clamav: add clamav-cvd package for cvd db

Add native package to support creating a mirror of the clamav cvd and supply it in a new package. Provide a INSTALL_CLAMAV_CVD flag to bypass this creation Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2019-04-09 09:02:00 +0530
committer: Armin Kuster <akuster808@gmail.com> 2019-04-14 10:54:07 -0700
commit: ab3c84c4d34cb07a3a2bfa0893dc3bd0103190a9 (patch)
tree: f09db4a9a6208b86ba08b540626821992a8ba60f
parent: 3b88d3d9ca5193242b66eb23a9cb857a13bf8535 (diff)
download: meta-security-ab3c84c4d34cb07a3a2bfa0893dc3bd0103190a9.tar.gz
2 files changed, 259 insertions, 6 deletions
diff --git a/recipes-security/clamav/clamav_0.99.4.bb b/recipes-security/clamav/clamav_0.99.4.bb
index 3fc48e7..32dc59c 100644
--- a/recipes-security/clamav/clamav_0.99.4.bb
+++ b/recipes-security/clamav/clamav_0.99.4.bb
@@ -4,8 +4,9 @@ HOMEPAGE = "http://www.clamav.net/index.html"
 SECTION = "security"
 LICENSE = "LGPL-2.1"
-DEPENDS = "libtool db libmspack chrpath-replacement-native"
+DEPENDS = "libtool db libmspack chrpath-replacement-native clamav-native"
+DEPENDS_class-native = "db-native"
+ 
 LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
 SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047"
@@ -15,6 +16,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \
    file://freshclam.conf \
    file://volatiles.03_clamav \
    file://${BPN}.service \
+    file://freshclam-native.conf \
    "
 S = "${WORKDIR}/git"
@@ -28,6 +30,7 @@ inherit autotools-brokensep pkgconfig useradd systemd
 UID = "clamav"
 GID = "clamav"
+INSTALL_CLAMAV_CVD ?= "1"
 # Clamav has a built llvm version 2 but does not build with gcc 6.x,
 # disable the internal one. This is a known issue
@@ -58,12 +61,27 @@ EXTRA_OECONF += " --with-user=${UID}  --with-group=${GID} \
            --disable-rpath \
            "
+EXTRA_OECONF_class-native += "--without-libcheck-prefix --disable-unrar \
+            --with-system-llvm --with-llvm-linking=dynamic --disable-llvm \
+            --disable-mempool \
+            --program-prefix="" \
+            --disable-yara \
+            --without-libbz2-prefix --without-zlib \
+            "
 do_configure () {
    cd ${S}
    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} 
+    install -d ${S}/clamav_db
 }
-do_compile_append() {
+do_configure_class-native () {
+    cd ${S}
+    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} 
+}
+do_compile_append_class-target() {
    # brute force removing RPATH
    chrpath -d  ${B}/libclamav/.libs/libclamav.so.${SO_VER}
    chrpath -d  ${B}/sigtool/.libs/sigtool
@@ -72,9 +90,14 @@ do_compile_append() {
    chrpath -d  ${B}/clamconf/.libs/clamconf
    chrpath -d  ${B}/clamd/.libs/clamd
    chrpath -d  ${B}/freshclam/.libs/freshclam
+    if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
+        bbnote "CLAMAV creating cvd"
+        ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
+    fi
 }
-do_install_append() {
+do_install_append_class-target () {
    install -d ${D}/${sysconfdir}
    install -d ${D}/${localstatedir}/lib/clamav
    install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
@@ -84,6 +107,7 @@ do_install_append() {
    install -m 0644 ${WORKDIR}/volatiles.03_clamav  ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
    sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
    rm ${D}/${libdir}/libclamav.so
+    install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
        install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
    fi
@@ -93,11 +117,11 @@ pkg_postinst_ontarget_${PN} () {
    if [ -e /etc/init.d/populate-volatile.sh ] ; then
        ${sysconfdir}/init.d/populate-volatile.sh update
    fi
-    chown ${UID}:${GID} ${localstatedir}/lib/clamav
+    chown -R ${UID}:${GID} ${localstatedir}/lib/clamav
 }
-PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \
+PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
            ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"
 FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
@@ -140,6 +164,8 @@ FILES_${PN}-doc = "${mandir}/man/* \
                   ${datadir}/man/* \
                   ${docdir}/* "
+FILES_${PN}-cvd =  "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat"
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM_${PN} = "--system ${UID}"
 USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir  \
@@ -152,3 +178,6 @@ RCONFLICTS_${PN} += "${PN}-systemd"
 SYSTEMD_SERVICE_${PN} = "${BPN}.service"
 RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav"
+RDEPENDS_${PN}_class-native = ""
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/clamav/files/freshclam-native.conf b/recipes-security/clamav/files/freshclam-native.conf
new file mode 100644
index 0000000..aaa8cf4
--- /dev/null
+++ b/recipes-security/clamav/files/freshclam-native.conf
@@ -0,0 +1,224 @@
+# Path to the database directory.
+# WARNING: It must match clamd.conf's directive!
+# Default: hardcoded (depends on installation options)
+#DatabaseDirectory /var/lib/clamav
+# Path to the log file (make sure it has proper permissions)
+# Default: disabled
+#UpdateLogFile /var/log/clamav/freshclam.log
+# Maximum size of the log file.
+# Value of 0 disables the limit.
+# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
+# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
+# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
+# log rotation (the LogRotate option) will always be enabled.
+# Default: 1M
+LogFileMaxSize 2M
+# Log time with each message.
+# Default: no
+LogTime yes
+# Enable verbose logging.
+# Default: no
+#LogVerbose yes
+# Use system logger (can work together with UpdateLogFile).
+# Default: no
+#LogSyslog yes
+# Specify the type of syslog messages - please refer to 'man syslog'
+# for facility names.
+# Default: LOG_LOCAL6
+#LogFacility LOG_MAIL
+# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
+# Default: no
+#LogRotate yes
+# This option allows you to save the process identifier of the daemon
+# Default: disabled
+#PidFile /var/run/freshclam.pid
+# By default when started freshclam drops privileges and switches to the
+# "clamav" user. This directive allows you to change the database owner.
+# Default: clamav (may depend on installation options)
+DatabaseOwner clamav
+# Initialize supplementary group access (freshclam must be started by root).
+# Default: no
+#AllowSupplementaryGroups yes
+# Use DNS to verify virus database version. Freshclam uses DNS TXT records
+# to verify database and software versions. With this directive you can change
+# the database verification domain.
+# WARNING: Do not touch it unless you're configuring freshclam to use your
+# own database verification domain.
+# Default: current.cvd.clamav.net
+#DNSDatabaseInfo current.cvd.clamav.net
+# Uncomment the following line and replace XY with your country
+# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
+# You can use db.XY.ipv6.clamav.net for IPv6 connections.
+#DatabaseMirror db.XY.clamav.net
+# database.clamav.net is a round-robin record which points to our most 
+# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is 
+# not working. DO NOT TOUCH the following line unless you know what you
+# are doing.
+DatabaseMirror database.clamav.net
+# How many attempts to make before giving up.
+# Default: 3 (per mirror)
+#MaxAttempts 5
+# With this option you can control scripted updates. It's highly recommended
+# to keep it enabled.
+# Default: yes
+#ScriptedUpdates yes
+# By default freshclam will keep the local databases (.cld) uncompressed to
+# make their handling faster. With this option you can enable the compression;
+# the change will take effect with the next database update.
+# Default: no
+#CompressLocalDatabase no
+# With this option you can provide custom sources (http:// or file://) for
+# database files. This option can be used multiple times.
+# Default: no custom URLs
+#DatabaseCustomURL http://myserver.com/mysigs.ndb
+#DatabaseCustomURL file:///mnt/nfs/local.hdb
+# This option allows you to easily point freshclam to private mirrors.
+# If PrivateMirror is set, freshclam does not attempt to use DNS
+# to determine whether its databases are out-of-date, instead it will
+# use the If-Modified-Since request or directly check the headers of the
+# remote database files. For each database, freshclam first attempts
+# to download the CLD file. If that fails, it tries to download the
+# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
+# and ScriptedUpdates. It can be used multiple times to provide
+# fall-back mirrors.
+# Default: disabled
+#PrivateMirror mirror1.mynetwork.com
+#PrivateMirror mirror2.mynetwork.com
+# Number of database checks per day.
+# Default: 12 (every two hours)
+#Checks 24
+# Proxy settings
+# Default: disabled
+#HTTPProxyServer myproxy.com
+#HTTPProxyPort 1234
+#HTTPProxyUsername myusername
+#HTTPProxyPassword mypass
+# If your servers are behind a firewall/proxy which applies User-Agent
+# filtering you can use this option to force the use of a different
+# User-Agent header.
+# Default: clamav/version_number
+#HTTPUserAgent SomeUserAgentIdString
+# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
+# multi-homed systems.
+# Default: Use OS'es default outgoing IP address.
+#LocalIPAddress aaa.bbb.ccc.ddd
+# Send the RELOAD command to clamd.
+# Default: no
+#NotifyClamd /path/to/clamd.conf
+# Run command after successful database update.
+# Default: disabled
+#OnUpdateExecute command
+# Run command when database update process fails.
+# Default: disabled
+#OnErrorExecute command
+# Run command when freshclam reports outdated version.
+# In the command string %v will be replaced by the new version number.
+# Default: disabled
+#OnOutdatedExecute command
+# Don't fork into background.
+# Default: no
+#Foreground yes
+# Enable debug messages in libclamav.
+# Default: no
+#Debug yes
+# Timeout in seconds when connecting to database server.
+# Default: 30
+#ConnectTimeout 60
+# Timeout in seconds when reading from database server.
+# Default: 30
+#ReceiveTimeout 60
+# With this option enabled, freshclam will attempt to load new
+# databases into memory to make sure they are properly handled
+# by libclamav before replacing the old ones.
+# Default: yes
+#TestDatabases yes
+# When enabled freshclam will submit statistics to the ClamAV Project about
+# the latest virus detections in your environment. The ClamAV maintainers
+# will then use this data to determine what types of malware are the most
+# detected in the field and in what geographic area they are.
+# Freshclam will connect to clamd in order to get recent statistics.
+# Default: no
+#SubmitDetectionStats /path/to/clamd.conf
+# Country of origin of malware/detection statistics (for statistical
+# purposes only). The statistics collector at ClamAV.net will look up
+# your IP address to determine the geographical origin of the malware
+# reported by your installation. If this installation is mainly used to
+# scan data which comes from a different location, please enable this
+# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
+# of the country of origin.
+# Default: disabled
+#DetectionStatsCountry country-code
+# This option enables support for our "Personal Statistics" service. 
+# When this option is enabled, the information on malware detected by
+# your clamd installation is made available to you through our website.
+# To get your HostID, log on http://www.stats.clamav.net and add a new
+# host to your host list. Once you have the HostID, uncomment this option
+# and paste the HostID here. As soon as your freshclam starts submitting
+# information to our stats collecting service, you will be able to view
+# the statistics of this clamd installation by logging into
+# http://www.stats.clamav.net with the same credentials you used to
+# generate the HostID. For more information refer to:
+# http://www.clamav.net/documentation.html#cctts 
+# This feature requires SubmitDetectionStats to be enabled.
+# Default: disabled
+#DetectionStatsHostID unique-id
+# This option enables support for Google Safe Browsing. When activated for
+# the first time, freshclam will download a new database file (safebrowsing.cvd)
+# which will be automatically loaded by clamd and clamscan during the next
+# reload, provided that the heuristic phishing detection is turned on. This
+# database includes information about websites that may be phishing sites or
+# possible sources of malware. When using this option, it's mandatory to run
+# freshclam at least every 30 minutes.
+# Freshclam uses the ClamAV's mirror infrastructure to distribute the
+# database and its updates but all the contents are provided under Google's
+# terms of use. See http://www.google.com/transparencyreport/safebrowsing
+# and http://www.clamav.net/documentation.html#safebrowsing 
+# for more information.
+# Default: disabled
+#SafeBrowsing yes
+# This option enables downloading of bytecode.cvd, which includes additional
+# detection mechanisms and improvements to the ClamAV engine.
+# Default: enabled
+#Bytecode yes
+# Download an additional 3rd party signature database distributed through
+# the ClamAV mirrors. 
+# This option can be used multiple times.
+#ExtraDatabase dbname1
+#ExtraDatabase dbname2
author	Armin Kuster <akuster808@gmail.com>	2019-04-09 09:02:00 +0530
committer	Armin Kuster <akuster808@gmail.com>	2019-04-14 10:54:07 -0700
commit	ab3c84c4d34cb07a3a2bfa0893dc3bd0103190a9 (patch)
tree	f09db4a9a6208b86ba08b540626821992a8ba60f
parent	3b88d3d9ca5193242b66eb23a9cb857a13bf8535 (diff)
download	meta-security-ab3c84c4d34cb07a3a2bfa0893dc3bd0103190a9.tar.gz

diff --git a/recipes-security/clamav/clamav_0.99.4.bb b/recipes-security/clamav/clamav_0.99.4.bb index 3fc48e7..32dc59c 100644 --- a/recipes-security/clamav/clamav_0.99.4.bb +++ b/recipes-security/clamav/clamav_0.99.4.bb
@@ -4,8 +4,9 @@ HOMEPAGE = "http://www.clamav.net/index.html"
4	SECTION = "security"	4	SECTION = "security"
5	LICENSE = "LGPL-2.1"	5	LICENSE = "LGPL-2.1"
6		6
7	DEPENDS = "libtool db libmspack chrpath-replacement-native"	7	DEPENDS = "libtool db libmspack chrpath-replacement-native clamav-native"
8		8	DEPENDS_class-native = "db-native"
		9
9	LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"	10	LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
10		11
11	SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047"	12	SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047"
@@ -15,6 +16,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \
15	file://freshclam.conf \	16	file://freshclam.conf \
16	file://volatiles.03_clamav \	17	file://volatiles.03_clamav \
17	file://${BPN}.service \	18	file://${BPN}.service \
		19	file://freshclam-native.conf \
18	"	20	"
19		21
20	S = "${WORKDIR}/git"	22	S = "${WORKDIR}/git"
@@ -28,6 +30,7 @@ inherit autotools-brokensep pkgconfig useradd systemd
28		30
29	UID = "clamav"	31	UID = "clamav"
30	GID = "clamav"	32	GID = "clamav"
		33	INSTALL_CLAMAV_CVD ?= "1"
31		34
32	# Clamav has a built llvm version 2 but does not build with gcc 6.x,	35	# Clamav has a built llvm version 2 but does not build with gcc 6.x,
33	# disable the internal one. This is a known issue	36	# disable the internal one. This is a known issue
@@ -58,12 +61,27 @@ EXTRA_OECONF += " --with-user=${UID} --with-group=${GID} \
58	--disable-rpath \	61	--disable-rpath \
59	"	62	"
60		63
		64	EXTRA_OECONF_class-native += "--without-libcheck-prefix --disable-unrar \
		65	--with-system-llvm --with-llvm-linking=dynamic --disable-llvm \
		66	--disable-mempool \
		67	--program-prefix="" \
		68	--disable-yara \
		69	--without-libbz2-prefix --without-zlib \
		70	"
		71
61	do_configure () {	72	do_configure () {
62	cd ${S}	73	cd ${S}
63	./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}	74	./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
		75	install -d ${S}/clamav_db
64	}	76	}
65		77
66	do_compile_append() {	78	do_configure_class-native () {
		79	cd ${S}
		80	./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
		81	}
		82
		83
		84	do_compile_append_class-target() {
67	# brute force removing RPATH	85	# brute force removing RPATH
68	chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER}	86	chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER}
69	chrpath -d ${B}/sigtool/.libs/sigtool	87	chrpath -d ${B}/sigtool/.libs/sigtool
@@ -72,9 +90,14 @@ do_compile_append() {
72	chrpath -d ${B}/clamconf/.libs/clamconf	90	chrpath -d ${B}/clamconf/.libs/clamconf
73	chrpath -d ${B}/clamd/.libs/clamd	91	chrpath -d ${B}/clamd/.libs/clamd
74	chrpath -d ${B}/freshclam/.libs/freshclam	92	chrpath -d ${B}/freshclam/.libs/freshclam
		93
		94	if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
		95	bbnote "CLAMAV creating cvd"
		96	${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
		97	fi
75	}	98	}
76		99
77	do_install_append() {	100	do_install_append_class-target () {
78	install -d ${D}/${sysconfdir}	101	install -d ${D}/${sysconfdir}
79	install -d ${D}/${localstatedir}/lib/clamav	102	install -d ${D}/${localstatedir}/lib/clamav
80	install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles	103	install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
@@ -84,6 +107,7 @@ do_install_append() {
84	install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav	107	install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
85	sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc	108	sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
86	rm ${D}/${libdir}/libclamav.so	109	rm ${D}/${libdir}/libclamav.so
		110	install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
87	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then	111	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
88	install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service	112	install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
89	fi	113	fi
@@ -93,11 +117,11 @@ pkg_postinst_ontarget_${PN} () {
93	if [ -e /etc/init.d/populate-volatile.sh ] ; then	117	if [ -e /etc/init.d/populate-volatile.sh ] ; then
94	${sysconfdir}/init.d/populate-volatile.sh update	118	${sysconfdir}/init.d/populate-volatile.sh update
95	fi	119	fi
96	chown ${UID}:${GID} ${localstatedir}/lib/clamav	120	chown -R ${UID}:${GID} ${localstatedir}/lib/clamav
97	}	121	}
98		122
99		123
100	PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \	124	PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
101	${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"	125	${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"
102		126
103	FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \	127	FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
@@ -140,6 +164,8 @@ FILES_${PN}-doc = "${mandir}/man/* \
140	${datadir}/man/* \	164	${datadir}/man/* \
141	${docdir}/* "	165	${docdir}/* "
142		166
		167	FILES_${PN}-cvd = "${localstatedir}/lib/clamav/.cvd ${localstatedir}/lib/clamav/.dat"
		168
143	USERADD_PACKAGES = "${PN}"	169	USERADD_PACKAGES = "${PN}"
144	GROUPADD_PARAM_${PN} = "--system ${UID}"	170	GROUPADD_PARAM_${PN} = "--system ${UID}"
145	USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \	171	USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \
@@ -152,3 +178,6 @@ RCONFLICTS_${PN} += "${PN}-systemd"
152	SYSTEMD_SERVICE_${PN} = "${BPN}.service"	178	SYSTEMD_SERVICE_${PN} = "${BPN}.service"
153		179
154	RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav"	180	RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav"
		181	RDEPENDS_${PN}_class-native = ""
		182
		183	BBCLASSEXTEND = "native"


diff --git a/recipes-security/clamav/files/freshclam-native.conf b/recipes-security/clamav/files/freshclam-native.conf new file mode 100644 index 0000000..aaa8cf4 --- /dev/null +++ b/recipes-security/clamav/files/freshclam-native.conf
@@ -0,0 +1,224 @@
		1	# Path to the database directory.
		2	# WARNING: It must match clamd.conf's directive!
		3	# Default: hardcoded (depends on installation options)
		4	#DatabaseDirectory /var/lib/clamav
		5
		6	# Path to the log file (make sure it has proper permissions)
		7	# Default: disabled
		8	#UpdateLogFile /var/log/clamav/freshclam.log
		9
		10	# Maximum size of the log file.
		11	# Value of 0 disables the limit.
		12	# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
		13	# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
		14	# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
		15	# log rotation (the LogRotate option) will always be enabled.
		16	# Default: 1M
		17	LogFileMaxSize 2M
		18
		19	# Log time with each message.
		20	# Default: no
		21	LogTime yes
		22
		23	# Enable verbose logging.
		24	# Default: no
		25	#LogVerbose yes
		26
		27	# Use system logger (can work together with UpdateLogFile).
		28	# Default: no
		29	#LogSyslog yes
		30
		31	# Specify the type of syslog messages - please refer to 'man syslog'
		32	# for facility names.
		33	# Default: LOG_LOCAL6
		34	#LogFacility LOG_MAIL
		35
		36	# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
		37	# Default: no
		38	#LogRotate yes
		39
		40	# This option allows you to save the process identifier of the daemon
		41	# Default: disabled
		42	#PidFile /var/run/freshclam.pid
		43
		44	# By default when started freshclam drops privileges and switches to the
		45	# "clamav" user. This directive allows you to change the database owner.
		46	# Default: clamav (may depend on installation options)
		47	DatabaseOwner clamav
		48
		49	# Initialize supplementary group access (freshclam must be started by root).
		50	# Default: no
		51	#AllowSupplementaryGroups yes
		52
		53	# Use DNS to verify virus database version. Freshclam uses DNS TXT records
		54	# to verify database and software versions. With this directive you can change
		55	# the database verification domain.
		56	# WARNING: Do not touch it unless you're configuring freshclam to use your
		57	# own database verification domain.
		58	# Default: current.cvd.clamav.net
		59	#DNSDatabaseInfo current.cvd.clamav.net
		60
		61	# Uncomment the following line and replace XY with your country
		62	# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
		63	# You can use db.XY.ipv6.clamav.net for IPv6 connections.
		64	#DatabaseMirror db.XY.clamav.net
		65
		66	# database.clamav.net is a round-robin record which points to our most
		67	# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
		68	# not working. DO NOT TOUCH the following line unless you know what you
		69	# are doing.
		70	DatabaseMirror database.clamav.net
		71
		72	# How many attempts to make before giving up.
		73	# Default: 3 (per mirror)
		74	#MaxAttempts 5
		75
		76	# With this option you can control scripted updates. It's highly recommended
		77	# to keep it enabled.
		78	# Default: yes
		79	#ScriptedUpdates yes
		80
		81	# By default freshclam will keep the local databases (.cld) uncompressed to
		82	# make their handling faster. With this option you can enable the compression;
		83	# the change will take effect with the next database update.
		84	# Default: no
		85	#CompressLocalDatabase no
		86
		87	# With this option you can provide custom sources (http:// or file://) for
		88	# database files. This option can be used multiple times.
		89	# Default: no custom URLs
		90	#DatabaseCustomURL http://myserver.com/mysigs.ndb
		91	#DatabaseCustomURL file:///mnt/nfs/local.hdb
		92
		93	# This option allows you to easily point freshclam to private mirrors.
		94	# If PrivateMirror is set, freshclam does not attempt to use DNS
		95	# to determine whether its databases are out-of-date, instead it will
		96	# use the If-Modified-Since request or directly check the headers of the
		97	# remote database files. For each database, freshclam first attempts
		98	# to download the CLD file. If that fails, it tries to download the
		99	# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
		100	# and ScriptedUpdates. It can be used multiple times to provide
		101	# fall-back mirrors.
		102	# Default: disabled
		103	#PrivateMirror mirror1.mynetwork.com
		104	#PrivateMirror mirror2.mynetwork.com
		105
		106	# Number of database checks per day.
		107	# Default: 12 (every two hours)
		108	#Checks 24
		109
		110	# Proxy settings
		111	# Default: disabled
		112	#HTTPProxyServer myproxy.com
		113	#HTTPProxyPort 1234
		114	#HTTPProxyUsername myusername
		115	#HTTPProxyPassword mypass
		116
		117	# If your servers are behind a firewall/proxy which applies User-Agent
		118	# filtering you can use this option to force the use of a different
		119	# User-Agent header.
		120	# Default: clamav/version_number
		121	#HTTPUserAgent SomeUserAgentIdString
		122
		123	# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
		124	# multi-homed systems.
		125	# Default: Use OS'es default outgoing IP address.
		126	#LocalIPAddress aaa.bbb.ccc.ddd
		127
		128	# Send the RELOAD command to clamd.
		129	# Default: no
		130	#NotifyClamd /path/to/clamd.conf
		131
		132	# Run command after successful database update.
		133	# Default: disabled
		134	#OnUpdateExecute command
		135
		136	# Run command when database update process fails.
		137	# Default: disabled
		138	#OnErrorExecute command
		139
		140	# Run command when freshclam reports outdated version.
		141	# In the command string %v will be replaced by the new version number.
		142	# Default: disabled
		143	#OnOutdatedExecute command
		144
		145	# Don't fork into background.
		146	# Default: no
		147	#Foreground yes
		148
		149	# Enable debug messages in libclamav.
		150	# Default: no
		151	#Debug yes
		152
		153	# Timeout in seconds when connecting to database server.
		154	# Default: 30
		155	#ConnectTimeout 60
		156
		157	# Timeout in seconds when reading from database server.
		158	# Default: 30
		159	#ReceiveTimeout 60
		160
		161	# With this option enabled, freshclam will attempt to load new
		162	# databases into memory to make sure they are properly handled
		163	# by libclamav before replacing the old ones.
		164	# Default: yes
		165	#TestDatabases yes
		166
		167	# When enabled freshclam will submit statistics to the ClamAV Project about
		168	# the latest virus detections in your environment. The ClamAV maintainers
		169	# will then use this data to determine what types of malware are the most
		170	# detected in the field and in what geographic area they are.
		171	# Freshclam will connect to clamd in order to get recent statistics.
		172	# Default: no
		173	#SubmitDetectionStats /path/to/clamd.conf
		174
		175	# Country of origin of malware/detection statistics (for statistical
		176	# purposes only). The statistics collector at ClamAV.net will look up
		177	# your IP address to determine the geographical origin of the malware
		178	# reported by your installation. If this installation is mainly used to
		179	# scan data which comes from a different location, please enable this
		180	# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
		181	# of the country of origin.
		182	# Default: disabled
		183	#DetectionStatsCountry country-code
		184
		185	# This option enables support for our "Personal Statistics" service.
		186	# When this option is enabled, the information on malware detected by
		187	# your clamd installation is made available to you through our website.
		188	# To get your HostID, log on http://www.stats.clamav.net and add a new
		189	# host to your host list. Once you have the HostID, uncomment this option
		190	# and paste the HostID here. As soon as your freshclam starts submitting
		191	# information to our stats collecting service, you will be able to view
		192	# the statistics of this clamd installation by logging into
		193	# http://www.stats.clamav.net with the same credentials you used to
		194	# generate the HostID. For more information refer to:
		195	# http://www.clamav.net/documentation.html#cctts
		196	# This feature requires SubmitDetectionStats to be enabled.
		197	# Default: disabled
		198	#DetectionStatsHostID unique-id
		199
		200	# This option enables support for Google Safe Browsing. When activated for
		201	# the first time, freshclam will download a new database file (safebrowsing.cvd)
		202	# which will be automatically loaded by clamd and clamscan during the next
		203	# reload, provided that the heuristic phishing detection is turned on. This
		204	# database includes information about websites that may be phishing sites or
		205	# possible sources of malware. When using this option, it's mandatory to run
		206	# freshclam at least every 30 minutes.
		207	# Freshclam uses the ClamAV's mirror infrastructure to distribute the
		208	# database and its updates but all the contents are provided under Google's
		209	# terms of use. See http://www.google.com/transparencyreport/safebrowsing
		210	# and http://www.clamav.net/documentation.html#safebrowsing
		211	# for more information.
		212	# Default: disabled
		213	#SafeBrowsing yes
		214
		215	# This option enables downloading of bytecode.cvd, which includes additional
		216	# detection mechanisms and improvements to the ClamAV engine.
		217	# Default: enabled
		218	#Bytecode yes
		219
		220	# Download an additional 3rd party signature database distributed through
		221	# the ClamAV mirrors.
		222	# This option can be used multiple times.
		223	#ExtraDatabase dbname1
		224	#ExtraDatabase dbname2