- updated to 0.101.3 (solves vulnerability to non-recursive zip bombs)

[packages/clamav.git] / clamav-pld_config.patch

diff -ur clamav-0.97.1/etc//clamav-milter.conf.sample clamav-0.97.1.new/etc//clamav-milter.conf.sample
--- clamav-0.97.1/etc//clamav-milter.conf.sample	2011-01-10 18:48:28.000000000 +0100
+++ clamav-0.97.1.new/etc//clamav-milter.conf.sample	2011-07-14 18:24:02.801795736 +0200
@@ -3,7 +3,7 @@
 ##
 
 # Comment or remove the line below.
-Example
+#Example
 
 
 ##
@@ -17,12 +17,12 @@
 # inet6:port@[hostname|ip-address] - to specify an ipv6 socket
 #
 # Default: no default
-#MilterSocket /tmp/clamav-milter.socket
+MilterSocket /var/lib/clamav/clamav-milter.socket
 #MilterSocket inet:7357
 
 # Define the group ownership for the (unix) milter socket.
 # Default: disabled (the primary group of the user running clamd)
-#MilterSocketGroup virusgroup
+#MilterSocketGroup clamav
 
 # Sets the permissions on the (unix) milter socket to the specified mode.
 # Default: disabled (obey umask)
@@ -64,7 +64,7 @@
 # daemon (main thread).
 #
 # Default: disabled
-#PidFile /var/run/clamav-milter.pid
+PidFile /var/run/clamav/clamav-milter.pid
 
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@@ -90,7 +90,7 @@
 # with the same socket: clamd servers will be selected in a round-robin fashion.
 #
 # Default: no default
-#ClamdSocket tcp:scanner.mydomain:7357
+ClamdSocket unix:/var/lib/clamav/clamd.socket
 
 
 ##
@@ -238,13 +238,13 @@
 # Use system logger (can work together with LogFile).
 #
 # Default: no
-#LogSyslog yes
+LogSyslog yes
 
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 #
 # Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
 
 # Enable verbose logging.
 #
diff -ur clamav-0.97.1/etc//clamd.conf.sample clamav-0.97.1.new/etc//clamd.conf.sample
--- clamav-0.97.1/etc//clamd.conf.sample	2011-05-13 13:25:31.000000000 +0200
+++ clamav-0.97.1.new/etc//clamd.conf.sample	2011-07-14 18:19:05.824861957 +0200
@@ -5,13 +5,13 @@
 
 
 # Comment or remove the line below.
-Example
+#Example
 
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
-#LogFile /tmp/clamd.log
+#LogFile /var/log/clamd.log
 
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
@@ -40,12 +40,12 @@
 
 # Use system logger (can work together with LogFile).
 # Default: no
-#LogSyslog yes
+LogSyslog yes
 
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
-#LogFacility LOG_MAIL
+LogFacility LOG_MAIL
 
 # Enable verbose logging.
 # Default: no
@@ -58,7 +58,7 @@
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # Default: disabled
-#PidFile /var/run/clamd.pid
+PidFile /var/run/clamav/clamd.pid
 
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@@ -77,11 +77,11 @@
 
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
-#LocalSocket /tmp/clamd.socket
+LocalSocket /var/lib/clamav/clamd.socket
 
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
-#LocalSocketGroup virusgroup
+#LocalSocketGroup clamav
 
 # Sets the permissions on the unix socket to the specified mode.
 # Default: disabled (socket is world accessible)
@@ -204,7 +204,7 @@ LocalSocket /var/lib/clamav/clamd.socket
 
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
-#User clamav
+User clamav
 
 # Stop daemon when libclamav reports out of memory condition.
 #ExitOnOOM yes
diff -ur clamav-0.97.1/etc//freshclam.conf.sample clamav-0.97.1.new/etc//freshclam.conf.sample
--- clamav-0.97.1/etc//freshclam.conf.sample	2011-01-10 18:48:28.000000000 +0100
+++ clamav-0.97.1.new/etc//freshclam.conf.sample	2011-07-14 18:14:32.705707450 +0200
@@ -3,9 +3,14 @@
 ## Please read the freshclam.conf(5) manual before editing this file.
 ##
 
+## PLD NOTE: Note that freshclam is called periodically via cron
+## Check /etc/sysconfig/clamd for details
+## Seems better to run task once per period than keep daemon running
+## only for that.
+## But if you have arguments please tell us.
 
 # Comment or remove the line below.
-Example
+#Example
 
 # Path to the database directory.
 # WARNING: It must match clamd.conf's directive!
@@ -30,11 +35,11 @@
 
 # Enable verbose logging.
 # Default: no
-#LogVerbose yes
+LogVerbose yes
 
 # Use system logger (can work together with UpdateLogFile).
 # Default: no
-#LogSyslog yes
+LogSyslog yes
 
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
@@ -48,7 +53,7 @@
 # By default when started freshclam drops privileges and switches to the
 # "clamav" user. This directive allows you to change the database owner.
 # Default: clamav (may depend on installation options)
-#DatabaseOwner clamav
+DatabaseOwner clamav
 
 # Initialize supplementary group access (freshclam must be started by root).
 # Default: no
@@ -96,7 +101,7 @@
 
 # Number of database checks per day.
 # Default: 12 (every two hours)
-#Checks 24
+Checks 2
 
 # Proxy settings
 # Default: disabled
@@ -118,7 +123,7 @@
 
 # Send the RELOAD command to clamd.
 # Default: no
-#NotifyClamd /path/to/clamd.conf
+#NotifyClamd /etc/clamd.conf
 
 # Run command after successful database update.
 # Default: disabled