Attached is an ebuild for a new package: app-antivirus/clamav-unofficial-sigs This package provides a script for updating the following sources of 3rd-party clamav signatures (until freshclamav gains support for such signatures). The SaneSecurity/OITC signatures provide detection of phishing, spear phishing, fake lottery, ecard malware, casino, fake jobs, fake loans, 419s, fake diplomas, porn, emailed malware and other general spam. MSRBL signatures provide detection of image spam and general spam. SecuriteInfo signatures provide various badware signatures, securiteinfo.com honeypot signatures, honeynet.cz signatures and French anti-spam signatures MalwarePatrol provides detection of mail containing URLs to malware. Reproducible: Always
Created attachment 193697 [details] initial ebuild for clamav-unofficial-sigs-3.5.3
I've CCed antivirus and net-mail in case they're interested in picking this up. If not, you might want to try project sunrise [1], since they allow normal users to maintain packages in an official overlay... [1] http://overlays.gentoo.org/proj/sunrise/wiki/SunriseFaq
Created attachment 217328 [details] Updated ebuild for clamav-unofficial-sigs-3.7 I've made a few changes to the original ebuild, and updated it for the new version of the script. * No longer require virtual/cron (some people may want to execute it manually). * Don't install the update script into /etc/cron.daily by default. This could be dangerous if the user has cron running and doesn't modify the config file or realize that the script has been enabled automatically. * Changed the "additional" in the description to "third-party." * Elog instructions for creating a nightly cron job via a symlink. * Uncomment the clamd_socket variable after we set it to the correct path. * Changed the default work_dir to /var/lib/clamav. This is probably the most objectionable change, since it eliminates the use of /usr/unofficial-sigs (which was renamed to unofficial-dbs). * Install the LICENSE and INSTALL documents.
Created attachment 223559 [details] app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-3.7.ebuild I am attaching my version that I use since long time. (In reply to comment #3) > Created an attachment (id=217328) [details] > Updated ebuild for clamav-unofficial-sigs-3.7 > > I've made a few changes to the original ebuild, and updated it for the new > version of the script. > > * No longer require virtual/cron (some people may want to execute it manually). > * Don't install the update script into /etc/cron.daily by default. This could > be dangerous if the user has cron running and doesn't modify the config file or > realize that the script has been enabled automatically. > This anyway should not be an issue since one needs to set user_configuration_complete to "yes" in order to have the script up and running. > * Changed the "additional" in the description to "third-party." > * Elog instructions for creating a nightly cron job via a symlink. > * Uncomment the clamd_socket variable after we set it to the correct path. > I find this change dangerous since not everyone is using ClamAV in socket mode (I for example use it in TCP/IP mode). > * Changed the default work_dir to /var/lib/clamav. This is probably the most > objectionable change, since it eliminates the use of /usr/unofficial-sigs > (which was renamed to unofficial-dbs). > IMHO /var/lib/clamav is the wrong place for such things. Better would be something under /var/tmp. > * Install the LICENSE and INSTALL documents. > Your Ebuild is stating that the application has a BSD license but according to the documentation the application is "AS-IS".
(In reply to comment #4) > > * No longer require virtual/cron (some people may want to execute it manually). > > * Don't install the update script into /etc/cron.daily by default. This could > > be dangerous if the user has cron running and doesn't modify the config file or > > realize that the script has been enabled automatically. > > > This anyway should not be an issue since one needs to set > user_configuration_complete to "yes" in order to have the script up and > running. Right, but lets say that the user installs version 3.5, configures it, and runs it as a standalone. When he upgrades to version 3.7, we shouldn't automatically install a cron task and begin executing it daily without any user interaction. > > * Changed the "additional" in the description to "third-party." > > * Elog instructions for creating a nightly cron job via a symlink. > > * Uncomment the clamd_socket variable after we set it to the correct path. > > > I find this change dangerous since not everyone is using ClamAV in socket mode > (I for example use it in TCP/IP mode). You might be right about this one. I'm not sure what the best solution is. > > * Changed the default work_dir to /var/lib/clamav. This is probably the most > > objectionable change, since it eliminates the use of /usr/unofficial-sigs > > (which was renamed to unofficial-dbs). > > > IMHO /var/lib/clamav is the wrong place for such things. Better would be > something under /var/tmp. Agreed. The permissions would need to be set on the new directory, though. > > * Install the LICENSE and INSTALL documents. > > > Your Ebuild is stating that the application has a BSD license but according to > the documentation the application is "AS-IS". The LICENSE document does contain an "as-is" clause, but this means something specific in Gentoo. There is a list of licenses under /usr/portage/licenses, two of which are as-is and BSD. The LICENSE="" ebuild variable is supposed to reference these; if you take a look, you'll see that the unofficial sigs LICENSE document matches Gentoo's BSD almost word-for-word. That said, it's considered redundant to install the LICENSE document when LICENSE="whatever" is specified in the ebuild. So, "dodoc LICENSE" can go away.
(In reply to comment #5) > Right, but lets say that the user installs version 3.5, configures it, and runs > it as a standalone. When he upgrades to version 3.7, we shouldn't automatically > install a cron task and begin executing it daily without any user interaction. > That is the reason that the Ebuild I posted does not install the cron job. > You might be right about this one. I'm not sure what the best solution is. > The best solution is to not force neither SOCKET nor TCP/IP mode and let the user decide. > Agreed. The permissions would need to be set on the new directory, though. > I do that in my Ebuild. > The LICENSE document does contain an "as-is" clause, but this means something > specific in Gentoo. There is a list of licenses under /usr/portage/licenses, > two of which are as-is and BSD. The LICENSE="" ebuild variable is supposed to > reference these; if you take a look, you'll see that the unofficial sigs > LICENSE document matches Gentoo's BSD almost word-for-word. > Still it's not the BSD license. The author has explicitly written that the license is AS-IS and you can't just assume that it is BSD just because it matches the BSD license word by word. > That said, it's considered redundant to install the LICENSE document when > LICENSE="whatever" is specified in the ebuild. So, "dodoc LICENSE" can go away. >
I added this to the Sunrise overlay: http://overlays.gentoo.org/proj/sunrise/browser/reviewed/app-antivirus/clamav-unofficial-sigs If someone can, please update the bug with, Status Whiteboard: sunrise-overlay Keywords: EBUILD, InOverlay The changelog vs. the last posted version, off the top of my head: 1. LICENCE="BSD". I asked the author, and he said it's BSD. It turns out the license is also in the man page, but who reads those? 2. Cleaned up RDEPEND/DEPEND. We only require clamav at build time for the clamav user/group. The rest are runtime dependencies. I removed any packages in the system set, and added bind-tools for dig. 3. USE="logwatch" removed; there is a QA bug open for this if only I could find it again. Install the logwatch script unconditionally. 4. The working directory was moved to /var/lib/${PN} (dev suggestion). 5. Removed the cron instructions. People are supposed to know how to do this.
Should be hitting the tree any minute now. 27 Dec 2013; Michael Orlitzky <mjo@gentoo.org> +clamav-unofficial-sigs-3.7.2.ebuild, +metadata.xml: New package: app-antivirus/clamav-unofficial-sigs, to download and install third-party clamav signatures. Fixes bug #272872.