diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-05-15 22:16:47 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-21 23:43:47 +0300 |
commit | 1fe918a07084c878d72cf8a7d1707f6598cc438f (patch) | |
tree | 4c68407364bab78c848876a89613f8075f2954f9 /meta-security/recipes-security/clamav/files | |
parent | c182c62dd929fe69b57a12bc04099fcd09b5d436 (diff) | |
download | openbmc-1fe918a07084c878d72cf8a7d1707f6598cc438f.tar.xz |
meta-security: subtree update:b72cc7f87c..95fe86eb98
André Draszik (1):
linux-yocto: update the bbappend to 5.x
Armin Kuster (36):
README: add pull request option
sssd: drop py2 support
python3-fail2ban: update to latest
Apparmor: fix some runtime depends
linux-yocto-dev: remove "+"
checksecurity: fix runtime issues
buck-security: fix rdebends and minor style cleanup
swtpm: fix configure error
ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory
bastille: convert to py3
tpm2-tools: update to 4.1.1
tpm2-tcti-uefi: fix build issue for i386 machine
tpm2-tss: update to 2.3.2
ibmswtpm2: update to 1563
python3-fail2ban: add 2-3 conversion changes
google-authenticator-libpam: install module in pam location
apparmor: update to tip
clamav: add bison-native to depend
meta-security-isafw: import layer from Intel
isafw: fix to work against master
layer.conf: add zeus
README.md: update to new maintainer
clamav-native: missed bison fix
secuirty*-image: remove dead var and minor cleanup
libtpm: fix build issue over pod2man
sssd: python2 not supported
libseccomp: update to 2.4.3
lynis: add missing rdepends
fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog
chkrootkit: add rootkit recipe
clamav: move to recipes-scanners
checksec: move to recipe-scanners
checksecurity: move to recipes-scanners
buck-security: move to recipes-scanners
arpwatch: add new recipe
buck-security: fix runtime issue with missing per module
Bartosz Golaszewski (3):
linux: drop the bbappend for linux v4.x series
classes: provide a class for generating dm-verity meta-data images
dm-verity: add a working example for BeagleBone Black
Haseeb Ashraf (1):
samhain: dnmalloc hash fix for aarch64 and mips64
Jan Luebbe (2):
apparmor: fix wrong executable permission on service file
apparmor: update to 2.13.4
Jonatan Pålsson (10):
README: Add meta-python to list of layer deps
sssd: Add PACKAGECONFIG for python2
sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto
sssd: DEPEND on nss if nothing else is chosen
sssd: Sort PACKAGECONFIG entries
sssd: Add autofs PACKAGECONFIG
sssd: Add sudo PACKAGECONFIG
sssd: Add missing files to SYSTEMD_SERVICE
sssd: Add missing DEPENDS on jansson
sssd: Add infopipe PACKAGECONFIG
Kai Kang (1):
sssd: fix for ldblibdir and systemd etc
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for dunfell
Mingli Yu (1):
linux-yocto: update the bbappend to 5.x
Pierre-Jean Texier via Lists.Yoctoproject.Org (1):
google-authenticator-libpam: upgrade 1.07 -> 1.08
Yi Zhao (5):
samhain: fix build with new version attr
scap-security-guide: fix xml parsing error when build remediation files
scap-security-guide: pass the correct schema file path to openscap-native
openscap-daemon: add missing runtime dependencies
samhain-server: add volatile file for systemd
Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-security/recipes-security/clamav/files')
8 files changed, 0 insertions, 1371 deletions
diff --git a/meta-security/recipes-security/clamav/files/clamav-freshclam.service b/meta-security/recipes-security/clamav/files/clamav-freshclam.service deleted file mode 100644 index 0c909fb32..000000000 --- a/meta-security/recipes-security/clamav/files/clamav-freshclam.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=ClamAV virus database updater -Documentation=man:freshclam(1) man:freshclam.conf(5) http://www.clamav.net/lang/en/doc/ -# If user wants it run from cron, don't start the daemon. -ConditionPathExists=!/etc/cron.d/clamav-freshclam - -[Service] -ExecStart=/usr/bin/freshclam -d --foreground=true -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/meta-security/recipes-security/clamav/files/clamav-milter.conf.sample b/meta-security/recipes-security/clamav/files/clamav-milter.conf.sample deleted file mode 100644 index ed0d519ff..000000000 --- a/meta-security/recipes-security/clamav/files/clamav-milter.conf.sample +++ /dev/null @@ -1,293 +0,0 @@ -## -## Example config file for clamav-milter -## - -# Comment or remove the line below. -Example - - -## -## Main options -## - -# Define the interface through which we communicate with sendmail -# This option is mandatory! Possible formats are: -# [[unix|local]:]/path/to/file - to specify a unix domain socket -# inet:port@[hostname|ip-address] - to specify an ipv4 socket -# inet6:port@[hostname|ip-address] - to specify an ipv6 socket -# -# Default: no default -#MilterSocket /tmp/clamav-milter.socket -#MilterSocket inet:7357 - -# Define the group ownership for the (unix) milter socket. -# Default: disabled (the primary group of the user running clamd) -#MilterSocketGroup virusgroup - -# Sets the permissions on the (unix) milter socket to the specified mode. -# Default: disabled (obey umask) -#MilterSocketMode 660 - -# Remove stale socket after unclean shutdown. -# -# Default: yes -#FixStaleSocket yes - -# Run as another user (clamav-milter must be started by root for this option to work) -# -# Default: unset (don't drop privileges) -#User clamav - -# Initialize supplementary group access (clamav-milter must be started by root). -# -# Default: no -#AllowSupplementaryGroups no - -# Waiting for data from clamd will timeout after this time (seconds). -# Value of 0 disables the timeout. -# -# Default: 120 -#ReadTimeout 300 - -# Don't fork into background. -# -# Default: no -#Foreground yes - -# Chroot to the specified directory. -# Chrooting is performed just after reading the config file and before dropping privileges. -# -# Default: unset (don't chroot) -#Chroot /newroot - -# This option allows you to save a process identifier of the listening -# daemon (main thread). -# -# Default: disabled -#PidFile /var/run/clamav/clamav-milter.pid - -# Optional path to the global temporary directory. -# Default: system specific (usually /tmp or /var/tmp). -# -#TemporaryDirectory /var/tmp - -## -## Clamd options -## - -# Define the clamd socket to connect to for scanning. -# This option is mandatory! Syntax: -# ClamdSocket unix:path -# ClamdSocket tcp:host:port -# The first syntax specifies a local unix socket (needs an absolute path) e.g.: -# ClamdSocket unix:/var/run/clamd/clamd.socket -# The second syntax specifies a tcp local or remote tcp socket: the -# host can be a hostname or an ip address; the ":port" field is only required -# for IPv6 addresses, otherwise it defaults to 3310, e.g.: -# ClamdSocket tcp:192.168.0.1 -# -# This option can be repeated several times with different sockets or even -# with the same socket: clamd servers will be selected in a round-robin fashion. -# -# Default: no default -ClamdSocket /var/run/clamav/clamd - - -## -## Exclusions -## - -# Messages originating from these hosts/networks will not be scanned -# This option takes a host(name)/mask pair in CIRD notation and can be -# repeated several times. If "/mask" is omitted, a host is assumed. -# To specify a locally orignated, non-smtp, email use the keyword "local" -# -# Default: unset (scan everything regardless of the origin) -#LocalNet local -#LocalNet 192.168.0.0/24 -#LocalNet 1111:2222:3333::/48 - -# This option specifies a file which contains a list of basic POSIX regular -# expressions. Addresses (sent to or from - see below) matching these regexes -# will not be scanned. Optionally each line can start with the string "From:" -# or "To:" (note: no whitespace after the colon) indicating if it is, -# respectively, the sender or recipient that is to be whitelisted. -# If the field is missing, "To:" is assumed. -# Lines starting with #, : or ! are ignored. -# -# Default unset (no exclusion applied) -#Whitelist /etc/whitelisted_addresses - -# Messages from authenticated SMTP users matching this extended POSIX -# regular expression (egrep-like) will not be scanned. -# As an alternative, a file containing a plain (not regex) list of names (one -# per line) can be specified using the prefix "file:". -# e.g. SkipAuthenticated file:/etc/good_guys -# -# Note: this is the AUTH login name! -# -# Default: unset (no whitelisting based on SMTP auth) -#SkipAuthenticated ^(tom|dick|henry)$ - -# Messages larger than this value won't be scanned. -# Make sure this value is lower or equal than StreamMaxLength in clamd.conf -# -# Default: 25M -#MaxFileSize 10M - - -## -## Actions -## - -# The following group of options controls the delievery process under -# different circumstances. -# The following actions are available: -# - Accept -# The message is accepted for delievery -# - Reject -# Immediately refuse delievery (a 5xx error is returned to the peer) -# - Defer -# Return a temporary failure message (4xx) to the peer -# - Blackhole (not available for OnFail) -# Like Accept but the message is sent to oblivion -# - Quarantine (not available for OnFail) -# Like Accept but message is quarantined instead of being delivered -# -# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ -# For Postfix this causes the message to be placed on hold -# -# Action to be performed on clean messages (mostly useful for testing) -# Default: Accept -#OnClean Accept - -# Action to be performed on infected messages -# Default: Quarantine -#OnInfected Quarantine - -# Action to be performed on error conditions (this includes failure to -# allocate data structures, no scanners available, network timeouts, -# unknown scanner replies and the like) -# Default: Defer -#OnFail Defer - -# This option allows to set a specific rejection reason for infected messages -# and it's therefore only useful together with "OnInfected Reject" -# The string "%v", if present, will be replaced with the virus name. -# Default: MTA specific -#RejectMsg - -# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an -# "X-Virus-Status" headers will be attached to each processed message, possibly -# replacing existing headers. -# If it is set to Add, the X-Virus headers are added possibly on top of the -# existing ones. -# Note that while "Replace" can potentially break DKIM signatures, "Add" may -# confuse procmail and similar filters. -# Default: no -#AddHeader Replace - -# When AddHeader is in use, this option allows to arbitrary set the reported -# hostname. This may be desirable in order to avoid leaking internal names. -# If unset the real machine name is used. -# Default: disabled -#ReportHostname my.mail.server.name - -# Execute a command (possibly searching PATH) when an infected message is found. -# The following parameters are passed to the invoked program in this order: -# virus name, queue id, sender, destination, subject, message id, message date. -# Note #1: this requires MTA macroes to be available (see LogInfected below) -# Note #2: the process is invoked in the context of clamav-milter -# Note #3: clamav-milter will wait for the process to exit. Be quick or fork to -# avoid unnecessary delays in email delievery -# Default: disabled -#VirusAction /usr/local/bin/my_infected_message_handler - -## -## Logging options -## - -# Uncomment this option to enable logging. -# LogFile must be writable for the user running daemon. -# A full path is required. -# -# Default: disabled -#LogFile /var/log/clamav/clamav-milter.log - -# By default the log file is locked for writing - the lock protects against -# running clamav-milter multiple times. -# This option disables log file locking. -# -# Default: no -#LogFileUnlock yes - -# Maximum size of the log file. -# Value of 0 disables the limit. -# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) -# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size -# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log -# rotation (the LogRotate option) will always be enabled. -# -# Default: 1M -#LogFileMaxSize 2M - -# Log time with each message. -# -# Default: no -#LogTime yes - -# Use system logger (can work together with LogFile). -# -# Default: no -#LogSyslog yes - -# Specify the type of syslog messages - please refer to 'man syslog' -# for facility names. -# -# Default: LOG_LOCAL6 -#LogFacility LOG_MAIL - -# Enable verbose logging. -# -# Default: no -#LogVerbose yes - -# Enable log rotation. Always enabled when LogFileMaxSize is enabled. -# Default: no -#LogRotate yes - -# This option allows to tune what is logged when a message is infected. -# Possible values are Off (the default - nothing is logged), -# Basic (minimal info logged), Full (verbose info logged) -# Note: -# For this to work properly in sendmail, make sure the msg_id, mail_addr, -# rcpt_addr and i macroes are available in eom. In other words add a line like: -# Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i -# to your .cf file. Alternatively use the macro: -# define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i') -# Postfix should be working fine with the default settings. -# -# Default: disabled -#LogInfected Basic - -# This option allows to tune what is logged when no threat is found in a scanned message. -# See LogInfected for possible values and caveats. -# Useful in debugging but drastically increases the log size. -# Default: disabled -#LogClean Basic - -# This option affects the behaviour of LogInfected, LogClean and VirusAction -# when a message with multiple recipients is scanned: -# If SupportMultipleRecipients is off (the default) -# then one single log entry is generated for the message and, in case the -# message is determined to be malicious, the command indicated by VirusAction -# is executed just once. In both cases only the last recipient is reported. -# If SupportMultipleRecipients is on: -# then one line is logged for each recipient and the command indicated -# by VirusAction is also executed once for each recipient. -# -# Note: although it's probably a good idea to enable this option, the default value -# is currently set to off for legacy reasons. -# Default: no -#SupportMultipleRecipients yes - diff --git a/meta-security/recipes-security/clamav/files/clamav.service b/meta-security/recipes-security/clamav/files/clamav.service deleted file mode 100644 index f13191fcc..000000000 --- a/meta-security/recipes-security/clamav/files/clamav.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Clam AntiVirus userspace daemon -Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/ -Requires=clamav-daemon.socket -# Check for database existence -ConditionPathExistsGlob=/usr/share/clamav/main.{c[vl]d,inc} -ConditionPathExistsGlob=/usr/share/clamav/daily.{c[vl]d,inc} - -[Service] -ExecStart=/usr/sbin/clamd --foreground=true -# Reload the database -ExecReload=/bin/kill -USR2 $MAINPID -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Also=clamav-daemon.socket diff --git a/meta-security/recipes-security/clamav/files/clamd.conf b/meta-security/recipes-security/clamav/files/clamd.conf deleted file mode 100644 index 045778506..000000000 --- a/meta-security/recipes-security/clamav/files/clamd.conf +++ /dev/null @@ -1,595 +0,0 @@ -# Uncomment this option to enable logging. -# LogFile must be writable for the user running daemon. -# A full path is required. -# Default: disabled -LogFile /tmp/clamd.log - -# By default the log file is locked for writing - the lock protects against -# running clamd multiple times (if want to run another clamd, please -# copy the configuration file, change the LogFile variable, and run -# the daemon with --config-file option). -# This option disables log file locking. -# Default: no -LogFileUnlock yes - -# Maximum size of the log file. -# Value of 0 disables the limit. -# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) -# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size -# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log -# rotation (the LogRotate option) will always be enabled. -# Default: 1M -LogFileMaxSize 2M - -# Log time with each message. -# Default: no -LogTime yes - -# Also log clean files. Useful in debugging but drastically increases the -# log size. -# Default: no -#LogClean yes - -# Use system logger (can work together with LogFile). -# Default: no -#LogSyslog yes - -# Specify the type of syslog messages - please refer to 'man syslog' -# for facility names. -# Default: LOG_LOCAL6 -#LogFacility LOG_MAIL - -# Enable verbose logging. -# Default: no -#LogVerbose yes - -# Enable log rotation. Always enabled when LogFileMaxSize is enabled. -# Default: no -#LogRotate yes - -# Log additional information about the infected file, such as its -# size and hash, together with the virus name. -ExtendedDetectionInfo yes - -# This option allows you to save a process identifier of the listening -# daemon (main thread). -# Default: disabled -PidFile /var/run/clamd.pid - -# Optional path to the global temporary directory. -# Default: system specific (usually /tmp or /var/tmp). -TemporaryDirectory /var/tmp - -# Path to the database directory. -# Default: hardcoded (depends on installation options) -DatabaseDirectory /var/lib/clamav - -# Only load the official signatures published by the ClamAV project. -# Default: no -#OfficialDatabaseOnly no - -# The daemon can work in local mode, network mode or both. -# Due to security reasons we recommend the local mode. - -# Path to a local socket file the daemon will listen on. -# Default: disabled (must be specified by a user) -LocalSocket /tmp/clamd.socket - -# Sets the group ownership on the unix socket. -# Default: disabled (the primary group of the user running clamd) -#LocalSocketGroup virusgroup - -# Sets the permissions on the unix socket to the specified mode. -# Default: disabled (socket is world accessible) -#LocalSocketMode 660 - -# Remove stale socket after unclean shutdown. -# Default: yes -#FixStaleSocket yes - -# TCP port address. -# Default: no -#TCPSocket 3310 - -# TCP address. -# By default we bind to INADDR_ANY, probably not wise. -# Enable the following to provide some degree of protection -# from the outside world. This option can be specified multiple -# times if you want to listen on multiple IPs. IPv6 is now supported. -# Default: no -#TCPAddr 127.0.0.1 - -# Maximum length the queue of pending connections may grow to. -# Default: 200 -#MaxConnectionQueueLength 30 - -# Clamd uses FTP-like protocol to receive data from remote clients. -# If you are using clamav-milter to balance load between remote clamd daemons -# on firewall servers you may need to tune the options below. - -# Close the connection when the data size limit is exceeded. -# The value should match your MTA's limit for a maximum attachment size. -# Default: 25M -#StreamMaxLength 10M - -# Limit port range. -# Default: 1024 -#StreamMinPort 30000 -# Default: 2048 -#StreamMaxPort 32000 - -# Maximum number of threads running at the same time. -# Default: 10 -#MaxThreads 20 - -# Waiting for data from a client socket will timeout after this time (seconds). -# Default: 120 -#ReadTimeout 300 - -# This option specifies the time (in seconds) after which clamd should -# timeout if a client doesn't provide any initial command after connecting. -# Default: 5 -#CommandReadTimeout 5 - -# This option specifies how long to wait (in miliseconds) if the send buffer is full. -# Keep this value low to prevent clamd hanging -# -# Default: 500 -#SendBufTimeout 200 - -# Maximum number of queued items (including those being processed by MaxThreads threads) -# It is recommended to have this value at least twice MaxThreads if possible. -# WARNING: you shouldn't increase this too much to avoid running out of file descriptors, -# the following condition should hold: -# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) -# -# Default: 100 -#MaxQueue 200 - -# Waiting for a new job will timeout after this time (seconds). -# Default: 30 -#IdleTimeout 60 - -# Don't scan files and directories matching regex -# This directive can be used multiple times -# Default: scan all -#ExcludePath ^/proc/ -#ExcludePath ^/sys/ - -# Maximum depth directories are scanned at. -# Default: 15 -#MaxDirectoryRecursion 20 - -# Follow directory symlinks. -# Default: no -#FollowDirectorySymlinks yes - -# Follow regular file symlinks. -# Default: no -#FollowFileSymlinks yes - -# Scan files and directories on other filesystems. -# Default: yes -#CrossFilesystems yes - -# Perform a database check. -# Default: 600 (10 min) -#SelfCheck 600 - -# Execute a command when virus is found. In the command string %v will -# be replaced with the virus name. -# Default: no -#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" - -# Run as another user (clamd must be started by root for this option to work) -# Default: don't drop privileges -User clamav - -# Initialize supplementary group access (clamd must be started by root). -# Default: no -#AllowSupplementaryGroups no - -# Stop daemon when libclamav reports out of memory condition. -#ExitOnOOM yes - -# Don't fork into background. -# Default: no -#Foreground yes - -# Enable debug messages in libclamav. -# Default: no -#Debug yes - -# Do not remove temporary files (for debug purposes). -# Default: no -#LeaveTemporaryFiles yes - -# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject -# any ALLMATCHSCAN command as invalid. -# Default: yes -#AllowAllMatchScan no - -# Detect Possibly Unwanted Applications. -# Default: no -#DetectPUA yes - -# Exclude a specific PUA category. This directive can be used multiple times. -# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for -# the complete list of PUA categories. -# Default: Load all categories (if DetectPUA is activated) -#ExcludePUA NetTool -#ExcludePUA PWTool - -# Only include a specific PUA category. This directive can be used multiple -# times. -# Default: Load all categories (if DetectPUA is activated) -#IncludePUA Spy -#IncludePUA Scanner -#IncludePUA RAT - -# In some cases (eg. complex malware, exploits in graphic files, and others), -# ClamAV uses special algorithms to provide accurate detection. This option -# controls the algorithmic detection. -# Default: yes -#AlgorithmicDetection yes - -# This option causes memory or nested map scans to dump the content to disk. -# If you turn on this option, more data is written to disk and is available -# when the LeaveTemporaryFiles option is enabled. -#ForceToDisk yes - -# This option allows you to disable the caching feature of the engine. By -# default, the engine will store an MD5 in a cache of any files that are -# not flagged as virus or that hit limits checks. Disabling the cache will -# have a negative performance impact on large scans. -# Default: no -#DisableCache yes - -## -## Executable files -## - -# PE stands for Portable Executable - it's an executable file format used -# in all 32 and 64-bit versions of Windows operating systems. This option allows -# ClamAV to perform a deeper analysis of executable files and it's also -# required for decompression of popular executable packers such as UPX, FSG, -# and Petite. If you turn off this option, the original files will still be -# scanned, but without additional processing. -# Default: yes -#ScanPE yes - -# Certain PE files contain an authenticode signature. By default, we check -# the signature chain in the PE file against a database of trusted and -# revoked certificates if the file being scanned is marked as a virus. -# If any certificate in the chain validates against any trusted root, but -# does not match any revoked certificate, the file is marked as whitelisted. -# If the file does match a revoked certificate, the file is marked as virus. -# The following setting completely turns off authenticode verification. -# Default: no -#DisableCertCheck yes - -# Executable and Linking Format is a standard format for UN*X executables. -# This option allows you to control the scanning of ELF files. -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -# Default: yes -#ScanELF yes - -# With this option clamav will try to detect broken executables (both PE and -# ELF) and mark them as Broken.Executable. -# Default: no -#DetectBrokenExecutables yes - - -## -## Documents -## - -# This option enables scanning of OLE2 files, such as Microsoft Office -# documents and .msi files. -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -# Default: yes -#ScanOLE2 yes - -# With this option enabled OLE2 files with VBA macros, which were not -# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". -# Default: no -#OLE2BlockMacros no - -# This option enables scanning within PDF files. -# If you turn off this option, the original files will still be scanned, but -# without decoding and additional processing. -# Default: yes -#ScanPDF yes - -# This option enables scanning within SWF files. -# If you turn off this option, the original files will still be scanned, but -# without decoding and additional processing. -# Default: yes -#ScanSWF yes - - -## -## Mail files -## - -# Enable internal e-mail scanner. -# If you turn off this option, the original files will still be scanned, but -# without parsing individual messages/attachments. -# Default: yes -#ScanMail yes - -# Scan RFC1341 messages split over many emails. -# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. -# WARNING: This option may open your system to a DoS attack. -# Never use it on loaded servers. -# Default: no -#ScanPartialMessages yes - -# With this option enabled ClamAV will try to detect phishing attempts by using -# signatures. -# Default: yes -#PhishingSignatures yes - -# Scan URLs found in mails for phishing attempts using heuristics. -# Default: yes -#PhishingScanURLs yes - -# Always block SSL mismatches in URLs, even if the URL isn't in the database. -# This can lead to false positives. -# -# Default: no -#PhishingAlwaysBlockSSLMismatch no - -# Always block cloaked URLs, even if URL isn't in database. -# This can lead to false positives. -# -# Default: no -#PhishingAlwaysBlockCloak no - -# Detect partition intersections in raw disk images using heuristics. -# Default: no -#PartitionIntersection no - -# Allow heuristic match to take precedence. -# When enabled, if a heuristic scan (such as phishingScan) detects -# a possible virus/phish it will stop scan immediately. Recommended, saves CPU -# scan-time. -# When disabled, virus/phish detected by heuristic scans will be reported only at -# the end of a scan. If an archive contains both a heuristically detected -# virus/phish, and a real malware, the real malware will be reported -# -# Keep this disabled if you intend to handle "*.Heuristics.*" viruses -# differently from "real" malware. -# If a non-heuristically-detected virus (signature-based) is found first, -# the scan is interrupted immediately, regardless of this config option. -# -# Default: no -#HeuristicScanPrecedence yes - - -## -## Data Loss Prevention (DLP) -## - -# Enable the DLP module -# Default: No -#StructuredDataDetection yes - -# This option sets the lowest number of Credit Card numbers found in a file -# to generate a detect. -# Default: 3 -#StructuredMinCreditCardCount 5 - -# This option sets the lowest number of Social Security Numbers found -# in a file to generate a detect. -# Default: 3 -#StructuredMinSSNCount 5 - -# With this option enabled the DLP module will search for valid -# SSNs formatted as xxx-yy-zzzz -# Default: yes -#StructuredSSNFormatNormal yes - -# With this option enabled the DLP module will search for valid -# SSNs formatted as xxxyyzzzz -# Default: no -#StructuredSSNFormatStripped yes - - -## -## HTML -## - -# Perform HTML normalisation and decryption of MS Script Encoder code. -# Default: yes -# If you turn off this option, the original files will still be scanned, but -# without additional processing. -#ScanHTML yes - - -## -## Archives -## - -# ClamAV can scan within archives and compressed files. -# If you turn off this option, the original files will still be scanned, but -# without unpacking and additional processing. -# Default: yes -#ScanArchive yes - -# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). -# Default: no -#ArchiveBlockEncrypted no - - -## -## Limits -## - -# The options below protect your system against Denial of Service attacks -# using archive bombs. - -# This option sets the maximum amount of data to be scanned for each input file. -# Archives and other containers are recursively extracted and scanned up to this -# value. -# Value of 0 disables the limit -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 100M -#MaxScanSize 150M - -# Files larger than this limit won't be scanned. Affects the input file itself -# as well as files contained inside it (when the input file is an archive, a -# document or some other kind of container). -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 25M -#MaxFileSize 30M - -# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR -# file, all files within it will also be scanned. This options specifies how -# deeply the process should be continued. -# Note: setting this limit too high may result in severe damage to the system. -# Default: 16 -#MaxRecursion 10 - -# Number of files to be scanned within an archive, a document, or any other -# container file. -# Value of 0 disables the limit. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10000 -#MaxFiles 15000 - -# Maximum size of a file to check for embedded PE. Files larger than this value -# will skip the additional analysis step. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10M -#MaxEmbeddedPE 10M - -# Maximum size of a HTML file to normalize. HTML files larger than this value -# will not be normalized or scanned. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 10M -#MaxHTMLNormalize 10M - -# Maximum size of a normalized HTML file to scan. HTML files larger than this -# value after normalization will not be scanned. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 2M -#MaxHTMLNoTags 2M - -# Maximum size of a script file to normalize. Script content larger than this -# value will not be normalized or scanned. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 5M -#MaxScriptNormalize 5M - -# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger -# than this value will skip the step to potentially reanalyze as PE. -# Note: disabling this limit or setting it too high may result in severe damage -# to the system. -# Default: 1M -#MaxZipTypeRcg 1M - -# This option sets the maximum number of partitions of a raw disk image to be scanned. -# Raw disk images with more partitions than this value will have up to the value number -# partitions scanned. Negative values are not allowed. -# Note: setting this limit too high may result in severe damage or impact performance. -# Default: 50 -#MaxPartitions 128 - -# This option sets the maximum number of icons within a PE to be scanned. -# PE files with more icons than this value will have up to the value number icons scanned. -# Negative values are not allowed. -# WARNING: setting this limit too high may result in severe damage or impact performance. -# Default: 100 -#MaxIconsPE 200 - -## -## On-access Scan Settings -## - -# Enable on-access scanning. Currently, this is supported via fanotify. -# Clamuko/Dazuko support has been deprecated. -# Default: no -#ScanOnAccess yes - -# Don't scan files larger than OnAccessMaxFileSize -# Value of 0 disables the limit. -# Default: 5M -#OnAccessMaxFileSize 10M - -# Set the include paths (all files inside them will be scanned). You can have -# multiple OnAccessIncludePath directives but each directory must be added -# in a separate line. (On-access scan only) -# Default: disabled -#OnAccessIncludePath /home -#OnAccessIncludePath /students - -# Set the exclude paths. All subdirectories are also excluded. -# (On-access scan only) -# Default: disabled -#OnAccessExcludePath /home/bofh - -# With this option you can whitelist specific UIDs. Processes with these UIDs -# will be able to access all files. -# This option can be used multiple times (one per line). -# Default: disabled -#OnAccessExcludeUID 0 - - -## -## Bytecode -## - -# With this option enabled ClamAV will load bytecode from the database. -# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. -# Default: yes -#Bytecode yes - -# Set bytecode security level. -# Possible values: -# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS -# This value is only available if clamav was built with --enable-debug! -# TrustSigned - trust bytecode loaded from signed .c[lv]d files, -# insert runtime safety checks for bytecode loaded from other sources -# Paranoid - don't trust any bytecode, insert runtime checks for all -# Recommended: TrustSigned, because bytecode in .cvd files already has these checks -# Note that by default only signed bytecode is loaded, currently you can only -# load unsigned bytecode in --enable-debug mode. -# -# Default: TrustSigned -#BytecodeSecurity TrustSigned - -# Set bytecode timeout in miliseconds. -# -# Default: 5000 -# BytecodeTimeout 1000 - -## -## Statistics gathering and submitting -## - -# Enable statistical reporting. -# Default: no -#StatsEnabled yes - -# Disable submission of individual PE sections for files flagged as malware. -# Default: no -#StatsPEDisabled yes - -# HostID in the form of an UUID to use when submitting statistical information. -# Default: auto -#StatsHostID auto - -# Time in seconds to wait for the stats server to come back with a response -# Default: 10 -#StatsTimeout 10 diff --git a/meta-security/recipes-security/clamav/files/freshclam-native.conf b/meta-security/recipes-security/clamav/files/freshclam-native.conf deleted file mode 100644 index aaa8cf464..000000000 --- a/meta-security/recipes-security/clamav/files/freshclam-native.conf +++ /dev/null @@ -1,224 +0,0 @@ -# Path to the database directory. -# WARNING: It must match clamd.conf's directive! -# Default: hardcoded (depends on installation options) -#DatabaseDirectory /var/lib/clamav - -# Path to the log file (make sure it has proper permissions) -# Default: disabled -#UpdateLogFile /var/log/clamav/freshclam.log - -# Maximum size of the log file. -# Value of 0 disables the limit. -# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) -# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). -# in bytes just don't use modifiers. If LogFileMaxSize is enabled, -# log rotation (the LogRotate option) will always be enabled. -# Default: 1M -LogFileMaxSize 2M - -# Log time with each message. -# Default: no -LogTime yes - -# Enable verbose logging. -# Default: no -#LogVerbose yes - -# Use system logger (can work together with UpdateLogFile). -# Default: no -#LogSyslog yes - -# Specify the type of syslog messages - please refer to 'man syslog' -# for facility names. -# Default: LOG_LOCAL6 -#LogFacility LOG_MAIL - -# Enable log rotation. Always enabled when LogFileMaxSize is enabled. -# Default: no -#LogRotate yes - -# This option allows you to save the process identifier of the daemon -# Default: disabled -#PidFile /var/run/freshclam.pid - -# By default when started freshclam drops privileges and switches to the -# "clamav" user. This directive allows you to change the database owner. -# Default: clamav (may depend on installation options) -DatabaseOwner clamav - -# Initialize supplementary group access (freshclam must be started by root). -# Default: no -#AllowSupplementaryGroups yes - -# Use DNS to verify virus database version. Freshclam uses DNS TXT records -# to verify database and software versions. With this directive you can change -# the database verification domain. -# WARNING: Do not touch it unless you're configuring freshclam to use your -# own database verification domain. -# Default: current.cvd.clamav.net -#DNSDatabaseInfo current.cvd.clamav.net - -# Uncomment the following line and replace XY with your country -# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. -# You can use db.XY.ipv6.clamav.net for IPv6 connections. -#DatabaseMirror db.XY.clamav.net - -# database.clamav.net is a round-robin record which points to our most -# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is -# not working. DO NOT TOUCH the following line unless you know what you -# are doing. -DatabaseMirror database.clamav.net - -# How many attempts to make before giving up. -# Default: 3 (per mirror) -#MaxAttempts 5 - -# With this option you can control scripted updates. It's highly recommended -# to keep it enabled. -# Default: yes -#ScriptedUpdates yes - -# By default freshclam will keep the local databases (.cld) uncompressed to -# make their handling faster. With this option you can enable the compression; -# the change will take effect with the next database update. -# Default: no -#CompressLocalDatabase no - -# With this option you can provide custom sources (http:// or file://) for -# database files. This option can be used multiple times. -# Default: no custom URLs -#DatabaseCustomURL http://myserver.com/mysigs.ndb -#DatabaseCustomURL file:///mnt/nfs/local.hdb - -# This option allows you to easily point freshclam to private mirrors. -# If PrivateMirror is set, freshclam does not attempt to use DNS -# to determine whether its databases are out-of-date, instead it will -# use the If-Modified-Since request or directly check the headers of the -# remote database files. For each database, freshclam first attempts -# to download the CLD file. If that fails, it tries to download the -# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo -# and ScriptedUpdates. It can be used multiple times to provide -# fall-back mirrors. -# Default: disabled -#PrivateMirror mirror1.mynetwork.com -#PrivateMirror mirror2.mynetwork.com - -# Number of database checks per day. -# Default: 12 (every two hours) -#Checks 24 - -# Proxy settings -# Default: disabled -#HTTPProxyServer myproxy.com -#HTTPProxyPort 1234 -#HTTPProxyUsername myusername -#HTTPProxyPassword mypass - -# If your servers are behind a firewall/proxy which applies User-Agent -# filtering you can use this option to force the use of a different -# User-Agent header. -# Default: clamav/version_number -#HTTPUserAgent SomeUserAgentIdString - -# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for -# multi-homed systems. -# Default: Use OS'es default outgoing IP address. -#LocalIPAddress aaa.bbb.ccc.ddd - -# Send the RELOAD command to clamd. -# Default: no -#NotifyClamd /path/to/clamd.conf - -# Run command after successful database update. -# Default: disabled -#OnUpdateExecute command - -# Run command when database update process fails. -# Default: disabled -#OnErrorExecute command - -# Run command when freshclam reports outdated version. -# In the command string %v will be replaced by the new version number. -# Default: disabled -#OnOutdatedExecute command - -# Don't fork into background. -# Default: no -#Foreground yes - -# Enable debug messages in libclamav. -# Default: no -#Debug yes - -# Timeout in seconds when connecting to database server. -# Default: 30 -#ConnectTimeout 60 - -# Timeout in seconds when reading from database server. -# Default: 30 -#ReceiveTimeout 60 - -# With this option enabled, freshclam will attempt to load new -# databases into memory to make sure they are properly handled -# by libclamav before replacing the old ones. -# Default: yes -#TestDatabases yes - -# When enabled freshclam will submit statistics to the ClamAV Project about -# the latest virus detections in your environment. The ClamAV maintainers -# will then use this data to determine what types of malware are the most -# detected in the field and in what geographic area they are. -# Freshclam will connect to clamd in order to get recent statistics. -# Default: no -#SubmitDetectionStats /path/to/clamd.conf - -# Country of origin of malware/detection statistics (for statistical -# purposes only). The statistics collector at ClamAV.net will look up -# your IP address to determine the geographical origin of the malware -# reported by your installation. If this installation is mainly used to -# scan data which comes from a different location, please enable this -# option and enter a two-letter code (see http://www.iana.org/domains/root/db/) -# of the country of origin. -# Default: disabled -#DetectionStatsCountry country-code - -# This option enables support for our "Personal Statistics" service. -# When this option is enabled, the information on malware detected by -# your clamd installation is made available to you through our website. -# To get your HostID, log on http://www.stats.clamav.net and add a new -# host to your host list. Once you have the HostID, uncomment this option -# and paste the HostID here. As soon as your freshclam starts submitting -# information to our stats collecting service, you will be able to view -# the statistics of this clamd installation by logging into -# http://www.stats.clamav.net with the same credentials you used to -# generate the HostID. For more information refer to: -# http://www.clamav.net/documentation.html#cctts -# This feature requires SubmitDetectionStats to be enabled. -# Default: disabled -#DetectionStatsHostID unique-id - -# This option enables support for Google Safe Browsing. When activated for -# the first time, freshclam will download a new database file (safebrowsing.cvd) -# which will be automatically loaded by clamd and clamscan during the next -# reload, provided that the heuristic phishing detection is turned on. This -# database includes information about websites that may be phishing sites or -# possible sources of malware. When using this option, it's mandatory to run -# freshclam at least every 30 minutes. -# Freshclam uses the ClamAV's mirror infrastructure to distribute the -# database and its updates but all the contents are provided under Google's -# terms of use. See http://www.google.com/transparencyreport/safebrowsing -# and http://www.clamav.net/documentation.html#safebrowsing -# for more information. -# Default: disabled -#SafeBrowsing yes - -# This option enables downloading of bytecode.cvd, which includes additional -# detection mechanisms and improvements to the ClamAV engine. -# Default: enabled -#Bytecode yes - -# Download an additional 3rd party signature database distributed through -# the ClamAV mirrors. -# This option can be used multiple times. -#ExtraDatabase dbname1 -#ExtraDatabase dbname2 diff --git a/meta-security/recipes-security/clamav/files/freshclam.conf b/meta-security/recipes-security/clamav/files/freshclam.conf deleted file mode 100644 index 100724f16..000000000 --- a/meta-security/recipes-security/clamav/files/freshclam.conf +++ /dev/null @@ -1,224 +0,0 @@ -# Path to the database directory. -# WARNING: It must match clamd.conf's directive! -# Default: hardcoded (depends on installation options) -DatabaseDirectory /var/lib/clamav - -# Path to the log file (make sure it has proper permissions) -# Default: disabled -UpdateLogFile /var/log/clamav/freshclam.log - -# Maximum size of the log file. -# Value of 0 disables the limit. -# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) -# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). -# in bytes just don't use modifiers. If LogFileMaxSize is enabled, -# log rotation (the LogRotate option) will always be enabled. -# Default: 1M -LogFileMaxSize 2M - -# Log time with each message. -# Default: no -LogTime yes - -# Enable verbose logging. -# Default: no -#LogVerbose yes - -# Use system logger (can work together with UpdateLogFile). -# Default: no -#LogSyslog yes - -# Specify the type of syslog messages - please refer to 'man syslog' -# for facility names. -# Default: LOG_LOCAL6 -#LogFacility LOG_MAIL - -# Enable log rotation. Always enabled when LogFileMaxSize is enabled. -# Default: no -#LogRotate yes - -# This option allows you to save the process identifier of the daemon -# Default: disabled -PidFile /var/run/freshclam.pid - -# By default when started freshclam drops privileges and switches to the -# "clamav" user. This directive allows you to change the database owner. -# Default: clamav (may depend on installation options) -DatabaseOwner clamav - -# Initialize supplementary group access (freshclam must be started by root). -# Default: no -#AllowSupplementaryGroups yes - -# Use DNS to verify virus database version. Freshclam uses DNS TXT records -# to verify database and software versions. With this directive you can change -# the database verification domain. -# WARNING: Do not touch it unless you're configuring freshclam to use your -# own database verification domain. -# Default: current.cvd.clamav.net -#DNSDatabaseInfo current.cvd.clamav.net - -# Uncomment the following line and replace XY with your country -# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. -# You can use db.XY.ipv6.clamav.net for IPv6 connections. -#DatabaseMirror db.XY.clamav.net - -# database.clamav.net is a round-robin record which points to our most -# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is -# not working. DO NOT TOUCH the following line unless you know what you -# are doing. -DatabaseMirror database.clamav.net - -# How many attempts to make before giving up. -# Default: 3 (per mirror) -#MaxAttempts 5 - -# With this option you can control scripted updates. It's highly recommended -# to keep it enabled. -# Default: yes -#ScriptedUpdates yes - -# By default freshclam will keep the local databases (.cld) uncompressed to -# make their handling faster. With this option you can enable the compression; -# the change will take effect with the next database update. -# Default: no -#CompressLocalDatabase no - -# With this option you can provide custom sources (http:// or file://) for -# database files. This option can be used multiple times. -# Default: no custom URLs -#DatabaseCustomURL http://myserver.com/mysigs.ndb -#DatabaseCustomURL file:///mnt/nfs/local.hdb - -# This option allows you to easily point freshclam to private mirrors. -# If PrivateMirror is set, freshclam does not attempt to use DNS -# to determine whether its databases are out-of-date, instead it will -# use the If-Modified-Since request or directly check the headers of the -# remote database files. For each database, freshclam first attempts -# to download the CLD file. If that fails, it tries to download the -# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo -# and ScriptedUpdates. It can be used multiple times to provide -# fall-back mirrors. -# Default: disabled -#PrivateMirror mirror1.mynetwork.com -#PrivateMirror mirror2.mynetwork.com - -# Number of database checks per day. -# Default: 12 (every two hours) -#Checks 24 - -# Proxy settings -# Default: disabled -#HTTPProxyServer myproxy.com -#HTTPProxyPort 1234 -#HTTPProxyUsername myusername -#HTTPProxyPassword mypass - -# If your servers are behind a firewall/proxy which applies User-Agent -# filtering you can use this option to force the use of a different -# User-Agent header. -# Default: clamav/version_number -#HTTPUserAgent SomeUserAgentIdString - -# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for -# multi-homed systems. -# Default: Use OS'es default outgoing IP address. -#LocalIPAddress aaa.bbb.ccc.ddd - -# Send the RELOAD command to clamd. -# Default: no -#NotifyClamd /path/to/clamd.conf - -# Run command after successful database update. -# Default: disabled -#OnUpdateExecute command - -# Run command when database update process fails. -# Default: disabled -#OnErrorExecute command - -# Run command when freshclam reports outdated version. -# In the command string %v will be replaced by the new version number. -# Default: disabled -#OnOutdatedExecute command - -# Don't fork into background. -# Default: no -#Foreground yes - -# Enable debug messages in libclamav. -# Default: no -#Debug yes - -# Timeout in seconds when connecting to database server. -# Default: 30 -#ConnectTimeout 60 - -# Timeout in seconds when reading from database server. -# Default: 30 -#ReceiveTimeout 60 - -# With this option enabled, freshclam will attempt to load new -# databases into memory to make sure they are properly handled -# by libclamav before replacing the old ones. -# Default: yes -#TestDatabases yes - -# When enabled freshclam will submit statistics to the ClamAV Project about -# the latest virus detections in your environment. The ClamAV maintainers -# will then use this data to determine what types of malware are the most -# detected in the field and in what geographic area they are. -# Freshclam will connect to clamd in order to get recent statistics. -# Default: no -#SubmitDetectionStats /path/to/clamd.conf - -# Country of origin of malware/detection statistics (for statistical -# purposes only). The statistics collector at ClamAV.net will look up -# your IP address to determine the geographical origin of the malware -# reported by your installation. If this installation is mainly used to -# scan data which comes from a different location, please enable this -# option and enter a two-letter code (see http://www.iana.org/domains/root/db/) -# of the country of origin. -# Default: disabled -#DetectionStatsCountry country-code - -# This option enables support for our "Personal Statistics" service. -# When this option is enabled, the information on malware detected by -# your clamd installation is made available to you through our website. -# To get your HostID, log on http://www.stats.clamav.net and add a new -# host to your host list. Once you have the HostID, uncomment this option -# and paste the HostID here. As soon as your freshclam starts submitting -# information to our stats collecting service, you will be able to view -# the statistics of this clamd installation by logging into -# http://www.stats.clamav.net with the same credentials you used to -# generate the HostID. For more information refer to: -# http://www.clamav.net/documentation.html#cctts -# This feature requires SubmitDetectionStats to be enabled. -# Default: disabled -#DetectionStatsHostID unique-id - -# This option enables support for Google Safe Browsing. When activated for -# the first time, freshclam will download a new database file (safebrowsing.cvd) -# which will be automatically loaded by clamd and clamscan during the next -# reload, provided that the heuristic phishing detection is turned on. This -# database includes information about websites that may be phishing sites or -# possible sources of malware. When using this option, it's mandatory to run -# freshclam at least every 30 minutes. -# Freshclam uses the ClamAV's mirror infrastructure to distribute the -# database and its updates but all the contents are provided under Google's -# terms of use. See http://www.google.com/transparencyreport/safebrowsing -# and http://www.clamav.net/documentation.html#safebrowsing -# for more information. -# Default: disabled -#SafeBrowsing yes - -# This option enables downloading of bytecode.cvd, which includes additional -# detection mechanisms and improvements to the ClamAV engine. -# Default: enabled -#Bytecode yes - -# Download an additional 3rd party signature database distributed through -# the ClamAV mirrors. -# This option can be used multiple times. -#ExtraDatabase dbname1 -#ExtraDatabase dbname2 diff --git a/meta-security/recipes-security/clamav/files/tmpfiles.clamav b/meta-security/recipes-security/clamav/files/tmpfiles.clamav deleted file mode 100644 index fd5adfeeb..000000000 --- a/meta-security/recipes-security/clamav/files/tmpfiles.clamav +++ /dev/null @@ -1,3 +0,0 @@ -#Type Path Mode UID GID Age Argument -d /var/log/clamav 0755 clamav clamav - -f /var/log/clamav/freshclam.log 0644 clamav clamav - diff --git a/meta-security/recipes-security/clamav/files/volatiles.03_clamav b/meta-security/recipes-security/clamav/files/volatiles.03_clamav deleted file mode 100644 index ee2153cab..000000000 --- a/meta-security/recipes-security/clamav/files/volatiles.03_clamav +++ /dev/null @@ -1,3 +0,0 @@ -# <type> <owner> <group> <mode> <path> <linksource> -d clamav clamav 0755 /var/log/clamav none -f clamav clamav 0655 /var/log/clamav/freshclam.log none |