[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Tomasz Kojm tkojm at clamav.net
Sun Apr 4 01:23:09 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit c4910836f3251a46cdae9143d112af04f8ab6381
Author: Tomasz Kojm <tkojm at clamav.net>
Date:   Fri Mar 19 17:42:25 2010 +0100

    update manuals

diff --git a/clamscan/clamscan.c b/clamscan/clamscan.c
index 14239cf..dbb7bf4 100644
--- a/clamscan/clamscan.c
+++ b/clamscan/clamscan.c
@@ -216,6 +216,8 @@ void help(void)
     mprintf("    --include=REGEX                      Only scan file names matching REGEX\n");
     mprintf("    --include-dir=REGEX                  Only scan directories matching REGEX\n");
     mprintf("\n");
+    mprintf("    --bytecode[=yes(*)/no]               Load bytecode from the database\n");
+    mprintf("    --bytecode-trust-all[=yes/no(*)]     Trust all loaded bytecode\n");
     mprintf("    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications\n");
     mprintf("    --exclude-pua=CAT                    Skip PUA sigs of category CAT\n");
     mprintf("    --include-pua=CAT                    Load PUA sigs of category CAT\n");
diff --git a/clamscan/manager.c b/clamscan/manager.c
index 1460297..f8b4ed5 100644
--- a/clamscan/manager.c
+++ b/clamscan/manager.c
@@ -401,7 +401,7 @@ int scanmanager(const struct optstruct *opts)
     if(optget(opts, "leave-temps")->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
 
-    if(optget(opts, "trust-loaded-bytecode")->enabled)
+    if(optget(opts, "bytecode-trust-all")->enabled)
 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL);
 
     if((opt = optget(opts, "tempdir"))->enabled) {
diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in
index d899325..228225c 100644
--- a/docs/man/clamd.conf.5.in
+++ b/docs/man/clamd.conf.5.in
@@ -78,8 +78,11 @@ Default: system specific (usually /tmp or /var/tmp).
 .TP 
 \fBDatabaseDirectory STRING\fR
 Path to a directory containing database files.
+.TP 
+\fBOfficialDatabaseOnly BOOL\fR
+Only load the official signatures published by the ClamAV project.
 .br 
-Default: @DBDIR@
+Default: no
 .TP 
 \fBLocalSocket STRING\fR
 Path to a local (Unix) socket the daemon will listen on.
@@ -236,7 +239,17 @@ Limit data port range.
 .br 
 Default: 2048
 .TP 
-\fBDetectPUA\fR
+\fBBytecode BOOL\fR
+With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses.
+.br
+Default: yes
+.TP 
+\fBBytecodeSecurity STRING\fR
+Set bytecode security level. Possible values: \fBNone\fR: no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS, \fBTrustSigned\fR: trust bytecode loaded from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from other sources, \fBParanoid\fR: don't trust any bytecode, insert runtime checks for all. The recommended setting is \fBTrustSigned\fR, because bytecode in .cvd files already has safety checks inserted into it.
+.br 
+Default: TrustSigned
+.TP 
+\fBDetectPUA BOOL\fR
 Detect Possibly Unwanted Applications.
 .br 
 Default: No
@@ -404,6 +417,11 @@ Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
 .br 
 Default: no
 .TP 
+\fBClamukoScannerCount NUMBER\fR
+The number of scanner threads that will be started (DazukoFS only). Having multiple scanner threads allows Clamuko to serve multiple processes simultaneously. This is particularly beneficial on SMP machines.
+.br 
+Default: 3
+.TP 
 \fBClamukoScanOnOpen BOOL\fR
 Scan files on open.
 .br 
diff --git a/docs/man/clamscan.1.in b/docs/man/clamscan.1.in
index e1ff05f..7aaab6d 100644
--- a/docs/man/clamscan.1.in
+++ b/docs/man/clamscan.1.in
@@ -78,6 +78,12 @@ Move infected files into DIRECTORY. Directory must be writable for the '@CLAMAVU
 \fB\-\-copy=DIRECTORY\fR
 Copy infected files into DIRECTORY. Directory must be writable for the '@CLAMAVUSER@' user or unprivileged user running clamscan.
 .TP 
+\fB\-\-bytecode[=yes(*)/no]\fR
+With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses.
+.TP 
+\fB\-\-bytecode\-trust\-all[=yes/no(*)]\fR
+This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging.
+.TP 
 \fB\-\-detect\-pua[=yes/no(*)]\fR
 Detect Possibly Unwanted Applications.
 .TP 
diff --git a/shared/optparser.c b/shared/optparser.c
index dc2d3ad..835e4bc 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -122,7 +122,7 @@ const struct clam_option __clam_options[] = {
 
     { NULL, "force-interpreter", 'f', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Force using the interpreter instead of the JIT", "" },
     { NULL, "trust-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMBC, "Trust loaded bytecode (default yes)", ""},
-    { NULL, "trust-loaded-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Trust loaded bytecode (default: only if signed)", ""},
+    { NULL, "bytecode-trust-all", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Trust loaded bytecode (default: only if signed)", ""},
     { NULL, "info", 'i', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Load and print bytecode information without executing", ""},
     { NULL, "printsrc", 'p', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Print source code of bytecode", ""},
     { NULL, "input", 'i', TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMBC, "Input file to run the bytecode n", ""},

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list