On 2022/11/16 17:03, Klemens Nanni wrote:
> On Wed, Nov 16, 2022 at 04:50:57PM +0100, Marcus MERIGHI wrote:
> > Hello,
> >
> > k...@openbsd.org (Klemens Nanni), 2022.11.14 (Mon) 10:40 (CET):
> > > On Sun, Nov 13, 2022 at 10:33:09PM -0500, Johan Huldtgren wrote:
> > > > On 2022-11-13 22:32, Klemens Nanni wrote:
> > > > > We're stuck at a 2014 version while upstream is at 7.2.5 from 2021.
> > > > >
> > > > > Anyone still using this? Does it work with recent clamav?
> > > >
> > > > I have this configured and working on my mailserver (still at 7.1)
> > > > with clamav-0.104.3, from the logs it updates the various configured
> > > > databases. I am uncertain of exactly how effective it is.
> > >
> > > Thanks, so it isn't broken by default or so.
> > >
> > > If you upgrade to a snapshots I can send you a ports update to try the
> > > latest unofficial filters.
> >
> > I use clamav-unofficial-sigs, on 7.2 and 7.1. It works and I'm and ready
> > to test -current, 7.2 and 7.1 (for some time).
>
> Here's the ports diff for the latest version.
> I recreated the config patch from scratch.
>
> There now are /etc/clamav-unofficial-sigs/{master,os,user.conf} where
> os.conf is os.openbsd.conf from upstream.
>
> os and user overwrite master, user overwrites os, you edit user.conf.
sounds like os and master should be somewhere other than /etc then,
and not @sample'd?
> os.openbsd.conf says something requires gsed, so add that as RDEP.
>
> It also says that the config is incompatible to 3.x and 4.x setups.
>
> Installing the new 7.2.5 package, running the script as root once and
> then getting info with `-i' looks sane.
>
> /var/log/clamav-unofficial-sigs.log contains that info, so logs work.
>
> I have no idea what users have to do to their config to make the jump
> from 3/4 to 7.2.5.
>
> Marcus, can you give this a spin and tell us what local steps are
> required to upgrade and/or get it running?
>
> Then we can put this into MESSAGE or README or current.html.
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/clamav-unofficial-sigs/Makefile,v
> retrieving revision 1.17
> diff -u -p -r1.17 Makefile
> --- Makefile 11 Mar 2022 19:53:19 -0000 1.17
> +++ Makefile 16 Nov 2022 16:56:33 -0000
> @@ -1,42 +1,33 @@
> -COMMENT = fetch and update unofficial signatures for ClamAV
> +COMMENT = ClamAV unofficial signatures updater
>
> -V = 4.9.2
> -REVISION = 2
> -DISTNAME = clamav-unofficial-sigs-$V
> -DISTFILES = ${DISTNAME}{$V}.tar.gz
> +GH_ACCOUNT = extremeshok
> +GH_PROJECT = clamav-unofficial-sigs
> +GH_TAGNAME = 7.2.5
>
> CATEGORIES = security mail
>
> -HOMEPAGE = https://github.com/extremeshok/clamav-unofficial-sigs
> -
> # BSD
> PERMIT_PACKAGE = Yes
>
> -MASTER_SITES =
> https://github.com/extremeshok/clamav-unofficial-sigs/archive/
> -
> RUN_DEPENDS = net/curl \
> net/rsync \
> security/clamav \
> security/gnupg \
> - shells/bash
> + shells/bash \
> + textproc/gsed
>
> NO_BUILD = Yes
> NO_TEST = Yes
>
> PKG_ARCH = *
>
> -do-configure:
> - ${SUBST_CMD} ${WRKSRC}/clamav-unofficial-sigs.conf
> - sed -i -e 's,/etc,${SYSCONFDIR},' -e \
> - 's,/usr/local/bin,${LOCALBASE}/bin,' \
> - ${WRKSRC}/clamav-unofficial-sigs.sh
> +EXAMPLES_DIR = ${PREFIX}/share/examples/${GH_PROJECT}
>
> do-install:
> - ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/clamav-unofficial-sigs
> - cd ${WRKSRC}; \
> - ${INSTALL_SCRIPT} clamav-unofficial-sigs.sh ${PREFIX}/bin; \
> - ${INSTALL_DATA} clamav-unofficial-sigs.conf \
> - ${PREFIX}/share/examples/clamav-unofficial-sigs; \
> - ${INSTALL_MAN} clamav-unofficial-sigs.8 ${PREFIX}/man/man8
> + ${INSTALL_SCRIPT} ${WRKSRC}/${GH_PROJECT}.sh ${PREFIX}/bin/
> + ${INSTALL_DATA_DIR} ${EXAMPLES_DIR}
> + ${INSTALL_DATA} ${WRKSRC}/config/{master,user}.conf ${EXAMPLES_DIR}/
> + ${INSTALL_DATA} ${WRKSRC}/config/os/os.openbsd.conf \
> + ${EXAMPLES_DIR}/os.conf
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/security/clamav-unofficial-sigs/distinfo,v
> retrieving revision 1.6
> diff -u -p -r1.6 distinfo
> --- distinfo 7 Dec 2015 14:11:02 -0000 1.6
> +++ distinfo 16 Nov 2022 16:04:33 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (clamav-unofficial-sigs-4.9.2.tar.gz) =
> cOBfY63X4D1a8tumvNMf2phkZXd5jZnmkC5fJkwwLpM=
> -SIZE (clamav-unofficial-sigs-4.9.2.tar.gz) = 40301
> +SHA256 (clamav-unofficial-sigs-7.2.5.tar.gz) =
> 9C+daOER+JK/1xOT6GnlPIBvSJZsdo0hmSXeZlKWDFA=
> +SIZE (clamav-unofficial-sigs-7.2.5.tar.gz) = 68425
> Index: patches/patch-clamav-unofficial-sigs_conf
> ===================================================================
> RCS file: patches/patch-clamav-unofficial-sigs_conf
> diff -N patches/patch-clamav-unofficial-sigs_conf
> --- patches/patch-clamav-unofficial-sigs_conf 11 Mar 2022 19:53:19 -0000
> 1.12
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,93 +0,0 @@
> ---- clamav-unofficial-sigs.conf.orig Wed Dec 2 10:56:35 2015
> -+++ clamav-unofficial-sigs.conf Mon Dec 7 14:04:52 2015
> -@@ -24,12 +24,9 @@
> - # Set the appropriate ClamD user and group accounts for your system.
> - # If you do not want the script to set user and group permissions on
> - # files and directories, comment the next two variables.
> --clam_user="clam"
> --#clam_user="clamav"
> -+clam_user="_clamav"
> -+clam_group="_clamav"
> -
> --clam_group="clam"
> --#clam_group="clamav"
> --
> - # If you do not want the script to change the file mode of all signature
> - # database files in the ClamAV working directory to 0644 (-rw-r--r--):
> - #
> -@@ -43,27 +40,26 @@ setmode="yes"
> -
> - # Set path to ClamAV database files location. If unsure, check
> - # your clamd.conf file for the "DatabaseDirectory" path setting.
> --clam_dbs="/var/lib/clamav"
> -+clam_dbs="/var/db/clamav"
> -
> - # Set path to clamd.pid file (see clamd.conf for path location).
> --clamd_pid="/var/run/clamav/clamd.pid"
> --#clamd_pid="/var/run/clamd.pid"
> -+clamd_pid="/var/run/clamd.pid"
> -
> - # To enable "ham" (non-spam) directory scanning and removal of
> - # signatures that trigger on ham messages, uncomment the following
> - # variable and set it to the appropriate ham message directory.
> --#ham_dir="/var/lib/clamav-unofficial-sigs/ham-test"
> -+#ham_dir="/var/db/clamav-unofficial-sigs/ham-test"
> -
> - # If you would like to reload the clamd databases after an update,
> - # change the following variable to "yes".
> - reload_dbs="yes"
> -
> - # Top level working directory, script will attempt to create them.
> --work_dir="/var/lib/clamav-unofficial-sigs" #Top level working directory
> -+work_dir="/var/db/clamav-unofficial-sigs" #Top level working directory
> -
> - # Log update information to '$log_file_path/$log_file_name'.
> - enable_logging="yes"
> --log_file_path="/var/log/clamav-unofficial-sigs"
> -+log_file_path="/var/log"
> - log_file_name="clamav-unofficial-sigs.log"
> -
> -
> -@@ -111,10 +107,10 @@ yararules_update_hours="24" # Default is 24 hours (1
> - # ========================
> - # Set to no to disable an entire database.
> - sanesecurity_enabled="yes" # Sanesecurity
> --securiteinfo_enabled="yes" # SecuriteInfo
> -+securiteinfo_enabled="no" # SecuriteInfo, requires signup
> - linuxmalwaredetect_enabled="yes" # Linux Malware Detect
> --malwarepatrol_enabled="yes" # Malware Patrol
> --yararules_enabled="no" # Yara-Rule Project, requires clamAV 0.99+
> -+malwarepatrol_enabled="no" # Malware Patrol, requires signup
> -+yararules_enabled="yes" # Yara-Rule Project, requires clamAV 0.99+
> -
> - # ========================
> - # Sanesecurity Database(s)
> -@@ -312,7 +308,7 @@ max_sleep_time="600" # Default maximum is 600 second
> -
> - # Set the clamd_restart_opt if the "reload_dbs" variable above is set
> - # Command to do a full clamd service stop/start
> --clamd_restart_opt="service clamd restart"
> -+clamd_restart_opt="rcctl restart clamd"
> -
> - # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
> - # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
> -@@ -332,8 +328,8 @@ clamd_restart_opt="service clamd restart"
> - # NOTE: these 2 variables are dependant on the "clamd_socket" variable
> - # shown above - if not enabled, then the following 2 variables will be
> - # ignored, whether enabled or not.
> --#clamd_start="service clamd start"
> --#clamd_stop="service clamd stop"
> -+#clamd_start="rcctl start clamd"
> -+#clamd_stop="rcctl stop clamd"
> -
> - # Set rsync connection and data transfer timeout limits in seconds.
> - # The defaults settings here are reasonable, only change if you are
> -@@ -369,7 +365,7 @@ keep_db_backup="no"
> - # or the general script comments, change the following variables to
> - # "yes". If all variables are set to "yes", the script will output
> - # nothing except error conditions.
> --silence_ssl="yes" # Default is "yes" ignore ssl errors and warnings
> -+silence_ssl="no" # "yes" disables certificate verification
> - curl_silence="no" # Default is "no" to report curl statistics
> - rsync_silence="no" # Default is "no" to report rsync statistics
> - gpg_silence="no" # Default is "no" to report gpg signature status
> Index: patches/patch-clamav-unofficial-sigs_sh
> ===================================================================
> RCS file: patches/patch-clamav-unofficial-sigs_sh
> diff -N patches/patch-clamav-unofficial-sigs_sh
> --- patches/patch-clamav-unofficial-sigs_sh 11 Mar 2022 19:53:19 -0000
> 1.7
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,57 +0,0 @@
> ---- clamav-unofficial-sigs.sh.orig Wed Dec 2 10:56:35 2015
> -+++ clamav-unofficial-sigs.sh Tue Dec 8 15:20:49 2015
> -@@ -1,4 +1,4 @@
> --#!/bin/bash
> -+#!/usr/local/bin/bash
> -
> ################################################################################
> - # This is property of eXtremeSHOK.com
> - # You are free to use, modify and distribute, however you may not remove
> this notice.
> -@@ -20,6 +20,9 @@
> -
> ################################################################################
> -
> - default_config="/etc/clamav-unofficial-sigs.conf"
> -+pkg_mgr="pkg_add"
> -+pkg_rm="pkg_delete"
> -+PATH=$PATH:/usr/local/sbin:/usr/local/bin
> -
> -
> ################################################################################
> -
> -@@ -215,6 +218,11 @@ do
> - done
> -
> - #config version validation
> -+if [ -z "$config_version" ] ; then
> -+ xshok_pretty_echo_and_log "ERROR: Configuration version not set. Update
> your configuration based on example file." "="
> -+ exit 1
> -+fi
> -+
> - if [ "$config_version" -lt "$minimum_required_config_version" ] ; then
> - xshok_pretty_echo_and_log "ERROR: Your configuration version is not
> compatible with this version" "="
> - exit 1
> -@@ -782,7 +790,7 @@ fi
> -
> - # Check to see if the working directories have been created.
> - # If not, create them. Otherwise, ignore and proceed with script.
> --mkdir -p "$work_dir" "$securiteinfo_dir" "$malwarepatrol_dir"
> "$linuxmalwaredetect_dir" "$sanesecurity_dir" "$config_dir" "$gpg_dir"
> "$add_dir"
> -+mkdir -p "$work_dir" "$securiteinfo_dir" "$malwarepatrol_dir"
> "$linuxmalwaredetect_dir" "$sanesecurity_dir" "$config_dir" "$gpg_dir"
> "$add_dir" "$yararules_dir"
> -
> - # Set secured access permissions to the GPG directory
> - chmod 0700 "$gpg_dir"
> -@@ -1433,7 +1441,7 @@ if [ "$yararules_enabled" == "yes" ] ; then
> - if [ "$time_interval" -ge $(($update_interval - 600)) ] ; then
> - echo "$current_time" > "$config_dir"/last-yararules-update.txt
> -
> -- cxshok_pretty_echo_and_log "Yara-Rules Database File Updates" "="
> -+ xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "="
> - xshok_pretty_echo_and_log "Checking for yararules updates..."
> - yararules_updates="0"
> - for db_file in $yararules_dbs ; do
> -@@ -3251,7 +3259,7 @@ else
> - time_remaining=$(($update_interval - $time_interval))
> - hours_left=$(($time_remaining / 3600))
> - minutes_left=$(($time_remaining % 3600 / 60))
> -- xshok_pretty_echo_and_log "$yararules_update_hours hours have not yet
> elapsed since the last linux malware detect update check"
> -+ xshok_pretty_echo_and_log "$yararules_update_hours hours have not yet
> elapsed since the last Yara update check"
> - xshok_pretty_echo_and_log "No update check was performed at this time" "-"
> - xshok_pretty_echo_and_log "Next check will be performed in approximately
> $hours_left hour(s), $minutes_left minute(s)"
> - fi
> Index: patches/patch-config_os_os_openbsd_conf
> ===================================================================
> RCS file: patches/patch-config_os_os_openbsd_conf
> diff -N patches/patch-config_os_os_openbsd_conf
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-config_os_os_openbsd_conf 16 Nov 2022 16:28:55 -0000
> @@ -0,0 +1,19 @@
> +Index: config/os/os.openbsd.conf
> +--- config/os/os.openbsd.conf.orig
> ++++ config/os/os.openbsd.conf
> +@@ -27,13 +27,13 @@ clam_group="_clamav"
> +
> + clam_dbs="/var/db/clamav"
> +
> +-clamd_pid="/var/run/clamav/clamd.pid"
> ++clamd_pid="/var/run/clamd.pid"
> +
> + work_dir="/var/db/clamav-unofficial-sigs"
> +
> + #ham_dir="/var/db/clamav-unofficial-sigs/ham-test"
> +
> +-log_file_path="/var/clamav/log"
> ++log_file_path="/var/log"
> +
> + clamd_restart_opt="rcctl restart clamd"
> +
> Index: pkg/DESCR
> ===================================================================
> RCS file: /cvs/ports/security/clamav-unofficial-sigs/pkg/DESCR,v
> retrieving revision 1.2
> diff -u -p -r1.2 DESCR
> --- pkg/DESCR 22 Apr 2013 11:32:29 -0000 1.2
> +++ pkg/DESCR 16 Nov 2022 15:59:37 -0000
> @@ -1,3 +1,6 @@
> -The clamav-unofficial-sigs script provides a simple way to download, test
> -and update third-party signature databases for ClamAV. Various databases
> -(primarily for email-borne malware/phishing) are available.
> +The clamav-unofficial-sigs script provides a simple way to download, test,
> +and update third-party signature databases provided by Sanesecurity,
> +FOXHOLE, OITC, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol,
> +Yara-Rules Project, urlhaus, MalwareExpert, interServer etc.
> +
> +The script will also generate and install cron, logrotate, and man files.
> Index: pkg/MESSAGE
> ===================================================================
> RCS file: /cvs/ports/security/clamav-unofficial-sigs/pkg/MESSAGE,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 MESSAGE
> --- pkg/MESSAGE 26 Mar 2011 12:26:44 -0000 1.1.1.1
> +++ pkg/MESSAGE 16 Nov 2022 16:56:24 -0000
> @@ -1,4 +1,4 @@
> -After configuring ${SYSCONFDIR}/clamav-unofficial-sigs.conf you can add the
> following
> -to root's crontab to update the signatures regularly:
> +After configuring ${SYSCONFDIR}/clamav-unofficial-sigs/user.conf you can add
> +the following to root's crontab to update the signatures regularly:
>
> 35 * * * * /usr/local/bin/clamav-unofficial-sigs.sh 2>&1 > /dev/null
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/security/clamav-unofficial-sigs/pkg/PLIST,v
> retrieving revision 1.3
> diff -u -p -r1.3 PLIST
> --- pkg/PLIST 11 Mar 2022 19:53:20 -0000 1.3
> +++ pkg/PLIST 16 Nov 2022 16:52:54 -0000
> @@ -5,7 +5,11 @@
> @owner
> @group
> bin/clamav-unofficial-sigs.sh
> -@man man/man8/clamav-unofficial-sigs.8
> share/examples/clamav-unofficial-sigs/
> -share/examples/clamav-unofficial-sigs/clamav-unofficial-sigs.conf
> -@sample ${SYSCONFDIR}/clamav-unofficial-sigs.conf
> +@sample ${SYSCONFDIR}/clamav-unofficial-sigs/
> +share/examples/clamav-unofficial-sigs/master.conf
> +@sample ${SYSCONFDIR}/clamav-unofficial-sigs/master.conf
> +share/examples/clamav-unofficial-sigs/os.conf
> +@sample ${SYSCONFDIR}/clamav-unofficial-sigs/os.conf
> +share/examples/clamav-unofficial-sigs/user.conf
> +@sample ${SYSCONFDIR}/clamav-unofficial-sigs/user.conf
>
