community/clamav: move from main

author: Milan P. Stanić <mps@arvanta.net> 2021-04-25 10:33:36 +0000
committer: Milan P. Stanić <mps@arvanta.net> 2021-04-25 10:33:36 +0000
commit: a020157295b786fc5a8dd897ee40e0b701deb915 (patch)
tree: a7658ff4d977ecd9b88e916042f173643490b363 /community
parent: 0c96ac8fac701e923b0e6d181820dc48b2819798 (diff)
12 files changed, 470 insertions, 0 deletions
diff --git a/community/clamav/APKBUILD b/community/clamav/APKBUILD
new file mode 100644
index 00000000000..b12b4efdb0a
--- /dev/null
+++ b/community/clamav/APKBUILD
@@ -0,0 +1,265 @@
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
+# Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org>
+pkgname=clamav
+pkgver=0.103.2
+pkgrel=0
+pkgusers="clamav"
+pkggroups="clamav"
+pkgdesc="An anti-virus toolkit for UNIX eis-ng backport"
+url="https://www.clamav.net/"
+arch="all"
+license="GPL-2.0-only WITH OpenSSL-Exception"
+depends="$pkgname-scanner $pkgname-daemon"
+depends_dev="openssl-dev"
+install="freshclam.pre-install
+	clamav-daemon.pre-install clamav-daemon.pre-upgrade"
+makedepends="ncurses-dev zlib-dev bzip2-dev pcre-dev linux-headers $depends_dev
+	libmilter-dev fts-dev curl-dev autoconf automake libtool"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-libunrar $pkgname-libs
+	$pkgname-daemon $pkgname-clamdscan $pkgname-scanner $pkgname-db::noarch freshclam
+	$pkgname-daemon-openrc:daemon_rc:noarch freshclam-openrc:freshclam_rc:noarch
+	$pkgname-milter"
+source="https://www.clamav.net/downloads/production/clamav-$pkgver.tar.gz
+	clamd.initd
+	clamd.confd
+	freshclam.initd
+	freshclam.confd
+	clamd.logrotate
+	freshclam.logrotate
+	"
+
+
+# secfixes:
+#   0.103.2-r0:
+#     - CVE-2021-1405
+#     - CVE-2021-1404
+#     - CVE-2021-1252
+#   0.102.4-r0:
+#     - CVE-2020-3350
+#     - CVE-2020-3481
+#   0.102.3-r0:
+#     - CVE-2020-3327
+#     - CVE-2020-3341
+#   0.102.1-r0:
+#     - CVE-2020-3123
+#   0.102.0-r0:
+#     - CVE-2019-15961
+#   0.101.4-r0:
+#     - CVE-2019-12625
+#   0.100.3-r0:
+#     - CVE-2019-1787
+#     - CVE-2019-1788
+#     - CVE-2019-1789
+#   0.99.4-r0:
+#     - CVE-2012-6706
+#     - CVE-2017-6419
+#     - CVE-2017-11423
+#     - CVE-2018-0202
+#     - CVE-2018-1000085
+#   0.99.3-r0:
+#     - CVE-2017-12374
+#     - CVE-2017-12375
+#     - CVE-2017-12376
+#     - CVE-2017-12377
+#     - CVE-2017-12378
+#     - CVE-2017-12379
+#     - CVE-2017-12380
+#   0.100.1-r0:
+#     - CVE-2017-16932
+#     - CVE-2018-0360
+#     - CVE-2018-0361
+#   0.100.2-r0:
+#     - CVE-2018-15378
+#     - CVE-2018-14680
+#     - CVE-2018-14681
+#     - CVE-2018-14682
+
+prepare() {
+	update_config_sub
+	default_prepare
+	autoreconf -ifv
+}
+
+build() {
+	LIBS=-lfts ./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--libdir=/usr/lib \
+		--sysconfdir=/etc/clamav \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--without-iconv \
+		--disable-llvm \
+		--with-user=clamav \
+		--with-group=clamav \
+		--with-dbdir=/var/lib/clamav \
+		--enable-clamdtop \
+		--enable-bigstack \
+		--with-pcre \
+		--enable-milter \
+		--enable-clamonacc
+	make
+}
+
+check() {
+	make check
+}
+
+package() {
+	make DESTDIR="$pkgdir" install
+
+	# set proper defaults
+	sed -i -e "s:^\(Example\):\# \1:" \
+		-e "s:.*\(PidFile\) .*:\1 /run/clamav/freshclam.pid:" \
+		-e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+		-e "s:^\#\(UpdateLogFile\) .*:\1 /var/log/clamav/freshclam.log:" \
+		-e "s:^\#\(NotifyClamd\).*:\1 /etc/clamav/clamd.conf:" \
+		-e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+		-e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+		"$pkgdir"/etc/clamav/freshclam.conf.sample
+
+	# set proper defaults
+	sed -i -e "s:^\(Example\):\# \1:" \
+		-e "s:.*\(PidFile\) .*:\1 /run/clamav/clamd.pid:" \
+		-e "s:.*\(LocalSocket\) .*:\1 /run/clamav/clamd.sock:" \
+		-e "s:.*\(User\) .*:\1 clamav:" \
+		-e "s:^\#\(LogFile\) .*:\1 /var/log/clamav/clamd.log:" \
+		-e "s:^\#\(LogTime\).*:\1 yes:" \
+	       -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+		"$pkgdir"/etc/clamav/clamd.conf.sample
+}
+
+check() {
+	make check
+}
+
+libunrar() {
+	pkgdesc="ClamAV unrar libraries"
+	replaces="clamav"
+	depends=
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libclamunrar* \
+		"$subpkgdir"/usr/lib/
+}
+
+freshclam() {
+	pkgdesc="Auto-updater for the Clam Antivirus scanner data-files"
+	replaces="clamav clamav-db"
+	depends=
+	mkdir -p "$subpkgdir"/usr/bin \
+		"$subpkgdir"/etc/clamav
+
+	mv "$pkgdir"/usr/bin/freshclam "$subpkgdir"/usr/bin
+	mv "$pkgdir"/etc/clamav/freshclam.conf.sample \
+		"$subpkgdir"/etc/clamav/freshclam.conf
+
+	install -d -m755 -o clamav -g clamav \
+		"$subpkgdir"/var/log/clamav \
+		"$subpkgdir"/var/lib/clamav
+
+	install -m644 -D "$srcdir"/freshclam.logrotate \
+		"$subpkgdir"/etc/logrotate.d/freshclam
+}
+
+freshclam_rc() {
+	pkgdesc="Auto-updater for the Clam Antivirus scanner data-files (OpenRC init scripts)"
+	install_if="freshclam=$pkgver-r$pkgrel openrc"
+	replaces="clamav freshclam"
+	depends=
+	mkdir -p "$subpkgdir"/etc/init.d \
+		"$subpkgdir"/etc/conf.d
+
+	install -m755 -D "$srcdir"/freshclam.initd \
+		"$subpkgdir"/etc/init.d/freshclam
+	install -m644 -D "$srcdir"/freshclam.confd \
+		"$subpkgdir"/etc/conf.d/freshclam
+}
+
+db() {
+	pkgdesc="ClamAV dummy package for compatibility"
+	replaces="clamav"
+	depends="freshclam"
+	mkdir -p "$subpkgdir"/var/lib/ \
+		"$subpkgdir"/usr/bin \
+		"$subpkgdir"/etc/clamav
+	install -d -m755 -o clamav -g clamav \
+		"$subpkgdir"/var/log/clamav \
+		"$subpkgdir"/var/lib/clamav
+}
+
+scanner() {
+	pkgdesc="ClamAV command-line scanner and utils"
+	replaces="clamav"
+	depends="freshclam"
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/clamscan \
+		"$subpkgdir"/usr/bin/
+	mv "$pkgdir"/usr/bin/sigtool \
+		"$subpkgdir"/usr/bin/
+	mv "$pkgdir"/usr/bin/clambc \
+		"$subpkgdir"/usr/bin/
+}
+
+clamdscan() {
+	pkgdesc="ClamAV daemon client"
+	depends="openssl"
+	mkdir -p "$subpkgdir"/usr/bin/
+	mv "$pkgdir"/usr/bin/clamdscan \
+		"$subpkgdir"/usr/bin/
+}
+
+daemon() {
+	pkgdesc="ClamAV daemon scanner"
+	replaces="clamav"
+	depends="freshclam $pkgname-clamdscan"
+	mkdir -p "$subpkgdir"/usr/bin \
+		"$subpkgdir"/usr/sbin \
+		"$subpkgdir"/etc/clamav
+	install -d -m 755 -o clamav -g clamav \
+		"$subpkgdir"/var/log/clamav \
+		"$subpkgdir"/var/lib/clamav
+	mv "$pkgdir"/usr/bin/clamconf \
+		"$subpkgdir"/usr/bin/
+	mv "$pkgdir"/usr/sbin/clamd \
+		"$subpkgdir"/usr/sbin/
+	mv "$pkgdir"/usr/bin/clamdtop \
+		"$subpkgdir"/usr/bin/
+	mv "$pkgdir"/etc/clamav/clamd.conf.sample \
+		"$subpkgdir"/etc/clamav/clamd.conf
+	install -m644 -D "$srcdir"/clamd.logrotate \
+		"$subpkgdir"/etc/logrotate.d/clamd
+}
+
+daemon_rc() {
+	pkgdesc="ClamAV anti-virus scanner daemon (OpenRC init scripts)"
+	replaces="clamav"
+	depends="freshclam-openrc"
+	install_if="$pkgname-daemon=$pkgver-r$pkgrel openrc"
+
+	install -m755 -D "$srcdir"/clamd.initd \
+		"$subpkgdir"/etc/init.d/clamd
+	install -m644 -D "$srcdir"/clamd.confd \
+		"$subpkgdir"/etc/conf.d/clamd
+}
+
+milter() {
+	pkgdesc="ClamAV milter"
+	depends=
+	mkdir -p "$subpkgdir"/usr/sbin \
+		"$subpkgdir"/etc/clamav
+	mv "$pkgdir"/usr/sbin/clamav-milter \
+		"$subpkgdir"/usr/sbin/
+	mv "$pkgdir"/etc/clamav/clamav-milter.conf.sample \
+		"$subpkgdir"/etc/clamav/clamav-milter.conf
+}
+
+sha512sums="87d47c4529a57da0b47b3744a279996ca24fa74ce10d7e27a53c19c1e13098af680e0e48ed767122bb2bbd3f927302451da84ccf51a933e7e3556ef43cbe9f45  clamav-0.103.2.tar.gz
+d886d810de66e8da800384c1e8192f7da4352402ffc3b33cfbca93d81a2235d8c902ca9d436b9be70f00740b4555e1efbf09bf9f84059095a1a297b27581cd20  clamd.initd
+59c561b3dcb0b616b647cd8e4ebc46a2cc5e7144c8c7ea0054cc1c3021d1da8f67e4dad5c083c3fe712ed887aaabfca91b538f4759537e7c4c9ab71ba4fd5794  clamd.confd
+6f0c615b89f0f0d2f0e9f965f025b9ac8c81b2168fa6727dc8a47222abd780f9b656732f289d6061a20126b16126a975d50e8b3b8ff131f55dd8803da8be5dec  freshclam.initd
+ba181fe1abaac7b898ccb40b0713455aa3c9d5e25ad21d687b6cac09b0105b9e376526e7c776a44636234d8db819709d8d6a6cc76119bc3e98b637b1a3f26c08  freshclam.confd
+3ae493dd1610a819402c015f6b8c0f080f926b72dc43d2bded60030bf6a55040e4b88e0f64d3aae299dc1133d7e1b89855e7346b4665a64e8b82592f7b75cf6a  clamd.logrotate
+30cff378bc28c76b795e00c92ae5ee623f3abe4a19bed61dd8403c96e72658bb02b7f040d26a6258104af754464d25ea7d9646918c4b47d2ba9a8cbf4687056c  freshclam.logrotate"
diff --git a/community/clamav/clamav-daemon.pre-install b/community/clamav/clamav-daemon.pre-install
new file mode 100644
index 00000000000..a5da8290319
--- /dev/null
+++ b/community/clamav/clamav-daemon.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S clamav 2>/dev/null
+adduser -S -D -H -h /var/lib/clamav -s /sbin/nologin -G clamav -g clamav clamav 2>/dev/null
+
+exit 0
diff --git a/community/clamav/clamav-daemon.pre-upgrade b/community/clamav/clamav-daemon.pre-upgrade
new file mode 100644
index 00000000000..c8f82dacd40
--- /dev/null
+++ b/community/clamav/clamav-daemon.pre-upgrade
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# make sure we don't lose our config
+mkdir -p /etc/clamav
+if [ -f /etc/clamav.conf ]; then
+	mv /etc/clamav.conf /etc/clamav/
+	ln -s clamav/clamav.conf /etc/clamav.conf
+fi
+
+exit 0
+
diff --git a/community/clamav/clamav-db.pre-install b/community/clamav/clamav-db.pre-install
new file mode 100644
index 00000000000..fdb83a0904a
--- /dev/null
+++ b/community/clamav/clamav-db.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S clamav 2>/dev/null
+adduser -S -D -H -s /sbin/nologin -G clamav -g clamav clamav 2>/dev/null
+
+exit 0
diff --git a/community/clamav/clamav-db.pre-upgrade b/community/clamav/clamav-db.pre-upgrade
new file mode 100644
index 00000000000..47230e16b2d
--- /dev/null
+++ b/community/clamav/clamav-db.pre-upgrade
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# make sure we don't lose our config
+mkdir -p /etc/clamav
+if [ -f /etc/freshclam.conf ]; then
+	mv /etc/freshclam.conf /etc/clamav/
+	ln -s clamav/freshclam.conf /etc/freshclam.conf
+fi
+
+exit 0
+
diff --git a/community/clamav/clamd.confd b/community/clamav/clamd.confd
new file mode 100644
index 00000000000..bdf73b0fb4e
--- /dev/null
+++ b/community/clamav/clamd.confd
@@ -0,0 +1,9 @@
+
+CLAMD_NICELEVEL=0
+
+# make sure we also start freshclam
+# comment out if you dont want start freshclam
+rc_need="freshclam"
+
+# timeout for the database download
+FRESHCLAM_TIMEOUT=120
diff --git a/community/clamav/clamd.initd b/community/clamav/clamd.initd
new file mode 100755
index 00000000000..c38868a5c44
--- /dev/null
+++ b/community/clamav/clamd.initd
@@ -0,0 +1,85 @@
+#!/sbin/openrc-run
+
+NAME=clamd
+CONF=/etc/clamav/clamd.conf
+
+pidfile=/run/clamav/clamd.pid
+command=/usr/sbin/clamd
+extra_started_commands="reload"
+extra_commands="logfix"
+required_files=$CONF
+
+depend() {
+	need net
+	after firewall
+	provide antivirus
+}
+
+start_pre() {
+	# fix clamd run permissions
+	local pid=`awk '$1 == "PidFile" { print $2 }' $CONF`
+	[ "x$pid" != "x" ] && pidfile=$pid
+	local socket=`awk '$1 == "LocalSocket" { print $2 }' $CONF`
+	local socketdir=${socket%/*}
+	local clamav_user=`awk '$1 == "User" { print $2 }' $CONF`
+	checkpath --directory --owner ${clamav_user:-clamav} \
+		--mode 750 ${pidfile%/*}
+	checkpath --directory --owner ${clamav_user:-clamav} \
+		--mode 755 ${socketdir:-/run/clamav}
+}
+
+start() {
+	local clamd_socket=$(awk '$1 == "LocalSocket" { print $2 }' $CONF)
+
+	logfix
+
+	if [ -S "${clamd_socket:=/tmp/clamd}" ]; then
+		rm -f ${clamd_socket}
+	fi
+
+	local dbdir=$(awk '$1 == "DatabaseDirectory" { print $2 }' $CONF)
+	local timeout=${FRESHCLAM_TIMEOUT:-120}
+	local cvd="${dbdir:-/var/lib/clamav}"/main.cvd
+	local cld="${dbdir:-/var/lib/clamav}"/main.cld
+
+	if ! [ -e "$cld" ]; then
+		if ! [ -e "$cvd" ]; then
+			ebegin "Waiting for clamav database download"
+			while ! [ -e "$cvd" ]; do
+				timeout=$(( $timeout - 1 ))
+				if [ $timeout -eq 0 ]; then
+					eend 1 "Timed out"
+					return 1
+				fi
+				sleep 1
+			done
+			eend 0
+		fi
+	fi
+	ebegin "Starting ${NAME}"
+	start-stop-daemon --start --quiet \
+		--nicelevel ${CLAMD_NICELEVEL:-0} \
+		--exec $command
+	eend $? "Failed to start ${NAME}"
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile $pidfile --name $SVCNAME
+	eend $?
+}
+
+logfix() {
+	# fix clamd log permissions
+	# (might be clobbered by logrotate or something)
+	local logfile=`awk '$1 == "LogFile" { print $2 }' $CONF`
+	local clamav_user=`awk '$1 == "User" { print $2 }' $CONF`
+	if [ -n "${logfile}" ] && [ -n "${clamav_user}" ]; then
+		if [ ! -f "${logfile}" ]; then
+			checkpath -Fm 0640 -o ${clamav_user} ${logfile}
+		else
+			chmod 640 ${logfile}
+			chown ${clamav_user} ${logfile}
+		fi
+	fi
+}
diff --git a/community/clamav/clamd.logrotate b/community/clamav/clamd.logrotate
new file mode 100644
index 00000000000..dc0f5ca38e5
--- /dev/null
+++ b/community/clamav/clamd.logrotate
@@ -0,0 +1,7 @@
+/var/log/clamav/clamd.log {
+	missingok
+	postrotate
+		/etc/init.d/clamd --quiet logfix
+		/etc/init.d/clamd --quiet --ifstarted reload
+	endscript
+}
diff --git a/community/clamav/freshclam.confd b/community/clamav/freshclam.confd
new file mode 100644
index 00000000000..17559037dac
--- /dev/null
+++ b/community/clamav/freshclam.confd
@@ -0,0 +1,3 @@
+
+FRESHCLAM_NICELEVEL=0
+
diff --git a/community/clamav/freshclam.initd b/community/clamav/freshclam.initd
new file mode 100644
index 00000000000..6589da0bca4
--- /dev/null
+++ b/community/clamav/freshclam.initd
@@ -0,0 +1,54 @@
+#!/sbin/openrc-run
+
+CONF=/etc/clamav/freshclam.conf
+
+pidfile=/run/clamav/freshclam.pid
+command=/usr/bin/freshclam
+extra_started_commands="reload"
+extra_commands="logfix"
+required_files=$CONF
+
+depend() {
+	need net
+	after firewall
+}
+
+start_pre() {
+	local pid=`awk '$1 == "PidFile" { print $2 }' $CONF`
+	local owner=`awk '$1 == "DatabaseOwner" { print $2 }' $CONF`
+	[ "x$pid" != "x" ] && pidfile=$pid
+	checkpath --directory --owner ${owner:-clamav} \
+		--mode 750 ${pidfile%/*}
+}
+
+start() {
+	ebegin "Starting freshclam"
+	start-stop-daemon --start --quiet \
+		--nicelevel ${FRESHCLAM_NICELEVEL:-0} \
+		--exec $command \
+		-- \
+		--daemon \
+		--pid=$pidfile
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile $pidfile --name $SVCNAME
+	eend $?
+}
+
+logfix() {
+	# fix freshclam log permissions
+	# (might be clobbered by logrotate or something)
+	logfile=$(awk '$1 == "UpdateLogFile" { print $2 }' $CONF)
+	local freshclam_user=$(awk '$1 == "DatabaseOwner" { print $2 }' $CONF)
+	if [ -n "${logfile}" -a -n "${clamav_user}" ]; then
+		if [ ! -f "${logfile}" ]; then
+			checkpath -fm 0640 ${logfile}
+		else
+			chmod 640 ${logfile}
+		fi	
+		chown ${freshclam_user} ${logfile}
+	fi
+}
diff --git a/community/clamav/freshclam.logrotate b/community/clamav/freshclam.logrotate
new file mode 100644
index 00000000000..18117eeb2a3
--- /dev/null
+++ b/community/clamav/freshclam.logrotate
@@ -0,0 +1,7 @@
+/var/log/clamav/freshclam.log {
+	missingok
+	postrotate
+		/etc/init.d/freshclam --quiet logfix
+		/etc/init.d/freshclam --quiet --ifstarted reload
+	endscript
+}
diff --git a/community/clamav/freshclam.pre-install b/community/clamav/freshclam.pre-install
new file mode 100644
index 00000000000..a5da8290319
--- /dev/null
+++ b/community/clamav/freshclam.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S clamav 2>/dev/null
+adduser -S -D -H -h /var/lib/clamav -s /sbin/nologin -G clamav -g clamav clamav 2>/dev/null
+
+exit 0
author	Milan P. Stanić <mps@arvanta.net>	2021-04-25 10:33:36 +0000
committer	Milan P. Stanić <mps@arvanta.net>	2021-04-25 10:33:36 +0000
commit	a020157295b786fc5a8dd897ee40e0b701deb915 (patch)
tree	a7658ff4d977ecd9b88e916042f173643490b363 /community
parent	0c96ac8fac701e923b0e6d181820dc48b2819798 (diff)