Merge pull request #4 from gsanchietti/no_official

- Disable clamav official signatures on request
- Use new clamav unofficial config file

NethServer/dev#5803

README.rst

@@ -0,0 +1,19 @@
+====================
+nethserver-antivirus
+====================
+
+Manage default options for all clamav instances.
+
+The configuration is saved inside the ``configuration`` database in the ``clamd`` key.
+
+Properties:
+
+- ``OfficialSignatures``: can be ``enabled`` or ``disabled``. If set to ``disabled``, all default signatures will be deleted and freshclam will be disabled.
+- ``UnofficialSignaturesRating``: can be ``low``, ``medium`` or ``high``. Select the rating risk of all sources. An higher rating means more virus detected but also an increased
+  probability of false positives.
+
+Database example: ::
+
+ clamd=configuration
+    OfficialSignatures=disabled
+    UnofficialSignaturesRating=low

createlinks

@@ -25,7 +25,7 @@ use esmith::Build::CreateLinks qw(:all);
 
 my @templates = qw(
     /etc/freshclam.conf
-    /etc/clamav-unofficial-sigs/clamav-unofficial-sigs.conf
+    /etc/clamav-unofficial-sigs/user.conf
     /etc/sysconfig/freshclam
 );
 

root/etc/e-smith/db/configuration/defaults/clamd/OfficialSignatures

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/clamd/UnofficialSignaturesRating

@@ -0,0 +1 @@
+low

root/etc/e-smith/db/configuration/defaults/clamd/type

@@ -0,0 +1 @@
+configuration

root/etc/e-smith/events/actions/nethserver-antivirus-init-avdb

@@ -23,8 +23,15 @@ db_dir=/var/lib/clamav
 eicar_db=${db_dir}/eicar.ndb
 
 # Early exit if eicar.ndb is already present
-[ -e $eicar_db ] && exit 0
-# Ensure Eicar signature is present, at least:
-echo "Creating empty clamav signatures DB in ${eicar_db}.."
-echo "Eicar-Test-Signature:0:0:58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a" > $eicar_db
-[ -e $eicar_db ] && chown --reference=${db_dir} $eicar_db
+if [ ! -e $eicar_db ]; then
+    # Ensure Eicar signature is present, at least:
+    echo "Creating empty clamav signatures DB in ${eicar_db}.."
+    echo "Eicar-Test-Signature:0:0:58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a" > $eicar_db
+    [ -e $eicar_db ] && chown --reference=${db_dir} $eicar_db
+fi
+
+# Manage official signatures
+officialsig=$(/sbin/e-smith/config getprop clamd OfficialSignatures)
+if [ "$officialsig" == "disabled" ]; then
+    rm -f /var/lib/clamav/{bytecode.???,daily.???,main.???}
+fi

root/etc/e-smith/templates/etc/clamav-unofficial-sigs/user.conf/10base

@@ -0,0 +1,23 @@
+# This file contains user configuration settings for clamav-unofficial-sigs.sh
+###################
+# This is property of eXtremeSHOK.com
+# You are free to use, modify and distribute, however you may not remove this notice.
+# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+# License: BSD (Berkeley Software Distribution)
+##################
+#
+# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
+#
+##################
+#
+# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
+#
+################################################################################
+# SEE MASTER.CONF FOR CONFIG EXPLAINATIONS
+################################################################################
+
+# Values in this file will always override those in the master.conf and os.conf files.
+# This is useful to specify your authorisation/receipt codes and to always force certain options.
+# Please note, it is your responsibility to manage the contents of this file.
+# Values provided here are just examples, feel free to use any values from the main config file.
+

root/etc/e-smith/templates/etc/clamav-unofficial-sigs/user.conf/20dbs

@@ -0,0 +1,7 @@
+#malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"
+#malwarepatrol_product_code="8"
+#malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
+#malwarepatrol_free="yes"
+
+#securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
+

root/etc/e-smith/templates/etc/clamav-unofficial-sigs/user.conf/30rating

@@ -0,0 +1,12 @@
+# Default dbs rating
+# valid rating: LOW, MEDIUM, HIGH
+default_dbs_rating="{{uc($clamd{'UnofficialSignaturesRating'} || 'low')}}"
+
+# Per Database
+# These ratings will override the global rating for the specific database
+# valid rating: LOW, MEDIUM, HIGH, DISABLE
+#sanesecurity_dbs_rating=""
+#securiteinfo_dbs_rating=""
+#linuxmalwaredetect_dbs_rating=""
+#yararulesproject_dbs_rating=""
+

root/etc/e-smith/templates/etc/clamav-unofficial-sigs/user.conf/40options

@@ -0,0 +1,12 @@
+# =========================
+# Additional signature databases
+# =========================
+#declare -a additional_dbs=(
+#   ftp://ftp.example.net/pub/sigs.ndb
+#   http://www.example.org/sigs.ldb
+#) #END ADDITIONAL DATABASES
+
+# Uncomment the following line to enable the script
+user_configuration_complete="yes"
+
+# https://eXtremeSHOK.com ######################################################

root/etc/e-smith/templates/etc/sysconfig/freshclam/40base

@@ -15,5 +15,11 @@
 ## 'disabled-warn'  ...  disables the automatic freshclam update and
 ##                         gives out a warning
 ## 'disabled'       ...  disables the automatic freshclam silently
-# FRESHCLAM_DELAY=
-
+{
+    my $sig = $clamd{'OfficialSignatures'} || 'enabled';
+    if ($sig eq 'disabled') {
+        $OUT .= "FRESHCLAM_DELAY=disabled";
+    } else {
+        $OUT .= "#FRESHCLAM_DELAY=";
+    }
+}