package init

README.fedora

@@ -0,0 +1,119 @@
+Please note since el7 and Fedora 15 or 19 we use only systemd.
+upstart and sysv was dropped, this document may still applies to el6.
+
+A clamav-milter setup consists of the following three components:
+
+* the clamav-milter itself
+
+  --> this is provided by the 'clamav-milter' package plus (alternatively)
+      'clamav-milter-upstart' or 'clamav-milter-sysvinit'
+
+  The main configuration is in /etc/mail/clamav-milter.conf and MUST
+  be changed before first use.
+
+  The -sysvinit package is managed by the traditional tools, but
+  -upstart requires modification of /etc/event.d/clamav-milter to
+  enable automatic startup.  See comments there for more details.
+
+* a clamav scanner daemon
+
+  --> this package is called 'clamav-scanner' plus (alternatively)
+      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
+
+  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
+  edited before first use).
+
+  The -sysvinit package is managed by the traditional tools, but
+  -upstart requires modification of /etc/event.d/clamd.scan to enable
+  automatic startup.  See comments there for more details.
+
+* the MTA (sendmail/postfix)
+
+  --> you should know how to install this...
+
+  When communicating across unix sockets with the clamav-milter, it is
+  suggested to use the /var/run/clamav-milter/clamav-milter.socket
+  path.  You have to add something like
+
+    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
+
+  to your sendmail.mc.
+
+
+
+It is suggested that components communicate through TCP sockets as
+this eases setup.  Please add corresponding packet filter rules!
+
+
+EXAMPLE
+=======
+
+For clamav-milter, a possible setup might be created by
+
+A)  On the MTA  (assumed hostname 'host-mta')
+
+  1. Add to sendmail.mc
+
+    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
+
+  2. Rebuild sendmail.cf
+
+
+B)  On the clamav-milter host (assumed hostname 'host-milter')
+
+  1. Install clamav-milter + clamav-milter-upstart packages
+
+  2. Set in /etc/mail/clamav-milter.conf
+
+    | MilterSocket	inet:6666
+    | ClamdSocket	tcp:host-scanner:6665
+
+     and all the other options which are required on your system
+
+  3. Edit /etc/event.d/clamav-milter and uncomment the
+
+    | start on starting local
+
+     line. Restart your system or execute
+
+    | initctl emit starting local
+
+  4. Add something like
+
+    | iptables -N IN-cmilt
+    | iptables -A IN-cmilt -s host-mta -j ACCEPT
+    | iptables -A IN-cmilt -j DROP
+
+    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
+
+     to your firewall setup
+
+C)  On the clamav-scanner host (assumed hostname 'host-scanner')
+
+  1. Install clamav-scanner + clamav-scanner-upstart packages
+
+  2. Add to /etc/clamd.d/scan.conf
+
+    | TCPSocket 6665
+    | TCPAddr   host-scanner
+
+     comment out possible 'LocalSocket' lines and set all the other
+     options which are required on your system
+
+  3. Edit /etc/event.d/clamav-scanner and uncomment the
+
+    | start on starting local
+
+     line. Restart your system or execute
+
+    | initctl emit starting local
+
+  4. Add something like
+
+    | iptables -N IN-cscan
+    | iptables -A IN-cscan -s host-milter -j ACCEPT
+    | iptables -A IN-cscan -j DROP
+
+    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
+
+     to your firewall setup

clamav-0.100.0-stats-deprecation.patch

@@ -0,0 +1,18 @@
+https://bugzilla.clamav.net/show_bug.cgi?id=12097
+
+--- a/shared/optparser.c	
++++ b/shared/optparser.c	
+@@ -505,6 +505,13 @@ const struct clam_option __clam_options[
+     { "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
+     { "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
+     { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
++    { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
++    { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
++    { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
++    { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
++    { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
++    { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
++    { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ 
+     /* Milter specific options */
+ 

clamav-0.100.0-umask.patch

@@ -0,0 +1,33 @@
+--- clamav-0.100.0/clamav-milter/clamav-milter.c	2018-04-04 02:13:58.000000000 +0200
++++ clamav-0.100.0/clamav-milter/clamav-milter.c.umask	2018-05-28 23:25:12.374047156 +0200
+@@ -432,7 +432,7 @@
+ 
+     if((opt = optget(opts, "PidFile"))->enabled) {
+ 	FILE *fd;
+-	mode_t old_umask = umask(0002);
++	mode_t old_umask = umask(0022);
+ 
+ 	if((fd = fopen(opt->strarg, "w")) == NULL) {
+ 	    logg("!Can't save PID in file %s\n", opt->strarg);
+--- clamav-0.100.0/shared/output.c			2018-04-04 02:13:58.000000000 +0200
++++ clamav-0.100.0/shared/output.c.umask		2018-05-28 23:24:41.968851516 +0200
+@@ -379,7 +379,7 @@
+ 
+     if (!logg_fp && logg_file)
+     {
+-        old_umask = umask(0037);
++        old_umask = umask(0077);
+         if ((logg_fp = fopen(logg_file, "at")) == NULL)
+         {
+             umask(old_umask);
+--- clamav-0.100.0/freshclam/freshclam.c		2018-04-04 02:13:58.000000000 +0200
++++ clamav-0.100.0/freshclam/freshclam.c.umask		2018-05-28 23:25:30.675164850 +0200
+@@ -127,7 +127,7 @@
+ {
+     FILE *fd;
+     int old_umask;
+-    old_umask = umask (0006);
++    old_umask = umask (0022);
+     if ((fd = fopen (pidfile, "w")) == NULL)
+     {
+         logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno));

clamav-0.100.1-defaults_locations.patch

@@ -0,0 +1,81 @@
+--- ./clamconf/clamconf.c.orig	2018-07-30 05:28:40.199759145 +0100
++++ ./clamconf/clamconf.c	2018-07-30 05:30:12.083760295 +0100
+@@ -58,9 +58,9 @@ static struct _cfgfile {
+     const char *name;
+     int tool;
+ } cfgfile[] = {
+-    { "clamd.conf",	    OPT_CLAMD	    },
++    { "clamd.d/scan.conf",	    OPT_CLAMD	    },
+     { "freshclam.conf",	    OPT_FRESHCLAM   },
+-    { "clamav-milter.conf", OPT_MILTER	    },
++    { "mail/clamav-milter.conf", OPT_MILTER	    },
+     { NULL,		    0		    }
+ };
+ 
+--- ./platform.h.in.orig	2018-07-30 06:27:54.437257754 +0100
++++ ./platform.h.in	2018-07-30 06:29:18.920124404 +0100
+@@ -34,9 +34,9 @@ typedef	unsigned	int	in_addr_t;
+ #define PATHSEP "/"
+ #endif
+ 
+-#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.conf"
++#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.d/scan.conf"
+ #define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
+-#define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
++#define CONFDIR_MILTER CONFDIR PATHSEP "mail/clamav-milter.conf"
+ 
+ #define cli_to_utf8_maybe_alloc(x) (x)
+ #define cli_strdup_to_utf8(x) strdup(x)
+--- ./docs/man/clamav-milter.conf.5.in.orig	2018-07-31 02:47:52.768212114 +0100
++++ ./docs/man/clamav-milter.conf.5.in	2018-07-31 02:48:57.295032444 +0100
+@@ -239,7 +239,7 @@ Default: no
+ All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
+ .SH "FILES"
+ .LP 
+-@CFGDIR@/clamav-milter.conf
++@CFGDIR@/mail/clamav-milter.conf
+ .SH "AUTHOR"
+ .LP 
+ aCaB <acab@clamav.net>
+--- ./docs/man/clamav-milter.8.in.orig	2018-07-31 02:47:45.154130364 +0100
++++ ./docs/man/clamav-milter.8.in	2018-07-31 02:48:39.484792893 +0100
+@@ -27,7 +27,7 @@ Print the version number and exit.
+ Read configuration from FILE.
+ .SH "FILES"
+ .LP 
+-@CFGDIR@/clamav-milter.conf
++@CFGDIR@/mail/clamav-milter.conf
+ .SH "AUTHOR"
+ .LP 
+ aCaB <acab@clamav.net>
+--- ./docs/man/clamd.conf.5.in.orig	2018-07-31 02:52:12.607659460 +0100
++++ ./docs/man/clamd.conf.5.in	2018-07-31 02:52:37.396992885 +0100
+@@ -703,7 +703,7 @@ Default: no
+ All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
+ .SH "FILES"
+ .LP 
+-@CFGDIR@/clamd.conf
++@CFGDIR@/clamd.d/scan.conf
+ .SH "AUTHORS"
+ .LP 
+ Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
+--- ./docs/man/clamd.8.in.orig	2018-07-31 02:51:22.897990849 +0100
++++ ./docs/man/clamd.8.in	2018-07-31 02:53:22.170595103 +0100
+@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
+ clamd [options]
+ .SH "DESCRIPTION"
+ .LP 
+-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf
+ .SH "COMMANDS"
+ .LP 
+ It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
+@@ -119,7 +119,7 @@ Reload the signature databases.
+ Perform a clean exit.
+ .SH "FILES"
+ .LP 
+-@CFGDIR@/clamd.conf
++@CFGDIR@/clamd.d/scan.conf
+ .SH "CREDITS"
+ Please check the full documentation for credits.
+ .SH "AUTHOR"

clamav-0.99-private.patch

@@ -0,0 +1,27 @@
+--- clamav-0.99/libclamav.pc.in			2015-09-18 22:48:25.000000000 +0200
++++ clamav-0.99/libclamav.pc.in.private		2015-12-02 01:30:30.055231319 +0100
+@@ -7,6 +7,6 @@
+ Description: A GPL virus scanner
+ Version: @PACKAGE_VERSION@
+ Libs: -L${libdir} -lclamav
+-Libs.private: @LIBCLAMAV_LIBS@
++Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
+ Cflags: -I${includedir}
+ 
+--- clamav-0.99/clamav-config.in		2015-05-28 23:56:25.000000000 +0200
++++ clamav-0.99/clamav-config.in.private	2015-12-02 01:31:34.933705763 +0100
+@@ -54,12 +54,8 @@
+ 	usage 0
+ 	;;
+ 
+-    --cflags)
+-       	echo -I@includedir@ @CFLAGS@
+-       	;;
+-
+-    --libs)
+-       	echo -L@libdir@ @LIBCLAMAV_LIBS@
++    (--cflags|--libs)
++	${PKG_CONFIG:-pkg-config} "$1" libclamav
+        	;;
+ 
+     *)

clamav-milter.systemd

@@ -0,0 +1,25 @@
+[Unit]
+Description = Milter module for the Clam Antivirus scanner
+After = syslog.target nss-lookup.target network.target
+Before = sendmail.service
+Before = postfix.service
+After = clamd@scan.service
+
+[Service]
+Type = forking
+ExecStart = /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
+Restart = on-failure
+
+User=clamilt
+Group=clamilt
+
+PrivateTmp=yes
+PrivateDevices=yes
+CapabilityBoundingSet=CAP_KILL
+
+ReadOnlyDirectories=/etc
+ReadOnlyDirectories=/usr
+ReadOnlyDirectories=/var/lib
+
+[Install]
+WantedBy = multi-user.target

clamav-milter.sysv

@@ -0,0 +1,93 @@
+#!/bin/bash
+#
+# clamav-milter Starts/stop the "clamav-milter" daemon
+#
+# chkconfig:   - 79 31
+# description: A virus scanning milter
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec=/usr/sbin/clamav-milter
+prog="clamav-milter"
+
+OPTS='-c /etc/mail/clamav-milter.conf'
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+pidfile=/var/run/clamav-milter/milter.pid
+lockfile=/var/lock/subsys/$prog
+
+start() {
+    [ -x $exec ] || exit 5
+    [ -f $config ] || exit 6
+    echo -n $"Starting $prog: "
+    daemon --pidfile=${pidfile} $exec $OPTS --foreground=no --pid=${pidfile}
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p "${pidfile}" $exec
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    restart
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    # run checks to determine if the service is running or use generic status
+    status -p "${pidfile}" $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+    start)
+	rh_status_q && exit 0
+	$1
+	;;
+    stop)
+	rh_status_q || exit 0
+	$1
+	;;
+    restart)
+	$1
+	;;
+    reload)
+	rh_status_q || exit 7
+	$1
+	;;
+    force-reload)
+	force_reload
+	;;
+    status)
+	rh_status
+	;;
+    condrestart|try-restart)
+	rh_status_q || exit 0
+	restart
+	;;
+    *)
+	echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+	exit 2
+esac
+exit $?

clamav-milter.upstart

@@ -0,0 +1,14 @@
+### !!! Uncomment only *one* of the 'start on' statements !!!
+
+### Uncomment these lines when you want clamav-milter to be a milter
+### for a locally running MTA
+#start on (starting sendmail or starting postfix)
+
+### Uncomment these lines when you want clamav-milter to be a milter
+### for a remotely running MTA
+#start on runlevel [345] and starting local
+
+stop  on runlevel [!345]
+
+respawn
+exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes

clamav-update.crond

@@ -0,0 +1,6 @@
+## Adjust this line...
+MAILTO=root
+
+## It is ok to execute it as root; freshclam drops privileges and becomes
+## user 'clamupdate' as soon as possible
+0  */3 * * * root /usr/share/clamav/freshclam-sleep

clamav-update.logrotate

@@ -0,0 +1,4 @@
+/var/log/freshclam.log {
+        monthly
+        notifempty
+}

clamav.spec

@@ -0,0 +1,417 @@
+Name:           clamav
+Summary:        End-user tools for the Clam Antivirus scanner
+Version:        0.101.4
+Release:        2
+License:        GPLv2
+URL:            https://www.clamav.net/
+Source0:        clamav-0.101.4-norar.tar.xz
+Source1:        clamd.sysconfig
+Source2:        clamd.logrotate
+Source3:        clamd-README
+Source4:        main-58.cvd
+Source5:        daily-25550.cvd
+Source6:        bytecode-330.cvd
+Source7:        clamd-gen
+Source8:        freshclam-sleep
+Source9:        freshclam.sysconfig
+Source10:       clamav-update.crond
+Source11:       clamav-update.logrotate
+Source12:       README.fedora
+Source13:       clamav-milter.upstart
+Source14:       clamav-milter.systemd
+Source15:       clamd.scan.upstart
+Source16:       clamd@scan.service
+Source17:       clamd@.service
+
+Patch0001:      clamav-0.100.0-stats-deprecation.patch
+Patch0002:      clamav-0.100.1-defaults_locations.patch
+Patch0003:      clamav-0.99-private.patch
+Patch0004:      clamav-0.100.0-umask.patch
+Patch0005:      llvm-glibc.patch
+
+BuildRequires:  autoconf automake gettext-devel libtool libtool-ltdl-devel
+BuildRequires:  gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel
+BuildRequires:  ncurses-devel openssl-devel libxml2-devel pcre2-devel
+BuildRequires:  bc tcl groff graphviz ocaml nc systemd-devel sendmail-devel
+Requires:       data(clamav)
+Provides:       bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav
+
+Provides:       %{name}-lib = %{version}-%{release}
+Obsoletes:      %{name}-lib < %{version}-%{release}
+
+%description
+
+Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans,
+viruses, malware & other malicious threats. The main purpose of this software is
+the integration with mail servers (attachment scanning). The package provides a
+flexible and scalable multi-threaded daemon, a command line scanner, and a tool
+for automatic updating via Internet. The programs are based on a shared library
+distributed with the Clam AntiVirus package, which you can use with your own software.
+he virus database is based on the virus database from OpenAntiVirus, but contains
+additional signatures and is KEPT UP TO DATE.
+
+
+%package        devel
+Summary:        Header files and libraries for the Clam Antivirus scanner
+Requires:       %{name} = %{version}-%{release} %{name}-filesystem = %{version}-%{release} openssl-devel
+
+%description devel
+The clamav-devel package contains headerfiles and libraries
+which are needed to build applications using clamav.
+
+
+%package        help
+Summary:        man info for clamav
+
+%description    help
+The clamav-help package contains man information for clamav.
+
+
+%package        filesystem
+Summary:        Filesystem structure for clamav
+Conflicts:      %{name} < %{version}-%{release} %{name} > %{version}-%{release}
+Requires(pre):  shadow-utils
+BuildArch:      noarch
+
+%description    filesystem
+The clamav-filesystem package provides the filesystem structure and
+contains the user-creation scripts required by clamav.
+
+
+%package        data
+Summary:        Virus signature data for the Clam Antivirus scanner
+Requires:       %{name}-filesystem = %{version}-%{release}
+Provides:       data(clamav) = full %{name}-db = %{version}-%{release}
+Obsoletes:      %{name}-db < %{version}-%{release}
+BuildArch:      noarch
+
+%description data
+The clamav-data package contains the virus-database needed by clamav.
+This database should be updated regularly; Use this package when you
+want a working (but perhaps outdated) virus scanner immediately after
+package installation.
+
+
+%package        update
+Summary:        Auto-updater for the Clam Antivirus scanner data-files
+Requires:       %{name}-filesystem = %{version}-%{release} crontabs cronie
+Provides:       data(clamav) = empty %{name}-data-empty = %{version}-%{release}
+Obsoletes:      %{name}-data-empty < %{version}-%{release}
+Requires(post): %__chown %__chmod
+
+%description update
+The clamav-update package contains programs which can be used to update
+the clamav anti-virus database automatically. It uses the freshclam(1)
+utility for this task. Use this package when you go updating the virus
+database regulary and do not want to download a >120MB sized rpm-package
+with outdated virus definitions.
+
+
+%package        -n clamd
+Summary:        The Clam AntiVirus Daemon
+Requires:       data(clamav) coreutils %{name}-filesystem = %{version}-%{release}
+Requires:       %{name} = %{version}-%{release}
+Requires(pre):  shadow-utils
+Obsoletes:      %{name}-server-sysvinit  < %{version}-%{release}
+Obsoletes:      %{name}-scanner-sysvinit < %{version}-%{release}
+Obsoletes:      %{name}-scanner-upstart  < %{version}-%{release}
+Provides:       %{name}-scanner-systemd = %{version}-%{release}
+Obsoletes:      %{name}-scanner-systemd < %{version}-%{release}
+Provides:       %{name}-server-systemd = %{version}-%{release}
+Obsoletes:      %{name}-server-systemd < %{version}-%{release}
+
+Provides:       %{name}-server = %{version}-%{release}  %{name}-server-sysv = %{version}-%{release}
+Obsoletes:      %{name}-server < %{version}-%{release}  %{name}-server-sysv < %{version}-%{release}
+Provides:       %{name}-scanner = %{version}-%{release} %{name}-scanner-upstart = %{version}-%{release}
+Obsoletes:      %{name}-scanner < %{version}-%{release} %{name}-scanner-upstart < %{version}-%{release}
+Provides:       %{name}-server-sysvinit = %{version}-%{release}
+Obsoletes:      %{name}-server-sysvinit < %{version}-%{release}
+
+
+%description -n clamd
+The Clam AntiVirus Daemon. The clamd package contains a generic system
+wide clamd service which is e.g. used by the clamav-milter package.
+
+
+%package         milter
+Summary:        Milter module for the clamav scanner
+Requires:       %{name}-filesystem = %{version}-%{release}
+Requires(post):  coreutils
+Requires(pre):   shadow-utils
+
+Obsoletes:      %{name}-milter-sysvinit < %{version}-%{release}
+Obsoletes:      %{name}-milter-upstart  < %{version}-%{release}
+Provides:       %{name}-milter-systemd  = %{version}-%{release}
+Obsoletes:      %{name}-milter-systemd  < %{version}-%{release}
+
+%description milter
+The clamav-milter package contains files which are needed to run the clamav-milter.
+
+
+%prep
+%autosetup -n %{name}-%{version}%{?prerelease} -p1
+install -p -m0644 %SOURCE12 clamav-milter/
+
+install -d libclamunrar{,_iface}
+touch libclamunrar/{Makefile.in,all,install}
+
+sed -ri -e 's!^#?(LogFile ).*!#\1/var/log/clamd.<SERVICE>!g' \
+    -e 's!^#?(LocalSocket ).*!#\1/var/run/clamd.<SERVICE>/clamd.sock!g' \
+    -e 's!^(#?PidFile ).*!\1/var/run/clamd.<SERVICE>/clamd.pid!g' \
+    -e 's!^#?(User ).*!\1<USER>!g' \
+    -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \
+    -e 's! /usr/local/share/clamav,! %_var/lib/clamav,!g' etc/clamd.conf.sample
+
+sed -ri -e 's!^Example!#Example!'  -e 's!^#?(UpdateLogFile )!#\1!g;' \
+    -e 's!^#?(LogSyslog).*!\1 yes!g' -e 's!(DatabaseOwner *)clamav$!\1clamav!g' \
+    etc/freshclam.conf.sample
+
+
+%build
+export LDFLAGS='%{?__global_ldflags} -Wl,--as-needed'
+export have_cv_ipv6=yes
+
+rm -rf libltdl autom4te.cache Makefile.in
+autoreconf -i
+%configure --enable-milter --disable-clamav --disable-static --disable-zlib-vcheck \
+    --disable-unrar --enable-id-check --enable-dns --with-dbdir=%_var/lib/clamav \
+    --with-group=clamav --with-user=clamav --disable-rpath \
+    --disable-silent-rules --enable-clamdtop
+
+sed -i -e 's! -shared ! -Wl,--as-needed\0!g' \
+    -e '/sys_lib_dlsearch_path_spec=\"\/lib \/usr\/lib /s!\"\/lib \/usr\/lib !/\"/%_lib /usr/%_lib !g' \
+    libtool
+
+%make_build
+
+
+%install
+rm -rf _doc*
+%make_install
+
+function smartsubst() {
+    local tmp
+    local regexp=$1
+    shift
+
+    tmp=$(mktemp /tmp/%name-subst.XXXXXX)
+    for i; do
+        sed -e "$regexp" "$i" >$tmp
+        cmp -s $tmp "$i" || cat $tmp >"$i"
+        rm -f $tmp
+    done
+}
+
+install -d -m 0755 $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \
+    $RPM_BUILD_ROOT%_tmpfilesdir $RPM_BUILD_ROOT%_rundir $RPM_BUILD_ROOT%_var/log \
+    $RPM_BUILD_ROOT%_rundir/clamav-milter $RPM_BUILD_ROOT%_datadir/%name/template \
+    $RPM_BUILD_ROOT%_initrddir $RPM_BUILD_ROOT%_var/lib/clamav $RPM_BUILD_ROOT%_rundir/clamd.scan
+
+%delete_la
+
+touch $RPM_BUILD_ROOT%_var/lib/clamav/{daily,main,bytecode}.cld
+touch $RPM_BUILD_ROOT%_var/lib/clamav/mirrors.dat
+
+install -D -m 0644 -p %SOURCE4     $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd
+install -D -m 0644 -p %SOURCE5     $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd
+install -D -m 0644 -p %SOURCE6     $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd
+install -D -m 0644 -p %SOURCE1      _doc_server/clamd.sysconfig
+install -D -m 0644 -p %SOURCE2      _doc_server/clamd.logrotate
+install -D -m 0644 -p %SOURCE3      _doc_server/README
+install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf
+install -m 0755 -p %SOURCE7       $RPM_BUILD_ROOT%_datadir/%name/
+install -D -p _doc_server/*            $RPM_BUILD_ROOT%_datadir/%name/template
+install -D -p -m 0644 %SOURCE17        $RPM_BUILD_ROOT%_unitdir/clamd@.service
+install -D -m 0644 -p %SOURCE11    $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update
+touch $RPM_BUILD_ROOT%_var/log/freshclam.log
+install -D -p -m 0755 %SOURCE8    $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep
+install -D -p -m 0644 %SOURCE9    $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam
+install -D -p -m 0600 %SOURCE10    $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update
+mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,}
+chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf
+
+smartsubst 's!webmaster,clamav!webmaster,clamav!g;
+            s!/usr/share/clamav!%_datadir/%name!g;
+            s!/usr/bin!%_bindir!g;
+            s!/usr/sbin!%_sbindir!g;' \
+   $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update \
+   $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep
+
+sed -e 's!<SERVICE>!scan!g;s!<USER>!clamscan!g' \
+    etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf
+
+install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf
+install -D -p -m 0644 %SOURCE16 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service
+
+cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf
+d %_rundir/clamd.scan 0710 clamscan virusgroup
+EOF
+
+touch $RPM_BUILD_ROOT%_rundir/clamd.scan/clamd.{sock,pid}
+
+
+sed -r -e 's!^#?(User).*!\1 clamilt!g' \
+    -e 's!^#?(AllowSupplementaryGroups|LogSyslog) .*!\1 yes!g' \
+    -e 's! /tmp/clamav-milter.socket! %_rundir/clamav-milter/clamav-milter.socket!g' \
+    -e 's! /var/run/clamav-milter.pid! %_rundir/clamav-milter/clamav-milter.pid!g' \
+    -e 's! /var/run/clamd/clamd.socket! %_rundir/clamd.scan/clamd.sock!g' \
+    -e 's! /tmp/clamav-milter.log! %_var/log/clamav-milter.log!g' \
+    etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf
+
+install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf
+install -D -p -m 0644 %SOURCE14 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service
+
+cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamav-milter.conf
+d %_rundir/clamav-milter 0710 clamilt clamilt
+EOF
+
+touch $RPM_BUILD_ROOT{%_rundir/clamav-milter/clamav-milter.{socket,pid},%_var/log/clamav-milter.log}
+
+
+%check
+make check
+
+
+%pre filesystem
+getent group  clamav >/dev/null || groupadd -r clamav
+getent passwd clamav >/dev/null || \
+       useradd -r -g clamav -d %_var/lib/clamav -s /sbin/nologin \
+       -c "Clamav database update user" clamav
+getent group virusgroup >/dev/null || groupadd -r virusgroup
+usermod clamav -a -G virusgroup
+exit 0
+
+
+%pre -n clamd
+getent group clamscan >/dev/null || groupadd -r clamscan
+getent passwd clamscan >/dev/null || \
+    useradd -r -g clamscan -d / -s /sbin/nologin \
+    -c "Clamav scanner user" clamscan
+usermod clamscan -a -G virusgroup
+exit 0
+
+%post -n clamd
+%systemd_post clamd@.service
+%systemd_post clamd@scan.service
+/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || :
+
+%preun -n clamd
+%systemd_preun clamd@.service
+%systemd_preun clamd@scan.service
+
+%postun -n clamd
+%systemd_postun_with_restart clamd@.service
+%systemd_postun_with_restart clamd@scan.service
+
+%post update
+test -e %_var/log/freshclam.log || {
+    touch %_var/log/freshclam.log
+    %__chmod 0664 %_var/log/freshclam.log
+    %__chown root:clamav %_var/log/freshclam.log
+    ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/freshclam.log
+}
+
+%triggerin milter -- clamav-scanner
+/usr/sbin/groupmems -g clamscan -a clamilt &>/dev/null || :
+
+%pre milter
+getent group clamilt >/dev/null || groupadd -r clamilt
+getent passwd clamilt >/dev/null || \
+    useradd -r -g clamilt -d %_rundir/clamav-milter -s /sbin/nologin \
+    -c "Clamav Milter user" clamilt
+usermod clamilt -a -G virusgroup
+exit 0
+
+%post milter
+test -e %_var/log/clamav-milter.log || {
+    touch %_var/log/clamav-milter.log
+    chmod 0620             %_var/log/clamav-milter.log
+    chown root:clamilt %_var/log/clamav-milter.log
+    ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/clamav-milter.log
+}
+%systemd_post clamav-milter.service
+/bin/systemd-tmpfiles --create %_tmpfilesdir/clamav-milter.conf || :
+
+%preun milter
+%systemd_preun clamav-milter.service
+
+%postun milter
+%systemd_postun_with_restart clamav-milter.service
+
+%post
+/sbin/ldconfig
+
+%postun
+/sbin/ldconfig
+
+
+%files
+%exclude %_unitdir/clamav-{daemon,freshclam}.*
+%exclude %_rundir/*/*.pid
+%doc NEWS.md README.md docs/html COPYING
+%_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool}
+%_libdir/libclamav.so.9*
+%_libdir/libclammspack.so.0*
+
+%files devel
+%_includedir/*
+%_libdir/*.so
+%_datadir/%name/{template,clamd-gen}
+%_libdir/pkgconfig/*
+%_bindir/clamav-config
+
+%files help
+%_mandir/man[15]/*
+%_mandir/man8/clamd.8*
+%_mandir/man8/clamav-milter*
+%_mandir/*/freshclam*
+
+%files filesystem
+%attr(-,clamav,clamav) %dir %_var/lib/clamav
+%attr(-,root,root)  %dir %_datadir/%name
+%exclude %_sysconfdir/clamd.conf.sample
+%exclude %_sysconfdir/clamav-milter.conf.sample
+%exclude %_sysconfdir/init
+%dir %_sysconfdir/clamd.d
+
+%files data
+%defattr(-,clamav,clamav,-)
+%config %verify(not size md5 mtime) %_var/lib/clamav/*.cvd
+
+%files update
+%_bindir/freshclam
+%_datadir/%name/freshclam-sleep
+%config(noreplace) %verify(not mtime)    %_sysconfdir/freshclam.conf
+%config(noreplace) %verify(not mtime)    %_sysconfdir/logrotate.d/*
+%config(noreplace) %_sysconfdir/cron.d/clamav-update
+%config(noreplace) %_sysconfdir/sysconfig/freshclam
+%ghost %attr(0664,root,clamav) %verify(not size md5 mtime) %_var/log/freshclam.log
+%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/*.cld
+%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/mirrors.dat
+
+%files -n clamd
+%doc _doc_server/*
+%_sbindir/clamd
+%_unitdir/clamd@{scan,}.service
+
+%config(noreplace) %_sysconfdir/clamd.d/scan.conf
+%ghost %_rundir/clamd.scan/clamd.sock
+%_tmpfilesdir/clamd.scan.conf
+%ghost %dir %attr(0710,clamscan,virusgroup) %_rundir/clamd.scan
+
+
+%files milter
+%doc clamav-milter/README.fedora
+%_sbindir/*milter*
+%dir %_sysconfdir/mail
+%config(noreplace) %_sysconfdir/mail/clamav-milter.conf
+%ghost %attr(0620,root,clamilt) %verify(not size md5 mtime) %_var/log/clamav-milter.log
+%ghost %_rundir/clamav-milter/clamav-milter.socket
+%_tmpfilesdir/clamav-milter.conf
+%ghost %dir %attr(0710,clamilt,clamilt) %_rundir/clamav-milter
+%_unitdir/clamav-milter.service
+
+
+%changelog
+* Fri Dec 13 2019 zoushuangshuang<zoushuangshuang@huawei.com> - 0.101.4-2
+- Package init

clamd-README

@@ -0,0 +1,74 @@
+To create individual clamd-instance take the following files and
+modify/copy them in the suggested way:
+
+clamd.conf:
+  * set LocalSocket (or better: TCPSocket) and User to suitable values;
+    avoid PidFile unless it is required by system monitoring or something
+    else. Logging through syslog is usually better than an individual
+    Logfile.
+  * place this file into /etc/clamd.d with an unique service-name;
+    e.g. as /etc/clamd.d/<SERVICE>.conf
+
+  When using TCPSocket, create iptables rules which are limiting the
+  access by source and/or by using '-m owner'.
+
+  When LogFile feature is wanted, it must be writable for the assigned
+  User. Recommended way to reach this, is to:
+  * make it owned by the User's *group*
+  * assign at least 0620 (u+rw,g+w) permissions
+
+  A suitable command might be
+  | # touch <logfile>
+  | # chgrp <user> <logfile>
+  | # chmod 0620   <logfile>
+  | # restorecon <logfile>
+
+  NEVER use 'clamav' as the user since he can modify the database.
+  This is the user who is running the application; e.g. for mimedefang
+  (http://www.roaringpenguin.com/mimedefang), the user might be
+  'defang'.Theoretically, distinct users could be used, but it must be
+  made sure that the application-user can write into the socket-file,
+  and that the clamd-user can access the files asked by the
+  application to be checked.
+
+clamd.logrotate: (only when LogFile feature is used)
+  * set the correct value for the logfile
+  * place it into /etc/logrotate.d
+
+clamd@<SERVICE>.service: (systemd instance)
+  * instance of clamd@.service
+
+Additionally, when using LocalSocket instead of TCPSocket, the directory
+for the socket file must be created.  For tmpfiles based systems, you
+might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
+with a content of
+
+ | d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
+
+Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
+so that the socket can be accessed by clamd and by the applications
+using clamd. Make sure that the socket is not world accessible; else,
+DOS attacks or worse are trivial.
+
+After emulating these steps by hand (or else rebooting), you still need set
+SELinux:
+
+ chcon -t clamd_var_run_t /var/run/clamd.<SERVICE>
+or
+ restorecon -R -v "/var/run/clamd.<SERVICE>"
+
+More SELinux notes:
+you may need run:
+
+ setsebool -P antivirus_can_scan_system 1
+
+and also maybe this one (I need to confirm that is obsolete)
+
+ setsebool -P antivirus_use_jit 1
+
+[Disclaimer:
+ this file and the script/configfiles are not part of the official
+ clamav package.
+
+ Please send complaints and comments to
+ https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav]

clamd-gen

@@ -0,0 +1,269 @@
+#! /bin/bash
+
+# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+function showHelp()
+{
+    echo \
+$"Usage: clamd-gen --service=<SERVICE> --version=<VERSION> --release=<RELEASE>
+                 --license=<LICENSE> --username=>USERNAME>
+"
+    exit 0
+}
+
+function rpm.generatePreamble()
+{
+    cat <<EOF
+%{!?release_func:%define release_func()	%1%{?dist}}
+# The name of the minit service
+%define minitsvcdir	%minitdir/services/%name
+# The configuration file for the SysV initservice
+%define conffile	%_sysconfdir/clamd.d/%service.conf
+# The directory, where the milter socket will be placed into; this
+# socket will be named clamd.sock
+%define rundir		/var/run/clamd.%service
+# The name of the logfile
+%define logfile		/var/log/clamd.%service
+# The user under whose id, the clamd shall be running. This user must
+# be able to read the files from the base-service and is usually
+# created there.
+%define username	$USERNAME
+# The packagename of the service
+%define service		$SERVICE
+# The service name as used by the system's initscripts; usually this
+# is %service
+%define baseservice	%service
+
+%define __chkconfig	/sbin/chkconfig
+%define minitdir	%_sysconfdir/minit
+
+
+EOF
+}
+
+function rpm.generateHeader()
+{
+    cat <<EOF
+Summary:		Clamav server for '%service'
+Name:			clamd.%service
+Version:		$VERSION
+Release:		%release_func $RELEASE
+Epoch:			0
+License:		$LICENSE
+Group:			System Environment/Daemons
+BuildRoot:		%_tmppath/%name-%version-%release-root
+BuildArch:		noarch
+Requires:		init(%name)
+Requires(pre):		%service
+Requires:		clamav-server
+BuildRequires:		clamav-devel
+
+%package sysv
+Summary:		SysV initscripts for a %service clamav-server
+Group:			System Environment/Daemons
+Provides:		init(%name) = sysv
+Conflicts:		init(%name) < sysv
+Conflicts:		init(%name) > sysv
+Requires:		clamav-server-sysv
+Requires(post):		%name = %epoch:%version-%release
+Requires(post):		diffutils mktemp %__chkconfig
+Requires(preun):	%__chkconfig
+Requires(pre):		%_initrddir
+Requires(postun):	%_initrddir
+
+%package minit
+Summary:		minit initscripts for a %service clamav-server
+Group:			System Environment/Daemons
+Provides:		init(%name) = minit
+Conflicts:		init(%name) < minit
+Conflicts:		init(%name) > minit
+Requires(post):		%name = %epoch:%version-%release
+Requires(post):		diffutils mktemp
+Requires(pre):		minit-setup
+Requires(postun):	minit-setup
+Requires(triggers):	minit-tools
+
+
+%description
+Basic setup for a clamav server for '%service'.
+
+
+%description sysv
+Basic setup for a clamav server for '%service'.
+
+This package contains initscripts for SysV based systems.
+
+
+%description minit
+Basic setup for a clamav server for '%service'.
+
+This package contains initscripts for minit based systems.
+
+EOF
+}
+
+
+function rpm.genBody()
+{
+    cat <<"XEOFX"
+%prep
+%build
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log}
+
+d=/usr/share/clamav/template
+
+function subst
+{
+	src=$d/$1
+	dst=$RPM_BUILD_ROOT$2
+
+	%__install -d -m755 $(dirname "$dst")
+	sed -e 's!^\(#?LogFile \).*!\1%logfile!g;
+		s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g;
+		s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g;
+		s!<SERVICE>!%service!g;
+		s!<USER>!%username!g;' "$src" >"$dst"
+	chmod --reference "$src" "$dst"
+}
+
+subst clamd.conf      %conffile
+subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service
+
+%if 0%{!?_without_sysv:1}
+subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service
+subst clamd.init      %_initrddir/clamd.%service
+%endif
+
+ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service
+
+touch $RPM_BUILD_ROOT%logfile
+touch $RPM_BUILD_ROOT%rundir/clamd.sock
+
+%if 0%{!?_without_minit:1}
+ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run
+touch                          $RPM_BUILD_ROOT%minitsvcdir/respawn
+cat <<EOF                     >$RPM_BUILD_ROOT%minitsvcdir/params
+-c
+%conffile
+EOF
+%endif
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%triggerin minit -- %baseservice
+minit-svc add services/clamd.%service services/%baseservice/
+
+%triggerun minit -- %baseservice
+test "$1" != 0 -a "$2" != 0 || \
+	minit-svc del services/clamd.%service services/%baseservice/
+
+
+%post minit
+d=$(mktemp /tmp/clamd.%service.XXXXXX)
+sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d"
+grep -q '^Foreground' $d || echo 'Foreground' >>$d
+cmp -s "$d" %conffile || cat "$d" >"%conffile"
+rm -f "$d"
+
+%post sysv
+d=$(mktemp /tmp/clamd.%service.XXXXXX)
+sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d"
+cmp -s "$d" %conffile || cat "$d" >"%conffile"
+rm -f "$d"
+
+%__chkconfig --add %name
+
+
+%preun sysv
+test "$1" != 0 || %__chkconfig --del %name
+
+XEOFX
+}
+
+
+function rpm.genFiles
+{
+    cat <<"EOF"
+%files
+%defattr(-,root,root,-)
+%doc
+%config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username)  %logfile
+%config(noreplace) %verify(not mtime) %conffile
+%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service
+%_sbindir/clamd.%service
+%dir %attr(0700,%username,root) %rundir
+%ghost %rundir/clamd.sock
+
+
+%if 0%{!?_without_sysv:1}
+%files sysv
+%defattr(-,root,root,-)
+%config            %verify(not mtime) %_initrddir/clamd.%service
+%config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service
+%endif
+
+
+%if 0%{!?_without_minit:1}
+%files minit
+%defattr(-,root,root,-)
+%dir                                  %minitsvcdir
+%config(noreplace) %verify(not mtime) %minitsvcdir/params
+%config                               %minitsvcdir/run
+				      %minitsvcdir/respawn
+%endif
+EOF
+}
+
+
+SERVICE=
+VERSION=
+RELEASE=
+LICENSE=
+USERNAME=
+tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1
+eval set -- "$tmp"
+
+while true; do
+    case "$1" in
+	(--help)	showHelp $0;;
+	(--service)	SERVICE=$2;  shift;;
+	(--version)	VERSION=$2;  shift;;
+	(--release)	RELEASE=$2;  shift;;
+	(--license)	LICENSE=$2;  shift;;
+	(--username)	USERNAME=$2; shift;;
+	(--)		shift; break;;
+    esac
+    shift
+done
+
+for i in SERVICE VERSION RELEASE LICENSE USERNAME; do
+    eval tmp=\$${i}
+    test "$tmp" || {
+	echo $"No value for $i specified; assuming @${i}@"  >&2;
+	eval $i=@${i}@;
+    }
+done
+
+
+rpm.generatePreamble
+rpm.generateHeader
+rpm.genBody
+rpm.genFiles

clamd-wrapper

@@ -0,0 +1,90 @@
+#!/bin/bash
+#
+# Xchkconfig: - 75 35
+# Xdescription: The clamd daemon listens for incoming connections on		\
+#               Unix or TCP socket and scans files or directories on demand.
+
+test "$CLAMD_SERVICE" || {
+    echo $"*** $0 can not be called in this way"
+    echo $"*** Please see /usr/share/doc/clamav-server-*/README how"
+    echo $"*** the clamav-server can be configured"
+    exit 6
+}
+
+# Source function library.
+. /etc/init.d/functions
+
+# Get config.
+test -r /etc/sysconfig/network && . /etc/sysconfig/network
+
+# Check that networking is up.
+test "$NETWORKING" != "no" || exit 6
+
+lockfile=/var/lock/subsys/clamd.${CLAMD_SERVICE}
+sysconffile=/etc/sysconfig/clamd.${CLAMD_SERVICE}
+procname=clamd.${CLAMD_SERVICE}
+
+CLAMD_CONFIGFILE=/etc/clamd.d/${CLAMD_SERVICE}.conf
+CLAMD_OPTIONS=
+CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid
+## backward-compatibility check...
+for i in /var/run/clamd.${CLAMD_SERVICE}/clamd.sock \
+	 /var/run/clamav.${CLAMD_SERVICE}/clamd.sock; do
+  CLAMD_SOCKET=$i
+  test ! -e "$i" || break
+done
+test -f "$sysconffile" && . "$sysconffile"
+
+
+RETVAL=0
+prog="clamd.${CLAMD_SERVICE}"
+
+start () {
+	echo -n $"Starting $prog: "
+	daemon --pidfile=${CLAMD_PIDFILE} \
+	    exec -a $procname /usr/sbin/clamd \
+	    ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE}
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch $lockfile
+	return $RETVAL
+}
+
+stop () {
+	echo -n $"Stopping $prog: "
+	killproc -p ${CLAMD_PIDFILE} $procname
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
+	return $RETVAL
+}
+
+reload() {
+	rc=0
+	echo -n $"Reloading $prog: "
+	killproc -p ${CLAMD_PIDFILE} $procname -HUP  || rc=$?
+	echo
+	echo -n $"Loading new virus-database: "
+	killproc -p ${CLAMD_PIDFILE} $procname -USR2 || rc=$?
+	echo
+	return $rc
+}
+
+restart () {
+	stop
+	start
+}
+
+# See how we were called.
+case "$1" in
+  start|stop|restart|reload)
+	$1 ;;
+  status)
+	status -p ${CLAMD_PIDFILE} $procname ;;
+  condrestart)
+	test ! -f $lockfile || restart
+	;;
+  *)
+	echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
+	exit 2
+esac

clamd.SERVICE.init

@@ -0,0 +1,7 @@
+#!/bin/bash
+#
+# chkconfig: - 75 35
+# description: The clamd server running for <SERVICE>
+
+CLAMD_SERVICE=<SERVICE>
+. /usr/share/clamav/clamd-wrapper

clamd.logrotate

@@ -0,0 +1,9 @@
+/var/log/clamd.<SERVICE> {
+	monthly
+	notifempty
+	missingok
+
+	postrotate
+		pkill -u <USER> -HUP -f '/usr/sbin/clamd -c /etc/clamd.d/<SERVICE>.conf >/dev/null 2>&1 || :
+	endscript
+}

clamd.scan.upstart

@@ -0,0 +1,14 @@
+### !!! Uncomment only *one* of the 'start on' statements !!!
+
+### Uncomment this line when you want clamd.scan to be a scanner for a
+### locally running clamav-milter
+#start on starting clamav-milter
+
+### Uncomment this line when you want clamd.scan to be a generic
+### scanner service
+#start on runlevel [345] and starting local
+
+stop  on runlevel [!345]
+
+respawn
+exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes

clamd.sysconfig

@@ -0,0 +1,3 @@
+#CLAMD_CONFIGFILE=/etc/clamd.d/<SERVICE>.conf
+#CLAMD_SOCKET=/var/run/clamd.<SERVICE>/clamd.sock
+#CLAMD_OPTIONS=

clamd@.service

@@ -0,0 +1,12 @@
+[Unit]
+Description = clamd scanner (%i) daemon
+Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
+# Check for database existence
+# ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
+# ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
+After = syslog.target nss-lookup.target network.target
+
+[Service]
+Type = forking
+ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
+Restart = on-failure

clamd@scan.service

@@ -0,0 +1,7 @@
+.include /lib/systemd/system/clamd@.service
+
+[Unit]
+Description = Generic clamav scanner daemon
+
+[Install]
+WantedBy = multi-user.target

freshclam-sleep

@@ -0,0 +1,52 @@
+#! /bin/bash
+# Copyright (C) 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+FRESHCLAM_MOD=$[ 3*60 ]		# 3 hours
+
+f=/etc/sysconfig/freshclam
+test ! -e "$f" || . "$f"
+
+
+case x"$1" in
+    (xnow)		FRESHCLAM_DELAY=0;;
+    (x|xrandom)		: ${FRESHCLAM_DELAY:=$[ 0x`hostid` ]};;
+    (*)			FRESHCLAM_DELAY=$1;;
+esac
+
+set -e
+
+case $FRESHCLAM_DELAY in
+    (disabled-warn)
+	echo $"\
+WARNING: update of clamav database is disabled; please see
+  '$f'
+  for information how to enable the periodic update resp. how to turn
+  off this message." >&2
+	exit 1
+	;;
+
+    (disabled)
+	exit 0
+	;;
+
+    (*)
+	let FRESHCLAM_MOD*=60
+	sleep $[ (FRESHCLAM_DELAY % FRESHCLAM_MOD + FRESHCLAM_MOD) % FRESHCLAM_MOD ]
+	;;
+esac
+
+/usr/bin/freshclam --quiet

freshclam.sysconfig

@@ -0,0 +1,18 @@
+## When changing the periodicity of freshclam runs in the crontab,
+## this value must be adjusted also. Its value is the timespan between
+## two subsequent freshclam runs in minutes. E.g. for the default
+##
+## | 0 */3 * * *  ...
+##
+## crontab line, the value is 180 (minutes).
+# FRESHCLAM_MOD=
+
+## A predefined value for the delay in seconds. By default, the value is
+## calculated by the 'hostid' program. This predefined value guarantees
+## constant timespans of 3 hours between two subsequent freshclam runs.
+##
+## This option accepts two special values:
+## 'disabled-warn'  ...  disables the automatic freshclam update and
+##                         gives out a warning
+## 'disabled'       ...  disables the automatic freshclam silently
+# FRESHCLAM_DELAY=

llvm-glibc.patch

@@ -0,0 +1,12 @@
+Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+===================================================================
+--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
++++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+@@ -52,6 +52,7 @@ static void runAtExitHandlers() {
+ #include <sys/stat.h>
+ #endif
+ #include <fcntl.h>
++#include <unistd.h>
+ /* stat functions are redirecting to __xstat with a version number.  On x86-64 
+  * linking with libc_nonshared.a and -Wl,--export-dynamic doesn't make 'stat' 
+  * available as an exported symbol, so we have to add it explicitly.