[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-181-gd3beb8f
Stephen Gran
steve at lobefin.net
Mon Jun 15 22:11:41 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit d3beb8f9adeb9ba22511260f4d48a9cab875567f
Author: martin f. krafft <madduck at madduck.net>
Date: Mon Jun 15 11:21:02 2009 +0200
remove trailing spaces from debian/{NEWS,README}
Signed-off-by: martin f. krafft <madduck at madduck.net>
diff --git a/debian/NEWS.Debian b/debian/NEWS.Debian
index c377fb2..694a2bd 100644
--- a/debian/NEWS.Debian
+++ b/debian/NEWS.Debian
@@ -44,7 +44,7 @@ clamav (0.92.1~dfsg-1) unstable; urgency=low
clamav (0.81-1) unstable; urgency=medium
- * clamav-milter now by default scans messages internally. This may not be
+ * clamav-milter now by default scans messages internally. This may not be
entirely stable, and for this reason, I recommend adding --external to
/etc/default/clamav-milter (it will be done automatically if you have not
changed that file).
@@ -61,7 +61,7 @@ clamav (0.80-1) unstable; urgency=low
upgrade, hopefully.
- New option for freshclam - DNSDatabaseInfo. Will do database lookups
via DNS TXT records, rather than using HTTP HEAD as before. It is enabled
- by default for just this upgrade - if it doesn't work for you, pull it back
+ by default for just this upgrade - if it doesn't work for you, pull it back
out of freshclam.conf. If it does work for you, it should significantly
reduce the load on the mirror network.
@@ -70,7 +70,7 @@ clamav (0.80-1) unstable; urgency=low
clamav-freshclam (0.75.1-1) unstable; urgency=low
* Upstream is changing around their mirror network, and in order to
- deal with that, there is an additional debconf question on this
+ deal with that, there is an additional debconf question on this
upgrade. I like it no better than you do.
-- Stephen Gran <sgran at debian.org> Thu, 29 Jul 2004 22:33:51 -0400
@@ -87,7 +87,7 @@ clamav-daemon (0.71-1) unstable; urgency=low
details.
-- Stephen Gran <sgran at debian.org> Mon, 10 May 2004 22:52:05 -0400
-
+
clamav-daemon (0.69-0.70-rc-1) unstable; urgency=low
* For those upgrading from older versions, please check the permissions on
@@ -101,7 +101,7 @@ clamav-daemon (0.69-0.70-rc-1) unstable; urgency=low
clamav-daemon (0.67-7) unstable; urgency=low
* NOTE about clamav-daemon:
-
+
clamav-daemon features a new thread manager. This is a pre-realease of what
will be in upstream's next stable release (0.68 or 0.70), and is supposed to
fix the timeout problems that many users had problems with, especially on
@@ -112,7 +112,7 @@ clamav-daemon (0.67-7) unstable; urgency=low
clamav-daemon (0.67-3) unstable; urgency=low
* IMPORTANT NOTE about clamav-daemon:
-
+
The default socket file has changed to /var/run/clamav/clamd.ctl, to
allow people to more easily run as a non-root user. This should not
clobber your old configuration file and change the location of the socket
@@ -120,9 +120,9 @@ clamav-daemon (0.67-3) unstable; urgency=low
Please take care to investigate any other services that rely on the
presence of the socket file, such as exim4-daemon-heavy with exiscan
or amavisd-new.
-
+
Also anyone using the Dazuko support, please note that it is disabled
- in this release. Upstream felt the code was not mature enough for
+ in this release. Upstream felt the code was not mature enough for
release. If you have enabled Dazuko support in clamav.conf, please
check that it is disabled after upgrade (Clamuko* options in clamav.conf)
diff --git a/debian/README.Debian b/debian/README.Debian
index 11af79b..6319463 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,9 +1,9 @@
DOCUMENTATION
-
+
Non-Debian documentation has been removed (I.e how to install on UnixXXX
etc.) The original documentation is still available in the source
package. Download the source using the command 'apt-get source clamav'.
-
+
CONFIGURATION
There are several changes made to the default configuration provided by
upstream. Both the autogenerated configuration files and the ones
@@ -45,18 +45,18 @@ CLAMAV-DAEMON
create a configuration file. Due to the complexity of configuring the
daemon no questions are asked during install. If you want to change this
configuration you have two options:
-
+
1. 'point-and-click' re-configuration using debconf
- The vast majority of options can be accessed by running
- 'dpkg-reconfigure clamav-base'
-
+ The vast majority of options can be accessed by running
+ 'dpkg-reconfigure clamav-base'
+
Clamav-daemon's configuration is quite complex. However its full
complexity shouldn't be felt by users since the majority of the
questions alraedy have sensible defaults.
-
+
2. The package also handles manual editing of it's configuration file,
/etc/clamav/clamd.conf, gracefully.
-
+
While it's possible to mix debconf and manual editing, it isn't
recommended, since it can lead to confusing results. Debconf attempts to
respect any changes you have done manually in /etc/clamav/clamd.conf.
@@ -64,13 +64,13 @@ CLAMAV-DAEMON
upgrade, but if you are going to manage your conf file manually, please
take a moment and run dpkg-reconfigure clamav-base, and answer no to
debconf management.
-
+
Just running dpkg-reconfigure clamav-base won't reset
/etc/clamav/clamd.conf to a debconf generated configuration
file. If you want to discard all your manual changes just run 'ucf -p
/etc/clamav/clamd.conf;dpkg-reconfigure clamav-base'
-
- WARNINGS
+
+ WARNINGS
The ScanMail option has stabilized somewhat over previous releases, and
is now enabled by default. However, this is where the bulk of libclamav's
@@ -78,7 +78,7 @@ CLAMAV-DAEMON
up with virus writers interesting ideas about MIME, and certain MUA's
willingness to go along with those ideas. Caveat emptor, you have been
warned.
-
+
As of version 0.71-1, clamd will no longer run as root by default. This
decision was made due to the fact that it is still pre-1.0 software, and
there are still many bugs to be worked out. This decision can be
@@ -91,10 +91,10 @@ CLAMAV-DAEMON
In case you happen to have the TMPDIR variable set in your root environment,
please make sure that TemporaryDirectory is set to something sane in
/etc/clamav/clamd.conf (the Debian packages default to /tmp), as otherwise
- clamd will fail to operate after changing its user id as noted above.
-
+ clamd will fail to operate after changing its user id as noted above.
+
MTA INTEGRATION
-
+
SENDMAIL
So long as sendmail can write to clamav-milter's socket, the rest
@@ -110,11 +110,11 @@ CLAMAV-DAEMON
to clamd.conf. You may also need to ensure the scan/ directory is
group writable (on Debian systems, this is /var/spool/exim4/scan)
- To enable clamav in the Debian exim4 packages, add
+ To enable clamav in the Debian exim4 packages, add
av_scanner = clamd:/var/run/clamav/clamd.ctl
(or if you've chosen tcp sockets)
av_scanner = clamd:127.0.0.1 3310
- to the main configuration settings (a new file under
+ to the main configuration settings (a new file under
/etc/exim4/conf.d/main/ if split config is being used)
Then add the following to your data time acl:
@@ -122,24 +122,24 @@ CLAMAV-DAEMON
deny message = This message contains a virus: ($malware_name) please scan your system.
demime = *
malware = *
-
- (The data acl is defined in /etc/exim4/conf.d/acl/40_exim4-config_check_data
+
+ (The data acl is defined in /etc/exim4/conf.d/acl/40_exim4-config_check_data
by default if split config is being used)
-
+
AMAVIS
-
+
Amavis variants can achieve the same functionality by adding the clamav
user to the amavis group.
POSTFIX
- Recent versions of postfix have support for milters. This allows clamav-milter to
+ Recent versions of postfix have support for milters. This allows clamav-milter to
be used reasonably well with postfix, although the problem of group permissions on
- the actual socket is a problem. See /usr/share/doc/clamav-milter/INSTALL.gz for some
+ the actual socket is a problem. See /usr/share/doc/clamav-milter/INSTALL.gz for some
details. A solution for the frequent "I have to change the init script to make sure
- postfix can communicate with the socket" problem is making the directory for the socket
+ postfix can communicate with the socket" problem is making the directory for the socket
setgid. So:
- uncomment "USE_POSTFIX=yes" in /etc/default/clamav-milter and choose the appropriate
+ uncomment "USE_POSTFIX=yes" in /etc/default/clamav-milter and choose the appropriate
socket option.
mkdir -p /var/spool/postfix/clamav/
chown clamav:postfix /var/spool/postfix/clamav/
@@ -147,10 +147,10 @@ CLAMAV-DAEMON
ls -l /var/spool/postfix/clamav/
srwxrwxr-x 1 clamav postfix 0 2006-12-15 03:37 clamav-milter
- Another option is to use a TCP socket for milter <-> postfix communication. For this
+ Another option is to use a TCP socket for milter <-> postfix communication. For this
option, you can use the syntax:
SOCKET=inet:12000 at 127.0.0.1 (port at host, in case it's not clear)
- in /etc/default/clamav-milter. This has the disadvantage that you lose filesystem
+ in /etc/default/clamav-milter. This has the disadvantage that you lose filesystem
permission-based protections on the socket, so use with some caution.
Other MTA's I am not as familiar with, but the same principles apply -
@@ -160,55 +160,55 @@ CLAMAV-DAEMON
to a unix socket rather than a network socket.
ERRATA
-
+
For those who use clamav-daemon primarily for system scans (although
since clamd detects largely MS viruses, the utility of doing this on
a regular basis is somewhat limited in most linux-only environments),
there is probaly no alternative but to run clamd as User root or
use clamscan (see below). If you are doing this, I highly suggest
running it listening on a Unix socket, and restricting read/write
- permissions to it to prevent unauthorized access. In these
- circumstances, running clamscan instead is probably safer as the
- overhead of per-instance database loading is vastly outweighed by the
+ permissions to it to prevent unauthorized access. In these
+ circumstances, running clamscan instead is probably safer as the
+ overhead of per-instance database loading is vastly outweighed by the
length of the scan, and it eliminates running a daemon as root.
-
- As of 0.75-1, there is support for running both clamd and clamav-milter
- under daemon. Just install daemon, and add Foreground to clamd.conf.
- Beware that this affects both clamd and clamav-milter, it is not either
+
+ As of 0.75-1, there is support for running both clamd and clamav-milter
+ under daemon. Just install daemon, and add Foreground to clamd.conf.
+ Beware that this affects both clamd and clamav-milter, it is not either
or.
-
+
Note also that the clamd package contains an empty directory
/etc/clamav/virusevent.d/ Admins and other packagers are encouraged to
use this directory to store scripts that should be executed after a virus
is detected. To enable the feature, you will have to add:
-
+
VirusEvent /bin/run-parts --lsbsysinit /etc/clamav/virusevent.d/
-
+
to /etc/clamav/clamd.conf
-
+
CLAMSCAN
-
- It has the same flaws as clamav-daemon when it comes to handling mbox
+
+ It has the same flaws as clamav-daemon when it comes to handling mbox
attachments (the code with the bugs are in the library). The result of
such bugs are not as heavy in clamscan since it is completely restarted on
- each invocation, and clamd may be taken down by the same bug. If you do
+ each invocation, and clamd may be taken down by the same bug. If you do
a high number of scans (for example, a separate scan for each received
email), then clamd may better suit your needs. If you are doing full
system scans, then there is no noticeable performance benefit to the daemon,
and you can easily substitute clamscan, and eliminate the need to run clamd
as root.
-
-
+
+
CLAMAV-FRESHCLAM
-
- Clam Antivirus doesn't support the oav-database anymore. The freshclam
+
+ Clam Antivirus doesn't support the oav-database anymore. The freshclam
auto updating setup is much simpler than the oav counterpart.
-
+
The clamav-freshclam package includes virus databases, but these
are only used if fresh ones cannot be downloaded directly from the
database servers, or if you do not have them already in place (e.g.,
from the clamav-data package)
-
+
If you don't have Internet access you should install the clamav-data
package, which contains a static database. You can even (re)create
a clamav-data package yourself from an Internet connected computer
@@ -217,18 +217,18 @@ CLAMAV-FRESHCLAM
signatures on the databases, and it may refuse to load an unsigned one.
Hopefully at that point, though, there will be a better mechanism to
self-sign databases, and feed the correct signature to freshclam.
-
+
Note also that the freshclam package contains the empty directories
/etc/clamav/onupdateexecute.d and /etc/clamav/onerrorexecute.d.
Admins and other packagers are encouraged to use this directory to store
scripts that should be executed after an update or an error. To enable
the feature, you will have to add to /etc/clamav/freshclam.conf:
-
+
OnUpdateExecute /bin/run-parts --lsbsysinit /etc/clamav/onupdateexecute.d/
OnErrorExecute /bin/run-parts --lsbsysinit /etc/clamav/onerrorexecute.d/
CLAMAV-MILTER
-
+
Configuration instructions:
Installations for Debian:
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list