!3 modification

Merge pull request !3 from 薄皮小笼包/gu
2019-12-31 10:19:51 +08:00 · 2019-12-31 10:19:51 +08:00 · bbe335e7c0
commit bbe335e7c0
parent e5b6e5bce0 cb25a44664
3 changed files with 27 additions and 225 deletions
--- a/README.fedora
+++ b/README.fedora
@ -1,119 +0,0 @@
 Please note since el7 and Fedora 15 or 19 we use only systemd.
 upstart and sysv was dropped, this document may still applies to el6.
 A clamav-milter setup consists of the following three components:
 * the clamav-milter itself
  --> this is provided by the 'clamav-milter' package plus (alternatively)
      'clamav-milter-upstart' or 'clamav-milter-sysvinit'
  The main configuration is in /etc/mail/clamav-milter.conf and MUST
  be changed before first use.
  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamav-milter to
  enable automatic startup.  See comments there for more details.
 * a clamav scanner daemon
  --> this package is called 'clamav-scanner' plus (alternatively)
      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
  edited before first use).
  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamd.scan to enable
  automatic startup.  See comments there for more details.
 * the MTA (sendmail/postfix)
  --> you should know how to install this...
  When communicating across unix sockets with the clamav-milter, it is
  suggested to use the /var/run/clamav-milter/clamav-milter.socket
  path.  You have to add something like
    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
  to your sendmail.mc.
 It is suggested that components communicate through TCP sockets as
 this eases setup.  Please add corresponding packet filter rules!
 EXAMPLE
 =======
 For clamav-milter, a possible setup might be created by
 A)  On the MTA  (assumed hostname 'host-mta')
  1. Add to sendmail.mc
    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
  2. Rebuild sendmail.cf
 B)  On the clamav-milter host (assumed hostname 'host-milter')
  1. Install clamav-milter + clamav-milter-upstart packages
  2. Set in /etc/mail/clamav-milter.conf
    | MilterSocket	inet:6666
    | ClamdSocket	tcp:host-scanner:6665
     and all the other options which are required on your system
  3. Edit /etc/event.d/clamav-milter and uncomment the
    | start on starting local
     line. Restart your system or execute
    | initctl emit starting local
  4. Add something like
    | iptables -N IN-cmilt
    | iptables -A IN-cmilt -s host-mta -j ACCEPT
    | iptables -A IN-cmilt -j DROP
    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
     to your firewall setup
 C)  On the clamav-scanner host (assumed hostname 'host-scanner')
  1. Install clamav-scanner + clamav-scanner-upstart packages
  2. Add to /etc/clamd.d/scan.conf
    | TCPSocket 6665
    | TCPAddr   host-scanner
     comment out possible 'LocalSocket' lines and set all the other
     options which are required on your system
  3. Edit /etc/event.d/clamav-scanner and uncomment the
    | start on starting local
     line. Restart your system or execute
    | initctl emit starting local
  4. Add something like
    | iptables -N IN-cscan
    | iptables -A IN-cscan -s host-milter -j ACCEPT
    | iptables -A IN-cscan -j DROP
    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
     to your firewall setup
--- a/clamav.spec
+++ b/clamav.spec
@ -1,27 +1,25 @@
 Name:           clamav
 Summary:        End-user tools for the Clam Antivirus scanner
 Version:        0.101.4
-Release:        2
+Release:        3
 License:        GPLv2
 URL:            https://www.clamav.net/
 Source0:        clamav-0.101.4-norar.tar.xz
 Source1:        clamd.sysconfig
 Source2:        clamd.logrotate
-Source3:        clamd-README
+Source3:        main-58.cvd
-Source4:        main-58.cvd
+Source4:        daily-25550.cvd
-Source5:        daily-25550.cvd
+Source5:        bytecode-330.cvd
-Source6:        bytecode-330.cvd
+Source6:        clamd-gen
-Source7:        clamd-gen
+Source7:        freshclam-sleep
-Source8:        freshclam-sleep
+Source8:        freshclam.sysconfig
-Source9:        freshclam.sysconfig
+Source9:        clamav-update.crond
-Source10:       clamav-update.crond
+Source10:       clamav-update.logrotate
-Source11:       clamav-update.logrotate
+Source11:       clamav-milter.upstart
-Source12:       README.fedora
+Source12:       clamav-milter.systemd
-Source13:       clamav-milter.upstart
+Source13:       clamd.scan.upstart
-Source14:       clamav-milter.systemd
+Source14:       clamd@scan.service
-Source15:       clamd.scan.upstart
+Source15:       clamd@.service
 Source16:       clamd@scan.service
 Source17:       clamd@.service
 Patch0001:      clamav-0.100.0-stats-deprecation.patch
 Patch0002:      clamav-0.100.1-defaults_locations.patch
@ -150,7 +148,6 @@ The clamav-milter package contains files which are needed to run the clamav-milt
 %prep
 %autosetup -n %{name}-%{version}%{?prerelease} -p1
 install -p -m0644 %SOURCE12 clamav-milter/
 install -d libclamunrar{,_iface}
 touch libclamunrar/{Makefile.in,all,install}
@ -212,21 +209,20 @@ install -d -m 0755 $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \
 touch $RPM_BUILD_ROOT%_var/lib/clamav/{daily,main,bytecode}.cld
 touch $RPM_BUILD_ROOT%_var/lib/clamav/mirrors.dat
-install -D -m 0644 -p %SOURCE4     $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd
+install -D -m 0644 -p %SOURCE3     $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd
-install -D -m 0644 -p %SOURCE5     $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd
+install -D -m 0644 -p %SOURCE4     $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd
-install -D -m 0644 -p %SOURCE6     $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd
+install -D -m 0644 -p %SOURCE5     $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd
 install -D -m 0644 -p %SOURCE1      _doc_server/clamd.sysconfig
 install -D -m 0644 -p %SOURCE2      _doc_server/clamd.logrotate
 install -D -m 0644 -p %SOURCE3      _doc_server/README
 install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf
-install -m 0755 -p %SOURCE7       $RPM_BUILD_ROOT%_datadir/%name/
+install -m 0755 -p %SOURCE6       $RPM_BUILD_ROOT%_datadir/%name/
 install -D -p _doc_server/*            $RPM_BUILD_ROOT%_datadir/%name/template
-install -D -p -m 0644 %SOURCE17        $RPM_BUILD_ROOT%_unitdir/clamd@.service
+install -D -p -m 0644 %SOURCE15        $RPM_BUILD_ROOT%_unitdir/clamd@.service
-install -D -m 0644 -p %SOURCE11    $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update
+install -D -m 0644 -p %SOURCE10    $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update
 touch $RPM_BUILD_ROOT%_var/log/freshclam.log
-install -D -p -m 0755 %SOURCE8    $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep
+install -D -p -m 0755 %SOURCE7    $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep
-install -D -p -m 0644 %SOURCE9    $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam
+install -D -p -m 0644 %SOURCE8    $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam
-install -D -p -m 0600 %SOURCE10    $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update
+install -D -p -m 0600 %SOURCE9    $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update
 mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,}
 chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf
@ -240,8 +236,8 @@ smartsubst 's!webmaster,clamav!webmaster,clamav!g;
 sed -e 's!<SERVICE>!scan!g;s!<USER>!clamscan!g' \
    etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf
-install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf
+install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf
-install -D -p -m 0644 %SOURCE16 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service
+install -D -p -m 0644 %SOURCE14 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service
 cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf
 d %_rundir/clamd.scan 0710 clamscan virusgroup
@ -258,8 +254,8 @@ sed -r -e 's!^#?(User).*!\1 clamilt!g' \
    -e 's! /tmp/clamav-milter.log! %_var/log/clamav-milter.log!g' \
    etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf
-install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf
+install -D -p -m 0644 %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf
-install -D -p -m 0644 %SOURCE14 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service
+install -D -p -m 0644 %SOURCE12 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service
 cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamav-milter.conf
 d %_rundir/clamav-milter 0710 clamilt clamilt
@ -401,7 +397,6 @@ test -e %_var/log/clamav-milter.log || {
 %files milter
 %doc clamav-milter/README.fedora
 %_sbindir/*milter*
 %dir %_sysconfdir/mail
 %config(noreplace) %_sysconfdir/mail/clamav-milter.conf
--- a/74
+++ b/74
@ -1,74 +0,0 @@
 To create individual clamd-instance take the following files and
 modify/copy them in the suggested way:
 clamd.conf:
  * set LocalSocket (or better: TCPSocket) and User to suitable values;
    avoid PidFile unless it is required by system monitoring or something
    else. Logging through syslog is usually better than an individual
    Logfile.
  * place this file into /etc/clamd.d with an unique service-name;
    e.g. as /etc/clamd.d/<SERVICE>.conf
  When using TCPSocket, create iptables rules which are limiting the
  access by source and/or by using '-m owner'.
  When LogFile feature is wanted, it must be writable for the assigned
  User. Recommended way to reach this, is to:
  * make it owned by the User's *group*
  * assign at least 0620 (u+rw,g+w) permissions
  A suitable command might be
  | # touch <logfile>
  | # chgrp <user> <logfile>
  | # chmod 0620   <logfile>
  | # restorecon <logfile>
  NEVER use 'clamav' as the user since he can modify the database.
  This is the user who is running the application; e.g. for mimedefang
  (http://www.roaringpenguin.com/mimedefang), the user might be
  'defang'.Theoretically, distinct users could be used, but it must be
  made sure that the application-user can write into the socket-file,
  and that the clamd-user can access the files asked by the
  application to be checked.
 clamd.logrotate: (only when LogFile feature is used)
  * set the correct value for the logfile
  * place it into /etc/logrotate.d
 clamd@<SERVICE>.service: (systemd instance)
  * instance of clamd@.service
 Additionally, when using LocalSocket instead of TCPSocket, the directory
 for the socket file must be created.  For tmpfiles based systems, you
 might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
 with a content of
 | d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
 Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
 so that the socket can be accessed by clamd and by the applications
 using clamd. Make sure that the socket is not world accessible; else,
 DOS attacks or worse are trivial.
 After emulating these steps by hand (or else rebooting), you still need set
 SELinux:
 chcon -t clamd_var_run_t /var/run/clamd.<SERVICE>
 or
 restorecon -R -v "/var/run/clamd.<SERVICE>"
 More SELinux notes:
 you may need run:
 setsebool -P antivirus_can_scan_system 1
 and also maybe this one (I need to confirm that is obsolete)
 setsebool -P antivirus_use_jit 1
 [Disclaimer:
 this file and the script/configfiles are not part of the official
 clamav package.
 Please send complaints and comments to
 https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav]