diff options
| author | Armin Kuster <akuster808@gmail.com> | 2020-03-18 02:30:11 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2020-03-27 16:53:25 -0700 |
| commit | e4a2dd0b4a7985c650d976931bb468c32a948dc4 (patch) | |
| tree | e00bbac7d90dbc652e21d52318d7ac5c9312856d /recipes-security | |
| parent | 4447296ca32c1d1835ef05f6e7afcf9c3f61453f (diff) | |
| download | meta-security-e4a2dd0b4a7985c650d976931bb468c32a948dc4.tar.gz | |
clamav: move to recipes-scanners
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
| -rw-r--r-- | recipes-security/clamav/clamav_0.101.5.bb | 169 | ||||
| -rw-r--r-- | recipes-security/clamav/files/clamav-freshclam.service | 12 | ||||
| -rw-r--r-- | recipes-security/clamav/files/clamav-milter.conf.sample | 293 | ||||
| -rw-r--r-- | recipes-security/clamav/files/clamav.service | 17 | ||||
| -rw-r--r-- | recipes-security/clamav/files/clamd.conf | 595 | ||||
| -rw-r--r-- | recipes-security/clamav/files/freshclam-native.conf | 224 | ||||
| -rw-r--r-- | recipes-security/clamav/files/freshclam.conf | 224 | ||||
| -rw-r--r-- | recipes-security/clamav/files/tmpfiles.clamav | 3 | ||||
| -rw-r--r-- | recipes-security/clamav/files/volatiles.03_clamav | 3 |
9 files changed, 0 insertions, 1540 deletions
diff --git a/recipes-security/clamav/clamav_0.101.5.bb b/recipes-security/clamav/clamav_0.101.5.bb deleted file mode 100644 index f4625b1..0000000 --- a/recipes-security/clamav/clamav_0.101.5.bb +++ /dev/null | |||
| @@ -1,169 +0,0 @@ | |||
| 1 | SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface" | ||
| 2 | DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats." | ||
| 3 | HOMEPAGE = "http://www.clamav.net/index.html" | ||
| 4 | SECTION = "security" | ||
| 5 | LICENSE = "LGPL-2.1" | ||
| 6 | |||
| 7 | DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native" | ||
| 8 | DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native" | ||
| 9 | |||
| 10 | LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" | ||
| 11 | |||
| 12 | SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108" | ||
| 13 | |||
| 14 | SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \ | ||
| 15 | file://clamd.conf \ | ||
| 16 | file://freshclam.conf \ | ||
| 17 | file://volatiles.03_clamav \ | ||
| 18 | file://tmpfiles.clamav \ | ||
| 19 | file://${BPN}.service \ | ||
| 20 | file://freshclam-native.conf \ | ||
| 21 | " | ||
| 22 | |||
| 23 | S = "${WORKDIR}/git" | ||
| 24 | |||
| 25 | LEAD_SONAME = "libclamav.so" | ||
| 26 | SO_VER = "9.0.2" | ||
| 27 | |||
| 28 | inherit autotools pkgconfig useradd systemd | ||
| 29 | |||
| 30 | CLAMAV_UID ?= "clamav" | ||
| 31 | CLAMAV_GID ?= "clamav" | ||
| 32 | INSTALL_CLAMAV_CVD ?= "1" | ||
| 33 | |||
| 34 | CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr" | ||
| 35 | CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr" | ||
| 36 | |||
| 37 | PACKAGECONFIG_class-target ?= "ncurses bz2" | ||
| 38 | PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}" | ||
| 39 | PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" | ||
| 40 | |||
| 41 | PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre" | ||
| 42 | PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c," | ||
| 43 | PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" | ||
| 44 | PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2" | ||
| 45 | PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, " | ||
| 46 | PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " | ||
| 47 | |||
| 48 | EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \ | ||
| 49 | --disable-mempool \ | ||
| 50 | --program-prefix="" \ | ||
| 51 | --disable-zlib-vcheck \ | ||
| 52 | --with-xml=${CLAMAV_USR_DIR} \ | ||
| 53 | --with-zlib=${CLAMAV_USR_DIR} \ | ||
| 54 | --with-openssl=${CLAMAV_USR_DIR} \ | ||
| 55 | --with-libcurl=${CLAMAV_USR_DIR} \ | ||
| 56 | --with-system-libmspack=${CLAMAV_USR_DIR} \ | ||
| 57 | --with-iconv=no \ | ||
| 58 | --enable-check=no \ | ||
| 59 | " | ||
| 60 | |||
| 61 | EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}" | ||
| 62 | EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}" | ||
| 63 | |||
| 64 | do_configure () { | ||
| 65 | ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} | ||
| 66 | } | ||
| 67 | |||
| 68 | do_configure_class-native () { | ||
| 69 | ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} | ||
| 70 | } | ||
| 71 | |||
| 72 | do_compile_append_class-target() { | ||
| 73 | if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then | ||
| 74 | bbnote "CLAMAV creating cvd" | ||
| 75 | install -d ${S}/clamav_db | ||
| 76 | ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf | ||
| 77 | fi | ||
| 78 | } | ||
| 79 | |||
| 80 | do_install_append_class-target () { | ||
| 81 | install -d ${D}/${sysconfdir} | ||
| 82 | install -d ${D}/${localstatedir}/lib/clamav | ||
| 83 | install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles | ||
| 84 | |||
| 85 | install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir} | ||
| 86 | install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir} | ||
| 87 | install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav | ||
| 88 | sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc | ||
| 89 | rm ${D}/${libdir}/libclamav.so | ||
| 90 | install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. | ||
| 91 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then | ||
| 92 | install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service | ||
| 93 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
| 94 | install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf | ||
| 95 | fi | ||
| 96 | } | ||
| 97 | |||
| 98 | pkg_postinst_ontarget_${PN} () { | ||
| 99 | if command -v systemd-tmpfiles >/dev/null; then | ||
| 100 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf | ||
| 101 | elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then | ||
| 102 | ${sysconfdir}/init.d/populate-volatile.sh update | ||
| 103 | fi | ||
| 104 | mkdir -p ${localstatedir}/lib/clamav | ||
| 105 | chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav | ||
| 106 | } | ||
| 107 | |||
| 108 | |||
| 109 | PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \ | ||
| 110 | ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" | ||
| 111 | |||
| 112 | FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ | ||
| 113 | ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \ | ||
| 114 | ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \ | ||
| 115 | ${docdir}/clamav/* " | ||
| 116 | |||
| 117 | FILES_${PN}-clamdscan = " ${bindir}/clamdscan \ | ||
| 118 | ${docdir}/clamdscan/* \ | ||
| 119 | ${mandir}/man1/clamdscan* \ | ||
| 120 | " | ||
| 121 | |||
| 122 | FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ | ||
| 123 | ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \ | ||
| 124 | ${mandir}/man5/clamd* ${mandir}/man8/clamd* \ | ||
| 125 | ${sysconfdir}/clamd.conf* \ | ||
| 126 | ${systemd_unitdir}/system/clamav-daemon/* \ | ||
| 127 | ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \ | ||
| 128 | ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon " | ||
| 129 | |||
| 130 | FILES_${PN}-freshclam = "${bindir}/freshclam \ | ||
| 131 | ${sysconfdir}/freshclam.conf* \ | ||
| 132 | ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ | ||
| 133 | ${sysconfdir}/tmpfiles.d/*.conf \ | ||
| 134 | ${localstatedir}/lib/clamav \ | ||
| 135 | ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ | ||
| 136 | ${mandir}/man5/freshclam.conf.* \ | ||
| 137 | ${systemd_unitdir}/system/clamav-freshclam.service" | ||
| 138 | |||
| 139 | FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ | ||
| 140 | ${libdir}/pkgconfig/*.pc \ | ||
| 141 | ${mandir}/man1/clamav-config.* \ | ||
| 142 | ${includedir}/*.h ${docdir}/libclamav* " | ||
| 143 | |||
| 144 | FILES_${PN}-staticdev = "${libdir}/*.a" | ||
| 145 | |||
| 146 | FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\ | ||
| 147 | ${docdir}/libclamav/* " | ||
| 148 | |||
| 149 | FILES_${PN}-doc = "${mandir}/man/* \ | ||
| 150 | ${datadir}/man/* \ | ||
| 151 | ${docdir}/* " | ||
| 152 | |||
| 153 | FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat" | ||
| 154 | |||
| 155 | USERADD_PACKAGES = "${PN}" | ||
| 156 | GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}" | ||
| 157 | USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \ | ||
| 158 | ${localstatedir}/spool/${BPN} \ | ||
| 159 | --no-create-home --shell /bin/false ${BPN}" | ||
| 160 | |||
| 161 | RPROVIDES_${PN} += "${PN}-systemd" | ||
| 162 | RREPLACES_${PN} += "${PN}-systemd" | ||
| 163 | RCONFLICTS_${PN} += "${PN}-systemd" | ||
| 164 | SYSTEMD_SERVICE_${PN} = "${BPN}.service" | ||
| 165 | |||
| 166 | RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav" | ||
| 167 | RDEPENDS_${PN}_class-native = "" | ||
| 168 | |||
| 169 | BBCLASSEXTEND = "native" | ||
diff --git a/recipes-security/clamav/files/clamav-freshclam.service b/recipes-security/clamav/files/clamav-freshclam.service deleted file mode 100644 index 0c909fb..0000000 --- a/recipes-security/clamav/files/clamav-freshclam.service +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=ClamAV virus database updater | ||
| 3 | Documentation=man:freshclam(1) man:freshclam.conf(5) http://www.clamav.net/lang/en/doc/ | ||
| 4 | # If user wants it run from cron, don't start the daemon. | ||
| 5 | ConditionPathExists=!/etc/cron.d/clamav-freshclam | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | ExecStart=/usr/bin/freshclam -d --foreground=true | ||
| 9 | StandardOutput=syslog | ||
| 10 | |||
| 11 | [Install] | ||
| 12 | WantedBy=multi-user.target | ||
diff --git a/recipes-security/clamav/files/clamav-milter.conf.sample b/recipes-security/clamav/files/clamav-milter.conf.sample deleted file mode 100644 index ed0d519..0000000 --- a/recipes-security/clamav/files/clamav-milter.conf.sample +++ /dev/null | |||
| @@ -1,293 +0,0 @@ | |||
| 1 | ## | ||
| 2 | ## Example config file for clamav-milter | ||
| 3 | ## | ||
| 4 | |||
| 5 | # Comment or remove the line below. | ||
| 6 | Example | ||
| 7 | |||
| 8 | |||
| 9 | ## | ||
| 10 | ## Main options | ||
| 11 | ## | ||
| 12 | |||
| 13 | # Define the interface through which we communicate with sendmail | ||
| 14 | # This option is mandatory! Possible formats are: | ||
| 15 | # [[unix|local]:]/path/to/file - to specify a unix domain socket | ||
| 16 | # inet:port@[hostname|ip-address] - to specify an ipv4 socket | ||
| 17 | # inet6:port@[hostname|ip-address] - to specify an ipv6 socket | ||
| 18 | # | ||
| 19 | # Default: no default | ||
| 20 | #MilterSocket /tmp/clamav-milter.socket | ||
| 21 | #MilterSocket inet:7357 | ||
| 22 | |||
| 23 | # Define the group ownership for the (unix) milter socket. | ||
| 24 | # Default: disabled (the primary group of the user running clamd) | ||
| 25 | #MilterSocketGroup virusgroup | ||
| 26 | |||
| 27 | # Sets the permissions on the (unix) milter socket to the specified mode. | ||
| 28 | # Default: disabled (obey umask) | ||
| 29 | #MilterSocketMode 660 | ||
| 30 | |||
| 31 | # Remove stale socket after unclean shutdown. | ||
| 32 | # | ||
| 33 | # Default: yes | ||
| 34 | #FixStaleSocket yes | ||
| 35 | |||
| 36 | # Run as another user (clamav-milter must be started by root for this option to work) | ||
| 37 | # | ||
| 38 | # Default: unset (don't drop privileges) | ||
| 39 | #User clamav | ||
| 40 | |||
| 41 | # Initialize supplementary group access (clamav-milter must be started by root). | ||
| 42 | # | ||
| 43 | # Default: no | ||
| 44 | #AllowSupplementaryGroups no | ||
| 45 | |||
| 46 | # Waiting for data from clamd will timeout after this time (seconds). | ||
| 47 | # Value of 0 disables the timeout. | ||
| 48 | # | ||
| 49 | # Default: 120 | ||
| 50 | #ReadTimeout 300 | ||
| 51 | |||
| 52 | # Don't fork into background. | ||
| 53 | # | ||
| 54 | # Default: no | ||
| 55 | #Foreground yes | ||
| 56 | |||
| 57 | # Chroot to the specified directory. | ||
| 58 | # Chrooting is performed just after reading the config file and before dropping privileges. | ||
| 59 | # | ||
| 60 | # Default: unset (don't chroot) | ||
| 61 | #Chroot /newroot | ||
| 62 | |||
| 63 | # This option allows you to save a process identifier of the listening | ||
| 64 | # daemon (main thread). | ||
| 65 | # | ||
| 66 | # Default: disabled | ||
| 67 | #PidFile /var/run/clamav/clamav-milter.pid | ||
| 68 | |||
| 69 | # Optional path to the global temporary directory. | ||
| 70 | # Default: system specific (usually /tmp or /var/tmp). | ||
| 71 | # | ||
| 72 | #TemporaryDirectory /var/tmp | ||
| 73 | |||
| 74 | ## | ||
| 75 | ## Clamd options | ||
| 76 | ## | ||
| 77 | |||
| 78 | # Define the clamd socket to connect to for scanning. | ||
| 79 | # This option is mandatory! Syntax: | ||
| 80 | # ClamdSocket unix:path | ||
| 81 | # ClamdSocket tcp:host:port | ||
| 82 | # The first syntax specifies a local unix socket (needs an absolute path) e.g.: | ||
| 83 | # ClamdSocket unix:/var/run/clamd/clamd.socket | ||
| 84 | # The second syntax specifies a tcp local or remote tcp socket: the | ||
| 85 | # host can be a hostname or an ip address; the ":port" field is only required | ||
| 86 | # for IPv6 addresses, otherwise it defaults to 3310, e.g.: | ||
| 87 | # ClamdSocket tcp:192.168.0.1 | ||
| 88 | # | ||
| 89 | # This option can be repeated several times with different sockets or even | ||
| 90 | # with the same socket: clamd servers will be selected in a round-robin fashion. | ||
| 91 | # | ||
| 92 | # Default: no default | ||
| 93 | ClamdSocket /var/run/clamav/clamd | ||
| 94 | |||
| 95 | |||
| 96 | ## | ||
| 97 | ## Exclusions | ||
| 98 | ## | ||
| 99 | |||
| 100 | # Messages originating from these hosts/networks will not be scanned | ||
| 101 | # This option takes a host(name)/mask pair in CIRD notation and can be | ||
| 102 | # repeated several times. If "/mask" is omitted, a host is assumed. | ||
| 103 | # To specify a locally orignated, non-smtp, email use the keyword "local" | ||
| 104 | # | ||
| 105 | # Default: unset (scan everything regardless of the origin) | ||
| 106 | #LocalNet local | ||
| 107 | #LocalNet 192.168.0.0/24 | ||
| 108 | #LocalNet 1111:2222:3333::/48 | ||
| 109 | |||
| 110 | # This option specifies a file which contains a list of basic POSIX regular | ||
| 111 | # expressions. Addresses (sent to or from - see below) matching these regexes | ||
| 112 | # will not be scanned. Optionally each line can start with the string "From:" | ||
| 113 | # or "To:" (note: no whitespace after the colon) indicating if it is, | ||
| 114 | # respectively, the sender or recipient that is to be whitelisted. | ||
| 115 | # If the field is missing, "To:" is assumed. | ||
| 116 | # Lines starting with #, : or ! are ignored. | ||
| 117 | # | ||
| 118 | # Default unset (no exclusion applied) | ||
| 119 | #Whitelist /etc/whitelisted_addresses | ||
| 120 | |||
| 121 | # Messages from authenticated SMTP users matching this extended POSIX | ||
| 122 | # regular expression (egrep-like) will not be scanned. | ||
| 123 | # As an alternative, a file containing a plain (not regex) list of names (one | ||
| 124 | # per line) can be specified using the prefix "file:". | ||
| 125 | # e.g. SkipAuthenticated file:/etc/good_guys | ||
| 126 | # | ||
| 127 | # Note: this is the AUTH login name! | ||
| 128 | # | ||
| 129 | # Default: unset (no whitelisting based on SMTP auth) | ||
| 130 | #SkipAuthenticated ^(tom|dick|henry)$ | ||
| 131 | |||
| 132 | # Messages larger than this value won't be scanned. | ||
| 133 | # Make sure this value is lower or equal than StreamMaxLength in clamd.conf | ||
| 134 | # | ||
| 135 | # Default: 25M | ||
| 136 | #MaxFileSize 10M | ||
| 137 | |||
| 138 | |||
| 139 | ## | ||
| 140 | ## Actions | ||
| 141 | ## | ||
| 142 | |||
| 143 | # The following group of options controls the delievery process under | ||
| 144 | # different circumstances. | ||
| 145 | # The following actions are available: | ||
| 146 | # - Accept | ||
| 147 | # The message is accepted for delievery | ||
| 148 | # - Reject | ||
| 149 | # Immediately refuse delievery (a 5xx error is returned to the peer) | ||
| 150 | # - Defer | ||
| 151 | # Return a temporary failure message (4xx) to the peer | ||
| 152 | # - Blackhole (not available for OnFail) | ||
| 153 | # Like Accept but the message is sent to oblivion | ||
| 154 | # - Quarantine (not available for OnFail) | ||
| 155 | # Like Accept but message is quarantined instead of being delivered | ||
| 156 | # | ||
| 157 | # NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ | ||
| 158 | # For Postfix this causes the message to be placed on hold | ||
| 159 | # | ||
| 160 | # Action to be performed on clean messages (mostly useful for testing) | ||
| 161 | # Default: Accept | ||
| 162 | #OnClean Accept | ||
| 163 | |||
| 164 | # Action to be performed on infected messages | ||
| 165 | # Default: Quarantine | ||
| 166 | #OnInfected Quarantine | ||
| 167 | |||
| 168 | # Action to be performed on error conditions (this includes failure to | ||
| 169 | # allocate data structures, no scanners available, network timeouts, | ||
| 170 | # unknown scanner replies and the like) | ||
| 171 | # Default: Defer | ||
| 172 | #OnFail Defer | ||
| 173 | |||
| 174 | # This option allows to set a specific rejection reason for infected messages | ||
| 175 | # and it's therefore only useful together with "OnInfected Reject" | ||
| 176 | # The string "%v", if present, will be replaced with the virus name. | ||
| 177 | # Default: MTA specific | ||
| 178 | #RejectMsg | ||
| 179 | |||
| 180 | # If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an | ||
| 181 | # "X-Virus-Status" headers will be attached to each processed message, possibly | ||
| 182 | # replacing existing headers. | ||
| 183 | # If it is set to Add, the X-Virus headers are added possibly on top of the | ||
| 184 | # existing ones. | ||
| 185 | # Note that while "Replace" can potentially break DKIM signatures, "Add" may | ||
| 186 | # confuse procmail and similar filters. | ||
| 187 | # Default: no | ||
| 188 | #AddHeader Replace | ||
| 189 | |||
| 190 | # When AddHeader is in use, this option allows to arbitrary set the reported | ||
| 191 | # hostname. This may be desirable in order to avoid leaking internal names. | ||
| 192 | # If unset the real machine name is used. | ||
| 193 | # Default: disabled | ||
| 194 | #ReportHostname my.mail.server.name | ||
| 195 | |||
| 196 | # Execute a command (possibly searching PATH) when an infected message is found. | ||
| 197 | # The following parameters are passed to the invoked program in this order: | ||
| 198 | # virus name, queue id, sender, destination, subject, message id, message date. | ||
| 199 | # Note #1: this requires MTA macroes to be available (see LogInfected below) | ||
| 200 | # Note #2: the process is invoked in the context of clamav-milter | ||
| 201 | # Note #3: clamav-milter will wait for the process to exit. Be quick or fork to | ||
| 202 | # avoid unnecessary delays in email delievery | ||
| 203 | # Default: disabled | ||
| 204 | #VirusAction /usr/local/bin/my_infected_message_handler | ||
| 205 | |||
| 206 | ## | ||
| 207 | ## Logging options | ||
| 208 | ## | ||
| 209 | |||
| 210 | # Uncomment this option to enable logging. | ||
| 211 | # LogFile must be writable for the user running daemon. | ||
| 212 | # A full path is required. | ||
| 213 | # | ||
| 214 | # Default: disabled | ||
| 215 | #LogFile /var/log/clamav/clamav-milter.log | ||
| 216 | |||
| 217 | # By default the log file is locked for writing - the lock protects against | ||
| 218 | # running clamav-milter multiple times. | ||
| 219 | # This option disables log file locking. | ||
| 220 | # | ||
| 221 | # Default: no | ||
| 222 | #LogFileUnlock yes | ||
| 223 | |||
| 224 | # Maximum size of the log file. | ||
| 225 | # Value of 0 disables the limit. | ||
| 226 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) | ||
| 227 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size | ||
| 228 | # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log | ||
| 229 | # rotation (the LogRotate option) will always be enabled. | ||
| 230 | # | ||
| 231 | # Default: 1M | ||
| 232 | #LogFileMaxSize 2M | ||
| 233 | |||
| 234 | # Log time with each message. | ||
| 235 | # | ||
| 236 | # Default: no | ||
| 237 | #LogTime yes | ||
| 238 | |||
| 239 | # Use system logger (can work together with LogFile). | ||
| 240 | # | ||
| 241 | # Default: no | ||
| 242 | #LogSyslog yes | ||
| 243 | |||
| 244 | # Specify the type of syslog messages - please refer to 'man syslog' | ||
| 245 | # for facility names. | ||
| 246 | # | ||
| 247 | # Default: LOG_LOCAL6 | ||
| 248 | #LogFacility LOG_MAIL | ||
| 249 | |||
| 250 | # Enable verbose logging. | ||
| 251 | # | ||
| 252 | # Default: no | ||
| 253 | #LogVerbose yes | ||
| 254 | |||
| 255 | # Enable log rotation. Always enabled when LogFileMaxSize is enabled. | ||
| 256 | # Default: no | ||
| 257 | #LogRotate yes | ||
| 258 | |||
| 259 | # This option allows to tune what is logged when a message is infected. | ||
| 260 | # Possible values are Off (the default - nothing is logged), | ||
| 261 | # Basic (minimal info logged), Full (verbose info logged) | ||
| 262 | # Note: | ||
| 263 | # For this to work properly in sendmail, make sure the msg_id, mail_addr, | ||
| 264 | # rcpt_addr and i macroes are available in eom. In other words add a line like: | ||
| 265 | # Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i | ||
| 266 | # to your .cf file. Alternatively use the macro: | ||
| 267 | # define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i') | ||
| 268 | # Postfix should be working fine with the default settings. | ||
| 269 | # | ||
| 270 | # Default: disabled | ||
| 271 | #LogInfected Basic | ||
| 272 | |||
| 273 | # This option allows to tune what is logged when no threat is found in a scanned message. | ||
| 274 | # See LogInfected for possible values and caveats. | ||
| 275 | # Useful in debugging but drastically increases the log size. | ||
| 276 | # Default: disabled | ||
| 277 | #LogClean Basic | ||
| 278 | |||
| 279 | # This option affects the behaviour of LogInfected, LogClean and VirusAction | ||
| 280 | # when a message with multiple recipients is scanned: | ||
| 281 | # If SupportMultipleRecipients is off (the default) | ||
| 282 | # then one single log entry is generated for the message and, in case the | ||
| 283 | # message is determined to be malicious, the command indicated by VirusAction | ||
| 284 | # is executed just once. In both cases only the last recipient is reported. | ||
| 285 | # If SupportMultipleRecipients is on: | ||
| 286 | # then one line is logged for each recipient and the command indicated | ||
| 287 | # by VirusAction is also executed once for each recipient. | ||
| 288 | # | ||
| 289 | # Note: although it's probably a good idea to enable this option, the default value | ||
| 290 | # is currently set to off for legacy reasons. | ||
| 291 | # Default: no | ||
| 292 | #SupportMultipleRecipients yes | ||
| 293 | |||
diff --git a/recipes-security/clamav/files/clamav.service b/recipes-security/clamav/files/clamav.service deleted file mode 100644 index f13191f..0000000 --- a/recipes-security/clamav/files/clamav.service +++ /dev/null | |||
| @@ -1,17 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Clam AntiVirus userspace daemon | ||
| 3 | Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/ | ||
| 4 | Requires=clamav-daemon.socket | ||
| 5 | # Check for database existence | ||
| 6 | ConditionPathExistsGlob=/usr/share/clamav/main.{c[vl]d,inc} | ||
| 7 | ConditionPathExistsGlob=/usr/share/clamav/daily.{c[vl]d,inc} | ||
| 8 | |||
| 9 | [Service] | ||
| 10 | ExecStart=/usr/sbin/clamd --foreground=true | ||
| 11 | # Reload the database | ||
| 12 | ExecReload=/bin/kill -USR2 $MAINPID | ||
| 13 | StandardOutput=syslog | ||
| 14 | |||
| 15 | [Install] | ||
| 16 | WantedBy=multi-user.target | ||
| 17 | Also=clamav-daemon.socket | ||
diff --git a/recipes-security/clamav/files/clamd.conf b/recipes-security/clamav/files/clamd.conf deleted file mode 100644 index 0457785..0000000 --- a/recipes-security/clamav/files/clamd.conf +++ /dev/null | |||
| @@ -1,595 +0,0 @@ | |||
| 1 | # Uncomment this option to enable logging. | ||
| 2 | # LogFile must be writable for the user running daemon. | ||
| 3 | # A full path is required. | ||
| 4 | # Default: disabled | ||
| 5 | LogFile /tmp/clamd.log | ||
| 6 | |||
| 7 | # By default the log file is locked for writing - the lock protects against | ||
| 8 | # running clamd multiple times (if want to run another clamd, please | ||
| 9 | # copy the configuration file, change the LogFile variable, and run | ||
| 10 | # the daemon with --config-file option). | ||
| 11 | # This option disables log file locking. | ||
| 12 | # Default: no | ||
| 13 | LogFileUnlock yes | ||
| 14 | |||
| 15 | # Maximum size of the log file. | ||
| 16 | # Value of 0 disables the limit. | ||
| 17 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) | ||
| 18 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size | ||
| 19 | # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log | ||
| 20 | # rotation (the LogRotate option) will always be enabled. | ||
| 21 | # Default: 1M | ||
| 22 | LogFileMaxSize 2M | ||
| 23 | |||
| 24 | # Log time with each message. | ||
| 25 | # Default: no | ||
| 26 | LogTime yes | ||
| 27 | |||
| 28 | # Also log clean files. Useful in debugging but drastically increases the | ||
| 29 | # log size. | ||
| 30 | # Default: no | ||
| 31 | #LogClean yes | ||
| 32 | |||
| 33 | # Use system logger (can work together with LogFile). | ||
| 34 | # Default: no | ||
| 35 | #LogSyslog yes | ||
| 36 | |||
| 37 | # Specify the type of syslog messages - please refer to 'man syslog' | ||
| 38 | # for facility names. | ||
| 39 | # Default: LOG_LOCAL6 | ||
| 40 | #LogFacility LOG_MAIL | ||
| 41 | |||
| 42 | # Enable verbose logging. | ||
| 43 | # Default: no | ||
| 44 | #LogVerbose yes | ||
| 45 | |||
| 46 | # Enable log rotation. Always enabled when LogFileMaxSize is enabled. | ||
| 47 | # Default: no | ||
| 48 | #LogRotate yes | ||
| 49 | |||
| 50 | # Log additional information about the infected file, such as its | ||
| 51 | # size and hash, together with the virus name. | ||
| 52 | ExtendedDetectionInfo yes | ||
| 53 | |||
| 54 | # This option allows you to save a process identifier of the listening | ||
| 55 | # daemon (main thread). | ||
| 56 | # Default: disabled | ||
| 57 | PidFile /var/run/clamd.pid | ||
| 58 | |||
| 59 | # Optional path to the global temporary directory. | ||
| 60 | # Default: system specific (usually /tmp or /var/tmp). | ||
| 61 | TemporaryDirectory /var/tmp | ||
| 62 | |||
| 63 | # Path to the database directory. | ||
| 64 | # Default: hardcoded (depends on installation options) | ||
| 65 | DatabaseDirectory /var/lib/clamav | ||
| 66 | |||
| 67 | # Only load the official signatures published by the ClamAV project. | ||
| 68 | # Default: no | ||
| 69 | #OfficialDatabaseOnly no | ||
| 70 | |||
| 71 | # The daemon can work in local mode, network mode or both. | ||
| 72 | # Due to security reasons we recommend the local mode. | ||
| 73 | |||
| 74 | # Path to a local socket file the daemon will listen on. | ||
| 75 | # Default: disabled (must be specified by a user) | ||
| 76 | LocalSocket /tmp/clamd.socket | ||
| 77 | |||
| 78 | # Sets the group ownership on the unix socket. | ||
| 79 | # Default: disabled (the primary group of the user running clamd) | ||
| 80 | #LocalSocketGroup virusgroup | ||
| 81 | |||
| 82 | # Sets the permissions on the unix socket to the specified mode. | ||
| 83 | # Default: disabled (socket is world accessible) | ||
| 84 | #LocalSocketMode 660 | ||
| 85 | |||
| 86 | # Remove stale socket after unclean shutdown. | ||
| 87 | # Default: yes | ||
| 88 | #FixStaleSocket yes | ||
| 89 | |||
| 90 | # TCP port address. | ||
| 91 | # Default: no | ||
| 92 | #TCPSocket 3310 | ||
| 93 | |||
| 94 | # TCP address. | ||
| 95 | # By default we bind to INADDR_ANY, probably not wise. | ||
| 96 | # Enable the following to provide some degree of protection | ||
| 97 | # from the outside world. This option can be specified multiple | ||
| 98 | # times if you want to listen on multiple IPs. IPv6 is now supported. | ||
| 99 | # Default: no | ||
| 100 | #TCPAddr 127.0.0.1 | ||
| 101 | |||
| 102 | # Maximum length the queue of pending connections may grow to. | ||
| 103 | # Default: 200 | ||
| 104 | #MaxConnectionQueueLength 30 | ||
| 105 | |||
| 106 | # Clamd uses FTP-like protocol to receive data from remote clients. | ||
| 107 | # If you are using clamav-milter to balance load between remote clamd daemons | ||
| 108 | # on firewall servers you may need to tune the options below. | ||
| 109 | |||
| 110 | # Close the connection when the data size limit is exceeded. | ||
| 111 | # The value should match your MTA's limit for a maximum attachment size. | ||
| 112 | # Default: 25M | ||
| 113 | #StreamMaxLength 10M | ||
| 114 | |||
| 115 | # Limit port range. | ||
| 116 | # Default: 1024 | ||
| 117 | #StreamMinPort 30000 | ||
| 118 | # Default: 2048 | ||
| 119 | #StreamMaxPort 32000 | ||
| 120 | |||
| 121 | # Maximum number of threads running at the same time. | ||
| 122 | # Default: 10 | ||
| 123 | #MaxThreads 20 | ||
| 124 | |||
| 125 | # Waiting for data from a client socket will timeout after this time (seconds). | ||
| 126 | # Default: 120 | ||
| 127 | #ReadTimeout 300 | ||
| 128 | |||
| 129 | # This option specifies the time (in seconds) after which clamd should | ||
| 130 | # timeout if a client doesn't provide any initial command after connecting. | ||
| 131 | # Default: 5 | ||
| 132 | #CommandReadTimeout 5 | ||
| 133 | |||
| 134 | # This option specifies how long to wait (in miliseconds) if the send buffer is full. | ||
| 135 | # Keep this value low to prevent clamd hanging | ||
| 136 | # | ||
| 137 | # Default: 500 | ||
| 138 | #SendBufTimeout 200 | ||
| 139 | |||
| 140 | # Maximum number of queued items (including those being processed by MaxThreads threads) | ||
| 141 | # It is recommended to have this value at least twice MaxThreads if possible. | ||
| 142 | # WARNING: you shouldn't increase this too much to avoid running out of file descriptors, | ||
| 143 | # the following condition should hold: | ||
| 144 | # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) | ||
| 145 | # | ||
| 146 | # Default: 100 | ||
| 147 | #MaxQueue 200 | ||
| 148 | |||
| 149 | # Waiting for a new job will timeout after this time (seconds). | ||
| 150 | # Default: 30 | ||
| 151 | #IdleTimeout 60 | ||
| 152 | |||
| 153 | # Don't scan files and directories matching regex | ||
| 154 | # This directive can be used multiple times | ||
| 155 | # Default: scan all | ||
| 156 | #ExcludePath ^/proc/ | ||
| 157 | #ExcludePath ^/sys/ | ||
| 158 | |||
| 159 | # Maximum depth directories are scanned at. | ||
| 160 | # Default: 15 | ||
| 161 | #MaxDirectoryRecursion 20 | ||
| 162 | |||
| 163 | # Follow directory symlinks. | ||
| 164 | # Default: no | ||
| 165 | #FollowDirectorySymlinks yes | ||
| 166 | |||
| 167 | # Follow regular file symlinks. | ||
| 168 | # Default: no | ||
| 169 | #FollowFileSymlinks yes | ||
| 170 | |||
| 171 | # Scan files and directories on other filesystems. | ||
| 172 | # Default: yes | ||
| 173 | #CrossFilesystems yes | ||
| 174 | |||
| 175 | # Perform a database check. | ||
| 176 | # Default: 600 (10 min) | ||
| 177 | #SelfCheck 600 | ||
| 178 | |||
| 179 | # Execute a command when virus is found. In the command string %v will | ||
| 180 | # be replaced with the virus name. | ||
| 181 | # Default: no | ||
| 182 | #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" | ||
| 183 | |||
| 184 | # Run as another user (clamd must be started by root for this option to work) | ||
| 185 | # Default: don't drop privileges | ||
| 186 | User clamav | ||
| 187 | |||
| 188 | # Initialize supplementary group access (clamd must be started by root). | ||
| 189 | # Default: no | ||
| 190 | #AllowSupplementaryGroups no | ||
| 191 | |||
| 192 | # Stop daemon when libclamav reports out of memory condition. | ||
| 193 | #ExitOnOOM yes | ||
| 194 | |||
| 195 | # Don't fork into background. | ||
| 196 | # Default: no | ||
| 197 | #Foreground yes | ||
| 198 | |||
| 199 | # Enable debug messages in libclamav. | ||
| 200 | # Default: no | ||
| 201 | #Debug yes | ||
| 202 | |||
| 203 | # Do not remove temporary files (for debug purposes). | ||
| 204 | # Default: no | ||
| 205 | #LeaveTemporaryFiles yes | ||
| 206 | |||
| 207 | # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject | ||
| 208 | # any ALLMATCHSCAN command as invalid. | ||
| 209 | # Default: yes | ||
| 210 | #AllowAllMatchScan no | ||
| 211 | |||
| 212 | # Detect Possibly Unwanted Applications. | ||
| 213 | # Default: no | ||
| 214 | #DetectPUA yes | ||
| 215 | |||
| 216 | # Exclude a specific PUA category. This directive can be used multiple times. | ||
| 217 | # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for | ||
| 218 | # the complete list of PUA categories. | ||
| 219 | # Default: Load all categories (if DetectPUA is activated) | ||
| 220 | #ExcludePUA NetTool | ||
| 221 | #ExcludePUA PWTool | ||
| 222 | |||
| 223 | # Only include a specific PUA category. This directive can be used multiple | ||
| 224 | # times. | ||
| 225 | # Default: Load all categories (if DetectPUA is activated) | ||
| 226 | #IncludePUA Spy | ||
| 227 | #IncludePUA Scanner | ||
| 228 | #IncludePUA RAT | ||
| 229 | |||
| 230 | # In some cases (eg. complex malware, exploits in graphic files, and others), | ||
| 231 | # ClamAV uses special algorithms to provide accurate detection. This option | ||
| 232 | # controls the algorithmic detection. | ||
| 233 | # Default: yes | ||
| 234 | #AlgorithmicDetection yes | ||
| 235 | |||
| 236 | # This option causes memory or nested map scans to dump the content to disk. | ||
| 237 | # If you turn on this option, more data is written to disk and is available | ||
| 238 | # when the LeaveTemporaryFiles option is enabled. | ||
| 239 | #ForceToDisk yes | ||
| 240 | |||
| 241 | # This option allows you to disable the caching feature of the engine. By | ||
| 242 | # default, the engine will store an MD5 in a cache of any files that are | ||
| 243 | # not flagged as virus or that hit limits checks. Disabling the cache will | ||
| 244 | # have a negative performance impact on large scans. | ||
| 245 | # Default: no | ||
| 246 | #DisableCache yes | ||
| 247 | |||
| 248 | ## | ||
| 249 | ## Executable files | ||
| 250 | ## | ||
| 251 | |||
| 252 | # PE stands for Portable Executable - it's an executable file format used | ||
| 253 | # in all 32 and 64-bit versions of Windows operating systems. This option allows | ||
| 254 | # ClamAV to perform a deeper analysis of executable files and it's also | ||
| 255 | # required for decompression of popular executable packers such as UPX, FSG, | ||
| 256 | # and Petite. If you turn off this option, the original files will still be | ||
| 257 | # scanned, but without additional processing. | ||
| 258 | # Default: yes | ||
| 259 | #ScanPE yes | ||
| 260 | |||
| 261 | # Certain PE files contain an authenticode signature. By default, we check | ||
| 262 | # the signature chain in the PE file against a database of trusted and | ||
| 263 | # revoked certificates if the file being scanned is marked as a virus. | ||
| 264 | # If any certificate in the chain validates against any trusted root, but | ||
| 265 | # does not match any revoked certificate, the file is marked as whitelisted. | ||
| 266 | # If the file does match a revoked certificate, the file is marked as virus. | ||
| 267 | # The following setting completely turns off authenticode verification. | ||
| 268 | # Default: no | ||
| 269 | #DisableCertCheck yes | ||
| 270 | |||
| 271 | # Executable and Linking Format is a standard format for UN*X executables. | ||
| 272 | # This option allows you to control the scanning of ELF files. | ||
| 273 | # If you turn off this option, the original files will still be scanned, but | ||
| 274 | # without additional processing. | ||
| 275 | # Default: yes | ||
| 276 | #ScanELF yes | ||
| 277 | |||
| 278 | # With this option clamav will try to detect broken executables (both PE and | ||
| 279 | # ELF) and mark them as Broken.Executable. | ||
| 280 | # Default: no | ||
| 281 | #DetectBrokenExecutables yes | ||
| 282 | |||
| 283 | |||
| 284 | ## | ||
| 285 | ## Documents | ||
| 286 | ## | ||
| 287 | |||
| 288 | # This option enables scanning of OLE2 files, such as Microsoft Office | ||
| 289 | # documents and .msi files. | ||
| 290 | # If you turn off this option, the original files will still be scanned, but | ||
| 291 | # without additional processing. | ||
| 292 | # Default: yes | ||
| 293 | #ScanOLE2 yes | ||
| 294 | |||
| 295 | # With this option enabled OLE2 files with VBA macros, which were not | ||
| 296 | # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". | ||
| 297 | # Default: no | ||
| 298 | #OLE2BlockMacros no | ||
| 299 | |||
| 300 | # This option enables scanning within PDF files. | ||
| 301 | # If you turn off this option, the original files will still be scanned, but | ||
| 302 | # without decoding and additional processing. | ||
| 303 | # Default: yes | ||
| 304 | #ScanPDF yes | ||
| 305 | |||
| 306 | # This option enables scanning within SWF files. | ||
| 307 | # If you turn off this option, the original files will still be scanned, but | ||
| 308 | # without decoding and additional processing. | ||
| 309 | # Default: yes | ||
| 310 | #ScanSWF yes | ||
| 311 | |||
| 312 | |||
| 313 | ## | ||
| 314 | ## Mail files | ||
| 315 | ## | ||
| 316 | |||
| 317 | # Enable internal e-mail scanner. | ||
| 318 | # If you turn off this option, the original files will still be scanned, but | ||
| 319 | # without parsing individual messages/attachments. | ||
| 320 | # Default: yes | ||
| 321 | #ScanMail yes | ||
| 322 | |||
| 323 | # Scan RFC1341 messages split over many emails. | ||
| 324 | # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. | ||
| 325 | # WARNING: This option may open your system to a DoS attack. | ||
| 326 | # Never use it on loaded servers. | ||
| 327 | # Default: no | ||
| 328 | #ScanPartialMessages yes | ||
| 329 | |||
| 330 | # With this option enabled ClamAV will try to detect phishing attempts by using | ||
| 331 | # signatures. | ||
| 332 | # Default: yes | ||
| 333 | #PhishingSignatures yes | ||
| 334 | |||
| 335 | # Scan URLs found in mails for phishing attempts using heuristics. | ||
| 336 | # Default: yes | ||
| 337 | #PhishingScanURLs yes | ||
| 338 | |||
| 339 | # Always block SSL mismatches in URLs, even if the URL isn't in the database. | ||
| 340 | # This can lead to false positives. | ||
| 341 | # | ||
| 342 | # Default: no | ||
| 343 | #PhishingAlwaysBlockSSLMismatch no | ||
| 344 | |||
| 345 | # Always block cloaked URLs, even if URL isn't in database. | ||
| 346 | # This can lead to false positives. | ||
| 347 | # | ||
| 348 | # Default: no | ||
| 349 | #PhishingAlwaysBlockCloak no | ||
| 350 | |||
| 351 | # Detect partition intersections in raw disk images using heuristics. | ||
| 352 | # Default: no | ||
| 353 | #PartitionIntersection no | ||
| 354 | |||
| 355 | # Allow heuristic match to take precedence. | ||
| 356 | # When enabled, if a heuristic scan (such as phishingScan) detects | ||
| 357 | # a possible virus/phish it will stop scan immediately. Recommended, saves CPU | ||
| 358 | # scan-time. | ||
| 359 | # When disabled, virus/phish detected by heuristic scans will be reported only at | ||
| 360 | # the end of a scan. If an archive contains both a heuristically detected | ||
| 361 | # virus/phish, and a real malware, the real malware will be reported | ||
| 362 | # | ||
| 363 | # Keep this disabled if you intend to handle "*.Heuristics.*" viruses | ||
| 364 | # differently from "real" malware. | ||
| 365 | # If a non-heuristically-detected virus (signature-based) is found first, | ||
| 366 | # the scan is interrupted immediately, regardless of this config option. | ||
| 367 | # | ||
| 368 | # Default: no | ||
| 369 | #HeuristicScanPrecedence yes | ||
| 370 | |||
| 371 | |||
| 372 | ## | ||
| 373 | ## Data Loss Prevention (DLP) | ||
| 374 | ## | ||
| 375 | |||
| 376 | # Enable the DLP module | ||
| 377 | # Default: No | ||
| 378 | #StructuredDataDetection yes | ||
| 379 | |||
| 380 | # This option sets the lowest number of Credit Card numbers found in a file | ||
| 381 | # to generate a detect. | ||
| 382 | # Default: 3 | ||
| 383 | #StructuredMinCreditCardCount 5 | ||
| 384 | |||
| 385 | # This option sets the lowest number of Social Security Numbers found | ||
| 386 | # in a file to generate a detect. | ||
| 387 | # Default: 3 | ||
| 388 | #StructuredMinSSNCount 5 | ||
| 389 | |||
| 390 | # With this option enabled the DLP module will search for valid | ||
| 391 | # SSNs formatted as xxx-yy-zzzz | ||
| 392 | # Default: yes | ||
| 393 | #StructuredSSNFormatNormal yes | ||
| 394 | |||
| 395 | # With this option enabled the DLP module will search for valid | ||
| 396 | # SSNs formatted as xxxyyzzzz | ||
| 397 | # Default: no | ||
| 398 | #StructuredSSNFormatStripped yes | ||
| 399 | |||
| 400 | |||
| 401 | ## | ||
| 402 | ## HTML | ||
| 403 | ## | ||
| 404 | |||
| 405 | # Perform HTML normalisation and decryption of MS Script Encoder code. | ||
| 406 | # Default: yes | ||
| 407 | # If you turn off this option, the original files will still be scanned, but | ||
| 408 | # without additional processing. | ||
| 409 | #ScanHTML yes | ||
| 410 | |||
| 411 | |||
| 412 | ## | ||
| 413 | ## Archives | ||
| 414 | ## | ||
| 415 | |||
| 416 | # ClamAV can scan within archives and compressed files. | ||
| 417 | # If you turn off this option, the original files will still be scanned, but | ||
| 418 | # without unpacking and additional processing. | ||
| 419 | # Default: yes | ||
| 420 | #ScanArchive yes | ||
| 421 | |||
| 422 | # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). | ||
| 423 | # Default: no | ||
| 424 | #ArchiveBlockEncrypted no | ||
| 425 | |||
| 426 | |||
| 427 | ## | ||
| 428 | ## Limits | ||
| 429 | ## | ||
| 430 | |||
| 431 | # The options below protect your system against Denial of Service attacks | ||
| 432 | # using archive bombs. | ||
| 433 | |||
| 434 | # This option sets the maximum amount of data to be scanned for each input file. | ||
| 435 | # Archives and other containers are recursively extracted and scanned up to this | ||
| 436 | # value. | ||
| 437 | # Value of 0 disables the limit | ||
| 438 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 439 | # to the system. | ||
| 440 | # Default: 100M | ||
| 441 | #MaxScanSize 150M | ||
| 442 | |||
| 443 | # Files larger than this limit won't be scanned. Affects the input file itself | ||
| 444 | # as well as files contained inside it (when the input file is an archive, a | ||
| 445 | # document or some other kind of container). | ||
| 446 | # Value of 0 disables the limit. | ||
| 447 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 448 | # to the system. | ||
| 449 | # Default: 25M | ||
| 450 | #MaxFileSize 30M | ||
| 451 | |||
| 452 | # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR | ||
| 453 | # file, all files within it will also be scanned. This options specifies how | ||
| 454 | # deeply the process should be continued. | ||
| 455 | # Note: setting this limit too high may result in severe damage to the system. | ||
| 456 | # Default: 16 | ||
| 457 | #MaxRecursion 10 | ||
| 458 | |||
| 459 | # Number of files to be scanned within an archive, a document, or any other | ||
| 460 | # container file. | ||
| 461 | # Value of 0 disables the limit. | ||
| 462 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 463 | # to the system. | ||
| 464 | # Default: 10000 | ||
| 465 | #MaxFiles 15000 | ||
| 466 | |||
| 467 | # Maximum size of a file to check for embedded PE. Files larger than this value | ||
| 468 | # will skip the additional analysis step. | ||
| 469 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 470 | # to the system. | ||
| 471 | # Default: 10M | ||
| 472 | #MaxEmbeddedPE 10M | ||
| 473 | |||
| 474 | # Maximum size of a HTML file to normalize. HTML files larger than this value | ||
| 475 | # will not be normalized or scanned. | ||
| 476 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 477 | # to the system. | ||
| 478 | # Default: 10M | ||
| 479 | #MaxHTMLNormalize 10M | ||
| 480 | |||
| 481 | # Maximum size of a normalized HTML file to scan. HTML files larger than this | ||
| 482 | # value after normalization will not be scanned. | ||
| 483 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 484 | # to the system. | ||
| 485 | # Default: 2M | ||
| 486 | #MaxHTMLNoTags 2M | ||
| 487 | |||
| 488 | # Maximum size of a script file to normalize. Script content larger than this | ||
| 489 | # value will not be normalized or scanned. | ||
| 490 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 491 | # to the system. | ||
| 492 | # Default: 5M | ||
| 493 | #MaxScriptNormalize 5M | ||
| 494 | |||
| 495 | # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger | ||
| 496 | # than this value will skip the step to potentially reanalyze as PE. | ||
| 497 | # Note: disabling this limit or setting it too high may result in severe damage | ||
| 498 | # to the system. | ||
| 499 | # Default: 1M | ||
| 500 | #MaxZipTypeRcg 1M | ||
| 501 | |||
| 502 | # This option sets the maximum number of partitions of a raw disk image to be scanned. | ||
| 503 | # Raw disk images with more partitions than this value will have up to the value number | ||
| 504 | # partitions scanned. Negative values are not allowed. | ||
| 505 | # Note: setting this limit too high may result in severe damage or impact performance. | ||
| 506 | # Default: 50 | ||
| 507 | #MaxPartitions 128 | ||
| 508 | |||
| 509 | # This option sets the maximum number of icons within a PE to be scanned. | ||
| 510 | # PE files with more icons than this value will have up to the value number icons scanned. | ||
| 511 | # Negative values are not allowed. | ||
| 512 | # WARNING: setting this limit too high may result in severe damage or impact performance. | ||
| 513 | # Default: 100 | ||
| 514 | #MaxIconsPE 200 | ||
| 515 | |||
| 516 | ## | ||
| 517 | ## On-access Scan Settings | ||
| 518 | ## | ||
| 519 | |||
| 520 | # Enable on-access scanning. Currently, this is supported via fanotify. | ||
| 521 | # Clamuko/Dazuko support has been deprecated. | ||
| 522 | # Default: no | ||
| 523 | #ScanOnAccess yes | ||
| 524 | |||
| 525 | # Don't scan files larger than OnAccessMaxFileSize | ||
| 526 | # Value of 0 disables the limit. | ||
| 527 | # Default: 5M | ||
| 528 | #OnAccessMaxFileSize 10M | ||
| 529 | |||
| 530 | # Set the include paths (all files inside them will be scanned). You can have | ||
| 531 | # multiple OnAccessIncludePath directives but each directory must be added | ||
| 532 | # in a separate line. (On-access scan only) | ||
| 533 | # Default: disabled | ||
| 534 | #OnAccessIncludePath /home | ||
| 535 | #OnAccessIncludePath /students | ||
| 536 | |||
| 537 | # Set the exclude paths. All subdirectories are also excluded. | ||
| 538 | # (On-access scan only) | ||
| 539 | # Default: disabled | ||
| 540 | #OnAccessExcludePath /home/bofh | ||
| 541 | |||
| 542 | # With this option you can whitelist specific UIDs. Processes with these UIDs | ||
| 543 | # will be able to access all files. | ||
| 544 | # This option can be used multiple times (one per line). | ||
| 545 | # Default: disabled | ||
| 546 | #OnAccessExcludeUID 0 | ||
| 547 | |||
| 548 | |||
| 549 | ## | ||
| 550 | ## Bytecode | ||
| 551 | ## | ||
| 552 | |||
| 553 | # With this option enabled ClamAV will load bytecode from the database. | ||
| 554 | # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. | ||
| 555 | # Default: yes | ||
| 556 | #Bytecode yes | ||
| 557 | |||
| 558 | # Set bytecode security level. | ||
| 559 | # Possible values: | ||
| 560 | # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS | ||
| 561 | # This value is only available if clamav was built with --enable-debug! | ||
| 562 | # TrustSigned - trust bytecode loaded from signed .c[lv]d files, | ||
| 563 | # insert runtime safety checks for bytecode loaded from other sources | ||
| 564 | # Paranoid - don't trust any bytecode, insert runtime checks for all | ||
| 565 | # Recommended: TrustSigned, because bytecode in .cvd files already has these checks | ||
| 566 | # Note that by default only signed bytecode is loaded, currently you can only | ||
| 567 | # load unsigned bytecode in --enable-debug mode. | ||
| 568 | # | ||
| 569 | # Default: TrustSigned | ||
| 570 | #BytecodeSecurity TrustSigned | ||
| 571 | |||
| 572 | # Set bytecode timeout in miliseconds. | ||
| 573 | # | ||
| 574 | # Default: 5000 | ||
| 575 | # BytecodeTimeout 1000 | ||
| 576 | |||
| 577 | ## | ||
| 578 | ## Statistics gathering and submitting | ||
| 579 | ## | ||
| 580 | |||
| 581 | # Enable statistical reporting. | ||
| 582 | # Default: no | ||
| 583 | #StatsEnabled yes | ||
| 584 | |||
| 585 | # Disable submission of individual PE sections for files flagged as malware. | ||
| 586 | # Default: no | ||
| 587 | #StatsPEDisabled yes | ||
| 588 | |||
| 589 | # HostID in the form of an UUID to use when submitting statistical information. | ||
| 590 | # Default: auto | ||
| 591 | #StatsHostID auto | ||
| 592 | |||
| 593 | # Time in seconds to wait for the stats server to come back with a response | ||
| 594 | # Default: 10 | ||
| 595 | #StatsTimeout 10 | ||
diff --git a/recipes-security/clamav/files/freshclam-native.conf b/recipes-security/clamav/files/freshclam-native.conf deleted file mode 100644 index aaa8cf4..0000000 --- a/recipes-security/clamav/files/freshclam-native.conf +++ /dev/null | |||
| @@ -1,224 +0,0 @@ | |||
| 1 | # Path to the database directory. | ||
| 2 | # WARNING: It must match clamd.conf's directive! | ||
| 3 | # Default: hardcoded (depends on installation options) | ||
| 4 | #DatabaseDirectory /var/lib/clamav | ||
| 5 | |||
| 6 | # Path to the log file (make sure it has proper permissions) | ||
| 7 | # Default: disabled | ||
| 8 | #UpdateLogFile /var/log/clamav/freshclam.log | ||
| 9 | |||
| 10 | # Maximum size of the log file. | ||
| 11 | # Value of 0 disables the limit. | ||
| 12 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) | ||
| 13 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). | ||
| 14 | # in bytes just don't use modifiers. If LogFileMaxSize is enabled, | ||
| 15 | # log rotation (the LogRotate option) will always be enabled. | ||
| 16 | # Default: 1M | ||
| 17 | LogFileMaxSize 2M | ||
| 18 | |||
| 19 | # Log time with each message. | ||
| 20 | # Default: no | ||
| 21 | LogTime yes | ||
| 22 | |||
| 23 | # Enable verbose logging. | ||
| 24 | # Default: no | ||
| 25 | #LogVerbose yes | ||
| 26 | |||
| 27 | # Use system logger (can work together with UpdateLogFile). | ||
| 28 | # Default: no | ||
| 29 | #LogSyslog yes | ||
| 30 | |||
| 31 | # Specify the type of syslog messages - please refer to 'man syslog' | ||
| 32 | # for facility names. | ||
| 33 | # Default: LOG_LOCAL6 | ||
| 34 | #LogFacility LOG_MAIL | ||
| 35 | |||
| 36 | # Enable log rotation. Always enabled when LogFileMaxSize is enabled. | ||
| 37 | # Default: no | ||
| 38 | #LogRotate yes | ||
| 39 | |||
| 40 | # This option allows you to save the process identifier of the daemon | ||
| 41 | # Default: disabled | ||
| 42 | #PidFile /var/run/freshclam.pid | ||
| 43 | |||
| 44 | # By default when started freshclam drops privileges and switches to the | ||
| 45 | # "clamav" user. This directive allows you to change the database owner. | ||
| 46 | # Default: clamav (may depend on installation options) | ||
| 47 | DatabaseOwner clamav | ||
| 48 | |||
| 49 | # Initialize supplementary group access (freshclam must be started by root). | ||
| 50 | # Default: no | ||
| 51 | #AllowSupplementaryGroups yes | ||
| 52 | |||
| 53 | # Use DNS to verify virus database version. Freshclam uses DNS TXT records | ||
| 54 | # to verify database and software versions. With this directive you can change | ||
| 55 | # the database verification domain. | ||
| 56 | # WARNING: Do not touch it unless you're configuring freshclam to use your | ||
| 57 | # own database verification domain. | ||
| 58 | # Default: current.cvd.clamav.net | ||
| 59 | #DNSDatabaseInfo current.cvd.clamav.net | ||
| 60 | |||
| 61 | # Uncomment the following line and replace XY with your country | ||
| 62 | # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. | ||
| 63 | # You can use db.XY.ipv6.clamav.net for IPv6 connections. | ||
| 64 | #DatabaseMirror db.XY.clamav.net | ||
| 65 | |||
| 66 | # database.clamav.net is a round-robin record which points to our most | ||
| 67 | # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is | ||
| 68 | # not working. DO NOT TOUCH the following line unless you know what you | ||
| 69 | # are doing. | ||
| 70 | DatabaseMirror database.clamav.net | ||
| 71 | |||
| 72 | # How many attempts to make before giving up. | ||
| 73 | # Default: 3 (per mirror) | ||
| 74 | #MaxAttempts 5 | ||
| 75 | |||
| 76 | # With this option you can control scripted updates. It's highly recommended | ||
| 77 | # to keep it enabled. | ||
| 78 | # Default: yes | ||
| 79 | #ScriptedUpdates yes | ||
| 80 | |||
| 81 | # By default freshclam will keep the local databases (.cld) uncompressed to | ||
| 82 | # make their handling faster. With this option you can enable the compression; | ||
| 83 | # the change will take effect with the next database update. | ||
| 84 | # Default: no | ||
| 85 | #CompressLocalDatabase no | ||
| 86 | |||
| 87 | # With this option you can provide custom sources (http:// or file://) for | ||
| 88 | # database files. This option can be used multiple times. | ||
| 89 | # Default: no custom URLs | ||
| 90 | #DatabaseCustomURL http://myserver.com/mysigs.ndb | ||
| 91 | #DatabaseCustomURL file:///mnt/nfs/local.hdb | ||
| 92 | |||
| 93 | # This option allows you to easily point freshclam to private mirrors. | ||
| 94 | # If PrivateMirror is set, freshclam does not attempt to use DNS | ||
| 95 | # to determine whether its databases are out-of-date, instead it will | ||
| 96 | # use the If-Modified-Since request or directly check the headers of the | ||
| 97 | # remote database files. For each database, freshclam first attempts | ||
| 98 | # to download the CLD file. If that fails, it tries to download the | ||
| 99 | # CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo | ||
| 100 | # and ScriptedUpdates. It can be used multiple times to provide | ||
| 101 | # fall-back mirrors. | ||
| 102 | # Default: disabled | ||
| 103 | #PrivateMirror mirror1.mynetwork.com | ||
| 104 | #PrivateMirror mirror2.mynetwork.com | ||
| 105 | |||
| 106 | # Number of database checks per day. | ||
| 107 | # Default: 12 (every two hours) | ||
| 108 | #Checks 24 | ||
| 109 | |||
| 110 | # Proxy settings | ||
| 111 | # Default: disabled | ||
| 112 | #HTTPProxyServer myproxy.com | ||
| 113 | #HTTPProxyPort 1234 | ||
| 114 | #HTTPProxyUsername myusername | ||
| 115 | #HTTPProxyPassword mypass | ||
| 116 | |||
| 117 | # If your servers are behind a firewall/proxy which applies User-Agent | ||
| 118 | # filtering you can use this option to force the use of a different | ||
| 119 | # User-Agent header. | ||
| 120 | # Default: clamav/version_number | ||
| 121 | #HTTPUserAgent SomeUserAgentIdString | ||
| 122 | |||
| 123 | # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for | ||
| 124 | # multi-homed systems. | ||
| 125 | # Default: Use OS'es default outgoing IP address. | ||
| 126 | #LocalIPAddress aaa.bbb.ccc.ddd | ||
| 127 | |||
| 128 | # Send the RELOAD command to clamd. | ||
| 129 | # Default: no | ||
| 130 | #NotifyClamd /path/to/clamd.conf | ||
| 131 | |||
| 132 | # Run command after successful database update. | ||
| 133 | # Default: disabled | ||
| 134 | #OnUpdateExecute command | ||
| 135 | |||
| 136 | # Run command when database update process fails. | ||
| 137 | # Default: disabled | ||
| 138 | #OnErrorExecute command | ||
| 139 | |||
| 140 | # Run command when freshclam reports outdated version. | ||
| 141 | # In the command string %v will be replaced by the new version number. | ||
| 142 | # Default: disabled | ||
| 143 | #OnOutdatedExecute command | ||
| 144 | |||
| 145 | # Don't fork into background. | ||
| 146 | # Default: no | ||
| 147 | #Foreground yes | ||
| 148 | |||
| 149 | # Enable debug messages in libclamav. | ||
| 150 | # Default: no | ||
| 151 | #Debug yes | ||
| 152 | |||
| 153 | # Timeout in seconds when connecting to database server. | ||
| 154 | # Default: 30 | ||
| 155 | #ConnectTimeout 60 | ||
| 156 | |||
| 157 | # Timeout in seconds when reading from database server. | ||
| 158 | # Default: 30 | ||
| 159 | #ReceiveTimeout 60 | ||
| 160 | |||
| 161 | # With this option enabled, freshclam will attempt to load new | ||
| 162 | # databases into memory to make sure they are properly handled | ||
| 163 | # by libclamav before replacing the old ones. | ||
| 164 | # Default: yes | ||
| 165 | #TestDatabases yes | ||
| 166 | |||
| 167 | # When enabled freshclam will submit statistics to the ClamAV Project about | ||
| 168 | # the latest virus detections in your environment. The ClamAV maintainers | ||
| 169 | # will then use this data to determine what types of malware are the most | ||
| 170 | # detected in the field and in what geographic area they are. | ||
| 171 | # Freshclam will connect to clamd in order to get recent statistics. | ||
| 172 | # Default: no | ||
| 173 | #SubmitDetectionStats /path/to/clamd.conf | ||
| 174 | |||
| 175 | # Country of origin of malware/detection statistics (for statistical | ||
| 176 | # purposes only). The statistics collector at ClamAV.net will look up | ||
| 177 | # your IP address to determine the geographical origin of the malware | ||
| 178 | # reported by your installation. If this installation is mainly used to | ||
| 179 | # scan data which comes from a different location, please enable this | ||
| 180 | # option and enter a two-letter code (see http://www.iana.org/domains/root/db/) | ||
| 181 | # of the country of origin. | ||
| 182 | # Default: disabled | ||
| 183 | #DetectionStatsCountry country-code | ||
| 184 | |||
| 185 | # This option enables support for our "Personal Statistics" service. | ||
| 186 | # When this option is enabled, the information on malware detected by | ||
| 187 | # your clamd installation is made available to you through our website. | ||
| 188 | # To get your HostID, log on http://www.stats.clamav.net and add a new | ||
| 189 | # host to your host list. Once you have the HostID, uncomment this option | ||
| 190 | # and paste the HostID here. As soon as your freshclam starts submitting | ||
| 191 | # information to our stats collecting service, you will be able to view | ||
| 192 | # the statistics of this clamd installation by logging into | ||
| 193 | # http://www.stats.clamav.net with the same credentials you used to | ||
| 194 | # generate the HostID. For more information refer to: | ||
| 195 | # http://www.clamav.net/documentation.html#cctts | ||
| 196 | # This feature requires SubmitDetectionStats to be enabled. | ||
| 197 | # Default: disabled | ||
| 198 | #DetectionStatsHostID unique-id | ||
| 199 | |||
| 200 | # This option enables support for Google Safe Browsing. When activated for | ||
| 201 | # the first time, freshclam will download a new database file (safebrowsing.cvd) | ||
| 202 | # which will be automatically loaded by clamd and clamscan during the next | ||
| 203 | # reload, provided that the heuristic phishing detection is turned on. This | ||
| 204 | # database includes information about websites that may be phishing sites or | ||
| 205 | # possible sources of malware. When using this option, it's mandatory to run | ||
| 206 | # freshclam at least every 30 minutes. | ||
| 207 | # Freshclam uses the ClamAV's mirror infrastructure to distribute the | ||
| 208 | # database and its updates but all the contents are provided under Google's | ||
| 209 | # terms of use. See http://www.google.com/transparencyreport/safebrowsing | ||
| 210 | # and http://www.clamav.net/documentation.html#safebrowsing | ||
| 211 | # for more information. | ||
| 212 | # Default: disabled | ||
| 213 | #SafeBrowsing yes | ||
| 214 | |||
| 215 | # This option enables downloading of bytecode.cvd, which includes additional | ||
| 216 | # detection mechanisms and improvements to the ClamAV engine. | ||
| 217 | # Default: enabled | ||
| 218 | #Bytecode yes | ||
| 219 | |||
| 220 | # Download an additional 3rd party signature database distributed through | ||
| 221 | # the ClamAV mirrors. | ||
| 222 | # This option can be used multiple times. | ||
| 223 | #ExtraDatabase dbname1 | ||
| 224 | #ExtraDatabase dbname2 | ||
diff --git a/recipes-security/clamav/files/freshclam.conf b/recipes-security/clamav/files/freshclam.conf deleted file mode 100644 index 100724f..0000000 --- a/recipes-security/clamav/files/freshclam.conf +++ /dev/null | |||
| @@ -1,224 +0,0 @@ | |||
| 1 | # Path to the database directory. | ||
| 2 | # WARNING: It must match clamd.conf's directive! | ||
| 3 | # Default: hardcoded (depends on installation options) | ||
| 4 | DatabaseDirectory /var/lib/clamav | ||
| 5 | |||
| 6 | # Path to the log file (make sure it has proper permissions) | ||
| 7 | # Default: disabled | ||
| 8 | UpdateLogFile /var/log/clamav/freshclam.log | ||
| 9 | |||
| 10 | # Maximum size of the log file. | ||
| 11 | # Value of 0 disables the limit. | ||
| 12 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) | ||
| 13 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). | ||
| 14 | # in bytes just don't use modifiers. If LogFileMaxSize is enabled, | ||
| 15 | # log rotation (the LogRotate option) will always be enabled. | ||
| 16 | # Default: 1M | ||
| 17 | LogFileMaxSize 2M | ||
| 18 | |||
| 19 | # Log time with each message. | ||
| 20 | # Default: no | ||
| 21 | LogTime yes | ||
| 22 | |||
| 23 | # Enable verbose logging. | ||
| 24 | # Default: no | ||
| 25 | #LogVerbose yes | ||
| 26 | |||
| 27 | # Use system logger (can work together with UpdateLogFile). | ||
| 28 | # Default: no | ||
| 29 | #LogSyslog yes | ||
| 30 | |||
| 31 | # Specify the type of syslog messages - please refer to 'man syslog' | ||
| 32 | # for facility names. | ||
| 33 | # Default: LOG_LOCAL6 | ||
| 34 | #LogFacility LOG_MAIL | ||
| 35 | |||
| 36 | # Enable log rotation. Always enabled when LogFileMaxSize is enabled. | ||
| 37 | # Default: no | ||
| 38 | #LogRotate yes | ||
| 39 | |||
| 40 | # This option allows you to save the process identifier of the daemon | ||
| 41 | # Default: disabled | ||
| 42 | PidFile /var/run/freshclam.pid | ||
| 43 | |||
| 44 | # By default when started freshclam drops privileges and switches to the | ||
| 45 | # "clamav" user. This directive allows you to change the database owner. | ||
| 46 | # Default: clamav (may depend on installation options) | ||
| 47 | DatabaseOwner clamav | ||
| 48 | |||
| 49 | # Initialize supplementary group access (freshclam must be started by root). | ||
| 50 | # Default: no | ||
| 51 | #AllowSupplementaryGroups yes | ||
| 52 | |||
| 53 | # Use DNS to verify virus database version. Freshclam uses DNS TXT records | ||
| 54 | # to verify database and software versions. With this directive you can change | ||
| 55 | # the database verification domain. | ||
| 56 | # WARNING: Do not touch it unless you're configuring freshclam to use your | ||
| 57 | # own database verification domain. | ||
| 58 | # Default: current.cvd.clamav.net | ||
| 59 | #DNSDatabaseInfo current.cvd.clamav.net | ||
| 60 | |||
| 61 | # Uncomment the following line and replace XY with your country | ||
| 62 | # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. | ||
| 63 | # You can use db.XY.ipv6.clamav.net for IPv6 connections. | ||
| 64 | #DatabaseMirror db.XY.clamav.net | ||
| 65 | |||
| 66 | # database.clamav.net is a round-robin record which points to our most | ||
| 67 | # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is | ||
| 68 | # not working. DO NOT TOUCH the following line unless you know what you | ||
| 69 | # are doing. | ||
| 70 | DatabaseMirror database.clamav.net | ||
| 71 | |||
| 72 | # How many attempts to make before giving up. | ||
| 73 | # Default: 3 (per mirror) | ||
| 74 | #MaxAttempts 5 | ||
| 75 | |||
| 76 | # With this option you can control scripted updates. It's highly recommended | ||
| 77 | # to keep it enabled. | ||
| 78 | # Default: yes | ||
| 79 | #ScriptedUpdates yes | ||
| 80 | |||
| 81 | # By default freshclam will keep the local databases (.cld) uncompressed to | ||
| 82 | # make their handling faster. With this option you can enable the compression; | ||
| 83 | # the change will take effect with the next database update. | ||
| 84 | # Default: no | ||
| 85 | #CompressLocalDatabase no | ||
| 86 | |||
| 87 | # With this option you can provide custom sources (http:// or file://) for | ||
| 88 | # database files. This option can be used multiple times. | ||
| 89 | # Default: no custom URLs | ||
| 90 | #DatabaseCustomURL http://myserver.com/mysigs.ndb | ||
| 91 | #DatabaseCustomURL file:///mnt/nfs/local.hdb | ||
| 92 | |||
| 93 | # This option allows you to easily point freshclam to private mirrors. | ||
| 94 | # If PrivateMirror is set, freshclam does not attempt to use DNS | ||
| 95 | # to determine whether its databases are out-of-date, instead it will | ||
| 96 | # use the If-Modified-Since request or directly check the headers of the | ||
| 97 | # remote database files. For each database, freshclam first attempts | ||
| 98 | # to download the CLD file. If that fails, it tries to download the | ||
| 99 | # CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo | ||
| 100 | # and ScriptedUpdates. It can be used multiple times to provide | ||
| 101 | # fall-back mirrors. | ||
| 102 | # Default: disabled | ||
| 103 | #PrivateMirror mirror1.mynetwork.com | ||
| 104 | #PrivateMirror mirror2.mynetwork.com | ||
| 105 | |||
| 106 | # Number of database checks per day. | ||
| 107 | # Default: 12 (every two hours) | ||
| 108 | #Checks 24 | ||
| 109 | |||
| 110 | # Proxy settings | ||
| 111 | # Default: disabled | ||
| 112 | #HTTPProxyServer myproxy.com | ||
| 113 | #HTTPProxyPort 1234 | ||
| 114 | #HTTPProxyUsername myusername | ||
| 115 | #HTTPProxyPassword mypass | ||
| 116 | |||
| 117 | # If your servers are behind a firewall/proxy which applies User-Agent | ||
| 118 | # filtering you can use this option to force the use of a different | ||
| 119 | # User-Agent header. | ||
| 120 | # Default: clamav/version_number | ||
| 121 | #HTTPUserAgent SomeUserAgentIdString | ||
| 122 | |||
| 123 | # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for | ||
| 124 | # multi-homed systems. | ||
| 125 | # Default: Use OS'es default outgoing IP address. | ||
| 126 | #LocalIPAddress aaa.bbb.ccc.ddd | ||
| 127 | |||
| 128 | # Send the RELOAD command to clamd. | ||
| 129 | # Default: no | ||
| 130 | #NotifyClamd /path/to/clamd.conf | ||
| 131 | |||
| 132 | # Run command after successful database update. | ||
| 133 | # Default: disabled | ||
| 134 | #OnUpdateExecute command | ||
| 135 | |||
| 136 | # Run command when database update process fails. | ||
| 137 | # Default: disabled | ||
| 138 | #OnErrorExecute command | ||
| 139 | |||
| 140 | # Run command when freshclam reports outdated version. | ||
| 141 | # In the command string %v will be replaced by the new version number. | ||
| 142 | # Default: disabled | ||
| 143 | #OnOutdatedExecute command | ||
| 144 | |||
| 145 | # Don't fork into background. | ||
| 146 | # Default: no | ||
| 147 | #Foreground yes | ||
| 148 | |||
| 149 | # Enable debug messages in libclamav. | ||
| 150 | # Default: no | ||
| 151 | #Debug yes | ||
| 152 | |||
| 153 | # Timeout in seconds when connecting to database server. | ||
| 154 | # Default: 30 | ||
| 155 | #ConnectTimeout 60 | ||
| 156 | |||
| 157 | # Timeout in seconds when reading from database server. | ||
| 158 | # Default: 30 | ||
| 159 | #ReceiveTimeout 60 | ||
| 160 | |||
| 161 | # With this option enabled, freshclam will attempt to load new | ||
| 162 | # databases into memory to make sure they are properly handled | ||
| 163 | # by libclamav before replacing the old ones. | ||
| 164 | # Default: yes | ||
| 165 | #TestDatabases yes | ||
| 166 | |||
| 167 | # When enabled freshclam will submit statistics to the ClamAV Project about | ||
| 168 | # the latest virus detections in your environment. The ClamAV maintainers | ||
| 169 | # will then use this data to determine what types of malware are the most | ||
| 170 | # detected in the field and in what geographic area they are. | ||
| 171 | # Freshclam will connect to clamd in order to get recent statistics. | ||
| 172 | # Default: no | ||
| 173 | #SubmitDetectionStats /path/to/clamd.conf | ||
| 174 | |||
| 175 | # Country of origin of malware/detection statistics (for statistical | ||
| 176 | # purposes only). The statistics collector at ClamAV.net will look up | ||
| 177 | # your IP address to determine the geographical origin of the malware | ||
| 178 | # reported by your installation. If this installation is mainly used to | ||
| 179 | # scan data which comes from a different location, please enable this | ||
| 180 | # option and enter a two-letter code (see http://www.iana.org/domains/root/db/) | ||
| 181 | # of the country of origin. | ||
| 182 | # Default: disabled | ||
| 183 | #DetectionStatsCountry country-code | ||
| 184 | |||
| 185 | # This option enables support for our "Personal Statistics" service. | ||
| 186 | # When this option is enabled, the information on malware detected by | ||
| 187 | # your clamd installation is made available to you through our website. | ||
| 188 | # To get your HostID, log on http://www.stats.clamav.net and add a new | ||
| 189 | # host to your host list. Once you have the HostID, uncomment this option | ||
| 190 | # and paste the HostID here. As soon as your freshclam starts submitting | ||
| 191 | # information to our stats collecting service, you will be able to view | ||
| 192 | # the statistics of this clamd installation by logging into | ||
| 193 | # http://www.stats.clamav.net with the same credentials you used to | ||
| 194 | # generate the HostID. For more information refer to: | ||
| 195 | # http://www.clamav.net/documentation.html#cctts | ||
| 196 | # This feature requires SubmitDetectionStats to be enabled. | ||
| 197 | # Default: disabled | ||
| 198 | #DetectionStatsHostID unique-id | ||
| 199 | |||
| 200 | # This option enables support for Google Safe Browsing. When activated for | ||
| 201 | # the first time, freshclam will download a new database file (safebrowsing.cvd) | ||
| 202 | # which will be automatically loaded by clamd and clamscan during the next | ||
| 203 | # reload, provided that the heuristic phishing detection is turned on. This | ||
| 204 | # database includes information about websites that may be phishing sites or | ||
| 205 | # possible sources of malware. When using this option, it's mandatory to run | ||
| 206 | # freshclam at least every 30 minutes. | ||
| 207 | # Freshclam uses the ClamAV's mirror infrastructure to distribute the | ||
| 208 | # database and its updates but all the contents are provided under Google's | ||
| 209 | # terms of use. See http://www.google.com/transparencyreport/safebrowsing | ||
| 210 | # and http://www.clamav.net/documentation.html#safebrowsing | ||
| 211 | # for more information. | ||
| 212 | # Default: disabled | ||
| 213 | #SafeBrowsing yes | ||
| 214 | |||
| 215 | # This option enables downloading of bytecode.cvd, which includes additional | ||
| 216 | # detection mechanisms and improvements to the ClamAV engine. | ||
| 217 | # Default: enabled | ||
| 218 | #Bytecode yes | ||
| 219 | |||
| 220 | # Download an additional 3rd party signature database distributed through | ||
| 221 | # the ClamAV mirrors. | ||
| 222 | # This option can be used multiple times. | ||
| 223 | #ExtraDatabase dbname1 | ||
| 224 | #ExtraDatabase dbname2 | ||
diff --git a/recipes-security/clamav/files/tmpfiles.clamav b/recipes-security/clamav/files/tmpfiles.clamav deleted file mode 100644 index fd5adfe..0000000 --- a/recipes-security/clamav/files/tmpfiles.clamav +++ /dev/null | |||
| @@ -1,3 +0,0 @@ | |||
| 1 | #Type Path Mode UID GID Age Argument | ||
| 2 | d /var/log/clamav 0755 clamav clamav - | ||
| 3 | f /var/log/clamav/freshclam.log 0644 clamav clamav - | ||
diff --git a/recipes-security/clamav/files/volatiles.03_clamav b/recipes-security/clamav/files/volatiles.03_clamav deleted file mode 100644 index ee2153c..0000000 --- a/recipes-security/clamav/files/volatiles.03_clamav +++ /dev/null | |||
| @@ -1,3 +0,0 @@ | |||
| 1 | # <type> <owner> <group> <mode> <path> <linksource> | ||
| 2 | d clamav clamav 0755 /var/log/clamav none | ||
| 3 | f clamav clamav 0655 /var/log/clamav/freshclam.log none | ||
