mirror of
https://github.com/openmediavault/openmediavault
synced 2024-07-08 20:17:29 +00:00
* Fix permission denied issues.
* Set ReceiveTimeout=0 (disabled) in freshclam.conf. * Fix various AppArmor issues. * Improved clamav-onaccess.service unit file. Now it is possible to customize the options via /etc/default/clamav-onaccess environment file. Signed-off-by: Volker Theile <votdev@gmx.de>
This commit is contained in:
parent
26d8418f6f
commit
33d2c0cedf
|
@ -1,3 +1,14 @@
|
|||
openmediavault-clamav (5.0.8-1) stable; urgency=low
|
||||
|
||||
* Fix permission denied issues.
|
||||
* Set ReceiveTimeout=0 (disabled) in freshclam.conf.
|
||||
* Fix various AppArmor issues.
|
||||
* Improved clamav-onaccess.service unit file. Now it is possible to
|
||||
customize the options via /etc/default/clamav-onaccess environment
|
||||
file.
|
||||
|
||||
-- Volker Theile <volker.theile@openmediavault.org> Fri, 06 Mar 2020 17:07:26 +0100
|
||||
|
||||
openmediavault-clamav (5.0.7-1) stable; urgency=low
|
||||
|
||||
* Improve clamav-onaccess.service unit file.
|
||||
|
|
|
@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org
|
|||
|
||||
Package: openmediavault-clamav
|
||||
Architecture: all
|
||||
Depends: openmediavault (>= 5.3.4), clamav-daemon (>= 0.102), clamav-freshclam, clamdscan
|
||||
Depends: openmediavault (>= 5.3.7), clamav-daemon (>= 0.102), clamav-freshclam, clamdscan
|
||||
Priority: optional
|
||||
Description: openmediavault ClamAV plugin
|
||||
Clam AntiVirus is an anti-virus toolkit for Unix.
|
||||
|
|
|
@ -57,10 +57,8 @@ case "$1" in
|
|||
########################################################################
|
||||
# Action to be done depending on the previous version.
|
||||
########################################################################
|
||||
if dpkg --compare-versions "$2" lt-nl "5.0.3"; then
|
||||
# Create systemd clamav-onaccess.service unit file and rebuild
|
||||
# all configuration files.
|
||||
omv-salt deploy run --quiet clamav
|
||||
if dpkg --compare-versions "$2" lt-nl "5.0.8"; then
|
||||
omv_module_set_dirty clamav
|
||||
fi
|
||||
;;
|
||||
|
||||
|
|
|
@ -5,8 +5,9 @@ Wants=clamav-daemon.service
|
|||
BindsTo=clamav-daemon.service
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/default/clamav-onaccess
|
||||
ExecStartPre=-/sbin/sysctl fs.inotify.max_user_watches=524288
|
||||
ExecStart=/usr/bin/clamonacc --foreground=true
|
||||
ExecStart=/usr/bin/clamonacc --fdpass --foreground=true ${CLAMONACC_OPTIONS}
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
StandardOutput=syslog
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
# http://wiki.dreamhost.com/index.php/Crontab/
|
||||
# https://www.systutorials.com/docs/linux/man/5-clamd.conf/
|
||||
# https://www.systutorials.com/docs/linux/man/5-freshclam.conf/
|
||||
# https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html
|
||||
|
||||
{% set cron_scripts_dir = salt['pillar.get']('default:OMV_CRONSCRIPTS_DIR', '/var/lib/openmediavault/cron.d') %}
|
||||
{% set cron_script_prefix = salt['pillar.get']('default:OMV_CLAMAV_CLAMDSCAN_CRONSCRIPT_PREFIX', 'clamdscan-') %}
|
||||
|
@ -64,7 +65,17 @@ configure_clamd_apparmor_profile:
|
|||
configure_clamd_apparmor_local_profile:
|
||||
file.append:
|
||||
- name: "/etc/apparmor.d/local/usr.sbin.clamd"
|
||||
- text: "/srv/** krw,"
|
||||
- text: |
|
||||
# Allow mount dirs to be scanned. Need write access to be able to
|
||||
# move/delete malicious files.
|
||||
/srv/** krw,
|
||||
/media/** krw,
|
||||
|
||||
# Allow an action to perform when clamav detects a malicious file.
|
||||
# The scripts located in /etc/clamav/virusevent.d/ may require
|
||||
# complex privileges, because of that we use the unconfined
|
||||
# execute mode.
|
||||
/usr/bin/dash muxr,
|
||||
|
||||
# https://help.ubuntu.com/community/AppArmor#Reload_one_profile
|
||||
reload_clamd_apparmor_profile:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{%- set separator = ' ' -%}
|
||||
{%- set script_prefix = salt['pillar.get']('default:OMV_CLAMAV_CLAMDSCAN_CRONSCRIPT_PREFIX', 'clamdscan-') -%}
|
||||
{%- set cmd_args = salt['pillar.get']('default:OMV_CLAMAV_CLAMDSCAN_CMDARGS', '--stdout') -%}
|
||||
{%- set cmd_args = salt['pillar.get']('default:OMV_CLAMAV_CLAMDSCAN_CMDARGS', '--fdpass --stdout') -%}
|
||||
{%- set runfile = '/run' | path_join(script_prefix ~ job.uuid) -%}
|
||||
#!/bin/sh
|
||||
{{ pillar['headers']['multiline'] -}}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
{%- set localsocketmode = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_LOCALSOCKETMODE', '666') -%}
|
||||
{%- set archiveblockencrypted = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_ARCHIVEBLOCKENCRYPTED', 'false') -%}
|
||||
{%- set maxdirectoryrecursion = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_MAXDIRECTORYRECURSION', '15') -%}
|
||||
{%- set readtimeout = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_READTIMEOUT', '180') -%}
|
||||
{%- set readtimeout = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_READTIMEOUT', '120') -%}
|
||||
{%- set maxthreads = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_MAXTHREADS', '12') -%}
|
||||
{%- set maxconnectionqueuelength = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_MAXCONNECTIONQUEUELENGTH', '15') -%}
|
||||
{%- set logsyslog = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_LOGSYSLOG', 'false') -%}
|
||||
|
@ -31,8 +31,8 @@
|
|||
{%- set scanpartialmessages = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_SCANPARTIALMESSAGES', 'false') -%}
|
||||
{%- set heuristicscanprecedence = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_HEURISTICSCANPRECEDENCE', 'false') -%}
|
||||
{%- set structureddatadetection = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_STRUCTUREDDATADETECTION', 'false') -%}
|
||||
{%- set commandreadtimeout = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_COMMANDREADTIMEOUT', '5') -%}
|
||||
{%- set sendbuftimeout = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_SENDBUFTIMEOUT', '200') -%}
|
||||
{%- set commandreadtimeout = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_COMMANDREADTIMEOUT', '30') -%}
|
||||
{%- set sendbuftimeout = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_SENDBUFTIMEOUT', '500') -%}
|
||||
{%- set maxqueue = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_MAXQUEUE', '100') -%}
|
||||
{%- set extendeddetectioninfo = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_EXTENDEDDETECTIONINFO', 'true') -%}
|
||||
{%- set ole2blockmacros = salt['pillar.get']('default:OMV_CLAMAV_CLAMD_OLE2BLOCKMACROS', 'false') -%}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
{% set notifyclamd = salt['pillar.get']('default:OMV_CLAMAV_FRESHCLAM_NOTIFYCLAMD', '/etc/clamav/clamd.conf') -%}
|
||||
{% set databasemirror = salt['pillar.get']('default:OMV_CLAMAV_FRESHCLAM_DATABASEMIRROR', 'database.clamav.net') -%}
|
||||
{% set connecttimeout = salt['pillar.get']('default:OMV_CLAMAV_FRESHCLAM_CONNECTTIMEOUT', '30') -%}
|
||||
{% set receivetimeout = salt['pillar.get']('default:OMV_CLAMAV_FRESHCLAM_RECEIVETIMEOUT', '300') -%}
|
||||
{% set receivetimeout = salt['pillar.get']('default:OMV_CLAMAV_FRESHCLAM_RECEIVETIMEOUT', '0') -%}
|
||||
|
||||
{{ pillar['headers']['multiline'] }}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user