debian/0000755000000000000000000000000012265443740007175 5ustar debian/postinst0000644000000000000000000000327112167172720011004 0ustar #!/bin/sh set -e if [ "$1" = configure ] ; then if [ -s /etc/clamav-unofficial-sigs.conf ] ; then . /etc/clamav-unofficial-sigs.conf fi if [ "x$gpg_dir" = x ] ; then gpg_dir=/var/lib/clamav-unofficial-sigs/gpg-key fi if [ ! -s "$gpg_dir/publickey.gpg" ] ; then cp /usr/share/clamav-unofficial-sigs/publickey.gpg "$gpg_dir/publickey.gpg" fi # Detect which user the script will run from # Will be 'clamav' unless the user customised the cron script user="$(grep '^[^#]\+$' /etc/cron.d/clamav-unofficial-sigs | cut -d ' ' -f 6)" if [ "x$user" != x -a "x$user" != xroot ] ; then group="$(id -ng "$user")" # Ensure the directories are all writable for the cron user for dir in "$config_dir" "$ss_dir" "$msrbl_dir" "$si_dir" "$mbl_dir" "$add_dir"; do if ! dpkg-statoverride --list "$dir" > /dev/null 2>&1 ; then dpkg-statoverride --update --add "$user" "$group" 0755 "$dir" chown -f "$user:$group" "$dir"/* > /dev/null 2>&1 || true fi done if ! dpkg-statoverride --list "$gpg_dir" > /dev/null 2>&1 ; then dpkg-statoverride --update --add "$user" "$group" 0700 "$gpg_dir" chown -f "$user:$group" "$gpg_dir"/* > /dev/null 2>&1 || true fi # Create the log file and make it writable for the cron user if [ ! -e "$log_file_path/$log_file_name" ] ; then touch "$log_file_path/$log_file_name" chown "$user:$group" "$log_file_path/$log_file_name" fi # Make all the files written by the script writable for the cron user on upgrade if [ "x$2" != x ] && dpkg --compare-versions "$2" lt 3.5.4 ; then for file in `cat "$config_dir/purge.txt" 2>/dev/null` ; do chown -f "$user:$group" "$file" > /dev/null 2>&1 || true done fi fi fi #DEBHELPER# exit 0 debian/README0000644000000000000000000000015111525160420010037 0ustar # Please see the README.Debian file for more info: # /usr/share/doc/clamav-unofficial-sigs/README.Debian debian/NEWS0000644000000000000000000000221711761141374007674 0ustar clamav-unofficial-sigs (3.7.1-2) unstable; urgency=low This release reverts back to the upstream default of not checking if the clamav daemon is running. This allows the script to run on systems that don't run the daemon. If you want to re-enable the watchdog functionality, copy these two lines to your config file: clamd_socket="/var/run/clamav/clamd.ctl" clamd_pid="/var/run/clamav/clamd.pid" -- Paul Wise Tue, 29 May 2012 20:19:43 +0800 clamav-unofficial-sigs (3.5.4-1) unstable; urgency=low This version removes all the medium and high risk databases from the default configuration, if you would like to keep using them then please edit your configuration file as directed in it. This version switches to running the script as the clamav user instead of root to enhance security. If you wish to further increase security, please see README.Debian for a technique for running the script as a user separate to clamav. As a consequence of running the script as the clamav user, the package will no longer start clamav when it is not running. -- Paul Wise Fri, 19 Jun 2009 15:20:24 +0800 debian/postrm0000644000000000000000000000120612245320076010435 0ustar #!/bin/sh set -e purge=/var/lib/clamav-unofficial-sigs/purge.txt if [ "$1" = purge ] ; then for file in `cat $purge 2>/dev/null` ; do rm -f -- "$file" done for dir in configs gpg-key ; do if dpkg-statoverride --list /var/lib/clamav-unofficial-sigs/$dir >/dev/null 2>&1; then dpkg-statoverride --remove /var/lib/clamav-unofficial-sigs/$dir >/dev/null 2>&1 fi done for dir in ss-dbs msrbl-dbs si-dbs mbl-dbs add-dbs ; do if dpkg-statoverride --list /var/cache/clamav-unofficial-sigs/$dir >/dev/null 2>&1; then dpkg-statoverride --remove /var/cache/clamav-unofficial-sigs/$dir >/dev/null 2>&1 fi done fi #DEBHELPER# exit 0 debian/watch0000644000000000000000000000016512150062475010223 0ustar version=3 http://sf.net/unofficial-sigs/clamav-unofficial-sigs-([\d\.]+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) debian/install0000644000000000000000000000014712150062260010553 0ustar debian/README etc/clamav-unofficial-sigs.conf.d debian/publickey.gpg usr/share/clamav-unofficial-sigs/ debian/copyright0000644000000000000000000000350512245320054011121 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: ClamAV Unofficial Signatures Updater Source: http://sf.net/p/unofficial-sigs/files/ Files: * Copyright: 2007-2013, Bill Landry License: BSD-3-clause Files: debian/* Copyright: 2009-2013, Paul Wise License: BSD-3-clause License: BSD-3-clause All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . * Neither the name of the author/copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY AUTHOR/COPYRIGHT HOLDER "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR/COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/clean0000644000000000000000000000003711330534631010172 0ustar debian/logrotate debian/cron.d debian/manpages0000644000000000000000000000003111330534631010675 0ustar clamav-unofficial-sigs.8 debian/changelog0000644000000000000000000001344512265443740011056 0ustar clamav-unofficial-sigs (3.7.2-2) unstable; urgency=medium * Fix bashisms in the documentation in the config (Closes: #733998) -- Paul Wise Wed, 15 Jan 2014 16:33:34 +0800 clamav-unofficial-sigs (3.7.2-1) unstable; urgency=low * New upstream release * Fixes signature ignore problem (Closes: #714132) * Adds configurability for curl/rsync timeouts (Closes: #693542) * Adds the ability to turn off chmod calls (See: #566702) * Deal with the cron job being disabled (Closes: #711161) * Turn off the chmod calls by default (Closes: #566702) * Switch priority to optional * Bump debhelper compat level * Bump Standards-Version, no changes needed * Simplify the dirs file slightly * Rewrite and update the copyright file to copyright-format 1.0 * Ignore a missing purge file -- Paul Wise Wed, 27 Nov 2013 15:38:03 +0800 clamav-unofficial-sigs (3.7.1-4) unstable; urgency=low * Point the homepage/watch at sourceforge since the domain expired. * Use the canonical Vcs-* URLs * Bump Standards-Version, no changes needed * Suggest apt-get purge instead now that it exists * Build with dh --parallel -- Paul Wise Sat, 25 May 2013 16:17:04 +0800 clamav-unofficial-sigs (3.7.1-3) unstable; urgency=low * Don't run clamdscan if it is not present -- Paul Wise Fri, 01 Jun 2012 19:27:28 +0800 clamav-unofficial-sigs (3.7.1-2) unstable; urgency=low * Package technically complies with policy 3.9.3, bump Standards-Version * Wrap and sort various files * Drop clamav-daemon to suggests to allow using just clamscan (Closes: #672537) * Revert to the upstream default of not acting as a watchdog for clamd * Add a NEWS.Debian entry explaining how to re-enable the watchdog stuff -- Paul Wise Tue, 29 May 2012 20:50:22 +0800 clamav-unofficial-sigs (3.7.1-1) unstable; urgency=low * New upstream release - Fixes a minor bashism in the sig creation option (Closes: #547743) - Drops MSRBL signature, no updates since July 2009 (Closes: #612796) - Supports new uncompressed SecuriteInfo signatures (Closes: #612795) * Allow sysadmins to easily override default configs (Closes: #566620) * Package technically complies with policy 3.9.1, bump Standards-Version -- Paul Wise Fri, 11 Feb 2011 18:40:36 +0800 clamav-unofficial-sigs (3.6-1) unstable; urgency=low * New upstream release - Now uses dig to discover mirror IPs, depend on dnsutils * In the instructions for extra security, send mail to root * Bump Standards-Version, no changes needed * Set the default log file permissions to clamav:adm 644 (Closes: #552351) * Switch to dpkg-source 3.0 (quilt) format * Switch to debhelper 7 minimal rules file -- Paul Wise Sat, 02 Jan 2010 12:27:11 +0800 clamav-unofficial-sigs (3.5.4-2) unstable; urgency=low * Brown paper bag upload * Update the instructions in README.Debian to be more correct and more comprehensive wrt changing file permissions * Unset the right variables so that the script doesn't try to chown stuff all over the joint. -- Paul Wise Wed, 22 Jul 2009 14:04:00 +0200 clamav-unofficial-sigs (3.5.4-1) unstable; urgency=low * New upstream release * Document removal of mediam and high risk databases * Document that some of the default settings are altered * Run the script as the clamav user by default and ensure correct ownership of all the files when the sysadmin accepts the cron.d configuration change. - Will no longer be able to start clamav when it is not running, so document that and don't try to do it. * Bump Standards-Version, no changes needed * Switch the host dep away from the ancient host package to bind9-host -- Paul Wise Tue, 21 Jul 2009 19:02:43 +0200 clamav-unofficial-sigs (3.3-2) unstable; urgency=low * Brown paper bag upload * Fix path to the script in the cron.d file -- Paul Wise Thu, 21 May 2009 15:50:43 +0800 clamav-unofficial-sigs (3.3-1) unstable; urgency=low * New upstream release * Add Vcs-Git and Vcs-Browser fields -- Paul Wise Thu, 21 May 2009 13:58:02 +0800 clamav-unofficial-sigs (3.1-1) unstable; urgency=low * New upstream release * Mention OITC signatures in the package description * Drop the restart reload_opt options from the config, they don't work * Handle the case where the upstream purge.txt does not exist yet * Move the Debian-specific configuration to /usr/share * Use the new upstream logrotate configuration * Remove the gpg key in the case where the script hasn't run yet * Update the cron configuration based on the new upstream crontab * Prevent files from being removed when the script -r option is used * Handle filenames starting with a '-' in the postrm script -- Paul Wise Tue, 12 May 2009 01:28:21 +0800 clamav-unofficial-sigs (2.8-1) unstable; urgency=low * New upstream version - Generates its own purge.txt, use that instead of generating our own - Includes our manpage, use that instead of our own * Let the upstream script import the gpg key on first run * Revert back to the default upstream reload_opt="clamdscan --reload" - Depend on clamav-daemon 0.94.dfsg.1 or later for that - Provide a Debian-specific option for those who want to restart -- Paul Wise Sat, 02 May 2009 10:05:52 +0800 clamav-unofficial-sigs (2.7.3-2) unstable; urgency=low * Update manual page with some changes from upstream * Silence non-error output from the cron job -- Paul Wise Wed, 29 Apr 2009 00:27:09 +0800 clamav-unofficial-sigs (2.7.3-1) unstable; urgency=low * Initial release (Closes: #524565) -- Paul Wise Sun, 26 Apr 2009 13:40:08 +0800 debian/source/0000755000000000000000000000000011330534631010465 5ustar debian/source/format0000644000000000000000000000001411330534631011673 0ustar 3.0 (quilt) debian/publickey.gpg0000644000000000000000000000334211330534631011655 0ustar -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (MingW32) mQGiBElnAKcRBACX5ELfVPeAubJaQDQZHF8fGZFVkmT54J2uj0UwLfxbN5dQ4jEr Pxdr0UiqOA0cttKpe0m6IZHnkbeeY4s0/HpaVZKGXsiizazB4F2NdzskuT4TRGXg fAMQ16mlpslY//quEfIQzTSKPhEKpVHqZTn8wjSDZQo+NI3qmBODz9p5HwCggFoi p2/LpvjmLkjPFKNpyjOwt6sD/ifFA07EmF9vxOG7aXqB7Z5zB24rpXb3/KBPbF93 6bvbT70jlwMczdOt9eNK7brpIj/ZpkdUol84MYb7sv9ZC3+qmVFKERo1rM+kvkXV jjCFBRMyBTYYB67RgkMd79gaJ3Zo9SavQW65EtFxMr5aDfbXwkshoI3EzwVSsVPv MoQwA/40qOV6eXQChLet795btwhbmVWvrAZ7MaN8Gdx0hMP+a9DOGo0O4J1GeNXX Prt9PLdmUb2cahqrIVDVis6KDjD3GSdgRPf8zZ6kDUteeMND4EsYytpOQl8AeL6h 9zncFtPng1Kj/aAJyxO38YvPMFLkQV/iyZu/0Oq8RIFp/E1ZG7RJU2FuZXNlY3Vy aXR5IChTYW5lc2VjdXJpdHkgU2lnbmF0dXJlcykgPHN0ZXZlYl9jbGFtYXZAc2Fu ZXNlY3VyaXR5LmNvLnVrPohgBBMRAgAgBQJJZwCnAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQ1pHe2THqTZ7mowCaA9QGSxkN6XP7dbOlrjB9aDp5D90AniNm W0NT6DUEVRMLnvWvnnlfufsJuQINBElnAKcQCAC1/hC7vENr66EkX0t8FAtKKZ31 kMYYjUd24uXYBEL/Fwip+JDpS9xUClK70PVcJ/Ad0z4lYQRUgRcCvq5twF5clmMG E7M+K5vgJtjk2Wvl+w77X6za9bu8euwkzzWeyskmUpJ78EAcwsOk28Q8VPtrI76z JjLqdY3tFXkCwCLvKzfhdg+3967B4ge+XBdTCQhE6dQ+A5ePMQKZj365A8BQdHOY +e/MuGH6LbB/VuqGD7kjC+gE44syY/O6X9STRufvCYwPlqkJVpuR2arFIIGcXzP0 GA4m8ESFY5N68QXYvzO60CqGABhFEmAtGul7ZOJgI8QLcVIPn+lghL8V9IYDAAMG B/4zh/khzx4TwkiAU40nsCvgjVeNKF0frka/AXdODzf9MDyJEdrdxFSKNANS/IPJ W/n0gk5khwOcNnCIAM/GMm5szJftywhmuM3vXM6l+pHLF1/FABpNCFzjQAsBDg+g dIYFhE9qDbFf1ZBGuJp0fdUyKG9fkdkYX4tN0F2bM6hqAIZab1FfDQC/rRcFmA0t MeQwAQCOsyva3ipRa0xoAWS8C5bpXeVZbo9ZAGw/W+MDi7atrqURB0HRKB9PZB1J BLlaQgZAHILykpQEE2gelUwihZS9MadB2bEvrJcbhgxaRqarAam/rcTLrMEOWgdP uPNmK1GeJrr7D6H1g5TSYYKoiEkEGBECAAkFAklnAKcCGwwACgkQ1pHe2THqTZ6C vACdF31uNpoParageOrmdtOdJUKUs0cAn2DLySqry2A5FlQ/6W+7IptN02IE =fh8i -----END PGP PUBLIC KEY BLOCK----- debian/control0000644000000000000000000000250712245312177010601 0ustar Source: clamav-unofficial-sigs Section: utils Priority: optional Maintainer: ClamAV Team Uploaders: Paul Wise Build-Depends: debhelper (>= 9) Standards-Version: 3.9.5 Homepage: http://sourceforge.net/projects/unofficial-sigs/ Vcs-Git: git://anonscm.debian.org/pkg-clamav/clamav-unofficial-sigs.git Vcs-Browser: http://anonscm.debian.org/?p=pkg-clamav/clamav-unofficial-sigs.git Package: clamav-unofficial-sigs Architecture: all Depends: bind9-host | host, clamav, curl, dnsutils, gnupg, rsync, ${misc:Depends} Suggests: clamav-daemon (>= 0.94.dfsg.1) Description: update script for 3rd-party clamav signatures This package provides a script for updating the following sources of 3rd-party clamav signatures until freshclamav gains support for such signatures. . The SaneSecurity/OITC signatures provide detection of phishing, spear phishing, fake lottery, ecard malware, casino, fake jobs, fake loans, 419s, fake diplomas, porn, emailed malware and other general spam. . MSRBL signatures provide detection of image spam and general spam. . SecuriteInfo signatures provide various badware signatures, securiteinfo.com honeypot signatures, honeynet.cz signatures and French anti-spam signatures . MalwarePatrol provides detection of mail containing URLs to malware. debian/docs0000644000000000000000000000000711330534631010035 0ustar README debian/rules0000755000000000000000000000164112150065721010247 0ustar #!/usr/bin/make -f #export DH_VERBOSE=1 %: dh $@ --parallel override_dh_auto_build: sed -e 's_root *root_clamav adm_' \ -e 's_600_640_' \ < clamav-unofficial-sigs-logrotate > debian/logrotate sed -e 's/bin/sbin/;s/\.sh//;s/ *-c *[^ ]*//' \ -e 's_^\([^/#]*\)\(/[^ ]*\)_\1[ -x \2 ] \&\& \2_' \ -e 's_/local__g' \ -e 's_root_clamav_g' \ < clamav-unofficial-sigs-cron > debian/cron.d override_dh_install: dh_install cp debian/etc.conf debian/clamav-unofficial-sigs/etc/clamav-unofficial-sigs.conf cp clamav-unofficial-sigs.sh debian/clamav-unofficial-sigs/usr/sbin/clamav-unofficial-sigs cp debian/debian.conf debian/clamav-unofficial-sigs/usr/share/clamav-unofficial-sigs/conf.d/01-debian.conf cp clamav-unofficial-sigs.conf debian/clamav-unofficial-sigs/usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf override_dh_installchangelogs: dh_installchangelogs CHANGELOG debian/etc.conf0000644000000000000000000000170412265441036010615 0ustar # Please read this file for the configuration variable details & defaults: # /usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf # Debian-specific configuration overrides are available here: # /usr/share/clamav-unofficial-sigs/conf.d/01-debian.conf # Source all the configuration files from upstream, Debian and elsewhere etc=/etc/clamav-unofficial-sigs.conf.d/ usr=/usr/share/clamav-unofficial-sigs/conf.d/ for f in $(find $etc $usr -iname '*.conf' -printf '%f\n' 2>/dev/null | LC_ALL=C sort -u) ; do if [ -f "$etc$f" ]; then . "$etc$f" elif [ -s "$usr$f" ]; then . "$usr$f" fi done # If you would like to include medium and high risk databases, please read # the comments in the upstream configuration file listed above. To modify the # variables you would add something like this (the whitespace is important): # # ss_dbs="$ss_dbs something.ndb" # si_dbs="$si_dbs somethingelse.ndb" # Add your system configuration overrides here debian/compat0000644000000000000000000000000212245312177010370 0ustar 9 debian/debian.conf0000644000000000000000000000315412245276634011275 0ustar # Debian clamav uses different socket and pid files # If you want to enable the watchdog functionality, copy # these two lines to your config file and uncomment them: #clamd_socket="/var/run/clamav/clamd.ctl" #clamd_pid="/var/run/clamav/clamd.pid" # Debian clamav uses a different location for the sigs clam_dbs="/var/lib/clamav" # Store cached data in /var/cache instead work_dir="/var/cache/clamav-unofficial-sigs" ss_dir="$work_dir/ss-dbs" msrbl_dir="$work_dir/msrbl-dbs" si_dir="$work_dir/si-dbs" mbl_dir="$work_dir/mbl-dbs" add_dir="$work_dir/add-dbs" # Store persistent data in /var/lib instead lib_dir="/var/lib/clamav-unofficial-sigs" config_dir="$lib_dir/configs" gpg_dir="$lib_dir/gpg-key" # Turn on logging by default enable_logging="yes" log_file_path="/var/log" log_file_name="clamav-unofficial-sigs.log" # Silence things for the cron job curl_silence="yes" rsync_silence="yes" gpg_silence="yes" comment_silence="yes" # Reload clamav database by default # But do not run clamdscan if it isn't present case $reload_opt in clamdscan\ *) if test -x /usr/bin/clamdscan ; then reload_dbs=yes else reload_dbs=no unset reload_opt fi ;; *) reload_dbs=yes ;; esac # Prevent the -r option from removing stuff pkg_mgr="apt" pkg_rm="apt-get purge clamav-unofficial-sigs" # Needed before the script will operate user_configuration_complete="yes" # We run the script as the clamav user by default # so turn off the chown calls, which will fail unset clam_user unset clam_group # Don't touch files in the clam_dbs dir by default # since they are usually managed by other software. setmode="no" debian/README.Debian0000644000000000000000000001070412245307503011232 0ustar /---------------------------------------------------------------------------- | Default settings altered Some of the default settings have been altered, see here for more info: /usr/share/clamav-unofficial-sigs/conf.d/01-debian.conf /---------------------------------------------------------------------------- | Overriding default config To override the default configuration you can either modify [1] or or place files named *.conf in [2]. Any *.conf file in [2] that has the same name as one of the files in [3] will cause the file in [3] to be completely ignored. This makes it easy for a sysadmin to disable any unwanted configuration in [3]. 1. /etc/clamav-unofficial-sigs.conf 2. /etc/clamav-unofficial-sigs.conf.d/ 3. /usr/share/clamav-unofficial-sigs/conf.d/ /---------------------------------------------------------------------------- | Enhanced security You might like to run the clamav-unofficial-sigs script as a non-root, non-clamav user for extra security. To get this working, please follow the following steps. First create a new system user and group 'clamav-unofficial-sigs' and add the new user to the ClamAV group. # adduser --system --no-create-home --disabled-password --disabled-login \ --shell /bin/false --group --home /nonexistent clamav-unofficial-sigs # adduser clamav-unofficial-sigs clamav Direct the mail for the new system user to root: # echo clamav-unofficial-sigs: root >> /etc/aliases # newaliases Change the owner/group on the log files and data files to this user. # chown -R clamav-unofficial-sigs:clamav /var/lib/clamav-unofficial-sigs # chown -R clamav-unofficial-sigs:clamav /var/cache/clamav-unofficial-sigs # chown -R clamav-unofficial-sigs:clamav /var/log/clamav-unofficial-sigs.log* # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/lib/clamav-unofficial-sigs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/lib/clamav-unofficial-sigs/configs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0700 /var/lib/clamav-unofficial-sigs/gpg-key # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/ss-dbs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/msrbl-dbs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/add-dbs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/mbl-dbs # dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/si-dbs Change the owner (but not the group) of the custom data files in the clamav database directory to this user. # chown clamav-unofficial-sigs:clamav /var/lib/clamav/*.hdb* /var/lib/clamav/*.ndb* Change the permissions on the clamav database directory to set the sticky bit and group write permission bit. If you installed clamav with your package manager you may need to use a command other than chmod to make this more permanent. On Debian, please use dpkg-statoverride. # dpkg-statoverride --add --force --update clamav clamav 1775 /var/lib/clamav Edit the cron file and logrotate configuration to use this user. # sed -i -r -e 's/ (root|clamav) / clamav-unofficial-sigs /' /etc/cron.d/clamav-unofficial-sigs /etc/logrotate.d/clamav-unofficial-sigs This setup prevents the script from running inappropriate commands as root and also prevents the script from modifying the official ClamAV signature databases. The package is not setup like this by default because packages should not modify the permissions of other packages files and directories. /---------------------------------------------------------------------------- | Running as root If for some reason you want to run the clamav-unofficial-sigs script as root, you will need to tell the script to chown the database files like this: # echo \# Running the script as root >> /etc/clamav-unofficial-sigs.conf # echo clam_user=clamav >> /etc/clamav-unofficial-sigs.conf # echo clam_group=clamav >> /etc/clamav-unofficial-sigs.conf # sed -i -e '/^[^#]/s/clamav/root/g' /etc/cron.d/clamav-unofficial-sigs You may also want to have the script start clamav when it isn't running: # echo 'start_clamd="invoke-rc.d clamav-daemon start"' >> /etc/clamav-unofficial-sigs.conf debian/dirs0000644000000000000000000000051412245315110010044 0ustar usr/sbin usr/share/clamav-unofficial-sigs/conf.d var/cache/clamav-unofficial-sigs/ss-dbs var/cache/clamav-unofficial-sigs/msrbl-dbs var/cache/clamav-unofficial-sigs/si-dbs var/cache/clamav-unofficial-sigs/mbl-dbs var/cache/clamav-unofficial-sigs/add-dbs var/lib/clamav-unofficial-sigs/gpg-key var/lib/clamav-unofficial-sigs/configs debian/prerm0000644000000000000000000000150512150065721010236 0ustar #!/bin/sh set -e purge=/var/lib/clamav-unofficial-sigs/purge.txt # Prepare a list of filenames to remove on purge # We need the upstream config so this is done in prerm remove if [ "$1" = remove ] ; then if [ -s /etc/clamav-unofficial-sigs.conf ] ; then . /etc/clamav-unofficial-sigs.conf fi libdir=/var/lib/clamav-unofficial-sigs if [ "x$config_dir" = x ] ; then config_dir=$libdir/configs ; fi if [ "x$gpg_dir" = x ] ; then gpg_dir=$libdir/gpg-key ; fi if [ "x$log_file_path" = x ] ; then log_file_path=/var/log ; fi if [ "x$log_file_name" = x ] ; then log_file_name=clamav-unofficial-sigs.log ; fi echo $purge > $purge echo "$gpg_dir/publickey.gpg" >> $purge echo "$log_file_path/$log_file_name"* >> $purge if [ -s "$config_dir/purge.txt" ] ; then cat "$config_dir/purge.txt" >> $purge fi fi #DEBHELPER# exit 0