public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, ...
@ 2019-11-06 15:57 Michael Orlitzky
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Orlitzky @ 2019-11-06 15:57 UTC (permalink / raw
  To: gentoo-commits

commit:     3660c590ebed5b26bcb972d4feab4ecdb024aad1
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  6 15:49:43 2019 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Nov  6 15:56:57 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3660c590

app-antivirus/clamav-unofficial-sigs: new revision with systemd timer.

For the same reason we introduced an /etc/cron.d job in the previous
revision, it makes sense to include a systemd timer. The optimal
settings for the update script are a bit tricky to get right, and
since we run as the "clamav" user, they're both non-default and not
entirely under our control.

I haven't tested this (no systemd), but what could possibly go wrong?

Bug: https://bugs.gentoo.org/694120
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 ...1-r1.ebuild => clamav-unofficial-sigs-6.0.1-r2.ebuild} |  7 ++++++-
 .../files/clamav-unofficial-sigs.service                  | 15 +++++++++++++++
 .../files/clamav-unofficial-sigs.timer                    | 12 ++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r2.ebuild
similarity index 89%
rename from app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
rename to app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r2.ebuild
index 34c988c3a2f..eb1fdfbcc04 100644
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
+++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-inherit user
+inherit user systemd
 
 DESCRIPTION="Download and install third-party clamav signatures"
 HOMEPAGE="https://github.com/extremeshok/${PN}"
@@ -52,6 +52,11 @@ src_install() {
 	else
 		dodoc "${FILESDIR}/${PN}.crond"
 	fi
+
+	# Install the systemd service and timer unconditionally, because
+	# the timer is disabled by default (and won't annoy people until
+	# after they've configured the script).
+	systemd_dounit "${FILESDIR}/${PN}".{service,timer}
 }
 
 pkg_preinst() {

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
new file mode 100644
index 00000000000..ed9fa7e9f04
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
@@ -0,0 +1,15 @@
+#
+# Service file corresponding to clamav-unofficial-sigs.timer.
+# Upstream provides a similar file, but with the wrong path
+# and running as root, so it's just less of a headache to
+# include our own.
+#
+
+[Unit]
+Description=ClamAV unofficial signature update service
+Documentation=man:clamav-unofficial-sigs(8)
+
+[Service]
+ExecStart=bash /usr/sbin/clamav-unofficial-sigs.sh
+User=clamav
+WorkingDirectory=/var/lib/clamav-unofficial-sigs

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.timer b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.timer
new file mode 100644
index 00000000000..299ffd84132
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.timer
@@ -0,0 +1,12 @@
+#
+# Run clamav-unofficial-sigs.service every hour, at 45 minutes past the hour.
+# We do not include an [Install] section because this package does not
+# technically depend on clamav to function.
+#
+
+[Unit]
+Description=ClamAV unofficial signature update timer
+Documentation=man:clamav-unofficial-sigs(8)
+
+[Timer]
+OnCalendar=*-*-* *:45:00


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, ...
@ 2019-11-06 15:57 Michael Orlitzky
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Orlitzky @ 2019-11-06 15:57 UTC (permalink / raw
  To: gentoo-commits

commit:     2637f7bdf5ca4b984e24294ff39ceedb5cfbea58
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  6 15:10:57 2019 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Nov  6 15:56:54 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2637f7bd

app-antivirus/clamav-unofficial-sigs: new revision with a cron job.

This update script needs to run as a restricted user, with bash as its
shell, and with a real home directory to prevent cron errors in the
logs. The best way to do that seems to be to install a custom job
into /etc/cron.d that sets the HOME and SHELL variables.

This new revision provides a cron job that works as documentation, and
adds a new USE=cron flag to install it. The default is NOT to install
it because /etc/cron.d is not 100% standard, and the update script
needs to be configured before it will work.

Closes: https://bugs.gentoo.org/694054
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 ....ebuild => clamav-unofficial-sigs-6.0.1-r1.ebuild} | 15 +++++++++++++--
 .../files/clamav-unofficial-sigs.crond                | 19 +++++++++++++++++++
 app-antivirus/clamav-unofficial-sigs/metadata.xml     |  8 ++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
similarity index 80%
rename from app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild
rename to app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
index 6fc6ec0b574..34c988c3a2f 100644
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild
+++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
@@ -7,12 +7,12 @@ inherit user
 
 DESCRIPTION="Download and install third-party clamav signatures"
 HOMEPAGE="https://github.com/extremeshok/${PN}"
-SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI="${HOMEPAGE}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="BSD"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
-IUSE=""
+IUSE="cron"
 
 # The script relies on either net-misc/socat, or Perl's
 # IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
@@ -41,6 +41,17 @@ src_install() {
 
 	doman "${FILESDIR}/${PN}.8"
 	dodoc README.md
+
+	if use cron; then
+		# Beware, this directory is not completely standard. However,
+		# we need this to run as "clamav" with a non-default shell and
+		# home directory (bug 694054), and this seems like the most
+		# reliable way to accomplish that.
+		insinto "/etc/cron.d"
+		newins "${FILESDIR}/${PN}.crond" "${PN}"
+	else
+		dodoc "${FILESDIR}/${PN}.crond"
+	fi
 }
 
 pkg_preinst() {

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
new file mode 100644
index 00000000000..49ef1db3034
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
@@ -0,0 +1,19 @@
+#
+# Run clamav-unofficial-sigs hourly.
+#
+# This file should be copied to /etc/cron.d rather than, say,
+# /etc/cron.hourly because it needs to run as the clamav user (to
+# alter the databases), but the default settings for that user in
+# Gentoo are insufficient (see bug 694054).
+#
+# In particular, the clamav user needs a Bash shell and a home
+# directory since clamav-unofficial-sigs is written in Bash and
+# because otherwise cron will complain about trying to chdir to a
+# nonexistent home directory. When run out of /etc/cron.d, we can set
+# HOME and SHELL to appropriate values, unlike with scripts in
+# /etc/cron.hourly.
+#
+HOME=/var/lib/clamav-unofficial-sigs
+SHELL=/bin/bash
+
+01 * * * * clamav /usr/sbin/clamav-unofficial-sigs.sh

diff --git a/app-antivirus/clamav-unofficial-sigs/metadata.xml b/app-antivirus/clamav-unofficial-sigs/metadata.xml
index cb13edbbb59..828e566ffca 100644
--- a/app-antivirus/clamav-unofficial-sigs/metadata.xml
+++ b/app-antivirus/clamav-unofficial-sigs/metadata.xml
@@ -4,6 +4,14 @@
   <maintainer type="person">
     <email>mjo@gentoo.org</email>
   </maintainer>
+    <use>
+      <flag name="cron">
+        Install an hourly cron job to /etc/cron.d that runs the
+        updates as the clamav user (instead of root), with an
+        appropriate home directory and shell. The same cron job
+        is installed as documentation when this flag is disabled.
+      </flag>
+    </use>
   <upstream>
     <remote-id type="sourceforge">unofficial-sigs</remote-id>
     <remote-id type="github">extremeshok/clamav-unofficial-sigs</remote-id>


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, ...
@ 2020-02-05 15:56 Michael Orlitzky
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Orlitzky @ 2020-02-05 15:56 UTC (permalink / raw
  To: gentoo-commits

commit:     2082ac48958748441a089943e3fa188a92b24e4b
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  5 02:09:41 2020 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Feb  5 15:48:59 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2082ac48

app-antivirus/clamav-unofficial-sigs: new version 7.0.1.

I am reluctantly adding this new version so that we don't fall too far
behind. Every release of this package gets crazier, and it attempts to
do... let's say "ill-advised" things... to your filesystem when run as
root. To minimize that risk, I've patched the script to exit with an
error if it's run as EUID 0. Running it as "clamav" should still be
safe, in the sense that it can only break your clamav. We have our own
systemd service that runs as a restricted user, so that upstream
vulnerability is fixed in Gentoo too.

Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 app-antivirus/clamav-unofficial-sigs/Manifest      |   1 +
 .../clamav-unofficial-sigs-7.0.1.ebuild            | 107 +++++++++++++++++++++
 ...unofficial-sigs-7.0.1-disable-run-as-root.patch |  39 ++++++++
 ...official-sigs-7.0.1-fix-mbl-database-name.patch |  35 +++++++
 .../clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch |  22 +++++
 .../files/clamav-unofficial-sigs-7.0.1.man.8       |  77 +++++++++++++++
 6 files changed, 281 insertions(+)

diff --git a/app-antivirus/clamav-unofficial-sigs/Manifest b/app-antivirus/clamav-unofficial-sigs/Manifest
index a557118db75..639d0b6e012 100644
--- a/app-antivirus/clamav-unofficial-sigs/Manifest
+++ b/app-antivirus/clamav-unofficial-sigs/Manifest
@@ -1,2 +1,3 @@
 DIST clamav-unofficial-sigs-5.6.2.tar.gz 50931 BLAKE2B 6fea42f8f76ae5344c2b96c9203d2b09e755573d03f2b9d3d9ee2a488150fbb6f598e052b730daf12c551920a71fd8daad1dc10002fca12fa4a74554cf7d445e SHA512 79978db065a22d778490d0a2673f5a0bb7ab73e42de64563e7d26ac23459f7e5b2e73b0548e1ea6483e3c5f43eed65cdbc6814037cc0c46a339366a0150e5427
 DIST clamav-unofficial-sigs-6.0.1.tar.gz 52262 BLAKE2B 9523da749e88c5e93f0986d7d4a234c3b1eff7c207ceb266e63cd76d7cffdf4a85aedf90aa746f7e1c82be97018f40896bbaa2dfd8f749f3c167d3bff74293d7 SHA512 d4f619628c9b2804a6d5ad533adaad72e323bb0604334c045cf92fc550ffb114493653d097b68337b33f51dc1215dc073b4ec9dc42abea8707cb03aefa40b289
+DIST clamav-unofficial-sigs-7.0.1.tar.gz 59517 BLAKE2B 36da6d7748cd7fcf35dde4790a8fb6777a97a6c0a7b2c080e0f0ac939041b5fd2372f0d58fb00558a7f57db78866c3235205e2cb8a8083575efcf1a5e73c9a3b SHA512 2cba341bce50b03d17f46662b499a3378d4e5750f4abe837bbddee5c671636553660723243c4b90de96c84210926f6406f554b7936600c3ae618644af40bf802

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-7.0.1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-7.0.1.ebuild
new file mode 100644
index 00000000000..d906ed530ac
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-7.0.1.ebuild
@@ -0,0 +1,107 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd
+
+DESCRIPTION="Download and install third-party clamav signatures"
+HOMEPAGE="https://github.com/extremeshok/clamav-unofficial-sigs"
+SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="cron"
+
+# Require acct-{user,group}/clamav at build time so that we can set
+# the permissions on /var/lib/${PN} in src_install rather than in
+# pkg_postinst; calling "chown" on the live filesystem scares me.
+DEPEND="acct-group/clamav
+	acct-user/clamav"
+
+# The script relies on either net-misc/socat, or Perl's
+# IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
+# with IO::Socket::UNIX, so we can leave out net-misc/socat here.
+#
+# Recent versions will crash if you don't have "clamscan" available,
+# so we are forced to depend on app-antivirus/clamav finally.
+RDEPEND="${DEPEND}
+	app-antivirus/clamav
+	app-crypt/gnupg
+	dev-lang/perl
+	net-dns/bind-tools
+	|| ( net-misc/wget net-misc/curl )"
+
+# This script is cccrrraaaaaaazzzzzzzzyyyyyy. It does a million
+# insecure things. Let's not accidentally run it as root.
+PATCHES=(
+	"${FILESDIR}/${P}-disable-run-as-root.patch"
+	"${FILESDIR}/${P}-fix-mbl-database-name.patch"
+	"${FILESDIR}/${P}-fix-mbl-url.patch"
+)
+
+src_prepare() {
+	default
+
+	# https://github.com/extremeshok/clamav-unofficial-sigs/pull/301
+	echo 'allow_upgrades="no"' >> config/os/os.gentoo.conf || die
+	echo 'allow_update_checks="no"' >> config/os/os.gentoo.conf || die
+}
+
+src_install() {
+	dobin "${PN}.sh"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+	insinto "/etc/${PN}"
+	doins config/{master,user}.conf
+	newins config/os/os.gentoo.conf os.conf
+
+	# To generate the man page, you have to first install the package,
+	# and then issue some ridiculous command like
+	#
+	# $ sudo su -s /bin/sh \
+	#           -c 'man_dir=/tmp clamav-unofficial-sigs.sh --install-man' \
+	#           clamav
+	#
+	# That'll stick it in /tmp, which is unsafe-ish, but the example is
+	# easily modified.
+	newman "${FILESDIR}/${P}.man.8" "${PN}.8"
+	dodoc README.md
+
+	if use cron; then
+		# Beware, this directory is not completely standard. However,
+		# we need this to run as "clamav" with a non-default shell and
+		# home directory (bug 694054), and this seems like the most
+		# reliable way to accomplish that.
+		insinto "/etc/cron.d"
+		newins "${FILESDIR}/${PN}.crond" "${PN}"
+	else
+		dodoc "${FILESDIR}/${PN}.crond"
+	fi
+
+	# Install the systemd service and timer unconditionally, because
+	# the timer is disabled by default (and won't annoy people until
+	# after they've configured the script).
+	systemd_dounit "${FILESDIR}/${PN}".{service,timer}
+
+	# The script's working directory, as set in the configuration
+	# file. By default, the script runs as clamav:clamav because
+	# it needs write access to the clamav databases.
+	diropts -o clamav -g clamav
+	keepdir "/var/lib/${PN}"
+}
+
+pkg_postinst() {
+	elog ''
+	elog "You will need to select databases in /etc/${PN}/master.conf."
+	elog "For details, please see the ${PN}(8) manual page."
+	elog ''
+	elog 'An up-to-date description of the available Sanesecurity'
+	elog 'databases is available at,'
+	elog ''
+	elog '  http://sanesecurity.com/usage/signatures/'
+	elog ''
+}

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-disable-run-as-root.patch b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-disable-run-as-root.patch
new file mode 100644
index 00000000000..2b40c982309
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-disable-run-as-root.patch
@@ -0,0 +1,39 @@
+From 5235a5e518a1b17f50eb0f56c088f3808d939626 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Tue, 4 Feb 2020 19:34:56 -0500
+Subject: [PATCH 1/1] clamav-unofficial-sigs.sh: disable running as root.
+
+The only way I'm going to let this be installed on my machine is if
+it never runs as root. The shit that it does is insane (a priori)
+and also implemented insecurely. There's no good reason to run the
+script as root on Gentoo anyway. A cron job is provided for you,
+or you can use "su -s /bin/bash -c ... clamav" to run it as the
+clamav user.
+---
+ clamav-unofficial-sigs.sh | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
+index aa70db1..60d305b 100644
+--- a/clamav-unofficial-sigs.sh
++++ b/clamav-unofficial-sigs.sh
+@@ -3,6 +3,16 @@
+ # shellcheck disable=SC2120
+ # shellcheck disable=SC2128
+ # shellcheck disable=SC2154
++
++if [[ ${EUID} -eq 0 ]]; then
++    exec 1>&2
++    echo "This script has been patched by the Gentoo maintainer to disable"
++    echo "running it as root (effective UID 0). When run as root, the script"
++    echo "performs a number of operations insecurely. You should never need"
++    echo "to run this as root on Gentoo in the first place."
++    exit 1;
++fi
++
+ ################################################################################
+ # This is property of eXtremeSHOK.com
+ # You are free to use, modify and distribute, however you may not remove this notice.
+-- 
+2.24.1
+

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-database-name.patch b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-database-name.patch
new file mode 100644
index 00000000000..c991dacb412
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-database-name.patch
@@ -0,0 +1,35 @@
+From 837439354cd4692a7228f9f356e0c4acd32202f3 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Tue, 4 Feb 2020 20:11:16 -0500
+Subject: [PATCH 1/1] clamav-unofficial-sigs.sh: fix malwarepatrol extended
+ database name.
+
+The database suffix needs to be ".db" regardless of whether you choose
+the "basic" signatures or the "extended" ones. This patch is a quick
+fix, and just forces the correct name at the beginning of the script.
+
+Issue: https://github.com/extremeshok/clamav-unofficial-sigs/issues/300
+---
+ clamav-unofficial-sigs.sh | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
+index aa70db1..d8031c8 100644
+--- a/clamav-unofficial-sigs.sh
++++ b/clamav-unofficial-sigs.sh
+@@ -2235,11 +2235,7 @@ else
+   fi
+ fi
+ 
+-if [ $malwarepatrol_list == "clamav_basic" ] ; then
+-  malwarepatrol_db="malwarepatrol.db"
+-else
+-  malwarepatrol_db="malwarepatrol.ndb"
+-fi
++malwarepatrol_db="malwarepatrol.db"
+ malwarepatrol_url="${malwarepatrol_url}?receipt=${malwarepatrol_receipt_code}&product=${malwarepatrol_product_code}&list=${malwarepatrol_list}"
+ 
+ # If "ham_dir" variable is set, then create initial whitelist files (skipped if first-time script run).
+-- 
+2.24.1
+

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch
new file mode 100644
index 00000000000..e647ec9beea
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch
@@ -0,0 +1,22 @@
+From be934c77f029aa52c84ede976cf7ab91bf053c03 Mon Sep 17 00:00:00 2001
+From: Michael Urspringer <michael@urspringer.de>
+Date: Sun, 26 Jan 2020 11:46:07 +0100
+Subject: [PATCH] Fixed wrong download URL for MalwarePatrol
+
+---
+ clamav-unofficial-sigs.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
+index aa70db1..c2f31d6 100644
+--- a/clamav-unofficial-sigs.sh
++++ b/clamav-unofficial-sigs.sh
+@@ -2979,7 +2979,7 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then
+             xshok_pretty_echo_and_log "Checking for updated MalwarePatrol database file: ${malwarepatrol_db}"
+             malwarepatrol_db_update="0"
+ 
+-            xshok_file_download "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${malwarepatrol_url}&receipt=${malwarepatrol_receipt_code}"
++            xshok_file_download "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${malwarepatrol_url}"
+ 
+             ret="$?"
+             if [ "$ret" -eq 0 ] ; then

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1.man.8 b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1.man.8
new file mode 100644
index 00000000000..7f5555e27f0
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1.man.8
@@ -0,0 +1,77 @@
+
+.\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater
+.TH clamav-unofficial-sigs 8 "2020-01-25" "Version: 7.0.1" "SCRIPT COMMANDS"
+.SH NAME
+clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases.
+.SH SYNOPSIS
+.B clamav-unofficial-sigs
+.RI [ options ]
+.SH DESCRIPTION
+\fBclamav-unofficial-sigs\fP provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. It will also generate and install cron, logrotate, and man files.
+.SH UPDATES
+Script updates can be found at: \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP
+.SH OPTIONS
+This script follows the standard GNU command line syntax.
+.LP
+\fB Usage: clamav\-unofficial\-sigs.sh \fR [OPTION] [PATH|FILE]
+.TP
+\fB \-c, \-\-config \fR Use a specific configuration file or directory   eg: '\-c /your/dir' or ' \-c /your/file.name'    Note: If a directory is specified the directory must contain atleast:    master.conf, os.conf or user.conf   Default Directory: /etc/clamav\-unofficial\-sigs
+.TP
+\fB \-F, \-\-force \fR Force all databases to be downloaded, could cause ip to be blocked
+.TP
+\fB \-h, \-\-help \fR Display this script's help and usage information
+.TP
+\fB \-V, \-\-version \fR Output script version and date information
+.TP
+\fB \-v, \-\-verbose \fR Be verbose, enabled when not run under cron
+.TP
+\fB \-s, \-\-silence \fR Only output error messages, enabled when run under cron
+.TP
+\fB \-d, \-\-decode\-sig \fR Decode a third\-party signature either by signature name   (eg: Sanesecurity.Junk.15248) or hexadecimal string.   This flag will 'NOT' decode image signatures
+.TP
+\fB \-e, \-\-encode\-string \fR Hexadecimal encode an entire input string that can   be used in any '*.ndb' signature database file
+.TP
+\fB \-f, \-\-encode\-formatted \fR Hexadecimal encode a formatted input string containing   signature spacing fields '{}, (), *', without encoding   the spacing fields, so that the encoded signature   can be used in any '*.ndb' signature database file
+.TP
+\fB \-g, \-\-gpg\-verify \fR GPG verify a specific Sanesecurity database file   eg: '\-g filename.ext' (do not include file path)
+.TP
+\fB \-i, \-\-information \fR Output system and configuration information for   viewing or possible debugging purposes
+.TP
+\fB \-m, \-\-make\-database \fR Make a signature database from an ascii file containing   data strings, with one data string per line.  Additional   information is provided when using this flag
+.TP
+\fB \-t, \-\-test\-database \fR Clamscan integrity test a specific database file   eg: '\-t filename.ext' (do not include file path)
+.TP
+\fB \-o, \-\-output\-triggered \fR If HAM directory scanning is enabled in the script's   configuration file, then output names of any third\-party   signatures that triggered during the HAM directory scan
+.TP
+\fB \-w, \-\-whitelist <signature\-name> \fR Adds a signature whitelist entry in the newer ClamAV IGN2   format to 'my\-whitelist.ign2' in order to temporarily resolve   a false\-positive issue with a specific third\-party signature.   Script added whitelist entries will automatically be removed   if the original signature is either modified or removed from   the third\-party signature database
+.TP
+\fB \-\-check\-clamav \fR If ClamD status check is enabled and the socket path is correctly   specifiedthen test to see if clamd is running or not
+.TP
+\fB \-\-upgrade \fR Upgrades this script and master.conf to the latest available version
+.TP
+\fB \-\-install\-all \fR Install and generate the cron, logroate and man files, autodetects the values   based on your config files
+.TP
+\fB \-\-install\-cron \fR Install and generate the cron file, autodetects the values   based on your config files
+.TP
+\fB \-\-install\-logrotate \fR Install and generate the logrotate file, autodetects the   values based on your config files
+.TP
+\fB \-\-install\-man \fR Install and generate the man file, autodetects the   values based on your config files
+.TP
+\fB \-\-remove\-script \fR Remove the clamav\-unofficial\-sigs script and all of   its associated files and databases from the system
+.TP
+.SH SEE ALSO
+.BR clamd (8),
+.BR clamscan (1)
+.SH COPYRIGHT
+Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+.TP
+You are free to use, modify and distribute, however you may not remove this notice.
+.SH LICENSE
+BSD (Berkeley Software Distribution)
+.SH BUGS
+Report bugs to \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP
+.SH AUTHOR
+Adrian Jon Kriel :: admin@extremeshok.com
+Originially based on Script provide by Bill Landry
+
+


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, ...
@ 2020-02-05 15:56 Michael Orlitzky
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Orlitzky @ 2020-02-05 15:56 UTC (permalink / raw
  To: gentoo-commits

commit:     0b66eeacb145f1648b2ee824bd548c3694fe5d5f
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  5 02:12:49 2020 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Feb  5 15:48:58 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b66eeac

app-antivirus/clamav-unofficial-sigs: new revision in /usr/bin.

This script shouldn't be run as root, so this revision moves it out of
/usr/sbin and into /usr/bin. The paths within things in $FILESDIR were
also updated.

Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 ...cial-sigs-6.0.1-r4.ebuild => clamav-unofficial-sigs-6.0.1-r5.ebuild} | 2 +-
 app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond | 2 +-
 .../clamav-unofficial-sigs/files/clamav-unofficial-sigs.service         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r4.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r5.ebuild
similarity index 99%
rename from app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r4.ebuild
rename to app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r5.ebuild
index 5125872c022..1660dbdee6c 100644
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r4.ebuild
+++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r5.ebuild
@@ -30,7 +30,7 @@ RDEPEND="${DEPEND}
 	|| ( net-misc/wget net-misc/curl )"
 
 src_install() {
-	dosbin "${PN}.sh"
+	dobin "${PN}.sh"
 
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/${PN}.logrotate" "${PN}"

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
index 49ef1db3034..6c35c18e74b 100644
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
@@ -16,4 +16,4 @@
 HOME=/var/lib/clamav-unofficial-sigs
 SHELL=/bin/bash
 
-01 * * * * clamav /usr/sbin/clamav-unofficial-sigs.sh
+01 * * * * clamav /usr/bin/clamav-unofficial-sigs.sh

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
index ed9fa7e9f04..51727dafc9f 100644
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
@@ -10,6 +10,6 @@ Description=ClamAV unofficial signature update service
 Documentation=man:clamav-unofficial-sigs(8)
 
 [Service]
-ExecStart=bash /usr/sbin/clamav-unofficial-sigs.sh
+ExecStart=bash /usr/bin/clamav-unofficial-sigs.sh
 User=clamav
 WorkingDirectory=/var/lib/clamav-unofficial-sigs


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, ...
@ 2020-05-08 12:48 Michael Orlitzky
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Orlitzky @ 2020-05-08 12:48 UTC (permalink / raw
  To: gentoo-commits

commit:     b77e04b43db941af9433b618bcc978ecd6bc3793
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Fri May  8 12:45:11 2020 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Fri May  8 12:45:11 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b77e04b4

app-antivirus/clamav-unofficial-sigs: remove last-rited package.

Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 app-antivirus/clamav-unofficial-sigs/Manifest      |   3 -
 .../clamav-unofficial-sigs-5.6.2.ebuild            |  65 -------------
 .../clamav-unofficial-sigs-6.0.1-r5.ebuild         |  78 ---------------
 .../clamav-unofficial-sigs-7.0.1.ebuild            | 107 ---------------------
 ...unofficial-sigs-7.0.1-disable-run-as-root.patch |  39 --------
 ...official-sigs-7.0.1-fix-mbl-database-name.patch |  35 -------
 .../clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch |  22 -----
 .../files/clamav-unofficial-sigs-7.0.1.man.8       |  77 ---------------
 .../files/clamav-unofficial-sigs.8                 |  75 ---------------
 .../files/clamav-unofficial-sigs.crond             |  19 ----
 .../files/clamav-unofficial-sigs.logrotate         |   4 -
 .../files/clamav-unofficial-sigs.service           |  15 ---
 .../files/clamav-unofficial-sigs.timer             |  12 ---
 app-antivirus/clamav-unofficial-sigs/metadata.xml  |  19 ----
 14 files changed, 570 deletions(-)

diff --git a/app-antivirus/clamav-unofficial-sigs/Manifest b/app-antivirus/clamav-unofficial-sigs/Manifest
deleted file mode 100644
index 639d0b6e012..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/Manifest
+++ /dev/null
@@ -1,3 +0,0 @@
-DIST clamav-unofficial-sigs-5.6.2.tar.gz 50931 BLAKE2B 6fea42f8f76ae5344c2b96c9203d2b09e755573d03f2b9d3d9ee2a488150fbb6f598e052b730daf12c551920a71fd8daad1dc10002fca12fa4a74554cf7d445e SHA512 79978db065a22d778490d0a2673f5a0bb7ab73e42de64563e7d26ac23459f7e5b2e73b0548e1ea6483e3c5f43eed65cdbc6814037cc0c46a339366a0150e5427
-DIST clamav-unofficial-sigs-6.0.1.tar.gz 52262 BLAKE2B 9523da749e88c5e93f0986d7d4a234c3b1eff7c207ceb266e63cd76d7cffdf4a85aedf90aa746f7e1c82be97018f40896bbaa2dfd8f749f3c167d3bff74293d7 SHA512 d4f619628c9b2804a6d5ad533adaad72e323bb0604334c045cf92fc550ffb114493653d097b68337b33f51dc1215dc073b4ec9dc42abea8707cb03aefa40b289
-DIST clamav-unofficial-sigs-7.0.1.tar.gz 59517 BLAKE2B 36da6d7748cd7fcf35dde4790a8fb6777a97a6c0a7b2c080e0f0ac939041b5fd2372f0d58fb00558a7f57db78866c3235205e2cb8a8083575efcf1a5e73c9a3b SHA512 2cba341bce50b03d17f46662b499a3378d4e5750f4abe837bbddee5c671636553660723243c4b90de96c84210926f6406f554b7936600c3ae618644af40bf802

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-5.6.2.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-5.6.2.ebuild
deleted file mode 100644
index b42977e7bca..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-5.6.2.ebuild
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit user
-
-DESCRIPTION="Download and install third-party clamav signatures"
-HOMEPAGE="https://github.com/extremeshok/clamav-unofficial-sigs"
-SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE=""
-
-# The script relies on either net-misc/socat, or Perl's
-# IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
-# with IO::Socket::UNIX, so we can leave out net-misc/socat here.
-RDEPEND="${DEPEND}
-	app-crypt/gnupg
-	dev-lang/perl
-	net-dns/bind-tools
-	|| ( net-misc/wget net-misc/curl )"
-
-src_install() {
-	dosbin "${PN}.sh"
-
-	# The script's working directory (set in the conf file). By default,
-	# it runs as clamav/clamav. We set the owner/group later, in
-	# pkg_preinst, after the user/group is sure to exist (because we
-	# create them otherwise).
-	keepdir "/var/lib/${PN}"
-
-	insinto /etc/logrotate.d
-	doins "${FILESDIR}/${PN}.logrotate"
-
-	insinto "/etc/${PN}"
-	doins config/{master,user}.conf
-	newins config/os.gentoo.conf os.conf
-
-	doman "${FILESDIR}/${PN}.8"
-	dodoc README.md
-}
-
-pkg_preinst() {
-	# Should agree with app-antivirus/clamav. We don't actually need
-	# clamav to function, so it isn't one of our dependencies, and
-	# that's why we might need to create its user ourselves.
-	enewgroup clamav
-	enewuser clamav -1 -1 /dev/null clamav
-	fowners clamav:clamav "/var/lib/${PN}"
-}
-
-pkg_postinst() {
-	elog ''
-	elog "You will need to select databases in /etc/${PN}/master.conf."
-	elog "For details, please see the ${PN}(8) manual page."
-	elog ''
-	elog 'An up-to-date description of the available Sanesecurity'
-	elog 'databases is available at,'
-	elog ''
-	elog '  http://sanesecurity.com/usage/signatures/'
-	elog ''
-}

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r5.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r5.ebuild
deleted file mode 100644
index 1660dbdee6c..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r5.ebuild
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd
-
-DESCRIPTION="Download and install third-party clamav signatures"
-HOMEPAGE="https://github.com/extremeshok/clamav-unofficial-sigs"
-SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="cron"
-
-# Require acct-{user,group}/clamav at build time so that we can set
-# the permissions on /var/lib/${PN} in src_install rather than in
-# pkg_postinst; calling "chown" on the live filesystem scares me.
-DEPEND="acct-group/clamav
-	acct-user/clamav"
-
-# The script relies on either net-misc/socat, or Perl's
-# IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
-# with IO::Socket::UNIX, so we can leave out net-misc/socat here.
-RDEPEND="${DEPEND}
-	app-crypt/gnupg
-	dev-lang/perl
-	net-dns/bind-tools
-	|| ( net-misc/wget net-misc/curl )"
-
-src_install() {
-	dobin "${PN}.sh"
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
-
-	insinto "/etc/${PN}"
-	doins config/{master,user}.conf
-	newins config/os.gentoo.conf os.conf
-
-	doman "${FILESDIR}/${PN}.8"
-	dodoc README.md
-
-	if use cron; then
-		# Beware, this directory is not completely standard. However,
-		# we need this to run as "clamav" with a non-default shell and
-		# home directory (bug 694054), and this seems like the most
-		# reliable way to accomplish that.
-		insinto "/etc/cron.d"
-		newins "${FILESDIR}/${PN}.crond" "${PN}"
-	else
-		dodoc "${FILESDIR}/${PN}.crond"
-	fi
-
-	# Install the systemd service and timer unconditionally, because
-	# the timer is disabled by default (and won't annoy people until
-	# after they've configured the script).
-	systemd_dounit "${FILESDIR}/${PN}".{service,timer}
-
-	# The script's working directory, as set in the configuration
-	# file. By default, the script runs as clamav:clamav because
-	# it needs write access to the clamav databases.
-	diropts -o clamav -g clamav
-	keepdir "/var/lib/${PN}"
-}
-
-pkg_postinst() {
-	elog ''
-	elog "You will need to select databases in /etc/${PN}/master.conf."
-	elog "For details, please see the ${PN}(8) manual page."
-	elog ''
-	elog 'An up-to-date description of the available Sanesecurity'
-	elog 'databases is available at,'
-	elog ''
-	elog '  http://sanesecurity.com/usage/signatures/'
-	elog ''
-}

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-7.0.1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-7.0.1.ebuild
deleted file mode 100644
index d906ed530ac..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-7.0.1.ebuild
+++ /dev/null
@@ -1,107 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd
-
-DESCRIPTION="Download and install third-party clamav signatures"
-HOMEPAGE="https://github.com/extremeshok/clamav-unofficial-sigs"
-SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="cron"
-
-# Require acct-{user,group}/clamav at build time so that we can set
-# the permissions on /var/lib/${PN} in src_install rather than in
-# pkg_postinst; calling "chown" on the live filesystem scares me.
-DEPEND="acct-group/clamav
-	acct-user/clamav"
-
-# The script relies on either net-misc/socat, or Perl's
-# IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
-# with IO::Socket::UNIX, so we can leave out net-misc/socat here.
-#
-# Recent versions will crash if you don't have "clamscan" available,
-# so we are forced to depend on app-antivirus/clamav finally.
-RDEPEND="${DEPEND}
-	app-antivirus/clamav
-	app-crypt/gnupg
-	dev-lang/perl
-	net-dns/bind-tools
-	|| ( net-misc/wget net-misc/curl )"
-
-# This script is cccrrraaaaaaazzzzzzzzyyyyyy. It does a million
-# insecure things. Let's not accidentally run it as root.
-PATCHES=(
-	"${FILESDIR}/${P}-disable-run-as-root.patch"
-	"${FILESDIR}/${P}-fix-mbl-database-name.patch"
-	"${FILESDIR}/${P}-fix-mbl-url.patch"
-)
-
-src_prepare() {
-	default
-
-	# https://github.com/extremeshok/clamav-unofficial-sigs/pull/301
-	echo 'allow_upgrades="no"' >> config/os/os.gentoo.conf || die
-	echo 'allow_update_checks="no"' >> config/os/os.gentoo.conf || die
-}
-
-src_install() {
-	dobin "${PN}.sh"
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
-
-	insinto "/etc/${PN}"
-	doins config/{master,user}.conf
-	newins config/os/os.gentoo.conf os.conf
-
-	# To generate the man page, you have to first install the package,
-	# and then issue some ridiculous command like
-	#
-	# $ sudo su -s /bin/sh \
-	#           -c 'man_dir=/tmp clamav-unofficial-sigs.sh --install-man' \
-	#           clamav
-	#
-	# That'll stick it in /tmp, which is unsafe-ish, but the example is
-	# easily modified.
-	newman "${FILESDIR}/${P}.man.8" "${PN}.8"
-	dodoc README.md
-
-	if use cron; then
-		# Beware, this directory is not completely standard. However,
-		# we need this to run as "clamav" with a non-default shell and
-		# home directory (bug 694054), and this seems like the most
-		# reliable way to accomplish that.
-		insinto "/etc/cron.d"
-		newins "${FILESDIR}/${PN}.crond" "${PN}"
-	else
-		dodoc "${FILESDIR}/${PN}.crond"
-	fi
-
-	# Install the systemd service and timer unconditionally, because
-	# the timer is disabled by default (and won't annoy people until
-	# after they've configured the script).
-	systemd_dounit "${FILESDIR}/${PN}".{service,timer}
-
-	# The script's working directory, as set in the configuration
-	# file. By default, the script runs as clamav:clamav because
-	# it needs write access to the clamav databases.
-	diropts -o clamav -g clamav
-	keepdir "/var/lib/${PN}"
-}
-
-pkg_postinst() {
-	elog ''
-	elog "You will need to select databases in /etc/${PN}/master.conf."
-	elog "For details, please see the ${PN}(8) manual page."
-	elog ''
-	elog 'An up-to-date description of the available Sanesecurity'
-	elog 'databases is available at,'
-	elog ''
-	elog '  http://sanesecurity.com/usage/signatures/'
-	elog ''
-}

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-disable-run-as-root.patch b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-disable-run-as-root.patch
deleted file mode 100644
index 2b40c982309..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-disable-run-as-root.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 5235a5e518a1b17f50eb0f56c088f3808d939626 Mon Sep 17 00:00:00 2001
-From: Michael Orlitzky <michael@orlitzky.com>
-Date: Tue, 4 Feb 2020 19:34:56 -0500
-Subject: [PATCH 1/1] clamav-unofficial-sigs.sh: disable running as root.
-
-The only way I'm going to let this be installed on my machine is if
-it never runs as root. The shit that it does is insane (a priori)
-and also implemented insecurely. There's no good reason to run the
-script as root on Gentoo anyway. A cron job is provided for you,
-or you can use "su -s /bin/bash -c ... clamav" to run it as the
-clamav user.
----
- clamav-unofficial-sigs.sh | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
-index aa70db1..60d305b 100644
---- a/clamav-unofficial-sigs.sh
-+++ b/clamav-unofficial-sigs.sh
-@@ -3,6 +3,16 @@
- # shellcheck disable=SC2120
- # shellcheck disable=SC2128
- # shellcheck disable=SC2154
-+
-+if [[ ${EUID} -eq 0 ]]; then
-+    exec 1>&2
-+    echo "This script has been patched by the Gentoo maintainer to disable"
-+    echo "running it as root (effective UID 0). When run as root, the script"
-+    echo "performs a number of operations insecurely. You should never need"
-+    echo "to run this as root on Gentoo in the first place."
-+    exit 1;
-+fi
-+
- ################################################################################
- # This is property of eXtremeSHOK.com
- # You are free to use, modify and distribute, however you may not remove this notice.
--- 
-2.24.1
-

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-database-name.patch b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-database-name.patch
deleted file mode 100644
index c991dacb412..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-database-name.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 837439354cd4692a7228f9f356e0c4acd32202f3 Mon Sep 17 00:00:00 2001
-From: Michael Orlitzky <michael@orlitzky.com>
-Date: Tue, 4 Feb 2020 20:11:16 -0500
-Subject: [PATCH 1/1] clamav-unofficial-sigs.sh: fix malwarepatrol extended
- database name.
-
-The database suffix needs to be ".db" regardless of whether you choose
-the "basic" signatures or the "extended" ones. This patch is a quick
-fix, and just forces the correct name at the beginning of the script.
-
-Issue: https://github.com/extremeshok/clamav-unofficial-sigs/issues/300
----
- clamav-unofficial-sigs.sh | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
-index aa70db1..d8031c8 100644
---- a/clamav-unofficial-sigs.sh
-+++ b/clamav-unofficial-sigs.sh
-@@ -2235,11 +2235,7 @@ else
-   fi
- fi
- 
--if [ $malwarepatrol_list == "clamav_basic" ] ; then
--  malwarepatrol_db="malwarepatrol.db"
--else
--  malwarepatrol_db="malwarepatrol.ndb"
--fi
-+malwarepatrol_db="malwarepatrol.db"
- malwarepatrol_url="${malwarepatrol_url}?receipt=${malwarepatrol_receipt_code}&product=${malwarepatrol_product_code}&list=${malwarepatrol_list}"
- 
- # If "ham_dir" variable is set, then create initial whitelist files (skipped if first-time script run).
--- 
-2.24.1
-

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch
deleted file mode 100644
index e647ec9beea..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1-fix-mbl-url.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From be934c77f029aa52c84ede976cf7ab91bf053c03 Mon Sep 17 00:00:00 2001
-From: Michael Urspringer <michael@urspringer.de>
-Date: Sun, 26 Jan 2020 11:46:07 +0100
-Subject: [PATCH] Fixed wrong download URL for MalwarePatrol
-
----
- clamav-unofficial-sigs.sh | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
-index aa70db1..c2f31d6 100644
---- a/clamav-unofficial-sigs.sh
-+++ b/clamav-unofficial-sigs.sh
-@@ -2979,7 +2979,7 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then
-             xshok_pretty_echo_and_log "Checking for updated MalwarePatrol database file: ${malwarepatrol_db}"
-             malwarepatrol_db_update="0"
- 
--            xshok_file_download "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${malwarepatrol_url}&receipt=${malwarepatrol_receipt_code}"
-+            xshok_file_download "${work_dir_malwarepatrol}/${malwarepatrol_db}" "${malwarepatrol_url}"
- 
-             ret="$?"
-             if [ "$ret" -eq 0 ] ; then

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1.man.8 b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1.man.8
deleted file mode 100644
index 7f5555e27f0..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs-7.0.1.man.8
+++ /dev/null
@@ -1,77 +0,0 @@
-
-.\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater
-.TH clamav-unofficial-sigs 8 "2020-01-25" "Version: 7.0.1" "SCRIPT COMMANDS"
-.SH NAME
-clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases.
-.SH SYNOPSIS
-.B clamav-unofficial-sigs
-.RI [ options ]
-.SH DESCRIPTION
-\fBclamav-unofficial-sigs\fP provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. It will also generate and install cron, logrotate, and man files.
-.SH UPDATES
-Script updates can be found at: \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP
-.SH OPTIONS
-This script follows the standard GNU command line syntax.
-.LP
-\fB Usage: clamav\-unofficial\-sigs.sh \fR [OPTION] [PATH|FILE]
-.TP
-\fB \-c, \-\-config \fR Use a specific configuration file or directory   eg: '\-c /your/dir' or ' \-c /your/file.name'    Note: If a directory is specified the directory must contain atleast:    master.conf, os.conf or user.conf   Default Directory: /etc/clamav\-unofficial\-sigs
-.TP
-\fB \-F, \-\-force \fR Force all databases to be downloaded, could cause ip to be blocked
-.TP
-\fB \-h, \-\-help \fR Display this script's help and usage information
-.TP
-\fB \-V, \-\-version \fR Output script version and date information
-.TP
-\fB \-v, \-\-verbose \fR Be verbose, enabled when not run under cron
-.TP
-\fB \-s, \-\-silence \fR Only output error messages, enabled when run under cron
-.TP
-\fB \-d, \-\-decode\-sig \fR Decode a third\-party signature either by signature name   (eg: Sanesecurity.Junk.15248) or hexadecimal string.   This flag will 'NOT' decode image signatures
-.TP
-\fB \-e, \-\-encode\-string \fR Hexadecimal encode an entire input string that can   be used in any '*.ndb' signature database file
-.TP
-\fB \-f, \-\-encode\-formatted \fR Hexadecimal encode a formatted input string containing   signature spacing fields '{}, (), *', without encoding   the spacing fields, so that the encoded signature   can be used in any '*.ndb' signature database file
-.TP
-\fB \-g, \-\-gpg\-verify \fR GPG verify a specific Sanesecurity database file   eg: '\-g filename.ext' (do not include file path)
-.TP
-\fB \-i, \-\-information \fR Output system and configuration information for   viewing or possible debugging purposes
-.TP
-\fB \-m, \-\-make\-database \fR Make a signature database from an ascii file containing   data strings, with one data string per line.  Additional   information is provided when using this flag
-.TP
-\fB \-t, \-\-test\-database \fR Clamscan integrity test a specific database file   eg: '\-t filename.ext' (do not include file path)
-.TP
-\fB \-o, \-\-output\-triggered \fR If HAM directory scanning is enabled in the script's   configuration file, then output names of any third\-party   signatures that triggered during the HAM directory scan
-.TP
-\fB \-w, \-\-whitelist <signature\-name> \fR Adds a signature whitelist entry in the newer ClamAV IGN2   format to 'my\-whitelist.ign2' in order to temporarily resolve   a false\-positive issue with a specific third\-party signature.   Script added whitelist entries will automatically be removed   if the original signature is either modified or removed from   the third\-party signature database
-.TP
-\fB \-\-check\-clamav \fR If ClamD status check is enabled and the socket path is correctly   specifiedthen test to see if clamd is running or not
-.TP
-\fB \-\-upgrade \fR Upgrades this script and master.conf to the latest available version
-.TP
-\fB \-\-install\-all \fR Install and generate the cron, logroate and man files, autodetects the values   based on your config files
-.TP
-\fB \-\-install\-cron \fR Install and generate the cron file, autodetects the values   based on your config files
-.TP
-\fB \-\-install\-logrotate \fR Install and generate the logrotate file, autodetects the   values based on your config files
-.TP
-\fB \-\-install\-man \fR Install and generate the man file, autodetects the   values based on your config files
-.TP
-\fB \-\-remove\-script \fR Remove the clamav\-unofficial\-sigs script and all of   its associated files and databases from the system
-.TP
-.SH SEE ALSO
-.BR clamd (8),
-.BR clamscan (1)
-.SH COPYRIGHT
-Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
-.TP
-You are free to use, modify and distribute, however you may not remove this notice.
-.SH LICENSE
-BSD (Berkeley Software Distribution)
-.SH BUGS
-Report bugs to \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP
-.SH AUTHOR
-Adrian Jon Kriel :: admin@extremeshok.com
-Originially based on Script provide by Bill Landry
-
-

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.8 b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.8
deleted file mode 100644
index d7cd1926f2f..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.8
+++ /dev/null
@@ -1,75 +0,0 @@
-
-.\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater
-.TH clamav-unofficial-sigs 8 "07 May 2016" "Version: 5.3.0" "SCRIPT COMMANDS"
-.SH NAME
-clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases.
-.SH SYNOPSIS
-.B clamav-unofficial-sigs
-.RI [ options ]
-.SH DESCRIPTION
-\fBclamav-unofficial-sigs\fP provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. It will also generate and install cron, logrotate, and man files.
-.SH UPDATES
-Script updates can be found at: \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP
-.SH OPTIONS
-This script follows the standard GNU command line syntax.
-.LP
-\fB Usage: clamav\-unofficial\-sigs.sh \fR [OPTION] [PATH|FILE]
-.TP
-\fB \-c, \-\-config \fR Use a specific configuration file or directory   eg: '\-c /your/dir' or ' \-c /your/file.name'    Note: If a directory is specified the directory must contain atleast:    master.conf, os.conf or user.conf   Default Directory: configgentoo
-.TP 
-\fB \-F, \-\-force \fR Force all databases to be downloaded, could cause ip to be blocked
-.TP 
-\fB \-h, \-\-help \fR Display this script's help and usage information
-.TP 
-\fB \-V, \-\-version \fR Output script version and date information
-.TP 
-\fB \-v, \-\-verbose \fR Be verbose, enabled when not run under cron
-.TP 
-\fB \-s, \-\-silence \fR Only output error messages, enabled when run under cron
-.TP 
-\fB \-d, \-\-decode\-sig \fR Decode a third\-party signature either by signature name   (eg: Sanesecurity.Junk.15248) or hexadecimal string.   This flag will 'NOT' decode image signatures
-.TP 
-\fB \-e, \-\-encode\-string \fR Hexadecimal encode an entire input string that can   be used in any '*.ndb' signature database file
-.TP 
-\fB \-f, \-\-encode\-formatted \fR Hexadecimal encode a formatted input string containing   signature spacing fields '{}, (), *', without encoding   the spacing fields, so that the encoded signature   can be used in any '*.ndb' signature database file
-.TP 
-\fB \-g, \-\-gpg\-verify \fR GPG verify a specific Sanesecurity database file   eg: '\-g filename.ext' (do not include file path)
-.TP 
-\fB \-i, \-\-information \fR Output system and configuration information for   viewing or possible debugging purposes
-.TP 
-\fB \-m, \-\-make\-database \fR Make a signature database from an ascii file containing   data strings, with one data string per line.  Additional   information is provided when using this flag
-.TP 
-\fB \-t, \-\-test\-database \fR Clamscan integrity test a specific database file   eg: '\-s filename.ext' (do not include file path)
-.TP 
-\fB \-o, \-\-output\-triggered \fR If HAM directory scanning is enabled in the script's   configuration file, then output names of any third\-party   signatures that triggered during the HAM directory scan
-.TP 
-\fB \-w, \-\-whitelist \fR Adds a signature whitelist entry in the newer ClamAV IGN2   format to 'my\-whitelist.ign2' in order to temporarily resolve   a false\-positive issue with a specific third\-party signature.   Script added whitelist entries will automatically be removed   if the original signature is either modified or removed from   the third\-party signature database
-.TP 
-\fB \-\-check\-clamav \fR If ClamD status check is enabled and the socket path is correctly   specifiedthen test to see if clamd is running or not
-.TP 
-\fB \-\-install\-all \fR Install and generate the cron, logroate and man files, autodetects the values   based on your config files
-.TP
-\fB \-\-install\-cron \fR Install and generate the cron file, autodetects the values   based on your config files
-.TP 
-\fB \-\-install\-logrotate \fR Install and generate the logrotate file, autodetects the   values based on your config files
-.TP 
-\fB \-\-install\-man \fR Install and generate the man file, autodetects the   values based on your config files
-.TP 
-\fB \-\-remove\-script \fR Remove the clamav\-unofficial\-sigs script and all of   its associated files and databases from the system
-.TP 
-.SH SEE ALSO
-.BR clamd (8),
-.BR clamscan (1)
-.SH COPYRIGHT
-Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
-.TP
-You are free to use, modify and distribute, however you may not remove this notice.
-.SH LICENSE
-BSD (Berkeley Software Distribution)
-.SH BUGS
-Report bugs to \fBhttps://github.com/extremeshok/clamav-unofficial-sigs\fP
-.SH AUTHOR
-Adrian Jon Kriel :: admin@extremeshok.com
-Originially based on Script provide by Bill Landry
-
-

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
deleted file mode 100644
index 6c35c18e74b..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Run clamav-unofficial-sigs hourly.
-#
-# This file should be copied to /etc/cron.d rather than, say,
-# /etc/cron.hourly because it needs to run as the clamav user (to
-# alter the databases), but the default settings for that user in
-# Gentoo are insufficient (see bug 694054).
-#
-# In particular, the clamav user needs a Bash shell and a home
-# directory since clamav-unofficial-sigs is written in Bash and
-# because otherwise cron will complain about trying to chdir to a
-# nonexistent home directory. When run out of /etc/cron.d, we can set
-# HOME and SHELL to appropriate values, unlike with scripts in
-# /etc/cron.hourly.
-#
-HOME=/var/lib/clamav-unofficial-sigs
-SHELL=/bin/bash
-
-01 * * * * clamav /usr/bin/clamav-unofficial-sigs.sh

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.logrotate b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.logrotate
deleted file mode 100644
index 1d18581588d..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.logrotate
+++ /dev/null
@@ -1,4 +0,0 @@
-/var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log {
-     create 0640 clamav clamav
-     missingok
-}

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
deleted file mode 100644
index 51727dafc9f..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.service
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# Service file corresponding to clamav-unofficial-sigs.timer.
-# Upstream provides a similar file, but with the wrong path
-# and running as root, so it's just less of a headache to
-# include our own.
-#
-
-[Unit]
-Description=ClamAV unofficial signature update service
-Documentation=man:clamav-unofficial-sigs(8)
-
-[Service]
-ExecStart=bash /usr/bin/clamav-unofficial-sigs.sh
-User=clamav
-WorkingDirectory=/var/lib/clamav-unofficial-sigs

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.timer b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.timer
deleted file mode 100644
index 299ffd84132..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.timer
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# Run clamav-unofficial-sigs.service every hour, at 45 minutes past the hour.
-# We do not include an [Install] section because this package does not
-# technically depend on clamav to function.
-#
-
-[Unit]
-Description=ClamAV unofficial signature update timer
-Documentation=man:clamav-unofficial-sigs(8)
-
-[Timer]
-OnCalendar=*-*-* *:45:00

diff --git a/app-antivirus/clamav-unofficial-sigs/metadata.xml b/app-antivirus/clamav-unofficial-sigs/metadata.xml
deleted file mode 100644
index 828e566ffca..00000000000
--- a/app-antivirus/clamav-unofficial-sigs/metadata.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-  <maintainer type="person">
-    <email>mjo@gentoo.org</email>
-  </maintainer>
-    <use>
-      <flag name="cron">
-        Install an hourly cron job to /etc/cron.d that runs the
-        updates as the clamav user (instead of root), with an
-        appropriate home directory and shell. The same cron job
-        is installed as documentation when this flag is disabled.
-      </flag>
-    </use>
-  <upstream>
-    <remote-id type="sourceforge">unofficial-sigs</remote-id>
-    <remote-id type="github">extremeshok/clamav-unofficial-sigs</remote-id>
-  </upstream>
-</pkgmetadata>


^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-05-08 12:48 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-11-06 15:57 [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, Michael Orlitzky
  -- strict thread matches above, loose matches on Subject: below --
2019-11-06 15:57 Michael Orlitzky
2020-02-05 15:56 Michael Orlitzky
2020-02-05 15:56 Michael Orlitzky
2020-05-08 12:48 Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox