55
if [ -e '/etc/clamav/clamd.conf' ]; then # Upgrade - clamd.conf already there
56
clamconf='/etc/clamav/clamd.conf'
58
if dpkg --compare-versions $2 lt 0.93~; then
59
rm -rf /var/lib/clamav/main.cvd /var/lib/clamav/main.inc /var/lib/clamav/daily.cvd /var/lib/clamav/daily.inc
63
if [ -n "$clamconf" ]; then
64
user="$(grep '^User ' $clamconf | awk '{print $2}')"
65
[ -z "$user" ] && user=clamav # Old default config
66
data="$(grep '^DatabaseDirectory ' $clamconf | awk '{print $2}')"
67
if [ -n "$data" ]; then
68
datadir="$(dirname "${data}/.")"
70
datadir="$DATABASEDIR"
72
log="$(grep '^LogFile ' $clamconf | awk '{print $2}')"
73
if [ -n "$log" ]; then
74
logdir=`dirname "$log"`
79
if [ "$datadir" = "$DATABASEDIR" ] && [ "$logdir" = "$LOGDIR" ]; then
80
if [ "$user" = 'clamav' ]; then # Default config
81
[ ! -d $DATABASEDIR ] || chown $user:$user $DATABASEDIR || true
82
[ ! -d $LOGDIR ] || chown $user:$user $LOGDIR || true
86
[ ! -d $DATABASEDIR ] || chown $user:$user $DATABASEDIR || true
87
[ ! -d $LOGDIR ] || chown $user:$user $LOGDIR || true
90
DEBCONFFILE=/var/lib/clamav/clamav.conf
91
DEBROTATEFILE=/var/lib/clamav/clamdrotate.debconf
92
CLAMAVCONF=/etc/clamav/clamd.conf
94
db_metaget clamav-base/debconf value || true
95
if [ "$RET" = "true" ]; then
96
db_metaget clamav-base/User value || true
98
db_metaget clamav-base/AddGroups value|| true
100
db_metaget clamav-base/TcpOrLocal value || true
101
if [ "$RET" = "TCP" ]; then
103
db_get clamav-base/TCPSocket || true
105
db_get clamav-base/TCPAddr
109
db_metaget clamav-base/LocalSocket value || true
111
db_metaget clamav-base/FixStaleSocket value || true
113
db_metaget clamav-base/LocalSocketGroup value || true
115
db_metaget clamav-base/LocalSocketMode value || true
118
db_metaget clamav-base/ScanMail value || true
120
db_metaget clamav-base/ScanArchive value || true
122
db_get clamav-base/MaxDirectoryRecursion || true
123
if [ "$RET" != "0" ]; then
125
db_get clamav-base/FollowDirectorySymlinks || true
131
db_metaget clamav-base/FollowFileSymlinks value || true
132
followfilesyms="$RET"
133
db_get clamav-base/ThreadTimeout || true
135
db_get clamav-base/ReadTimeout || true
137
[ -z "$readtimeout" ] && readtimeout="$threadtimeout"
138
db_get clamav-base/MaxThreads || true
140
db_get clamav-base/MaxConnectionQueueLength || true
142
db_get clamav-base/StreamMaxLength || true
143
streamsavelength="$RET"
144
db_metaget clamav-base/LogSyslog value || true
146
db_get clamav-base/LogFile || true
147
if [ "$RET" != "" ]; then
149
db_metaget clamav-base/LogTime value || true
152
db_metaget clamav-base/LogRotate value || true
154
db_get clamav-base/SelfCheck || true
156
db_metaget clamav-base/Bytecode value || true
158
if [ "$bytecode" = "true" ]; then
159
db_metaget clamav-base/BytecodeSecurity value || true
161
db_metaget clamav-base/BytecodeTimeout value || true
164
db_metaget clamav-base/ScanOnAccess value || true
166
if [ "$ScanOnAccess" = "true" ]; then
167
db_metaget clamav-base/OnAccessMaxFileSize value || true
168
OnAccessMaxFileSize="$RET"
170
db_metaget clamav-base/AllowAllMatchScan value || true
171
AllowAllMatchScan="$RET"
172
db_metaget clamav-base/ForceToDisk value || true
174
db_metaget clamav-base/DisableCertCheck value || true
175
DisableCertCheck="$RET"
176
db_metaget clamav-base/ScanSWF value || true
178
db_metaget clamav-base/MaxEmbeddedPE value || true
180
db_metaget clamav-base/MaxHTMLNormalize value || true
181
MaxHTMLNormalize="$RET"
182
db_metaget clamav-base/MaxHTMLNoTags value || true
184
db_metaget clamav-base/MaxScriptNormalize value || true
185
MaxScriptNormalize="$RET"
186
db_metaget clamav-base/MaxZipTypeRcg value || true
189
slurp_config "$CLAMAVCONF"
191
# Test for the broken versions, see #741675.
192
if [ "$2" = "0.98.1+dfsg-3" ] || [ "$2" = "0.98.1+dfsg-1+deb7u2" ] || [ "$2" = "0.98.1+dfsg-1+deb6u2" ]; then
193
# Use the defaults instead of the bogus values created by that versions.
194
db_metaget clamav-base/LogRotate default || true
196
db_metaget clamav-base/ScanOnAccess default || true
198
OnAccessMaxFileSize=""
199
OnAccessIncludePath=""
200
OnAccessExcludePath=""
201
OnAccessExcludeUID=""
202
db_metaget clamav-base/AllowAllMatchScan default || true
203
AllowAllMatchScan="$RET"
204
db_metaget clamav-base/ForceToDisk default || true
206
db_metaget clamav-base/DisableCertCheck default || true
207
DisableCertCheck="$RET"
208
db_metaget clamav-base/ScanSWF default || true
210
db_metaget clamav-base/MaxEmbeddedPE default || true
212
db_metaget clamav-base/MaxHTMLNormalize default || true
213
MaxHTMLNormalize="$RET"
214
db_metaget clamav-base/MaxHTMLNoTags default || true
216
db_metaget clamav-base/MaxScriptNormalize default || true
217
MaxScriptNormalize="$RET"
218
db_metaget clamav-base/MaxZipTypeRcg default || true
222
if [ -z "$PidFile" ]; then
223
PidFile='/var/run/clamav/clamd.pid'
224
elif [ "$PidFile" = '/var/run/clamd.pid' ]; then
225
PidFile='/var/run/clamav/clamd.pid'
228
[ -z "$DatabaseDirectory" ] && DatabaseDirectory='/var/lib/clamav'
230
if [ -z "$2" ]; then # Fresh install
231
[ -z "$AllowSupplementaryGroups" ] && AllowSupplementaryGroups=true
232
elif [ -n "$addgroups" ]; then
233
AllowSupplementaryGroups=true
236
echo "#Automatically Generated by clamav-base postinst" > $DEBCONFFILE
237
echo "#To reconfigure clamd run #dpkg-reconfigure clamav-base" >> $DEBCONFFILE
238
echo "#Please read /usr/share/doc/clamav-base/README.Debian.gz for details" >> $DEBCONFFILE
239
if [ "$sock" = "tcp" ]; then
240
echo "TCPSocket $tcpsock" >> $DEBCONFFILE
241
[ "$tcpadd" = "any" ] || echo "TCPAddr $tcpadd" >> $DEBCONFFILE
243
echo "LocalSocket $localsock" >> $DEBCONFFILE
244
echo "FixStaleSocket $fixstale" >> $DEBCONFFILE
245
echo "LocalSocketGroup $localsockgrp" >> $DEBCONFFILE
246
echo "LocalSocketMode $localsockmode" >> $DEBCONFFILE
248
[ -z "$user" ] && user=clamav
249
[ -z "$AllowSupplementaryGroups" ] && AllowSupplementaryGroups=false
250
[ -z "$ArchiveBlockEncrypted" ] && ArchiveBlockEncrypted="$ArchiveDetectEncrypted"
251
[ -z "$ArchiveBlockEncrypted" ] && ArchiveBlockEncrypted=false
252
[ -z "$maxdirrec" ] && maxdirrec=15
253
[ -z "$readtimeout" ] && readtimeout=120
254
[ -z "$maxthreads" ] && maxthreads=10
255
[ -z "$maxconnQleng" ] && maxconnQleng=15
256
[ -z "$streamsavelength" ] && streamsavelength=10
257
[ -z "$LogFacility" ] && LogFacility=LOG_LOCAL6
258
[ -z "$LogRotate" ] && LogRotate=true
259
[ -z "$LogFileUnlock" ] && LogFileUnlock=false
260
[ -z "$LogFileMaxSize" ] && LogFileMaxSize=0
261
[ -z "$LogClean" ] && LogClean=false
262
[ -z "$LogVerbose" ] && LogVerbose=false
263
[ -z "$selfcheck" ] && selfcheck=1800
264
[ -z "$Foreground" ] && Foreground=false
265
[ -z "$Debug" ] && Debug=false
266
if [ -n "$DisableDefaultScanOptions" ]; then
267
# Upgrade from < 0.9x
268
[ -z "$ScanPE" ] && ScanPE=false
269
[ -z "$ScanOLE2" ] && ScanOLE2=false
270
[ -z "$ScanHTML" ] && ScanHTML=false
271
[ -z "$ScanPDF" ] && ScanPDF=false
273
[ -z "$ScanPE" ] && ScanPE=true
274
[ -z "$ScanOLE2" ] && ScanOLE2=true
275
[ -z "$ScanHTML" ] && ScanHTML=true
276
[ -z "$ScanPDF" ] && ScanPDF=true
278
[ -z "$OfficialDatabaseOnly" ] && OfficialDatabaseOnly=false
279
[ -z "$CrossFilesystems" ] && CrossFilesystems=true
280
[ -z "$Bytecode" ] && bytecode=true
281
[ -z "$BytecodeSecurity" ] && bytecodesec=TrustSigned
282
[ -z "$BytecodeTimeout" ] && bytecodetime=60000
283
[ -z "$DetectBrokenExecutables" ] && DetectBrokenExecutables=false
284
[ -z "$ExitOnOOM" ] && ExitOnOOM=false
285
[ -z "$LeaveTemporaryFiles" ] && LeaveTemporaryFiles=false
286
[ -z "$AlgorithmicDetection" ] && AlgorithmicDetection=true
287
[ -z "$ScanELF" ] && ScanELF=true
288
[ -z "$IdleTimeout" ] && IdleTimeout=30
289
[ -z "$PhishingSignatures" ] && PhishingSignatures=true
290
[ -z "$PhishingScanURLs" ] && PhishingScanURLs=true
291
[ -z "$PhishingAlwaysBlockSSLMismatch" ] && PhishingAlwaysBlockSSLMismatch=false
292
[ -z "$PhishingAlwaysBlockCloak" ] && PhishingAlwaysBlockCloak=false
293
[ -z "$DetectPUA" ] && DetectPUA=false
294
[ -z "$MaxScanSize" ] && MaxScanSize=100M
295
[ -z "$MaxFileSize" ] && MaxFileSize=25M
296
[ -z "$MaxRecursion" ] && MaxRecursion=10
297
[ -z "$MaxFiles" ] && MaxFiles=10000
298
[ -z "$ExcludePUA" ] && ExcludePUA=
299
[ -z "$IncludePUA" ] && IncludePUA=
300
[ -z "$ScanPartialMessages" ] && ScanPartialMessages=false
301
[ -z "$HeuristicScanPrecedence" ] && HeuristicScanPrecedence=false
302
[ -z "$StructuredDataDetection" ] && StructuredDataDetection=false
303
[ -z "$CommandReadTimeout" ] && CommandReadTimeout=5
304
[ -z "$SendBufTimeout" ] && SendBufTimeout=200
305
[ -z "$MaxQueue" ] && MaxQueue=100
306
[ -z "$ExtendedDetectionInfo" ] && ExtendedDetectionInfo=true
307
[ -z "$OLE2BlockMacros" ] && OLE2BlockMacros=false
309
if [ -n "$TemporaryDirectory" ]; then
310
cat >> $DEBCONFFILE << EOF
311
TemporaryDirectory $TemporaryDirectory
314
cat >> $DEBCONFFILE << EOF
315
# TemporaryDirectory is not set to its default /tmp here to make overriding
316
# the default with environment variables TMPDIR/TMP/TEMP possible
320
cat >> $DEBCONFFILE << EOF
322
AllowSupplementaryGroups $AllowSupplementaryGroups
324
ScanArchive $scanarchive
325
ArchiveBlockEncrypted $ArchiveBlockEncrypted
326
MaxDirectoryRecursion $maxdirrec
327
FollowDirectorySymlinks $followdirsyms
328
FollowFileSymlinks $followfilesyms
329
ReadTimeout $readtimeout
330
MaxThreads $maxthreads
331
MaxConnectionQueueLength $maxconnQleng
334
LogFacility $LogFacility
336
LogVerbose $LogVerbose
338
DatabaseDirectory $DatabaseDirectory
340
Foreground $Foreground
343
MaxEmbeddedPE $MaxEmbeddedPE
346
MaxHTMLNormalize $MaxHTMLNormalize
347
MaxHTMLNoTags $MaxHTMLNoTags
348
MaxScriptNormalize $MaxScriptNormalize
349
MaxZipTypeRcg $MaxZipTypeRcg
351
DetectBrokenExecutables $DetectBrokenExecutables
353
LeaveTemporaryFiles $LeaveTemporaryFiles
354
AlgorithmicDetection $AlgorithmicDetection
356
IdleTimeout $IdleTimeout
357
PhishingSignatures $PhishingSignatures
358
PhishingScanURLs $PhishingScanURLs
359
PhishingAlwaysBlockSSLMismatch $PhishingAlwaysBlockSSLMismatch
360
PhishingAlwaysBlockCloak $PhishingAlwaysBlockCloak
362
ScanPartialMessages $ScanPartialMessages
363
HeuristicScanPrecedence $HeuristicScanPrecedence
364
StructuredDataDetection $StructuredDataDetection
365
CommandReadTimeout $CommandReadTimeout
366
SendBufTimeout $SendBufTimeout
368
ExtendedDetectionInfo $ExtendedDetectionInfo
369
OLE2BlockMacros $OLE2BlockMacros
370
ScanOnAccess $ScanOnAccess
371
AllowAllMatchScan $AllowAllMatchScan
372
ForceToDisk $ForceToDisk
373
DisableCertCheck $DisableCertCheck
376
if is_true "$StructuredDataDetection"; then
377
[ -z "$StructuredMinCreditCardCount" ] || StructuredMinCreditCardCount=3
378
[ -z "$StructuredMinSSNCount" ] || StructuredMinSSNCount=3
379
[ -z "$StructuredSSNFormatNormal" ] || StructuredSSNFormatNormal=true
380
[ -z "$StructuredSSNFormatStripped" ] || StructuredSSNFormatStripped=false
381
cat >> $DEBCONFFILE << EOF
382
StructuredMinCreditCardCount $StructuredMinCreditCardCount
383
StructuredMinSSNCount $StructuredMinSSNCount
384
StructuredSSNFormatNormal $StructuredSSNFormatNormal
385
StructuredSSNFormatStripped $StructuredSSNFormatStripped
390
if [ -n "$streamsavelength" ]; then
391
if [ "$streamsavelength" -gt 0 ] ;then
392
streamsavelength="${streamsavelength}M"
394
echo "StreamMaxLength $streamsavelength" >> $DEBCONFFILE
396
if [ -n "$IncludePUA" ]; then
397
for i in $IncludePUA; do
398
echo "IncludePUA $i" >> $DEBCONFFILE
401
if [ -n "$ExcludePUA" ]; then
402
for e in $ExcludePUA; do
403
echo "ExcludePUA $i" >> $DEBCONFFILE
406
if [ -n "$logfile" ]; then
407
echo "LogFile $logfile" >> $DEBCONFFILE
408
echo "LogTime $logtime" >> $DEBCONFFILE
409
echo "LogFileUnlock $LogFileUnlock" >> $DEBCONFFILE
410
echo "LogFileMaxSize $LogFileMaxSize" >> $DEBCONFFILE
413
echo "Bytecode $bytecode" >> $DEBCONFFILE
414
if is_true "$bytecode"; then
415
echo "BytecodeSecurity $bytecodesec" >> $DEBCONFFILE
416
echo "BytecodeTimeout $bytecodetime" >> $DEBCONFFILE
418
[ -n "$OfficialDatabaseOnly" ] && echo "OfficialDatabaseOnly $OfficialDatabaseOnly" >> $DEBCONFFILE
419
[ -n "$CrossFilesystems" ] && echo "CrossFilesystems $CrossFilesystems" >> $DEBCONFFILE
420
[ -n "$VirusEvent" ] && echo "VirusEvent $VirusEvent" >> $DEBCONFFILE
421
[ -n "$StreamMinPort" ] && echo "StreamMinPort $StreamMinPort" >> $DEBCONFFILE
422
[ -n "$StreamMaxPort" ] && echo "StreamMaxPort $StreamMaxPort" >> $DEBCONFFILE
423
[ -n "$OnAccessMaxFileSize" ] && echo "OnAccessMaxFileSize $OnAccessMaxFileSize" >> $DEBCONFFILE
424
[ -n "$OnAccessIncludePath" ] && echo "OnAccessIncludePath $OnAccessIncludePath" >> $DEBCONFFILE
425
[ -n "$OnAccessExcludePath" ] && echo "OnAccessExcludePath $OnAccessExcludePath" >> $DEBCONFFILE
426
[ -n "$OnAccessExcludeUID" ] && echo "OnAccessExcludeUID $OnAccessExcludeUID" >> $DEBCONFFILE
427
[ -n "$ClamukoScanOnAccess" ] && echo "ClamukoScanOnAccess $ClamukoScanOnAccess" >> $DEBCONFFILE
428
[ -n "$ClamukoScanOnOpen" ] && echo "ClamukoScanOnOpen $ClamukoScanOnOpen" >> $DEBCONFFILE
429
[ -n "$ClamukoScanOnClose" ] && echo "ClamukoScanOnClose $ClamukoScanOnClose" >> $DEBCONFFILE
430
[ -n "$ClamukoScanOnExec" ] && echo "ClamukoScanOnExec $ClamukoScanOnExec" >> $DEBCONFFILE
431
[ -n "$ClamukoIncludePath" ] && echo "ClamukoIncludePath $ClamukoIncludePath" >> $DEBCONFFILE
432
[ -n "$ClamukoIncludePath" ] && echo "ClamukoIncludePath $ClamukoIncludePath" >> $DEBCONFFILE
433
[ -n "$ClamukoExcludePath" ] && echo "ClamukoExcludePath $ClamukoExcludePath" >> $DEBCONFFILE
434
[ -n "$ClamukoMaxFileSize" ] && echo "ClamukoMaxFileSize $ClamukoMaxFileSize" >> $DEBCONFFILE
435
[ -n "$ClamukoScannerCount" ] && echo "ClamukoScannerCount $ClamukoScannerCount" >> $DEBCONFFILE
436
[ -n "$ClamukoExcludeUID" ] && echo "ClamukoExcludeUID $ClamukoExcludeUID" >> $DEBCONFFILE
438
ucf_cleanup "$CLAMAVCONF"
439
ucf_upgrade_check "$CLAMAVCONF" "$DEBCONFFILE" /var/lib/ucf/cache/:etc:clamav:clamd.conf
444
if [ -n "$addgroups" ]; then
445
for group in $addgroups; do
446
id "$user" | grep -q "$group" || adduser "$user" "$group"
451
ucf_cleanup "$CLAMAVCONF"
452
ucf_upgrade_check "$CLAMAVCONF" /usr/share/doc/clamav-base/examples/clamd.conf.sample /var/lib/ucf/cache/:etc:clamav:clamd.conf
457
# Update database now
458
for db in main daily; do
459
if [ ! -e "$DATABASEDIR"/"$db".cvd ] && [ ! -d "$DATABASEDIR"/"$db".inc ] && \
460
[ ! -e "$DATABASEDIR"/"$db".cld ] && [ -e /usr/share/doc/clamav-base/examples/"$db".cvd ] ; then
461
install -m 0644 -o $user -g $user /usr/share/doc/clamav-base/examples/"$db".cvd \
466
chmod 644 $CLAMAVCONF || true
467
chown root:root $CLAMAVCONF || true
469
51
abort-upgrade|abort-remove|abort-deconfigure)