From c507131a0be7810561037bc22aa25ea2692887aa Mon Sep 17 00:00:00 2001 From: mhoellein Date: Fri, 15 Mar 2024 10:49:11 +0100 Subject: [PATCH] committing changes in /etc made by "apt-get install clamav-daemon" Package changes: +clamav-daemon 0.103.11+dfsg-0ubuntu0.20.04.1 amd64 --- .etckeeper | 11 + apparmor.d/local/usr.sbin.clamd | 0 apparmor.d/usr.sbin.clamd | 61 +++ clamav/clamd.conf | 87 ++++ init.d/clamav-daemon | 415 ++++++++++++++++++ logcheck/ignore.d.paranoid/clamav-daemon | 6 + logcheck/ignore.d.server/clamav-daemon | 1 + logrotate.d/clamav-daemon | 14 + rc0.d/K01clamav-daemon | 1 + rc1.d/K01clamav-daemon | 1 + rc2.d/S01clamav-daemon | 1 + rc3.d/S01clamav-daemon | 1 + rc4.d/S01clamav-daemon | 1 + rc5.d/S01clamav-daemon | 1 + rc6.d/K01clamav-daemon | 1 + .../clamav-daemon.service.d/extend.conf | 3 + .../clamav-daemon.service | 1 + 17 files changed, 606 insertions(+) create mode 100644 apparmor.d/local/usr.sbin.clamd create mode 100644 apparmor.d/usr.sbin.clamd create mode 100644 clamav/clamd.conf create mode 100755 init.d/clamav-daemon create mode 100644 logcheck/ignore.d.paranoid/clamav-daemon create mode 100644 logcheck/ignore.d.server/clamav-daemon create mode 100644 logrotate.d/clamav-daemon create mode 120000 rc0.d/K01clamav-daemon create mode 120000 rc1.d/K01clamav-daemon create mode 120000 rc2.d/S01clamav-daemon create mode 120000 rc3.d/S01clamav-daemon create mode 120000 rc4.d/S01clamav-daemon create mode 120000 rc5.d/S01clamav-daemon create mode 120000 rc6.d/K01clamav-daemon create mode 100644 systemd/system/clamav-daemon.service.d/extend.conf create mode 120000 systemd/system/multi-user.target.wants/clamav-daemon.service diff --git a/.etckeeper b/.etckeeper index 4518b35af..163d279e9 100755 --- a/.etckeeper +++ b/.etckeeper @@ -10,6 +10,7 @@ mkdir -p './binfmt.d' mkdir -p './ca-certificates/update.d' mkdir -p './clamav/onerrorexecute.d' mkdir -p './clamav/onupdateexecute.d' +mkdir -p './clamav/virusevent.d' mkdir -p './dbus-1/session.d' mkdir -p './dconf/db' mkdir -p './dovecot/private' @@ -641,6 +642,7 @@ maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam' maybe chmod 0644 'apparmor.d/local/usr.bin.man' maybe chmod 0644 'apparmor.d/local/usr.lib.ipsec.charon' maybe chmod 0644 'apparmor.d/local/usr.lib.ipsec.stroke' +maybe chmod 0644 'apparmor.d/local/usr.sbin.clamd' maybe chmod 0644 'apparmor.d/local/usr.sbin.mysqld' maybe chmod 0644 'apparmor.d/local/usr.sbin.named' maybe chmod 0644 'apparmor.d/local/usr.sbin.rsyslogd' @@ -672,6 +674,7 @@ maybe chmod 0644 'apparmor.d/usr.bin.freshclam' maybe chmod 0644 'apparmor.d/usr.bin.man' maybe chmod 0644 'apparmor.d/usr.lib.ipsec.charon' maybe chmod 0644 'apparmor.d/usr.lib.ipsec.stroke' +maybe chmod 0644 'apparmor.d/usr.sbin.clamd' maybe chmod 0644 'apparmor.d/usr.sbin.mysqld' maybe chmod 0644 'apparmor.d/usr.sbin.named' maybe chmod 0644 'apparmor.d/usr.sbin.rsyslogd' @@ -781,11 +784,13 @@ maybe chmod 0755 'carbon' maybe chmod 0644 'carbon/carbon.conf' maybe chmod 0644 'carbon/storage-schemas.conf' maybe chmod 0755 'clamav' +maybe chmod 0644 'clamav/clamd.conf' maybe chown 'clamav' 'clamav/freshclam.conf' maybe chgrp 'adm' 'clamav/freshclam.conf' maybe chmod 0444 'clamav/freshclam.conf' maybe chmod 0755 'clamav/onerrorexecute.d' maybe chmod 0755 'clamav/onupdateexecute.d' +maybe chmod 0755 'clamav/virusevent.d' maybe chmod 0755 'console-setup' maybe chmod 0644 'console-setup/ISO-8859-1.acm' maybe chmod 0644 'console-setup/Uni2-Fixed16.psf.gz' @@ -1499,6 +1504,7 @@ maybe chmod 0755 'init.d/apache-htcacheclean' maybe chmod 0755 'init.d/apache2' maybe chmod 0755 'init.d/apparmor' maybe chmod 0755 'init.d/carbon-cache' +maybe chmod 0755 'init.d/clamav-daemon' maybe chmod 0755 'init.d/clamav-freshclam' maybe chmod 0755 'init.d/console-setup.sh' maybe chmod 0755 'init.d/coturn' @@ -18864,9 +18870,11 @@ maybe chmod 0644 'locale.alias' maybe chmod 0644 'locale.gen' maybe chmod 0755 'logcheck' maybe chmod 0755 'logcheck/ignore.d.paranoid' +maybe chmod 0644 'logcheck/ignore.d.paranoid/clamav-daemon' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_7' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-8_0' maybe chmod 0755 'logcheck/ignore.d.server' +maybe chmod 0644 'logcheck/ignore.d.server/clamav-daemon' maybe chmod 0644 'logcheck/ignore.d.server/clamav-freshclam' maybe chmod 0644 'logcheck/ignore.d.server/gpg-agent' maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules' @@ -18889,6 +18897,7 @@ maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/bootlog' maybe chmod 0644 'logrotate.d/btmp' maybe chmod 0644 'logrotate.d/certbot' +maybe chmod 0644 'logrotate.d/clamav-daemon' maybe chmod 0644 'logrotate.d/clamav-freshclam' maybe chmod 0644 'logrotate.d/dbconfig-common' maybe chmod 0644 'logrotate.d/dpkg' @@ -19434,6 +19443,8 @@ maybe chmod 0644 'systemd/resolved.conf' maybe chmod 0644 'systemd/sleep.conf' maybe chmod 0755 'systemd/system' maybe chmod 0644 'systemd/system.conf' +maybe chmod 0755 'systemd/system/clamav-daemon.service.d' +maybe chmod 0644 'systemd/system/clamav-daemon.service.d/extend.conf' maybe chmod 0755 'systemd/system/default.target.wants' maybe chmod 0755 'systemd/system/emergency.target.wants' maybe chmod 0755 'systemd/system/getty.target.wants' diff --git a/apparmor.d/local/usr.sbin.clamd b/apparmor.d/local/usr.sbin.clamd new file mode 100644 index 000000000..e69de29bb diff --git a/apparmor.d/usr.sbin.clamd b/apparmor.d/usr.sbin.clamd new file mode 100644 index 000000000..da2bed000 --- /dev/null +++ b/apparmor.d/usr.sbin.clamd @@ -0,0 +1,61 @@ +# vim:syntax=apparmor +# Author: Jamie Strandboge +# Last Modified: Sun Aug 3 09:39:03 2008 + +#include + +/usr/sbin/clamd { + #include + #include + #include + + # LP: #433764: + capability dac_override, + + # needed, when using systemd + capability setgid, + capability setuid, + capability chown, + + @{PROC}/filesystems r, + @{PROC}/[0-9]*/status r, + + /etc/clamav/clamd.conf r, + + /usr/sbin/clamd mr, + + /tmp/ rw, + /tmp/** krw, + + /var/lib/clamav/ r, + /var/lib/clamav/** krw, + /var/log/clamav/* krw, + + /{,var/}run/clamav/clamd.ctl w, + /{,var/}run/clamav/clamd.pid w, + + /var/spool/clamsmtp/* r, + + /var/spool/qpsmtpd/* r, + + /var/spool/p3scan/children/** r, + + /var/spool/havp/** r, + + # For amavisd-new integration + /var/lib/amavis/tmp/** r, + + # For mimedefang integration + /var/spool/MIMEDefang/mdefang-*/Work/ r, + /var/spool/MIMEDefang/mdefang-*/Work/** r, + + # For use with exim + /var/spool/exim4/** r, + + # Allow home dir to be scanned + @{HOME}/ r, + @{HOME}/** r, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/clamav/clamd.conf b/clamav/clamd.conf new file mode 100644 index 000000000..3c4f5131a --- /dev/null +++ b/clamav/clamd.conf @@ -0,0 +1,87 @@ +#Automatically Generated by clamav-daemon postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-daemon +#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogRotate true +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose false +PreludeEnable no +PreludeAnalyzerName ClamAV +DatabaseDirectory /var/lib/clamav +OfficialDatabaseOnly false +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +MaxEmbeddedPE 10M +ScanOLE2 true +ScanPDF true +ScanHTML true +MaxHTMLNormalize 10M +MaxHTMLNoTags 2M +MaxScriptNormalize 5M +MaxZipTypeRcg 1M +ScanSWF true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +CrossFilesystems true +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +PartitionIntersection false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 30 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +AllowAllMatchScan true +ForceToDisk false +DisableCertCheck false +DisableCache false +MaxScanTime 120000 +MaxScanSize 100M +MaxFileSize 25M +MaxRecursion 16 +MaxFiles 10000 +MaxPartitions 50 +MaxIconsPE 100 +PCREMatchLimit 10000 +PCRERecMatchLimit 5000 +PCREMaxFileSize 25M +ScanXMLDOCS true +ScanHWP3 true +MaxRecHWP3 16 +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OnAccessMaxFileSize 5M diff --git a/init.d/clamav-daemon b/init.d/clamav-daemon new file mode 100755 index 000000000..9d5d617cc --- /dev/null +++ b/init.d/clamav-daemon @@ -0,0 +1,415 @@ +#! /bin/sh +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux +# by Ian Murdock . +# Clamav version by Magnus Ekdahl +# Heavily reworked by Stephen Gran +# +### BEGIN INIT INFO +# Provides: clamav-daemon +# Required-Start: $remote_fs $syslog +# Should-Start: +# Required-Stop: $remote_fs $syslog +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ClamAV daemon +# Description: Clam AntiVirus userspace daemon +### END INIT INFO + +# The exit status codes should comply with LSB. +# https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/clamd +NAME="clamd" +DESC="ClamAV daemon" +CLAMAVCONF=/etc/clamav/clamd.conf +SUPERVISOR=/usr/bin/daemon +SUPERVISORNAME=daemon +SUPERVISORPIDFILE="/var/run/clamav/daemon-clamd.pid" +SUPERVISORARGS="--name=$NAME --respawn $DAEMON -F $SUPERVISORPIDFILE" +DATABASEDIR="/var/lib/clamav" + +# required by Debian policy 9.3.2 +[ -x "$DAEMON" ] || exit 0 +[ -r /etc/default/clamav-daemon ] && . /etc/default/clamav-daemon + +to_lower() +{ + word="$1" + lcword=$(echo "$word" | tr A-Z a-z) + echo "$lcword" +} + +is_true() +{ + var="$1" + lcvar=$(to_lower "$var") + [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ] + return $? +} + +is_false() +{ + var="$1" + lcvar=$(to_lower "$var") + [ 'false' = "$lcvar" ] || [ 'no' = "$lcvar" ] || [ 0 = "$lcvar" ] + return $? +} + +ucf_cleanup() +{ + # This only does something if I've fucked up before + # Not entirely impossible :( + + configfile=$1 + + if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then + grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp + grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp + mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile + fi +} + +add_to_ucf() +{ + configfile=$1 + ucffile=$2 + + if ! grep -q "$configfile" /var/lib/ucf/hashfile; then + md5sum $configfile >> /var/lib/ucf/hashfile + cp $configfile $ucffile + fi +} + +ucf_upgrade_check() +{ + configfile=$1 + sourcefile=$2 + ucffile=$3 + + if [ -f "$configfile" ]; then + add_to_ucf $configfile $ucffile + ucf --three-way --debconf-ok "$sourcefile" "$configfile" + else + [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache + pathfind restorecon && restorecon /var/lib/ucf/cache + cp $sourcefile $configfile + add_to_ucf $configfile $ucffile + fi +} + +slurp_config() +{ + CLAMAVCONF="$1" + + if [ -e "$CLAMAVCONF" ]; then + for variable in `egrep -a -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do + case "$variable" in + DatabaseMirror) + if [ -z "$DatabaseMirror" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$value $i" + done + else + continue + fi + ;; + DatabaseCustomURL) + if [ -z "$DatabaseCustomURL" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$value $i" + done + else + continue + fi + ;; + IncludePUA) + if [ -z "$IncludePUA" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$i $value" + done + else + continue + fi + ;; + ExcludePUA) + if [ -z "$ExcludePUA" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$i $value" + done + else + continue + fi + ;; + ExtraDatabase) + if [ -z "$ExtraDatabase" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$value $i" + done + else + continue + fi + ;; + VirusEvent|OnUpdateExecute|OnErrorExecute|RejectMsg) + value=`grep -a ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //` + ;; + *) + value=`grep -a "^$variable[[:space:]]" $CLAMAVCONF | head -n1 | awk '{print $2}'` + ;; + esac + if [ -z "$value" ]; then + export "$variable"="true" + elif [ "$value" != "$variable" ]; then + export "$variable"="$value" + else + export "$variable"="true" + fi + unset value + done + fi +} + +pathfind() { + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$*" ]; then + IFS="$OLDIFS" + return 0 + fi + done + IFS="$OLDIFS" + return 1 +} + +set_debconf_value() +{ +prog=$1 +name=$2 +eval variable="\$${name}" +if [ -n "$variable" ]; then + db_set clamav-$prog/$name "$variable" || true +fi +} + +make_dir() +{ + DIR=$1 + if [ -d "$DIR" ]; then + return 0; + fi + [ -n "$User" ] || User=clamav + mkdir -p -m 0755 "$DIR" + chown "$User" "$DIR" + pathfind restorecon && restorecon "$DIR" +} + +# Debconf Functions + +isdigit () +{ + case $1 in + [[:digit:]]*) + ISDIGIT=1 + ;; + *) + ISDIGIT=0 + ;; + esac +} + +inputdigit () +{ + ISDIGIT=0 + while [ "$ISDIGIT" = '0' ]; do + db_input "$1" "$2" || true + if ! db_go; then + return 30 + fi + db_get $2 || true + isdigit $RET + if [ "$ISDIGIT" = '0' ]; then + db_input critical clamav-base/numinfo || true + db_go + fi + done + return 0 +} + +StateGeneric() +{ + PRIO=$1 + QUESTION=$2 + NEXT=$3 + LAST=$4 + + db_input $PRIO $QUESTION || true + if db_go; then + STATE=$NEXT + else + STATE=$LAST + fi +} + +StateGenericDigit() +{ + PRIO=$1 + QUESTION=$2 + NEXT=$3 + LAST=$4 + + inputdigit $PRIO $QUESTION || true + if db_go; then + STATE=$NEXT + else + STATE=$LAST + fi +} + + +. /lib/lsb/init-functions + +if [ ! -f "$CLAMAVCONF" ]; then + log_failure_msg "There is no configuration file for Clamav." + log_failure_msg "Please either dpkg-reconfigure $DESC, or copy the example from" + log_failure_msg "/usr/share/doc/clamav-base/examples/ to $CLAMAVCONF and run" + log_failure_msg "'invoke-rc.d clamav-daemon start'" + if [ "$1" = "status" ]; then + # program or service status is unknown + exit 4; + else + # program is not configured + exit 6; + fi +fi + +slurp_config "$CLAMAVCONF" + +if [ -n "$Example" ]; then + log_failure_msg "Clamav is not configured." + log_failure_msg "Please edit $CLAMAVCONF and run 'invoke-rc.d clamav-daemon start'" + if [ "$1" = "status" ]; then + # program or service status is unknown + exit 4; + else + # program is not configured + exit 6; + fi +fi + +if is_true "$Foreground"; then + if [ ! -x "$SUPERVISOR" ] ; then + log_failure_msg "Foreground specified, but $SUPERVISORNAME not found" + if [ "$1" = "status" ]; then + # program or service status is unknown + exit 4; + else + # program is not configured correctly + exit 6; + fi + else + RUN_SUPERVISED=1 + fi +fi + +[ -n "$User" ] || User=clamav +[ -n "$DataBaseDirectory" ] || DataBaseDirectory=/var/run/clamav + +make_dir "$DataBaseDirectory" +make_dir $(dirname "$SUPERVISORPIDFILE") + +if [ -z "$RUN_SUPERVISED" ]; then + THEPIDFILE="$PidFile" + THEDAEMON="$NAME" + RELOAD="1" +else + THEPIDFILE="$SUPERVISORPIDFILE" + THEDAEMON="$SUPERVISORNAME" + RELOAD="0" +fi + +if [ -z "$THEPIDFILE" ] +then + # Set the default PidFile. + THEPIDFILE='/run/clamav/clamd.pid' +fi + +make_dir $(dirname "$THEPIDFILE") +chown $User $(dirname "$THEPIDFILE") + + +case "$1" in + start) + # Check for database existence (start will fail if it's missing) + for db in main daily; do + if [ ! -e "$DATABASEDIR"/"$db".cvd ] && [ ! -d "$DATABASEDIR"/"$db".inc ] && [ ! -e "$DATABASEDIR"/"$db".cld ]; then + log_failure_msg "Clamav signatures not found in $DATABASEDIR" + log_failure_msg "Please retrieve them using freshclam" + log_failure_msg "Then run 'invoke-rc.d clamav-daemon start'" + # this is expected on a fresh installation + exit 0 + fi + done + if [ -z "$RUN_SUPERVISED" ] ; then + log_daemon_msg "Starting $DESC" "$NAME " + start-stop-daemon --start --oknodo -c $User --exec $DAEMON --pidfile $THEPIDFILE --quiet -- -c $CLAMAVCONF --pid=$THEPIDFILE + ret=$? + else + log_daemon_msg "Starting $DESC" "$NAME (supervised) " + $SUPERVISOR $SUPERVISORARGS + ret=$? + fi + log_end_msg $ret + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --oknodo --name $THEDAEMON --pidfile $THEPIDFILE --quiet --retry TERM/30/KILL/5 + log_end_msg $? + ;; + status) + start-stop-daemon --status --name $THEDAEMON --pidfile $THEPIDFILE + # start-stop-daemon returns LSB compliant exit status codes + ret=$? + if [ "$ret" = 0 ]; then + log_success_msg "$NAME is running" + else + log_failure_msg "$NAME is not running" + exit "$ret" + fi + ;; + restart|force-reload) + $0 stop + $0 start + ;; + reload-database) + if [ "$RELOAD" = "1" ]; then + log_daemon_msg "Reloading database for $DESC" "$NAME" + pkill -USR2 -F $THEPIDFILE $THEDAEMON 2>/dev/null + log_end_msg $? + else + log_failure_msg "reload-database does not work in supervised mode." + # unimplemented feature + exit 3 + fi + ;; + reload-log) + if [ "$RELOAD" = "1" ]; then + log_daemon_msg "Reloading log file for $DESC" "$NAME" + pkill -HUP -F $THEPIDFILE $THEDAEMON 2>/dev/null + else + log_failure_msg "reload-log does not work in supervised mode." + # unimplemented feature + exit 3 + fi + log_end_msg $? + ;; + *) + log_action_msg "Usage: $0 {start|stop|restart|force-reload|reload-log|reload-database|status}" >&2 + # invalid arguments + exit 2 + ;; +esac + +exit 0 diff --git a/logcheck/ignore.d.paranoid/clamav-daemon b/logcheck/ignore.d.paranoid/clamav-daemon new file mode 100644 index 000000000..8288b2905 --- /dev/null +++ b/logcheck/ignore.d.paranoid/clamav-daemon @@ -0,0 +1,6 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: SelfCheck: Database status OK\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: Reading databases from .*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: Database correctly reloaded \([0-9]+ signatures\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: SIGHUP caught: re-opening log file\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: No stats for Database check - forcing reload$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: SelfCheck: Database modification detected\. Forcing reload\.$ diff --git a/logcheck/ignore.d.server/clamav-daemon b/logcheck/ignore.d.server/clamav-daemon new file mode 100644 index 000000000..e35da181f --- /dev/null +++ b/logcheck/ignore.d.server/clamav-daemon @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: .* (FOUND|OK)$ diff --git a/logrotate.d/clamav-daemon b/logrotate.d/clamav-daemon new file mode 100644 index 000000000..8c3c04596 --- /dev/null +++ b/logrotate.d/clamav-daemon @@ -0,0 +1,14 @@ +/var/log/clamav/clamav.log { + rotate 12 + weekly + compress + delaycompress + create 640 clamav adm + postrotate + if [ -d /run/systemd/system ]; then + systemctl -q is-active clamav-daemon && systemctl kill --signal=SIGHUP clamav-daemon || true + else + invoke-rc.d clamav-daemon reload-log > /dev/null || true + fi + endscript + } diff --git a/rc0.d/K01clamav-daemon b/rc0.d/K01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc0.d/K01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/rc1.d/K01clamav-daemon b/rc1.d/K01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc1.d/K01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/rc2.d/S01clamav-daemon b/rc2.d/S01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc2.d/S01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/rc3.d/S01clamav-daemon b/rc3.d/S01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc3.d/S01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/rc4.d/S01clamav-daemon b/rc4.d/S01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc4.d/S01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/rc5.d/S01clamav-daemon b/rc5.d/S01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc5.d/S01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/rc6.d/K01clamav-daemon b/rc6.d/K01clamav-daemon new file mode 120000 index 000000000..65f9c0fd4 --- /dev/null +++ b/rc6.d/K01clamav-daemon @@ -0,0 +1 @@ +../init.d/clamav-daemon \ No newline at end of file diff --git a/systemd/system/clamav-daemon.service.d/extend.conf b/systemd/system/clamav-daemon.service.d/extend.conf new file mode 100644 index 000000000..49319d553 --- /dev/null +++ b/systemd/system/clamav-daemon.service.d/extend.conf @@ -0,0 +1,3 @@ +[Service] +ExecStartPre=-/bin/mkdir -p /run/clamav +ExecStartPre=/bin/chown clamav /run/clamav diff --git a/systemd/system/multi-user.target.wants/clamav-daemon.service b/systemd/system/multi-user.target.wants/clamav-daemon.service new file mode 120000 index 000000000..c77a434ee --- /dev/null +++ b/systemd/system/multi-user.target.wants/clamav-daemon.service @@ -0,0 +1 @@ +/lib/systemd/system/clamav-daemon.service \ No newline at end of file -- 2.43.0