 5xx error is returned to the peer)
150# - Defer
151# Return a temporary failure message (4xx) to the peer
152# - Blackhole (not available for OnFail)
153# Like Accept but the message is sent to oblivion
154# - Quarantine (not available for OnFail)
155# Like Accept but message is quarantined instead of being delivered
156#
157# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ
158# For Postfix this causes the message to be placed on hold
159#
160# Action to be performed on clean messages (mostly useful for testing)
161# Default: Accept
162#OnClean Accept
163
164# Action to be performed on infected messages
165# Default: Quarantine
166#OnInfected Quarantine
167
168# Action to be performed on error conditions (this includes failure to
169# allocate data structures, no scanners available, network timeouts,
170# unknown scanner replies and the like)
171# Default: Defer
172#OnFail Defer
173
174# This option allows to set a specific rejection reason for infected messages
175# and it's therefore only useful together with "OnInfected Reject"
176# The string "%v", if present, will be replaced with the virus name.
177# Default: MTA specific
178#RejectMsg
179
180# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an
181# "X-Virus-Status" headers will be attached to each processed message, possibly
182# replacing existing headers.
183# If it is set to Add, the X-Virus headers are added possibly on top of the
184# existing ones.
185# Note that while "Replace" can potentially break DKIM signatures, "Add" may
186# confuse procmail and similar filters.
187# Default: no
188#AddHeader Replace
189
190# When AddHeader is in use, this option allows to arbitrary set the reported
191# hostname. This may be desirable in order to avoid leaking internal names.
192# If unset the real machine name is used.
193# Default: disabled
194#ReportHostname my.mail.server.name
195
196# Execute a command (possibly searching PATH) when an infected message is found.
197# The following parameters are passed to the invoked program in this order:
198# virus name, queue id, sender, destination, subject, message id, message date.
199# Note #1: this requires MTA macroes to be available (see LogInfected below)
200# Note #2: the process is invoked in the context of clamav-milter
201# Note #3: clamav-milter will wait for the process to exit. Be quick or fork to
202# avoid unnecessary delays in email delievery
203# Default: disabled
204#VirusAction /usr/local/bin/my_infected_message_handler
205
206##
207## Logging options
208##
209
210# Uncomment this option to enable logging.
211# LogFile must be writable for the user running daemon.
212# A full path is required.
213#
214# Default: disabled
215#LogFile /var/log/clamav/clamav-milter.log
216
217# By default the log file is locked for writing - the lock protects against
218# running clamav-milter multiple times.
219# This option disables log file locking.
220#
221# Default: no
222#LogFileUnlock yes
223
224# Maximum size of the log file.
225# Value of 0 disables the limit.
226# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
227# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
228# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
229# rotation (the LogRotate option) will always be enabled.
230#
231# Default: 1M
232#LogFileMaxSize 2M
233
234# Log time with each message.
235#
236# Default: no
237#LogTime yes
238
239# Use system logger (can work together with LogFile).
240#
241# Default: no
242#LogSyslog yes
243
244# Specify the type of syslog messages - please refer to 'man syslog'
245# for facility names.
246#
247# Default: LOG_LOCAL6
248#LogFacility LOG_MAIL
249
250# Enable verbose logging.
251#
252# Default: no
253#LogVerbose yes
254
255# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
256# Default: no
257#LogRotate yes
258
259# This option allows to tune what is logged when a message is infected.
260# Possible values are Off (the default - nothing is logged),
261# Basic (minimal info logged), Full (verbose info logged)
262# Note:
263# For this to work properly in sendmail, make sure the msg_id, mail_addr,
264# rcpt_addr and i macroes are available in eom. In other words add a line like:
265# Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i
266# to your .cf file. Alternatively use the macro:
267# define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
268# Postfix should be working fine with the default settings.
269#
270# Default: disabled
271#LogInfected Basic
272
273# This option allows to tune what is logged when no threat is found in a scanned message.
274# See LogInfected for possible values and caveats.
275# Useful in debugging but drastically increases the log size.
276# Default: disabled
277#LogClean Basic
278
279# This option affects the behaviour of LogInfected, LogClean and VirusAction
280# when a message with multiple recipients is scanned:
281# If SupportMultipleRecipients is off (the default)
282# then one single log entry is generated for the message and, in case the
283# message is determined to be malicious, the command indicated by VirusAction
284# is executed just once. In both cases only the last recipient is reported.
285# If SupportMultipleRecipients is on:
286# then one line is logged for each recipient and the command indicated
287# by VirusAction is also executed once for each recipient.
288#
289# Note: although it's probably a good idea to enable this option, the default value
290# is currently set to off for legacy reasons.
291# Default: no
292#SupportMultipleRecipients yes
293
diff --git a/recipes-security/clamav/files/clamav.service b/recipes-security/clamav/files/clamav.service
deleted file mode 100644
index f13191f..0000000
--- a/recipes-security/clamav/files/clamav.service
+++ /dev/null
@@ -1,17 +0,0 @@
1[Unit]
2Description=Clam AntiVirus userspace daemon
3Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
4Requires=clamav-daemon.socket
5# Check for database existence
6ConditionPathExistsGlob=/usr/share/clamav/main.{c[vl]d,inc}
7ConditionPathExistsGlob=/usr/share/clamav/daily.{c[vl]d,inc}
8
9[Service]
10ExecStart=/usr/sbin/clamd --foreground=true
11# Reload the database
12ExecReload=/bin/kill -USR2 $MAINPID
13StandardOutput=syslog
14
15[Install]
16WantedBy=multi-user.target
17Also=clamav-daemon.socket
diff --git a/recipes-security/clamav/files/clamd.conf b/recipes-security/clamav/files/clamd.conf
deleted file mode 100644
index 0457785..0000000
--- a/recipes-security/clamav/files/clamd.conf
+++ /dev/null
@@ -1,595 +0,0 @@
1# Uncomment this option to enable logging.
2# LogFile must be writable for the user running daemon.
3# A full path is required.
4# Default: disabled
5LogFile /tmp/clamd.log
6
7# By default the log file is locked for writing - the lock protects against
8# running clamd multiple times (if want to run another clamd, please
9# copy the configuration file, change the LogFile variable, and run
10# the daemon with --config-file option).
11# This option disables log file locking.
12# Default: no
13LogFileUnlock yes
14
15# Maximum size of the log file.
16# Value of 0 disables the limit.
17# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
18# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
19# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
20# rotation (the LogRotate option) will always be enabled.
21# Default: 1M
22LogFileMaxSize 2M
23
24# Log time with each message.
25# Default: no
26LogTime yes
27
28# Also log clean files. Useful in debugging but drastically increases the
29# log size.
30# Default: no
31#LogClean yes
32
33# Use system logger (can work together with LogFile).
34# Default: no
35#LogSyslog yes
36
37# Specify the type of syslog messages - please refer to 'man syslog'
38# for facility names.
39# Default: LOG_LOCAL6
40#LogFacility LOG_MAIL
41
42# Enable verbose logging.
43# Default: no
44#LogVerbose yes
45
46# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
47# Default: no
48#LogRotate yes
49
50# Log additional information about the infected file, such as its
51# size and hash, together with the virus name.
52ExtendedDetectionInfo yes
53
54# This option allows you to save a process identifier of the listening
55# daemon (main thread).
56# Default: disabled
57PidFile /var/run/clamd.pid
58
59# Optional path to the global temporary directory.
60# Default: system specific (usually /tmp or /var/tmp).
61TemporaryDirectory /var/tmp
62
63# Path to the database directory.
64# Default: hardcoded (depends on installation options)
65DatabaseDirectory /var/lib/clamav
66
67# Only load the official signatures published by the ClamAV project.
68# Default: no
69#OfficialDatabaseOnly no
70
71# The daemon can work in local mode, network mode or both.
72# Due to security reasons we recommend the local mode.
73
74# Path to a local socket file the daemon will listen on.
75# Default: disabled (must be specified by a user)
76LocalSocket /tmp/clamd.socket
77
78# Sets the group ownership on the unix socket.
79# Default: disabled (the primary group of the user running clamd)
80#LocalSocketGroup virusgroup
81
82# Sets the permissions on the unix socket to the specified mode.
83# Default: disabled (socket is world accessible)
84#LocalSocketMode 660
85
86# Remove stale socket after unclean shutdown.
87# Default: yes
88#FixStaleSocket yes
89
90# TCP port address.
91# Default: no
92#TCPSocket 3310
93
94# TCP address.
95# By default we bind to INADDR_ANY, probably not wise.
96# Enable the following to provide some degree of protection
97# from the outside world. This option can be specified multiple
98# times if you want to listen on multiple IPs. IPv6 is now supported.
99# Default: no
100#TCPAddr 127.0.0.1
101
102# Maximum length the queue of pending connections may grow to.
103# Default: 200
104#MaxConnectionQueueLength 30
105
106# Clamd uses FTP-like protocol to receive data from remote clients.
107# If you are using clamav-milter to balance load between remote clamd daemons
108# on firewall servers you may need to tune the options below.
109
110# Close the connection when the data size limit is exceeded.
111# The value should match your MTA's limit for a maximum attachment size.
112# Default: 25M
113#StreamMaxLength 10M
114
115# Limit port range.
116# Default: 1024
117#StreamMinPort 30000
118# Default: 2048
119#StreamMaxPort 32000
120
121# Maximum number of threads running at the same time.
122# Default: 10
123#MaxThreads 20
124
125# Waiting for data from a client socket will timeout after this time (seconds).
126# Default: 120
127#ReadTimeout 300
128
129# This option specifies the time (in seconds) after which clamd should
130# timeout if a client doesn't provide any initial command after connecting.
131# Default: 5
132#CommandReadTimeout 5
133
134# This option specifies how long to wait (in miliseconds) if the send buffer is full.
135# Keep this value low to prevent clamd hanging
136#
137# Default: 500
138#SendBufTimeout 200
139
140# Maximum number of queued items (including those being processed by MaxThreads threads)
141# It is recommended to have this value at least twice MaxThreads if possible.
142# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
143# the following condition should hold:
144# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
145#
146# Default: 100
147#MaxQueue 200
148
149# Waiting for a new job will timeout after this time (seconds).
150# Default: 30
151#IdleTimeout 60
152
153# Don't scan files and directories matching regex
154# This directive can be used multiple times
155# Default: scan all
156#ExcludePath ^/proc/
157#ExcludePath ^/sys/
158
159# Maximum depth directories are scanned at.
160# Default: 15
161#MaxDirectoryRecursion 20
162
163# Follow directory symlinks.
164# Default: no
165#FollowDirectorySymlinks yes
166
167# Follow regular file symlinks.
168# Default: no
169#FollowFileSymlinks yes
170
171# Scan files and directories on other filesystems.
172# Default: yes
173#CrossFilesystems yes
174
175# Perform a database check.
176# Default: 600 (10 min)
177#SelfCheck 600
178
179# Execute a command when virus is found. In the command string %v will
180# be replaced with the virus name.
181# Default: no
182#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
183
184# Run as another user (clamd must be started by root for this option to work)
185# Default: don't drop privileges
186User clamav
187
188# Initialize supplementary group access (clamd must be started by root).
189# Default: no
190#AllowSupplementaryGroups no
191
192# Stop daemon when libclamav reports out of memory condition.
193#ExitOnOOM yes
194
195# Don't fork into background.
196# Default: no
197#Foreground yes
198
199# Enable debug messages in libclamav.
200# Default: no
201#Debug yes
202
203# Do not remove temporary files (for debug purposes).
204# Default: no
205#LeaveTemporaryFiles yes
206
207# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
208# any ALLMATCHSCAN command as invalid.
209# Default: yes
210#AllowAllMatchScan no
211
212# Detect Possibly Unwanted Applications.
213# Default: no
214#DetectPUA yes
215
216# Exclude a specific PUA category. This directive can be used multiple times.
217# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
218# the complete list of PUA categories.
219# Default: Load all categories (if DetectPUA is activated)
220#ExcludePUA NetTool
221#ExcludePUA PWTool
222
223# Only include a specific PUA category. This directive can be used multiple
224# times.
225# Default: Load all categories (if DetectPUA is activated)
226#IncludePUA Spy
227#IncludePUA Scanner
228#IncludePUA RAT
229
230# In some cases (eg. complex malware, exploits in graphic files, and others),
231# ClamAV uses special algorithms to provide accurate detection. This option
232# controls the algorithmic detection.
233# Default: yes
234#AlgorithmicDetection yes
235
236# This option causes memory or nested map scans to dump the content to disk.
237# If you turn on this option, more data is written to disk and is available
238# when the LeaveTemporaryFiles option is enabled.
239#ForceToDisk yes
240
241# This option allows you to disable the caching feature of the engine. By
242# default, the engine will store an MD5 in a cache of any files that are
243# not flagged as virus or that hit limits checks. Disabling the cache will
244# have a negative performance impact on large scans.
245# Default: no
246#DisableCache yes
247
248##
249## Executable files
250##
251
252# PE stands for Portable Executable - it's an executable file format used
253# in all 32 and 64-bit versions of Windows operating systems. This option allows
254# ClamAV to perform a deeper analysis of executable files and it's also
255# required for decompression of popular executable packers such as UPX, FSG,
256# and Petite. If you turn off this option, the original files will still be
257# scanned, but without additional processing.
258# Default: yes
259#ScanPE yes
260
261# Certain PE files contain an authenticode signature. By default, we check
262# the signature chain in the PE file against a database of trusted and
263# revoked certificates if the file being scanned is marked as a virus.
264# If any certificate in the chain validates against any trusted root, but
265# does not match any revoked certificate, the file is marked as whitelisted.
266# If the file does match a revoked certificate, the file is marked as virus.
267# The following setting completely turns off authenticode verification.
268# Default: no
269#DisableCertCheck yes
270
271# Executable and Linking Format is a standard format for UN*X executables.
272# This option allows you to control the scanning of ELF files.
273# If you turn off this option, the original files will still be scanned, but
274# without additional processing.
275# Default: yes
276#ScanELF yes
277
278# With this option clamav will try to detect broken executables (both PE and
279# ELF) and mark them as Broken.Executable.
280# Default: no
281#DetectBrokenExecutables yes
282
283
284##
285## Documents
286##
287
288# This option enables scanning of OLE2 files, such as Microsoft Office
289# documents and .msi files.
290# If you turn off this option, the original files will still be scanned, but
291# without additional processing.
292# Default: yes
293#ScanOLE2 yes
294
295# With this option enabled OLE2 files with VBA macros, which were not
296# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
297# Default: no
298#OLE2BlockMacros no
299
300# This option enables scanning within PDF files.
301# If you turn off this option, the original files will still be scanned, but
302# without decoding and additional processing.
303# Default: yes
304#ScanPDF yes
305
306# This option enables scanning within SWF files.
307# If you turn off this option, the original files will still be scanned, but
308# without decoding and additional processing.
309# Default: yes
310#ScanSWF yes
311
312
313##
314## Mail files
315##
316
317# Enable internal e-mail scanner.
318# If you turn off this option, the original files will still be scanned, but
319# without parsing individual messages/attachments.
320# Default: yes
321#ScanMail yes
322
323# Scan RFC1341 messages split over many emails.
324# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
325# WARNING: This option may open your system to a DoS attack.
326# Never use it on loaded servers.
327# Default: no
328#ScanPartialMessages yes
329
330# With this option enabled ClamAV will try to detect phishing attempts by using
331# signatures.
332# Default: yes
333#PhishingSignatures yes
334
335# Scan URLs found in mails for phishing attempts using heuristics.
336# Default: yes
337#PhishingScanURLs yes
338
339# Always block SSL mismatches in URLs, even if the URL isn't in the database.
340# This can lead to false positives.
341#
342# Default: no
343#PhishingAlwaysBlockSSLMismatch no
344
345# Always block cloaked URLs, even if URL isn't in database.
346# This can lead to false positives.
347#
348# Default: no
349#PhishingAlwaysBlockCloak no
350
351# Detect partition intersections in raw disk images using heuristics.
352# Default: no
353#PartitionIntersection no
354
355# Allow heuristic match to take precedence.
356# When enabled, if a heuristic scan (such as phishingScan) detects
357# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
358# scan-time.
359# When disabled, virus/phish detected by heuristic scans will be reported only at
360# the end of a scan. If an archive contains both a heuristically detected
361# virus/phish, and a real malware, the real malware will be reported
362#
363# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
364# differently from "real" malware.
365# If a non-heuristically-detected virus (signature-based) is found first,
366# the scan is interrupted immediately, regardless of this config option.
367#
368# Default: no
369#HeuristicScanPrecedence yes
370
371
372##
373## Data Loss Prevention (DLP)
374##
375
376# Enable the DLP module
377# Default: No
378#StructuredDataDetection yes
379
380# This option sets the lowest number of Credit Card numbers found in a file
381# to generate a detect.
382# Default: 3
383#StructuredMinCreditCardCount 5
384
385# This option sets the lowest number of Social Security Numbers found
386# in a file to generate a detect.
387# Default: 3
388#StructuredMinSSNCount 5
389
390# With this option enabled the DLP module will search for valid
391# SSNs formatted as xxx-yy-zzzz
392# Default: yes
393#StructuredSSNFormatNormal yes
394
395# With this option enabled the DLP module will search for valid
396# SSNs formatted as xxxyyzzzz
397# Default: no
398#StructuredSSNFormatStripped yes
399
400
401##
402## HTML
403##
404
405# Perform HTML normalisation and decryption of MS Script Encoder code.
406# Default: yes
407# If you turn off this option, the original files will still be scanned, but
408# without additional processing.
409#ScanHTML yes
410
411
412##
413## Archives
414##
415
416# ClamAV can scan within archives and compressed files.
417# If you turn off this option, the original files will still be scanned, but
418# without unpacking and additional processing.
419# Default: yes
420#ScanArchive yes
421
422# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
423# Default: no
424#ArchiveBlockEncrypted no
425
426
427##
428## Limits
429##
430
431# The options below protect your system against Denial of Service attacks
432# using archive bombs.
433
434# This option sets the maximum amount of data to be scanned for each input file.
435# Archives and other containers are recursively extracted and scanned up to this
436# value.
437# Value of 0 disables the limit
438# Note: disabling this limit or setting it too high may result in severe damage
439# to the system.
440# Default: 100M
441#MaxScanSize 150M
442
443# Files larger than this limit won't be scanned. Affects the input file itself
444# as well as files contained inside it (when the input file is an archive, a
445# document or some other kind of container).
446# Value of 0 disables the limit.
447# Note: disabling this limit or setting it too high may result in severe damage
448# to the system.
449# Default: 25M
450#MaxFileSize 30M
451
452# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
453# file, all files within it will also be scanned. This options specifies how
454# deeply the process should be continued.
455# Note: setting this limit too high may result in severe damage to the system.
456# Default: 16
457#MaxRecursion 10
458
459# Number of files to be scanned within an archive, a document, or any other
460# container file.
461# Value of 0 disables the limit.
462# Note: disabling this limit or setting it too high may result in severe damage
463# to the system.
464# Default: 10000
465#MaxFiles 15000
466
467# Maximum size of a file to check for embedded PE. Files larger than this value
468# will skip the additional analysis step.
469# Note: disabling this limit or setting it too high may result in severe damage
470# to the system.
471# Default: 10M
472#MaxEmbeddedPE 10M
473
474# Maximum size of a HTML file to normalize. HTML files larger than this value
475# will not be normalized or scanned.
476# Note: disabling this limit or setting it too high may result in severe damage
477# to the system.
478# Default: 10M
479#MaxHTMLNormalize 10M
480
481# Maximum size of a normalized HTML file to scan. HTML files larger than this
482# value after normalization will not be scanned.
483# Note: disabling this limit or setting it too high may result in severe damage
484# to the system.
485# Default: 2M
486#MaxHTMLNoTags 2M
487
488# Maximum size of a script file to normalize. Script content larger than this
489# value will not be normalized or scanned.
490# Note: disabling this limit or setting it too high may result in severe damage
491# to the system.
492# Default: 5M
493#MaxScriptNormalize 5M
494
495# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
496# than this value will skip the step to potentially reanalyze as PE.
497# Note: disabling this limit or setting it too high may result in severe damage
498# to the system.
499# Default: 1M
500#MaxZipTypeRcg 1M
501
502# This option sets the maximum number of partitions of a raw disk image to be scanned.
503# Raw disk images with more partitions than this value will have up to the value number
504# partitions scanned. Negative values are not allowed.
505# Note: setting this limit too high may result in severe damage or impact performance.
506# Default: 50
507#MaxPartitions 128
508
509# This option sets the maximum number of icons within a PE to be scanned.
510# PE files with more icons than this value will have up to the value number icons scanned.
511# Negative values are not allowed.
512# WARNING: setting this limit too high may result in severe damage or impact performance.
513# Default: 100
514#MaxIconsPE 200
515
516##
517## On-access Scan Settings
518##
519
520# Enable on-access scanning. Currently, this is supported via fanotify.
521# Clamuko/Dazuko support has been deprecated.
522# Default: no
523#ScanOnAccess yes
524
525# Don't scan files larger than OnAccessMaxFileSize
526# Value of 0 disables the limit.
527# Default: 5M
528#OnAccessMaxFileSize 10M
529
530# Set the include paths (all files inside them will be scanned). You can have
531# multiple OnAccessIncludePath directives but each directory must be added
532# in a separate line. (On-access scan only)
533# Default: disabled
534#OnAccessIncludePath /home
535#OnAccessIncludePath /students
536
537# Set the exclude paths. All subdirectories are also excluded.
538# (On-access scan only)
539# Default: disabled
540#OnAccessExcludePath /home/bofh
541
542# With this option you can whitelist specific UIDs. Processes with these UIDs
543# will be able to access all files.
544# This option can be used multiple times (one per line).
545# Default: disabled
546#OnAccessExcludeUID 0
547
548
549##
550## Bytecode
551##
552
553# With this option enabled ClamAV will load bytecode from the database.
554# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
555# Default: yes
556#Bytecode yes
557
558# Set bytecode security level.
559# Possible values:
560# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
561# This value is only available if clamav was built with --enable-debug!
562# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
563# insert runtime safety checks for bytecode loaded from other sources
564# Paranoid - don't trust any bytecode, insert runtime checks for all
565# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
566# Note that by default only signed bytecode is loaded, currently you can only
567# load unsigned bytecode in --enable-debug mode.
568#
569# Default: TrustSigned
570#BytecodeSecurity TrustSigned
571
572# Set bytecode timeout in miliseconds.
573#
574# Default: 5000
575# BytecodeTimeout 1000
576
577##
578## Statistics gathering and submitting
579##
580
581# Enable statistical reporting.
582# Default: no
583#StatsEnabled yes
584
585# Disable submission of individual PE sections for files flagged as malware.
586# Default: no
587#StatsPEDisabled yes
588
589# HostID in the form of an UUID to use when submitting statistical information.
590# Default: auto
591#StatsHostID auto
592
593# Time in seconds to wait for the stats server to come back with a response
594# Default: 10
595#StatsTimeout 10
diff --git a/recipes-security/clamav/files/freshclam-native.conf b/recipes-security/clamav/files/freshclam-native.conf
deleted file mode 100644
index aaa8cf4..0000000
--- a/recipes-security/clamav/files/freshclam-native.conf
+++ /dev/null
@@ -1,224 +0,0 @@
1# Path to the database directory.
2# WARNING: It must match clamd.conf's directive!
3# Default: hardcoded (depends on installation options)
4#DatabaseDirectory /var/lib/clamav
5
6# Path to the log file (make sure it has proper permissions)
7# Default: disabled
8#UpdateLogFile /var/log/clamav/freshclam.log
9
10# Maximum size of the log file.
11# Value of 0 disables the limit.
12# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
13# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
14# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
15# log rotation (the LogRotate option) will always be enabled.
16# Default: 1M
17LogFileMaxSize 2M
18
19# Log time with each message.
20# Default: no
21LogTime yes
22
23# Enable verbose logging.
24# Default: no
25#LogVerbose yes
26
27# Use system logger (can work together with UpdateLogFile).
28# Default: no
29#LogSyslog yes
30
31# Specify the type of syslog messages - please refer to 'man syslog'
32# for facility names.
33# Default: LOG_LOCAL6
34#LogFacility LOG_MAIL
35
36# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
37# Default: no
38#LogRotate yes
39
40# This option allows you to save the process identifier of the daemon
41# Default: disabled
42#PidFile /var/run/freshclam.pid
43
44# By default when started freshclam drops privileges and switches to the
45# "clamav" user. This directive allows you to change the database owner.
46# Default: clamav (may depend on installation options)
47DatabaseOwner clamav
48
49# Initialize supplementary group access (freshclam must be started by root).
50# Default: no
51#AllowSupplementaryGroups yes
52
53# Use DNS to verify virus database version. Freshclam uses DNS TXT records
54# to verify database and software versions. With this directive you can change
55# the database verification domain.
56# WARNING: Do not touch it unless you're configuring freshclam to use your
57# own database verification domain.
58# Default: current.cvd.clamav.net
59#DNSDatabaseInfo current.cvd.clamav.net
60
61# Uncomment the following line and replace XY with your country
62# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
63# You can use db.XY.ipv6.clamav.net for IPv6 connections.
64#DatabaseMirror db.XY.clamav.net
65
66# database.clamav.net is a round-robin record which points to our most
67# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
68# not working. DO NOT TOUCH the following line unless you know what you
69# are doing.
70DatabaseMirror database.clamav.net
71
72# How many attempts to make before giving up.
73# Default: 3 (per mirror)
74#MaxAttempts 5
75
76# With this option you can control scripted updates. It's highly recommended
77# to keep it enabled.
78# Default: yes
79#ScriptedUpdates yes
80
81# By default freshclam will keep the local databases (.cld) uncompressed to
82# make their handling faster. With this option you can enable the compression;
83# the change will take effect with the next database update.
84# Default: no
85#CompressLocalDatabase no
86
87# With this option you can provide custom sources (http:// or file://) for
88# database files. This option can be used multiple times.
89# Default: no custom URLs
90#DatabaseCustomURL http://myserver.com/mysigs.ndb
91#DatabaseCustomURL file:///mnt/nfs/local.hdb
92
93# This option allows you to easily point freshclam to private mirrors.
94# If PrivateMirror is set, freshclam does not attempt to use DNS
95# to determine whether its databases are out-of-date, instead it will
96# use the If-Modified-Since request or directly check the headers of the
97# remote database files. For each database, freshclam first attempts
98# to download the CLD file. If that fails, it tries to download the
99# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
100# and ScriptedUpdates. It can be used multiple times to provide
101# fall-back mirrors.
102# Default: disabled
103#PrivateMirror mirror1.mynetwork.com
104#PrivateMirror mirror2.mynetwork.com
105
106# Number of database checks per day.
107# Default: 12 (every two hours)
108#Checks 24
109
110# Proxy settings
111# Default: disabled
112#HTTPProxyServer myproxy.com
113#HTTPProxyPort 1234
114#HTTPProxyUsername myusername
115#HTTPProxyPassword mypass
116
117# If your servers are behind a firewall/proxy which applies User-Agent
118# filtering you can use this option to force the use of a different
119# User-Agent header.
120# Default: clamav/version_number
121#HTTPUserAgent SomeUserAgentIdString
122
123# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
124# multi-homed systems.
125# Default: Use OS'es default outgoing IP address.
126#LocalIPAddress aaa.bbb.ccc.ddd
127
128# Send the RELOAD command to clamd.
129# Default: no
130#NotifyClamd /path/to/clamd.conf
131
132# Run command after successful database update.
133# Default: disabled
134#OnUpdateExecute command
135
136# Run command when database update process fails.
137# Default: disabled
138#OnErrorExecute command
139
140# Run command when freshclam reports outdated version.
141# In the command string %v will be replaced by the new version number.
142# Default: disabled
143#OnOutdatedExecute command
144
145# Don't fork into background.
146# Default: no
147#Foreground yes
148
149# Enable debug messages in libclamav.
150# Default: no
151#Debug yes
152
153# Timeout in seconds when connecting to database server.
154# Default: 30
155#ConnectTimeout 60
156
157# Timeout in seconds when reading from database server.
158# Default: 30
159#ReceiveTimeout 60
160
161# With this option enabled, freshclam will attempt to load new
162# databases into memory to make sure they are properly handled
163# by libclamav before replacing the old ones.
164# Default: yes
165#TestDatabases yes
166
167# When enabled freshclam will submit statistics to the ClamAV Project about
168# the latest virus detections in your environment. The ClamAV maintainers
169# will then use this data to determine what types of malware are the most
170# detected in the field and in what geographic area they are.
171# Freshclam will connect to clamd in order to get recent statistics.
172# Default: no
173#SubmitDetectionStats /path/to/clamd.conf
174
175# Country of origin of malware/detection statistics (for statistical
176# purposes only). The statistics collector at ClamAV.net will look up
177# your IP address to determine the geographical origin of the malware
178# reported by your installation. If this installation is mainly used to
179# scan data which comes from a different location, please enable this
180# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
181# of the country of origin.
182# Default: disabled
183#DetectionStatsCountry country-code
184
185# This option enables support for our "Personal Statistics" service.
186# When this option is enabled, the information on malware detected by
187# your clamd installation is made available to you through our website.
188# To get your HostID, log on http://www.stats.clamav.net and add a new
189# host to your host list. Once you have the HostID, uncomment this option
190# and paste the HostID here. As soon as your freshclam starts submitting
191# information to our stats collecting service, you will be able to view
192# the statistics of this clamd installation by logging into
193# http://www.stats.clamav.net with the same credentials you used to
194# generate the HostID. For more information refer to:
195# http://www.clamav.net/documentation.html#cctts
196# This feature requires SubmitDetectionStats to be enabled.
197# Default: disabled
198#DetectionStatsHostID unique-id
199
200# This option enables support for Google Safe Browsing. When activated for
201# the first time, freshclam will download a new database file (safebrowsing.cvd)
202# which will be automatically loaded by clamd and clamscan during the next
203# reload, provided that the heuristic phishing detection is turned on. This
204# database includes information about websites that may be phishing sites or
205# possible sources of malware. When using this option, it's mandatory to run
206# freshclam at least every 30 minutes.
207# Freshclam uses the ClamAV's mirror infrastructure to distribute the
208# database and its updates but all the contents are provided under Google's
209# terms of use. See http://www.google.com/transparencyreport/safebrowsing
210# and http://www.clamav.net/documentation.html#safebrowsing
211# for more information.
212# Default: disabled
213#SafeBrowsing yes
214
215# This option enables downloading of bytecode.cvd, which includes additional
216# detection mechanisms and improvements to the ClamAV engine.
217# Default: enabled
218#Bytecode yes
219
220# Download an additional 3rd party signature database distributed through
221# the ClamAV mirrors.
222# This option can be used multiple times.
223#ExtraDatabase dbname1
224#ExtraDatabase dbname2
diff --git a/recipes-security/clamav/files/freshclam.conf b/recipes-security/clamav/files/freshclam.conf
deleted file mode 100644
index 100724f..0000000
--- a/recipes-security/clamav/files/freshclam.conf
+++ /dev/null
@@ -1,224 +0,0 @@
1# Path to the database directory.
2# WARNING: It must match clamd.conf's directive!
3# Default: hardcoded (depends on installation options)
4DatabaseDirectory /var/lib/clamav
5
6# Path to the log file (make sure it has proper permissions)
7# Default: disabled
8UpdateLogFile /var/log/clamav/freshclam.log
9
10# Maximum size of the log file.
11# Value of 0 disables the limit.
12# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
13# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
14# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
15# log rotation (the LogRotate option) will always be enabled.
16# Default: 1M
17LogFileMaxSize 2M
18
19# Log time with each message.
20# Default: no
21LogTime yes
22
23# Enable verbose logging.
24# Default: no
25#LogVerbose yes
26
27# Use system logger (can work together with UpdateLogFile).
28# Default: no
29#LogSyslog yes
30
31# Specify the type of syslog messages - please refer to 'man syslog'
32# for facility names.
33# Default: LOG_LOCAL6
34#LogFacility LOG_MAIL
35
36# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
37# Default: no
38#LogRotate yes
39
40# This option allows you to save the process identifier of the daemon
41# Default: disabled
42PidFile /var/run/freshclam.pid
43
44# By default when started freshclam drops privileges and switches to the
45# "clamav" user. This directive allows you to change the database owner.
46# Default: clamav (may depend on installation options)
47DatabaseOwner clamav
48
49# Initialize supplementary group access (freshclam must be started by root).
50# Default: no
51#AllowSupplementaryGroups yes
52
53# Use DNS to verify virus database version. Freshclam uses DNS TXT records
54# to verify database and software versions. With this directive you can change
55# the database verification domain.
56# WARNING: Do not touch it unless you're configuring freshclam to use your
57# own database verification domain.
58# Default: current.cvd.clamav.net
59#DNSDatabaseInfo current.cvd.clamav.net
60
61# Uncomment the following line and replace XY with your country
62# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
63# You can use db.XY.ipv6.clamav.net for IPv6 connections.
64#DatabaseMirror db.XY.clamav.net
65
66# database.clamav.net is a round-robin record which points to our most
67# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
68# not working. DO NOT TOUCH the following line unless you know what you
69# are doing.
70DatabaseMirror database.clamav.net
71
72# How many attempts to make before giving up.
73# Default: 3 (per mirror)
74#MaxAttempts 5
75
76# With this option you can control scripted updates. It's highly recommended
77# to keep it enabled.
78# Default: yes
79#ScriptedUpdates yes
80
81# By default freshclam will keep the local databases (.cld) uncompressed to
82# make their handling faster. With this option you can enable the compression;
83# the change will take effect with the next database update.
84# Default: no
85#CompressLocalDatabase no
86
87# With this option you can provide custom sources (http:// or file://) for
88# database files. This option can be used multiple times.
89# Default: no custom URLs
90#DatabaseCustomURL http://myserver.com/mysigs.ndb
91#DatabaseCustomURL file:///mnt/nfs/local.hdb
92
93# This option allows you to easily point freshclam to private mirrors.
94# If PrivateMirror is set, freshclam does not attempt to use DNS
95# to determine whether its databases are out-of-date, instead it will
96# use the If-Modified-Since request or directly check the headers of the
97# remote database files. For each database, freshclam first attempts
98# to download the CLD file. If that fails, it tries to download the
99# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
100# and ScriptedUpdates. It can be used multiple times to provide
101# fall-back mirrors.
102# Default: disabled
103#PrivateMirror mirror1.mynetwork.com
104#PrivateMirror mirror2.mynetwork.com
105
106# Number of database checks per day.
107# Default: 12 (every two hours)
108#Checks 24
109
110# Proxy settings
111# Default: disabled
112#HTTPProxyServer myproxy.com
113#HTTPProxyPort 1234
114#HTTPProxyUsername myusername
115#HTTPProxyPassword mypass
116
117# If your servers are behind a firewall/proxy which applies User-Agent
118# filtering you can use this option to force the use of a different
119# User-Agent header.
120# Default: clamav/version_number
121#HTTPUserAgent SomeUserAgentIdString
122
123# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
124# multi-homed systems.
125# Default: Use OS'es default outgoing IP address.
126#LocalIPAddress aaa.bbb.ccc.ddd
127
128# Send the RELOAD command to clamd.
129# Default: no
130#NotifyClamd /path/to/clamd.conf
131
132# Run command after successful database update.
133# Default: disabled
134#OnUpdateExecute command
135
136# Run command when database update process fails.
137# Default: disabled
138#OnErrorExecute command
139
140# Run command when freshclam reports outdated version.
141# In the command string %v will be replaced by the new version number.
142# Default: disabled
143#OnOutdatedExecute command
144
145# Don't fork into background.
146# Default: no
147#Foreground yes
148
149# Enable debug messages in libclamav.
150# Default: no
151#Debug yes
152
153# Timeout in seconds when connecting to database server.
154# Default: 30
155#ConnectTimeout 60
156
157# Timeout in seconds when reading from database server.
158# Default: 30
159#ReceiveTimeout 60
160
161# With this option enabled, freshclam will attempt to load new
162# databases into memory to make sure they are properly handled
163# by libclamav before replacing the old ones.
164# Default: yes
165#TestDatabases yes
166
167# When enabled freshclam will submit statistics to the ClamAV Project about
168# the latest virus detections in your environment. The ClamAV maintainers
169# will then use this data to determine what types of malware are the most
170# detected in the field and in what geographic area they are.
171# Freshclam will connect to clamd in order to get recent statistics.
172# Default: no
173#SubmitDetectionStats /path/to/clamd.conf
174
175# Country of origin of malware/detection statistics (for statistical
176# purposes only). The statistics collector at ClamAV.net will look up
177# your IP address to determine the geographical origin of the malware
178# reported by your installation. If this installation is mainly used to
179# scan data which comes from a different location, please enable this
180# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
181# of the country of origin.
182# Default: disabled
183#DetectionStatsCountry country-code
184
185# This option enables support for our "Personal Statistics" service.
186# When this option is enabled, the information on malware detected by
187# your clamd installation is made available to you through our website.
188# To get your HostID, log on http://www.stats.clamav.net and add a new
189# host to your host list. Once you have the HostID, uncomment this option
190# and paste the HostID here. As soon as your freshclam starts submitting
191# information to our stats collecting service, you will be able to view
192# the statistics of this clamd installation by logging into
193# http://www.stats.clamav.net with the same credentials you used to
194# generate the HostID. For more information refer to:
195# http://www.clamav.net/documentation.html#cctts
196# This feature requires SubmitDetectionStats to be enabled.
197# Default: disabled
198#DetectionStatsHostID unique-id
199
200# This option enables support for Google Safe Browsing. When activated for
201# the first time, freshclam will download a new database file (safebrowsing.cvd)
202# which will be automatically loaded by clamd and clamscan during the next
203# reload, provided that the heuristic phishing detection is turned on. This
204# database includes information about websites that may be phishing sites or
205# possible sources of malware. When using this option, it's mandatory to run
206# freshclam at least every 30 minutes.
207# Freshclam uses the ClamAV's mirror infrastructure to distribute the
208# database and its updates but all the contents are provided under Google's
209# terms of use. See http://www.google.com/transparencyreport/safebrowsing
210# and http://www.clamav.net/documentation.html#safebrowsing
211# for more information.
212# Default: disabled
213#SafeBrowsing yes
214
215# This option enables downloading of bytecode.cvd, which includes additional
216# detection mechanisms and improvements to the ClamAV engine.
217# Default: enabled
218#Bytecode yes
219
220# Download an additional 3rd party signature database distributed through
221# the ClamAV mirrors.
222# This option can be used multiple times.
223#ExtraDatabase dbname1
224#ExtraDatabase dbname2
diff --git a/recipes-security/clamav/files/tmpfiles.clamav b/recipes-security/clamav/files/tmpfiles.clamav
deleted file mode 100644
index fd5adfe..0000000
--- a/recipes-security/clamav/files/tmpfiles.clamav
+++ /dev/null
@@ -1,3 +0,0 @@
1#Type Path Mode UID GID Age Argument
2d /var/log/clamav 0755 clamav clamav -
3f /var/log/clamav/freshclam.log 0644 clamav clamav -
diff --git a/recipes-security/clamav/files/volatiles.03_clamav b/recipes-security/clamav/files/volatiles.03_clamav
deleted file mode 100644
index ee2153c..0000000
--- a/recipes-security/clamav/files/volatiles.03_clamav
+++ /dev/null
@@ -1,3 +0,0 @@
1# <type> <owner> <group> <mode> <path> <linksource>
2d clamav clamav 0755 /var/log/clamav none
3f clamav clamav 0655 /var/log/clamav/freshclam.log none