From dd74a53d4b56fac42a031b0dbca4a4dac8446ac5 Mon Sep 17 00:00:00 2001 From: Leonid Plyushch Date: Sun, 16 Jun 2019 14:47:38 +0300 Subject: [PATCH] new package: clamav https://github.com/termux/unstable-packages/issues/16 --- packages/clamav/build.sh | 46 +++++++++++ packages/clamav/clamd.conf | 35 +++++++++ packages/clamav/configure.patch | 37 +++++++++ packages/clamav/fix-hardcoded-paths.patch | 94 +++++++++++++++++++++++ packages/clamav/freshclam.conf | 8 ++ packages/clamav/no-lutimes.patch | 14 ++++ 6 files changed, 234 insertions(+) create mode 100644 packages/clamav/build.sh create mode 100644 packages/clamav/clamd.conf create mode 100644 packages/clamav/configure.patch create mode 100644 packages/clamav/fix-hardcoded-paths.patch create mode 100644 packages/clamav/freshclam.conf create mode 100644 packages/clamav/no-lutimes.patch diff --git a/packages/clamav/build.sh b/packages/clamav/build.sh new file mode 100644 index 000000000..07fce6e56 --- /dev/null +++ b/packages/clamav/build.sh @@ -0,0 +1,46 @@ +TERMUX_PKG_HOMEPAGE=https://www.clamav.net/ +TERMUX_PKG_DESCRIPTION="Anti-virus toolkit for Unix" +TERMUX_PKG_LICENSE="GPL-2.0" +TERMUX_PKG_MAINTAINER="Leonid Plyushch " +TERMUX_PKG_VERSION=0.101.2 +TERMUX_PKG_REVISION=4 +TERMUX_PKG_SRCURL=https://www.clamav.net/downloads/production/clamav-$TERMUX_PKG_VERSION.tar.gz +TERMUX_PKG_SHA256=0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634 +TERMUX_PKG_DEPENDS="json-c, libandroid-support, libbz2, libc++, libcurl, libltdl, liblzma, libxml2, openssl, pcre2, zlib" + +TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" +--sysconfdir=$TERMUX_PREFIX/etc/clamav +--with-libcurl=$TERMUX_PREFIX +--with-pcre=$TERMUX_PREFIX +--with-libjson=$TERMUX_PREFIX +--with-openssl=$TERMUX_PREFIX +--with-xml=$TERMUX_PREFIX +--with-zlib=$TERMUX_PREFIX +--disable-llvm +--disable-dns" + +TERMUX_PKG_RM_AFTER_INSTALL=" +share/man/man5/clamav-milter.conf.5 +share/man/man8/clamav-milter.8" + +TERMUX_PKG_CONFFILES=" +etc/clamav/clamd.conf +etc/clamav/freshclam.conf" + +termux_step_pre_configure() { + export LIBS="-llog" +} + +termux_step_post_make_install() { + for conf in clamd.conf freshclam.conf; do + install -Dm600 \ + "$TERMUX_PKG_BUILDER_DIR"/$conf \ + "$TERMUX_PREFIX"/etc/clamav/$conf + done + unset conf +} + +termux_step_post_massage() { + mkdir -p "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX"/var/lib/clamav + mkdir -p "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX"/var/log/clamav +} diff --git a/packages/clamav/clamd.conf b/packages/clamav/clamd.conf new file mode 100644 index 000000000..c28c2997c --- /dev/null +++ b/packages/clamav/clamd.conf @@ -0,0 +1,35 @@ +## +## Please read the clamd.conf(5) manual for more information about +## available options. +## + +## Server configuration. +LocalSocket /data/data/com.termux/files/usr/var/run/clamd.sock +LocalSocketMode 600 +PidFile /data/data/com.termux/files/usr/var/run/clamd.pid +TemporaryDirectory /data/data/com.termux/files/usr/tmp +DatabaseDirectory /data/data/com.termux/files/usr/var/lib/clamav + +## Scanner configuration. +ExcludePath ^/proc/ +ExcludePath ^/sys/ +FollowDirectorySymlinks no +FollowFileSymlinks yes +CrossFilesystems no +ExtendedDetectionInfo yes +AllowAllMatchScan yes +AlertOLE2Macros yes +DetectPUA yes +IncludePUA Packed +IncludePUA RAT +IncludePUA Spy +MaxScanSize 128M +MaxFileSize 128M +Bytecode yes + +## Logging. +LogSyslog no +LogVerbose no +LogFile /data/data/com.termux/files/usr/var/log/clamav/clamd.log +LogTime yes +LogRotate yes diff --git a/packages/clamav/configure.patch b/packages/clamav/configure.patch new file mode 100644 index 000000000..4b71c0ef5 --- /dev/null +++ b/packages/clamav/configure.patch @@ -0,0 +1,37 @@ +diff -uNr clamav-0.101.1/configure clamav-0.101.1.mod/configure +--- clamav-0.101.1/configure 2018-12-19 22:48:30.000000000 +0200 ++++ clamav-0.101.1.mod/configure 2019-01-28 15:21:17.645153831 +0200 +@@ -22931,10 +22931,8 @@ + fi + + +-if test ! -f "$ZLIB_HOME/include/zlib.h" ++if true + then +- as_fn_error $? "Please install zlib and zlib-devel packages" "$LINENO" 5 +-else + + vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h` + if test -z "$vuln"; then +@@ -22995,11 +22993,7 @@ + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 + $as_echo "$ac_cv_lib_z_inflateEnd" >&6; } +-if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : +- LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz"; FRESHCLAM_LIBS="$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz" +-else +- as_fn_error $? "Please install zlib and zlib-devel packages" "$LINENO" 5 +-fi ++LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -L$ZLIB_HOME/lib -lz"; FRESHCLAM_LIBS="$FRESHCLAM_LIBS -L$ZLIB_HOME/lib -lz" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzopen in -lz" >&5 + $as_echo_n "checking for gzopen in -lz... " >&6; } +@@ -24995,7 +24989,7 @@ + + have_fanotify="no" + if test "$have_pthreads" = "yes"; then +- THREAD_LIBS="-lpthread" ++ THREAD_LIBS="" + TH_SAFE="-thread-safe" + if test "$want_fanotify" = "yes"; then + ac_fn_c_check_header_mongrel "$LINENO" "sys/fanotify.h" "ac_cv_header_sys_fanotify_h" "$ac_includes_default" diff --git a/packages/clamav/fix-hardcoded-paths.patch b/packages/clamav/fix-hardcoded-paths.patch new file mode 100644 index 000000000..dc109fc4d --- /dev/null +++ b/packages/clamav/fix-hardcoded-paths.patch @@ -0,0 +1,94 @@ +diff -uNr clamav-0.100.2/clamd/others.c clamav-0.100.2.mod/clamd/others.c +--- clamav-0.100.2/clamd/others.c 2018-09-19 22:29:07.000000000 +0300 ++++ clamav-0.100.2.mod/clamd/others.c 2018-10-19 13:07:07.507843259 +0300 +@@ -170,7 +170,7 @@ + pid = fork (); + if (pid == 0) + { /* child */ +- exit (execle ("/bin/sh", "sh", "-c", buffer_cmd, NULL, env)); ++ exit (execle ("@TERMUX_PREFIX@/bin/sh", "sh", "-c", buffer_cmd, NULL, env)); + } + else if (pid > 0) + { /* parent */ +diff -uNr clamav-0.100.2/libclamav/others_common.c clamav-0.100.2.mod/libclamav/others_common.c +--- clamav-0.100.2/libclamav/others_common.c 2018-09-19 22:29:07.000000000 +0300 ++++ clamav-0.100.2.mod/libclamav/others_common.c 2018-10-19 13:03:39.917694079 +0300 +@@ -434,7 +434,7 @@ + #ifdef _WIN32 + #define P_tmpdir "C:\\" + #else +-#define P_tmpdir "/tmp" ++#define P_tmpdir "@TERMUX_PREFIX@/tmp" + #endif /* _WIN32 */ + #endif /* P_tmpdir */ + +diff -uNr clamav-0.100.2/shared/optparser.c clamav-0.100.2.mod/shared/optparser.c +--- clamav-0.100.2/shared/optparser.c 2018-09-19 22:29:07.000000000 +0300 ++++ clamav-0.100.2.mod/shared/optparser.c 2018-10-19 13:06:40.016861021 +0300 +@@ -192,7 +192,7 @@ + + { "PreludeAnalyzerName", "prelude-analyzer-name", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Name of the analyzer as seen in prewikka"}, + +- { "LogFile", "log", 'l', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN | OPT_CLAMDSCAN, "Save all reports to a log file.", "/tmp/clamav.log" }, ++ { "LogFile", "log", 'l', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN | OPT_CLAMDSCAN, "Save all reports to a log file.", "@TERMUX_PREFIX@/tmp/clamav.log" }, + + { "LogFileUnlock", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_MILTER, "By default the log file is locked for writing and only a single\ndaemon process can write to it. This option disables the lock.", "yes" }, + +@@ -212,17 +212,17 @@ + + { "ExtendedDetectionInfo", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Log additional information about the infected file, such as its\nsize and hash, together with the virus name.", "yes" }, + +- { "PidFile", "pid", 'p', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Save the process ID to a file.", "/var/run/clam.pid" }, ++ { "PidFile", "pid", 'p', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Save the process ID to a file.", "@TERMUX_PREFIX@/var/run/clam.pid" }, + +- { "TemporaryDirectory", "tempdir", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN | OPT_SIGTOOL, "This option allows you to change the default temporary directory.", "/tmp" }, ++ { "TemporaryDirectory", "tempdir", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN | OPT_SIGTOOL, "This option allows you to change the default temporary directory.", "@TERMUX_PREFIX@/tmp" }, + +- { "DatabaseDirectory", "datadir", 0, CLOPT_TYPE_STRING, NULL, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_SIGTOOL, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav" }, ++ { "DatabaseDirectory", "datadir", 0, CLOPT_TYPE_STRING, NULL, -1, DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_SIGTOOL, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "@TERMUX_PREFIX@/var/lib/clamav" }, + + { "OfficialDatabaseOnly", "official-db-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no" }, + + { "YaraRules", "yara-rules", 0, CLOPT_TYPE_STRING, NULL, 0, NULL, 0, OPT_CLAMSCAN, "By default, yara rules will be loaded. This option allows you to exclude yara rules when scanning and also to scan only using yara rules. Valid options are yes|no|only", "yes"}, + +- { "LocalSocket", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "/tmp/clamd.socket" }, ++ { "LocalSocket", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Path to a local socket file the daemon will listen on.", "@TERMUX_PREFIX@/tmp/clamd.socket" }, + + { "LocalSocketGroup", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" }, + +@@ -271,7 +271,7 @@ + + { "DisableCache", "disable-cache", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option allows you to disable clamd's caching feature.", "no" }, + +- { "VirusEvent", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Execute a command when a virus is found. In the command string %v will be\nreplaced with the virus name. Additionally, two environment variables will\nbe defined: $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME.", "/usr/bin/mailx -s \"ClamAV VIRUS ALERT: %v\" alert < /dev/null" }, ++ { "VirusEvent", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Execute a command when a virus is found. In the command string %v will be\nreplaced with the virus name. Additionally, two environment variables will\nbe defined: $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME.", "@TERMUX_PREFIX@/bin/mailx -s \"ClamAV VIRUS ALERT: %v\" alert < /dev/null" }, + + { "ExitOnOOM", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Stop the daemon when libclamav reports an out of memory condition.", "yes" }, + +@@ -430,7 +430,7 @@ + /* Freshclam-only entries */ + + /* FIXME: drop this entry and use LogFile */ +- { "UpdateLogFile", "log", 'l', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM, "Save all reports to a log file.", "/var/log/freshclam.log" }, ++ { "UpdateLogFile", "log", 'l', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM, "Save all reports to a log file.", "@TERMUX_PREFIX@/var/log/freshclam.log" }, + + { "DatabaseOwner", "user", 'u', CLOPT_TYPE_STRING, NULL, -1, CLAMAVUSER, FLAG_REQUIRED, OPT_FRESHCLAM, "When started by root freshclam will drop privileges and switch to the user\ndefined in this option.", CLAMAVUSER }, + +@@ -510,7 +510,7 @@ + + { "ClamdSocket", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_MILTER, "Define the clamd socket to connect to for scanning.\nThis option is mandatory! Syntax:\n ClamdSocket unix:path\n ClamdSocket tcp:host:port\nThe first syntax specifies a local unix socket (needs an absolute path) e.g.:\n ClamdSocket unix:/var/run/clamd/clamd.socket\nThe second syntax specifies a tcp local or remote tcp socket: the\nhost can be a hostname or an ip address; the \":port\" field is only required\nfor IPv6 addresses, otherwise it defaults to 3310\n ClamdSocket tcp:192.168.0.1\nThis option can be repeated several times with different sockets or even\nwith the same socket: clamd servers will be selected in a round-robin fashion.", "tcp:scanner.mydomain:7357" }, + +- { "MilterSocket",NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Define the interface through which we communicate with sendmail.\nThis option is mandatory! Possible formats are:\n[[unix|local]:]/path/to/file - to specify a unix domain socket;\ninet:port@[hostname|ip-address] - to specify an ipv4 socket;\ninet6:port@[hostname|ip-address] - to specify an ipv6 socket.", "/tmp/clamav-milter.socket\ninet:7357" }, ++ { "MilterSocket",NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Define the interface through which we communicate with sendmail.\nThis option is mandatory! Possible formats are:\n[[unix|local]:]/path/to/file - to specify a unix domain socket;\ninet:port@[hostname|ip-address] - to specify an ipv4 socket;\ninet6:port@[hostname|ip-address] - to specify an ipv6 socket.", "@TERMUX_PREFIX@/tmp/clamav-milter.socket\ninet:7357" }, + + { "MilterSocketGroup", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Define the group ownership for the (unix) milter socket.", "virusgroup" }, + +@@ -534,7 +534,7 @@ + + { "Chroot", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Chroot to the specified directory.\nChrooting is performed just after reading the config file and before\ndropping privileges.", "/newroot" }, + +- { "Whitelist", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of basic POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "/etc/whitelisted_addresses" }, ++ { "Whitelist", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "This option specifies a file which contains a list of basic POSIX regular\nexpressions. Addresses (sent to or from - see below) matching these regexes\nwill not be scanned. Optionally each line can start with the string \"From:\"\nor \"To:\" (note: no whitespace after the colon) indicating if it is,\nrespectively, the sender or recipient that is to be whitelisted.\nIf the field is missing, \"To:\" is assumed.\nLines starting with #, : or ! are ignored.", "@TERMUX_PREFIX@/etc/whitelisted_addresses" }, + + { "SkipAuthenticated", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Messages from authenticated SMTP users matching this extended POSIX\nregular expression (egrep-like) will not be scanned.\nAs an alternative, a file containing a plain (not regex) list of names (one\nper line) can be specified using the prefix \"file:\".\ne.g. SkipAuthenticated file:/etc/good_guys\n\nNote: this is the AUTH login name!", "SkipAuthenticated ^(tom|dick|henry)$" }, + diff --git a/packages/clamav/freshclam.conf b/packages/clamav/freshclam.conf new file mode 100644 index 000000000..c76213104 --- /dev/null +++ b/packages/clamav/freshclam.conf @@ -0,0 +1,8 @@ +# Path to the database directory. +DatabaseDirectory /data/data/com.termux/files/usr/var/lib/clamav + +# database.clamav.net is now the primary domain name to be used world-wide. +# Now that CloudFlare is being used as our Content Delivery Network (CDN), +# this one domain name works world-wide to direct freshclam to the closest +# geographic endpoint. +DatabaseMirror database.clamav.net diff --git a/packages/clamav/no-lutimes.patch b/packages/clamav/no-lutimes.patch new file mode 100644 index 000000000..c9653af43 --- /dev/null +++ b/packages/clamav/no-lutimes.patch @@ -0,0 +1,14 @@ +diff -uNr clamav-0.101.1/libclamunrar/os.hpp clamav-0.101.1.mod/libclamunrar/os.hpp +--- clamav-0.101.1/libclamunrar/os.hpp 2018-12-19 22:48:30.000000000 +0200 ++++ clamav-0.101.1.mod/libclamunrar/os.hpp 2019-01-28 16:34:22.808817627 +0200 +@@ -167,7 +167,9 @@ + + #if defined(__linux) || defined(__FreeBSD__) + #include +-#define USE_LUTIMES ++#ifdef __ANDROID__ ++#undef USE_LUTIMES ++#endif + #endif + + #define ENABLE_ACCESS