23
23
# installation fails and the `postinst' is called with `abort-upgrade',
24
24
# `abort-remove' or `abort-deconfigure'.
26
#loading debconf module
27
. /usr/share/debconf/confmodule
34
# The DEB*FILE files are used temporarily during the update of the CLAMAV* files.
35
DEBCONFFILE=/var/lib/clamav/clamav.conf
31
36
CLAMAVCONF=/etc/clamav/clamd.conf
32
37
DEBROTATEFILE=/var/lib/clamav/clamdrotate.debconf
33
38
CLAMAVROTATEFILE=/etc/logrotate.d/clamav-daemon
40
# Update the configuration file
41
db_get clamav-daemon/debconf || true
42
if [ "$RET" = "true" ]; then
43
# Handle the configuration via debconf
45
# Read the configuration file
46
slurp_config "$CLAMAVCONF"
48
# Get the debconf configuration
49
db_get clamav-daemon/User || true
51
db_get clamav-daemon/AddGroups || true
53
db_get clamav-daemon/TcpOrLocal || true
54
if [ "$RET" = "TCP" ]; then
56
db_get clamav-daemon/TCPSocket || true
58
db_get clamav-daemon/TCPAddr
62
db_get clamav-daemon/LocalSocket || true
64
db_get clamav-daemon/FixStaleSocket || true
66
db_get clamav-daemon/LocalSocketGroup || true
67
LocalSocketGroup="$RET"
68
db_get clamav-daemon/LocalSocketMode || true
69
LocalSocketMode="$RET"
71
db_get clamav-daemon/ScanMail || true
73
db_get clamav-daemon/ScanArchive || true
75
db_get clamav-daemon/MaxDirectoryRecursion || true
76
if [ "$RET" != "0" ]; then
77
MaxDirectoryRecursion="$RET"
78
db_get clamav-daemon/FollowDirectorySymlinks || true
79
FollowDirectorySymlinks="$RET"
81
MaxDirectoryRecursion=15
82
FollowDirectorySymlinks=false
84
db_get clamav-daemon/FollowFileSymlinks || true
85
FollowFileSymlinks="$RET"
86
db_get clamav-daemon/ThreadTimeout || true
88
db_get clamav-daemon/ReadTimeout || true
90
[ -z "$ReadTimeout" ] && ReadTimeout="$ThreadTimeout"
91
db_get clamav-daemon/MaxThreads || true
93
db_get clamav-daemon/MaxConnectionQueueLength || true
94
MaxConnectionQueueLength="$RET"
95
db_get clamav-daemon/StreamMaxLength || true
96
StreamMaxLength="$RET"
97
db_get clamav-daemon/LogSyslog || true
99
db_get clamav-daemon/LogFile || true
100
if [ "$RET" != "" ]; then
102
db_get clamav-daemon/LogTime || true
105
db_get clamav-daemon/LogRotate || true
107
db_get clamav-daemon/SelfCheck || true
109
db_get clamav-daemon/StatsEnabled || true
111
db_get clamav-daemon/StatsPEDisabled || true
112
StatsPEDisabled="$RET"
113
db_get clamav-daemon/StatsHostID || true
115
db_get clamav-daemon/StatsTimeout || true
117
db_get clamav-daemon/Bytecode || true
119
if [ "$Bytecode" = "true" ]; then
120
db_get clamav-daemon/BytecodeSecurity || true
121
BytecodeSecurity="$RET"
122
db_get clamav-daemon/BytecodeTimeout || true
123
BytecodeTimeout="$RET"
125
db_get clamav-daemon/ScanOnAccess || true
127
if [ "$ScanOnAccess" = "true" ]; then
128
db_get clamav-daemon/OnAccessMaxFileSize || true
129
OnAccessMaxFileSize="$RET"
131
db_get clamav-daemon/AllowAllMatchScan || true
132
AllowAllMatchScan="$RET"
133
db_get clamav-daemon/ForceToDisk || true
135
db_get clamav-daemon/DisableCertCheck || true
136
DisableCertCheck="$RET"
137
db_get clamav-daemon/ScanSWF || true
139
db_get clamav-daemon/MaxEmbeddedPE || true
141
db_get clamav-daemon/MaxHTMLNormalize || true
142
MaxHTMLNormalize="$RET"
143
db_get clamav-daemon/MaxHTMLNoTags || true
145
db_get clamav-daemon/MaxScriptNormalize || true
146
MaxScriptNormalize="$RET"
147
db_get clamav-daemon/MaxZipTypeRcg || true
150
# Test for the broken versions, see #741675.
151
if [ "$2" = "0.98.1+dfsg-3" ] || [ "$2" = "0.98.1+dfsg-1+deb7u2" ] || [ "$2" = "0.98.1+dfsg-1+deb6u2" ]; then
152
# Use the defaults instead of the bogus values created by that versions.
153
db_metaget clamav-daemon/LogRotate default || true
155
db_metaget clamav-daemon/ScanOnAccess default || true
157
OnAccessMaxFileSize=""
158
OnAccessIncludePath=""
159
OnAccessExcludePath=""
160
OnAccessExcludeUID=""
161
db_metaget clamav-daemon/AllowAllMatchScan default || true
162
AllowAllMatchScan="$RET"
163
db_metaget clamav-daemon/ForceToDisk default || true
165
db_metaget clamav-daemon/DisableCertCheck default || true
166
DisableCertCheck="$RET"
167
db_metaget clamav-daemon/ScanSWF default || true
169
db_metaget clamav-daemon/MaxEmbeddedPE default || true
171
db_metaget clamav-daemon/MaxHTMLNormalize default || true
172
MaxHTMLNormalize="$RET"
173
db_metaget clamav-daemon/MaxHTMLNoTags default || true
175
db_metaget clamav-daemon/MaxScriptNormalize default || true
176
MaxScriptNormalize="$RET"
177
db_metaget clamav-daemon/MaxZipTypeRcg default || true
181
# Set default values for options not configured via debconf
182
[ -z "$LogFileUnlock" ] && LogFileUnlock=false
183
[ -z "$LogFileMaxSize" ] && LogFileMaxSize=0
184
[ -z "$LogClean" ] && LogClean=false
185
[ -z "$LogFacility" ] && LogFacility=LOG_LOCAL6
186
[ -z "$LogVerbose" ] && LogVerbose=false
187
[ -z "$ExtendedDetectionInfo" ] && ExtendedDetectionInfo=true
188
[ -z "$PidFile" ] && PidFile='/var/run/clamav/clamd.pid'
189
[ -z "$DatabaseDirectory" ] && DatabaseDirectory='/var/lib/clamav'
190
[ -z "$OfficialDatabaseOnly" ] && OfficialDatabaseOnly=false
191
[ -z "$CommandReadTimeout" ] && CommandReadTimeout=5
192
[ -z "$SendBufTimeout" ] && SendBufTimeout=200
193
[ -z "$MaxQueue" ] && MaxQueue=100
194
[ -z "$IdleTimeout" ] && IdleTimeout=30
195
[ -z "$CrossFilesystems" ] && CrossFilesystems=true
196
if [ -n "$AddGroups" ]; then
197
AllowSupplementaryGroups=true
199
AllowSupplementaryGroups=false
201
[ -z "$ExitOnOOM" ] && ExitOnOOM=false
202
[ -z "$Foreground" ] && Foreground=false
203
[ -z "$Debug" ] && Debug=false
204
[ -z "$LeaveTemporaryFiles" ] && LeaveTemporaryFiles=false
205
[ -z "$DetectPUA" ] && DetectPUA=false
206
[ -z "$AlgorithmicDetection" ] && AlgorithmicDetection=true
207
[ -z "$DisableCache" ] && DisableCache=false
208
[ -z "$ScanPE" ] && ScanPE=true
209
[ -z "$ScanELF" ] && ScanELF=true
210
[ -z "$DetectBrokenExecutables" ] && DetectBrokenExecutables=false
211
[ -z "$ScanOLE2" ] && ScanOLE2=true
212
[ -z "$OLE2BlockMacros" ] && OLE2BlockMacros=false
213
[ -z "$ScanPDF" ] && ScanPDF=true
214
[ -z "$ScanPartialMessages" ] && ScanPartialMessages=false
215
[ -z "$PhishingSignatures" ] && PhishingSignatures=true
216
[ -z "$PhishingScanURLs" ] && PhishingScanURLs=true
217
[ -z "$PhishingAlwaysBlockSSLMismatch" ] && PhishingAlwaysBlockSSLMismatch=false
218
[ -z "$PhishingAlwaysBlockCloak" ] && PhishingAlwaysBlockCloak=false
219
[ -z "$PartitionIntersection" ] && PartitionIntersection=false
220
[ -z "$HeuristicScanPrecedence" ] && HeuristicScanPrecedence=false
221
[ -z "$StructuredDataDetection" ] && StructuredDataDetection=false
222
[ -z "$ScanHTML" ] && ScanHTML=true
223
[ -z "$ArchiveBlockEncrypted" ] && ArchiveBlockEncrypted=false
224
[ -z "$MaxScanSize" ] && MaxScanSize=100M
225
[ -z "$MaxFileSize" ] && MaxFileSize=25M
226
[ -z "$MaxRecursion" ] && MaxRecursion=10
227
[ -z "$MaxFiles" ] && MaxFiles=10000
228
[ -z "$MaxPartitions" ] && MaxPartitions=50
229
[ -z "$MaxIconsPE" ] && MaxIconsPE=100
231
# Create the new configuration file
232
echo "#Automatically Generated by clamav-daemon postinst" > $DEBCONFFILE
233
echo "#To reconfigure clamd run #dpkg-reconfigure clamav-daemon" >> $DEBCONFFILE
234
echo "#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details" >> $DEBCONFFILE
235
if [ "$sock" = "tcp" ]; then
236
echo "TCPSocket $TCPSocket" >> $DEBCONFFILE
237
[ "$TCPAddr" = "any" ] || echo "TCPAddr $TCPAddr" >> $DEBCONFFILE
239
echo "LocalSocket $LocalSocket" >> $DEBCONFFILE
240
echo "FixStaleSocket $FixStaleSocket" >> $DEBCONFFILE
241
echo "LocalSocketGroup $LocalSocketGroup" >> $DEBCONFFILE
242
echo "LocalSocketMode $LocalSocketMode" >> $DEBCONFFILE
245
if [ -n "$TemporaryDirectory" ]; then
246
cat >> $DEBCONFFILE << EOF
247
TemporaryDirectory $TemporaryDirectory
250
cat >> $DEBCONFFILE << EOF
251
# TemporaryDirectory is not set to its default /tmp here to make overriding
252
# the default with environment variables TMPDIR/TMP/TEMP possible
256
cat >> $DEBCONFFILE << EOF
258
AllowSupplementaryGroups $AllowSupplementaryGroups
260
ScanArchive $ScanArchive
261
ArchiveBlockEncrypted $ArchiveBlockEncrypted
262
MaxDirectoryRecursion $MaxDirectoryRecursion
263
FollowDirectorySymlinks $FollowDirectorySymlinks
264
FollowFileSymlinks $FollowFileSymlinks
265
ReadTimeout $ReadTimeout
266
MaxThreads $MaxThreads
267
MaxConnectionQueueLength $MaxConnectionQueueLength
270
LogFacility $LogFacility
272
LogVerbose $LogVerbose
274
DatabaseDirectory $DatabaseDirectory
275
OfficialDatabaseOnly $OfficialDatabaseOnly
277
Foreground $Foreground
280
MaxEmbeddedPE $MaxEmbeddedPE
284
MaxHTMLNormalize $MaxHTMLNormalize
285
MaxHTMLNoTags $MaxHTMLNoTags
286
MaxScriptNormalize $MaxScriptNormalize
287
MaxZipTypeRcg $MaxZipTypeRcg
289
DetectBrokenExecutables $DetectBrokenExecutables
291
LeaveTemporaryFiles $LeaveTemporaryFiles
292
AlgorithmicDetection $AlgorithmicDetection
294
IdleTimeout $IdleTimeout
295
CrossFilesystems $CrossFilesystems
296
PhishingSignatures $PhishingSignatures
297
PhishingScanURLs $PhishingScanURLs
298
PhishingAlwaysBlockSSLMismatch $PhishingAlwaysBlockSSLMismatch
299
PhishingAlwaysBlockCloak $PhishingAlwaysBlockCloak
300
PartitionIntersection $PartitionIntersection
302
ScanPartialMessages $ScanPartialMessages
303
HeuristicScanPrecedence $HeuristicScanPrecedence
304
StructuredDataDetection $StructuredDataDetection
305
CommandReadTimeout $CommandReadTimeout
306
SendBufTimeout $SendBufTimeout
308
ExtendedDetectionInfo $ExtendedDetectionInfo
309
OLE2BlockMacros $OLE2BlockMacros
310
ScanOnAccess $ScanOnAccess
311
AllowAllMatchScan $AllowAllMatchScan
312
ForceToDisk $ForceToDisk
313
DisableCertCheck $DisableCertCheck
314
DisableCache $DisableCache
315
MaxScanSize $MaxScanSize
316
MaxFileSize $MaxFileSize
317
MaxRecursion $MaxRecursion
319
MaxPartitions $MaxPartitions
320
MaxIconsPE $MaxIconsPE
321
StatsEnabled $StatsEnabled
322
StatsPEDisabled $StatsPEDisabled
323
StatsHostID $StatsHostID
324
StatsTimeout $StatsTimeout
327
if is_true "$StructuredDataDetection"; then
328
[ -z "$StructuredMinCreditCardCount" ] || StructuredMinCreditCardCount=3
329
[ -z "$StructuredMinSSNCount" ] || StructuredMinSSNCount=3
330
[ -z "$StructuredSSNFormatNormal" ] || StructuredSSNFormatNormal=true
331
[ -z "$StructuredSSNFormatStripped" ] || StructuredSSNFormatStripped=false
332
cat >> $DEBCONFFILE << EOF
333
StructuredMinCreditCardCount $StructuredMinCreditCardCount
334
StructuredMinSSNCount $StructuredMinSSNCount
335
StructuredSSNFormatNormal $StructuredSSNFormatNormal
336
StructuredSSNFormatStripped $StructuredSSNFormatStripped
340
if [ -n "$StreamMaxLength" ]; then
341
if [ "$StreamMaxLength" -gt 0 ] ;then
342
StreamMaxLength="${StreamMaxLength}M"
344
echo "StreamMaxLength $StreamMaxLength" >> $DEBCONFFILE
346
if [ -n "$IncludePUA" ]; then
347
for i in $IncludePUA; do
348
echo "IncludePUA $i" >> $DEBCONFFILE
351
if [ -n "$ExcludePUA" ]; then
352
for e in $ExcludePUA; do
353
echo "ExcludePUA $i" >> $DEBCONFFILE
356
if [ -n "$LogFile" ]; then
357
echo "LogFile $LogFile" >> $DEBCONFFILE
358
echo "LogTime $LogTime" >> $DEBCONFFILE
359
echo "LogFileUnlock $LogFileUnlock" >> $DEBCONFFILE
360
echo "LogFileMaxSize $LogFileMaxSize" >> $DEBCONFFILE
363
echo "Bytecode $Bytecode" >> $DEBCONFFILE
364
if is_true "$Bytecode"; then
365
echo "BytecodeSecurity $BytecodeSecurity" >> $DEBCONFFILE
366
echo "BytecodeTimeout $BytecodeTimeout" >> $DEBCONFFILE
368
# Preserve manually created, usually not needed options.
369
[ -n "$ExcludePath" ] && echo "ExcludePath $ExcludePath" >> $DEBCONFFILE
370
[ -n "$VirusEvent" ] && echo "VirusEvent $VirusEvent" >> $DEBCONFFILE
371
[ -n "$StreamMinPort" ] && echo "StreamMinPort $StreamMinPort" >> $DEBCONFFILE
372
[ -n "$StreamMaxPort" ] && echo "StreamMaxPort $StreamMaxPort" >> $DEBCONFFILE
373
[ -n "$OnAccessMaxFileSize" ] && echo "OnAccessMaxFileSize $OnAccessMaxFileSize" >> $DEBCONFFILE
374
[ -n "$OnAccessIncludePath" ] && echo "OnAccessIncludePath $OnAccessIncludePath" >> $DEBCONFFILE
375
[ -n "$OnAccessExcludePath" ] && echo "OnAccessExcludePath $OnAccessExcludePath" >> $DEBCONFFILE
376
[ -n "$OnAccessExcludeUID" ] && echo "OnAccessExcludeUID $OnAccessExcludeUID" >> $DEBCONFFILE
378
# Preserve old, deprecated options.
379
[ -n "$ClamukoScanOnAccess" ] && echo "ClamukoScanOnAccess $ClamukoScanOnAccess" >> $DEBCONFFILE
380
[ -n "$ClamukoScanOnOpen" ] && echo "ClamukoScanOnOpen $ClamukoScanOnOpen" >> $DEBCONFFILE
381
[ -n "$ClamukoScanOnClose" ] && echo "ClamukoScanOnClose $ClamukoScanOnClose" >> $DEBCONFFILE
382
[ -n "$ClamukoScanOnExec" ] && echo "ClamukoScanOnExec $ClamukoScanOnExec" >> $DEBCONFFILE
383
[ -n "$ClamukoIncludePath" ] && echo "ClamukoIncludePath $ClamukoIncludePath" >> $DEBCONFFILE
384
[ -n "$ClamukoIncludePath" ] && echo "ClamukoIncludePath $ClamukoIncludePath" >> $DEBCONFFILE
385
[ -n "$ClamukoExcludePath" ] && echo "ClamukoExcludePath $ClamukoExcludePath" >> $DEBCONFFILE
386
[ -n "$ClamukoMaxFileSize" ] && echo "ClamukoMaxFileSize $ClamukoMaxFileSize" >> $DEBCONFFILE
387
[ -n "$ClamukoScannerCount" ] && echo "ClamukoScannerCount $ClamukoScannerCount" >> $DEBCONFFILE
388
[ -n "$ClamukoExcludeUID" ] && echo "ClamukoExcludeUID $ClamukoExcludeUID" >> $DEBCONFFILE
390
# Finish the configuration file update, by applying changes to the real configuration file.
391
ucf_cleanup "$CLAMAVCONF"
392
ucf_upgrade_check "$CLAMAVCONF" "$DEBCONFFILE" /var/lib/ucf/cache/:etc:clamav:clamd.conf
395
# Add additional groups (if any)
396
if [ -n "$AddGroups" ]; then
397
for group in $AddGroups; do
398
id "$User" | grep -q "$group" || adduser "$User" "$group"
403
# Let the configuration be handled manually.
404
ucf_cleanup "$CLAMAVCONF"
405
ucf_upgrade_check "$CLAMAVCONF" /usr/share/doc/clamav-daemon/examples/clamd.conf.sample /var/lib/ucf/cache/:etc:clamav:clamd.conf
408
# Set permission for the configuration file.
409
chmod 644 $CLAMAVCONF || true
410
chown root:root $CLAMAVCONF || true
412
# Read the configuration file
35
413
slurp_config "$CLAMAVCONF"
37
415
if [ -n "$LogFile" ]; then
38
416
if echo "$LogFile" | grep -q '^/dev/'; then
39
417
make_logrotate=false
41
if [ -n "$LogRotate" ]; then
419
if [ "$LogRotate" = "true" ]; then
42
420
make_logrotate=true
44
422
make_logrotate=false
47
[ -n "$User" ] || User=clamav
425
[ -z "$User" ] && User=clamav
48
426
if [ "$make_logrotate" = 'true' ]; then
427
# update the logrotate file
49
428
echo "$LogFile {" > $DEBROTATEFILE
50
429
echo " rotate 12" >> $DEBROTATEFILE
51
430
echo " weekly" >> $DEBROTATEFILE