clamav 0.96.2_2 security =347

Command line virus scanner written entirely in C
Maintained by: garga@FreeBSD.org
Port Added: 20 Jan 2003 03:42:13

---

---

This the stable version of Clam Antivirus.
Clam Antivirus is command line virus scanner written entirely in C
and its database is kept up to date. It also detects polymorphic
viruses, scans compressed files and supported by AMaViS.
Optionally you can use the clamav-milter interface to connect
clamav with sendmail.

WWW: http://www.clamav.net/

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

Required To Build: lang/python26, devel/libcheck, devel/gmake
Required To Run: archivers/arc, archivers/arj, archivers/lha, archivers/unzoo

---

To install the port: cd /usr/ports/security/clamav/ && make install clean
To add the package: pkg_add -r clamav

---

Configuration Options

===> The following configuration options are available for clamav-0.96.2_2:
     ARC=On (default) "Enable arch archives support"
     ARJ=On (default) "Enable arj archives support"
     LHA=On (default) "Enable lha archives support"
     UNZOO=On (default) "Enable zoo archives support"
     UNRAR=On (default) "Enable rar archives support"
     LLVM=On (default) "Enable JIT Bytecode compiler"
     MILTER=Off (default) "Compile the milter interface"
     LDAP=Off (default) "libmilter was built with LDAP"
     ICONV=Off (default) "Enable ICONV support"
     STDERR=Off (default) "Print logs to stderr instead of stdout"
     EXPERIMENTAL=Off (default) "Build experimental code"
===> Use 'make config' to modify these settings

---

Master Sites:

http://heanet.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://sunet.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://iweb.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://switch.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://surfnet.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://kent.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://freefr.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://voxel.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://jaist.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://osdn.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://nchc.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://transact.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://softlayer.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://internode.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://biznetnetworks.dl.sourceforge.net/project/clamav/clamav/0.96.2/

http://ufpr.dl.sourceforge.net/project/clamav/clamav/0.96.2/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

• 2009-03-27

  Affects: users of security/clamav

  Author: garga@FreeBSD.org

  Reason: 
    After version 0.95 clamav-milter does not accept parameters by command
    line.  If you are using $clamav_milter_flags on rc.conf to set its
    parameters you will need to move to new ${PREFIX}/etc/clamav-milter.conf.
  
  



• 2008-04-16

  Affects: users of security/clamav

  Author: garga@FreeBSD.org

  Reason: 
    Clamav 0.93 does not support the daily.inc and main.inc directories format
    for virus databases.  You need to remove these directories manually and
    force freshclam to get new cvd format files before starting clamd:
  
  	portupgrade clamav
  	/usr/local/etc/rc.d/clamav-clamd stop
  	/usr/local/etc/rc.d/clamav-freshclam stop
  	rm -rf /var/db/clamav/main.inc /var/db/clamav/daily.inc
  	freshclam
  	/usr/local/etc/rc.d/clamav-freshclam start
  	/usr/local/etc/rc.d/clamav-clamd start
  
  



• 2007-02-15

  Affects: users of security/clamav

  Author: garga@FreeBSD.org

  Reason: 
    Since version 0.90, clamd.conf and clamav.conf have changed their syntax.
    All parameters can now be turned on/off using a boolean value (0,1) or
    (on,off) or (true,false), the old crude hack of "DisableDefaultScanOptions"
    is no longer required.
  
    Please, check ${PREFIX}/etc/(clamd|freshclam).conf.default and make needed
    changes on your conf files.
  
  



• 2004-12-22

  Affects: users of security/clamav, security/clamav-devel

  Author: jylefort@brutele.be

  Reason: 
    The ClamAV database path has changed from /usr/local/share/clamav to
    /var/db/clamav. You should update the DatabaseDirectory keyword in
    /usr/local/etc/clamd.conf and /usr/local/etc/freshclam.conf.
  
  



• 2004-10-14

  Affects: users of security/clamav

  Author: eik@FreeBSD.org

  Reason: 
    The configuration file for the clamd daemon has changed from
    /usr/local/etc/clamav.conf to /usr/local/etc/clamd.conf.
  
  

- Fix bytecode problem on FreeBSD 7.1
- Bump PORTREVISION

PR:             ports/150243
Submitted by:   Frank Wall <fw@moov.de>
Obtained from:  https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2235

Add LICENSE

- Fix CPU assumptions for amd64
- Bump PORTREVISION

PR:             ports/149637
Submitted by:   Michael Scheidell <scheidell@secnap.net>
Obtained from:  https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2201

pav@ noted LICENSE code don't work fine with ports using @cwd in plist, and
it'll be fixed soon. Remove LICENSE from clamav ports for now.

Update to 0.96.2

Add LICENSE

Gcc 4.2+ is only needed to build clamav with LLVM/JIT support, remove this
dependency when LLVM is not set.

Submitted by:   Guy Antony Halse <G.Halse@ru.ac.za>

Update to 0.96.1

Disable LLVM/JIT build for sparc64, it should unbreak it on this arch

- Use ${TOUCH} instead of touch
- Fix pkg-plist to delete directories installed out of PREFIX (on /var) [1]
- Bump PORTREVISION because of [1]

PR:             ports/145448 [1]
Submitted by:   sahil@ [1]

Unit tests require python built with thread support, disable make check when
local python doesn't have this

PR:             ports/145520
Submitted by:   Michael Scheidell <scheidell at secnap.net>

Python and gmaker are needed just if LLVM option is set

- Reduce differences between it and security/clamav-devel
- Make JIT bytecode compiler as an OPTION, On by default [1]

PR:             ports/145435 [1]
Submitted by:   Alexander Wittig <alexander at wittig.name> [1]

- Remove duplicated BUILD_DEPENDS

- Update to 0.96
- Fix error on make check when LC_ALL != en and subversion is installed [1]

PR:             ports/145340 [1]
Submitted by:   Alexander Wittig <alexander@wittig.name> [1]
Obtained from:  https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1922 [1]

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

Execute a "make check" at post-build target, add libcheck as a dependency for it

After some requests, change permission of clamav-milter socket to 0777

Update to 0.95.3

Fix a few "bad example" problems in the rc.d scripts that have been
propogated by copy and paste.

1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).

No PORTREVISION bumps because all of these changes are noops.

- Update to 0.95.2

PR:             ports/135501
Submitted by:   Alexey V.Degtyarev <alexey@renatasystems.org>

- Add reload option to startup script, it calls clamdscan --reload, a faster
  way to reload clam data without need restart
- Bump PORTREVISION

PR:             ports/133868
Submitted by:   Michael Scheidell <scheidell@secnap.net>

- Update to 0.95.1 and fix clamav-milter

- Remove wrong patch added on last commit

- Mark clamav-milter as BROKEN since it's not working. I updated clamav-devel
  to a version that have the fix and won't update it anymore until 0.95.1 is
  released

- Update to 0.95

- Mark MAKE_JOBS_SAFE for SMP compilation

PR:             ports/132969
Approved by:    garga (maintainer, via ICQ)

- Update to 0.94.2

- Remove libtools from depends and use its own version, without it next
  versions will stop building
- Remove --disable-zlib-vcheck from CONFIGURE_ARGS to fix a warning on
  configure

- Update to 0.94.1
- Add --libdir to CONFIGURE_ARGS to fix libdir detection under 6.x

- Fix pkg-plist
- Bump PORTREVISION

Reported by:    QAT
Approved by:    portmgr (pav)

- Forced commit to note the Security vulnerability fixed on last commit

Approved by:    portmgr (pav)
Security:       CVE-2008-1389
                https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089

- Update security/clamav to 0.94 [1] and fix a remote DoS [2]
- Chase libclamav version bump on all dependant ports
- Bump necessary PORTREVISIONS
- Fix some BROKEN messages from ports that were already broken with clamav-0.93
- Mark security/klamav as BROKEN since it doesn't build with clamav-0.94

PR:             ports/127122 [1], ports/127310 [2]
Submitted by:   Gary Palmer <freebsd-gnats@in-addr.com> [1], delphij [2]
Approved by:    portmgr (pav)

- Change pre-install: target to pre-su-install: since user and group are
  created there (via pkg-install), and it must be done as root.
- While i'm here, fix the same on clamav-devel port

PR:             ports/126701
Submitted by:   grog

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk

- Permit to ser owner and group to clamav milter socket [1]
- Remove @ to show some install commands, and add -v to cp
- Install clamav-milter doc
- User CHOWN and CHMOD from bsd.commands.mk

PR:             ports/126069 [1]
Submitted by:   Matthew D. Fuller <fullermd@over-yonder.net> [1]

- Fix wrong error message in clamav-milter startup script

PR:             ports/126575
Submitted by:   Paul Toirkens <paul@sapphire.toirkens.com>

- Last change on clamav-milter startup script doesn't work if used with inet[6]
  sockets, fixing it now.

No bump PORTREVISION needed since MILTER option is off by default

Reported by:    Gregory Shapiro <gshapiro@gshapiro.net>
Tested by:      Gregory Shapiro <gshapiro@gshapiro.net>

- Update to 0.93.3
- Change clamav-milter startup script to wait clamav-milter socket be created
  before try to chmod it [1]

PR:             ports/124643 [1]
Submitted by:   Adrian Thearle <adrian@thearle.com.au> [1]

- Fix checking of database viruses at startup script that i broke on last
  commit
- Bump PORTREVISION again

Submitted by:   George L. Yermulnik <yz@iptcom.net>
Pointyhat to:   me

- Fix clamd startup script to support cld containers for virus databases
- Bump PORTREVISION

Reported by:    Robert Huff <roberthuff@rcn.com>

- Forgot to remove one conditional about PTHREAD_LIB on last commit

- Remove < 6.1 conditional since it's no longer supported

- Update to 0.93.1

- Fix default clamd socket name: clamd -> clamd.sock
- Some cosmetic changes (indentation)
- sort pkg-plist
- Add option on clamav-milter startup script to change socket permissions
  (tested on clamav-devel)
- Bump PORTREVISION

- Update to 0.93

This version fixes lock problem reported at ports/122534

Most important changes:
 *libclamav:
   - New logic in scan limits: provides much more efficient protection against
     DoS attacks but also results in different command line and config options
     to clamscan and clamd (see below)
   - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
     entity converter
   - Improved filetype detection; filetype definitions can be remotely updated
   - Support for .cld containers (which replace .inc directories)
   - Improved pattern matcher and signature formats
   - More efficient scanning of HTML files

- Fix a thread problem on FreeBSD 5.x forcing it to use -lpthread [1]
- Fix a problem on pkg-install, when umask is not default, it create dirs with
  wrong permissions [2]
- Bump PORTREVISION

PR:             ports/120885 [2]
Submitted by:   dmx@dmx.org.ru [2]
Noticed by:     havp pointyhat via pav

- Update to 0.92.1 (bugfix release) [1]
- Fix distinfo, removing unrar.diff entry since this file don't exist more. [2]

PR:             ports/120547 [1], ports/120574 [2]
Submitted by:   Michael Scheidell <scheidell@secnap.net> [1], delphij [2]

- Add an OPTION ICONV to fix a problem that can be caused by auto detection.
  No PORTREVISION bump necessary since it's off by default.

- Update security/clamav to 0.92
- Add a new OPTION (RAR) because unrar code is optional to fix a license
  issue
- Some cosmetic changes
- Chase library version bump and bump PORTREVISION of all dependant ports

Approved by:    portmgr (pav)
Security:       CVE-2007-6335, CVE-2007-6336, CVE-2007-6337

Unbreak pthread-related issues on 5.x

Approved by:    portmgr

- Update to 0.91.2

PR:             ports/115682
Submitted by:   Michael Scheidell <scheidell@secnap.net>

Fix clamav-milter startup script to don't wait clamd socket when it's using tcp
socket

PR:             ports/115353 (Based on)
Submitted by:   Alexander Shikoff <minotaur@crete.org.ua>

- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
  supports them.  This is determined by running ``configure --help'' in
  do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
  which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
  Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
  PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
  subdirectory detection.

PR:             ports/111470
Approved by:    portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by:      pointyhat exp run

- Update to 0.91.1

PR:             ports/114643
Submitted by:   Michael Scheidell <scheidell@secnap.net>

- Update to 0.91
- Remove CURL option because it's not needed anymore

- Change clamav-milter rc.d script, now it just wait for clamd socket if
  clamav_clamd_enable is set.

PR:             ports/111545
Submitted by:   Craig Leres <leres@ee.lbl.gov>

- Update to 0.90.3
- Remove unzoo support (clam doesn't support it anymore)

PR:             ports/113174
Submitted by:   Michael Scheidell <scheidell@secnap.net>

- Make arc, arj, lha and unzoo achives support dependency as OPTIONS enabled by
  default. Clamav can run fine without these guys. PORTREVISION bump is not
  needed since final package is the same.

PR:             ports/113087
Submitted by:   baptiste.daroussin@gmail.com

- Fix build with gethostbyname_r just after 601103 instead 600000
- Bump PORTREVISION

Reported by:    security <security@jim-liesl.org>
Submitted by:   Craig Butler <craig001@lerwick.hopto.org>

Forced commit to note last commit fix a security problem.

Security:       CVE-2007-2029

- Update to 0.90.2
- Add a patch to increase performance of clamd in threaded systems [1]
- Change clamav-milter rc.d script to use a var to determine seconds of timeout
  to wait clamd socket be started [2]
- Add support to gethostbyname_r() on FreeBSD 6 and above [3]
- Install clamav-config.h [3]
- Fix all dependencies for klamav work fine [3]

PR:             ports/111130 [2], ports/111478 [3]
Submitted by:   Anton Yuzhaninov <citrin@rambler-co.ru> [1]
                Denis Eremenko <moonshade@pnhz.kz> [2]
                Anderson S. Ferreira <anderson@cnpm.embrapa.br> [3]
Obtained from:  https://wwws.clamav.net/bugzilla/show_bug.cgi?id=434 [1]

Bump PORTREVISION for last changes

Pointy Hat to:  mbr

And unbreak support for older FreeBSDs where libthr/libpthread did not exist.

PR:     110334

Only use libthr for FreeBSD > 6.1

- Update clamav to 0.90.1
- Use -lthr to build clamav since it has problems with libpthread
- Bump PORTREVISION of dependant ports, libclamav version was bumped
- Fix clamcour to build with clamav-0.90.x using patch sent by maintainer

Fix pthread lib for clamav-milter

PR:             ports/109792
Submitted by:   Eugene Grosbein <eugen@kuzbass.ru>

Change the way to patch configure to respect ${PTHREAD_LIBS} to a better one.

- Fix problems with thread caused by a bad REINPLACE_CMD.
- Bump PORTREVISION

Reported by:    many users

Fix clamav-milter startup script like was done on clamav-devel, to make it wait
clamd socket before start.

Submitted by:   ache@

- Fix 'integer constant is too large for "long" type' warning [1]
- Convert one patch to REINPLACE_CMD
- Force to use ${PREFIX}/lib/libmilter.a if it's installed
- Fix sendmail binary detection using --with-sendmail instead SENDMAIL envvar
- Add EXPERIMENTAL OPTION to build with --enable-experimental
- Remove DESTDIR/TARGETDIR since it's useless for now
- Bump PORTREVISION

Submitted by:   stas@ at #bsdports [1]
Thanks to:      stas@ and simon@ [1]

- Fix sed used on (clamd|freshclam).conf to new format
- Add LDAP as an OPTION
- Bump PORTREVISION

Spoted by:      ache@

- Update to 0.90
- Cleanup a little bit

PR:             ports/109185 (Based on)
Submitted by:   Michael Scheidell <scheidell@secnap.net>

Update the ftp/curl port to 7.16.0.
Bump PORTREVISION of all dependent ports.
Fix the build errors in the few ports that still use the long deprecated,
and now obsoleted, cURL options.

Thanks to everyone who took the time to look over the patch!

Discussed on:   -ports

- Update clamav to 0.88.7

PR:             106620
Submitted by:   Michael Scheidell <scheidell___secnap.net>
Approved by:    maintainer timeout (18 hours)
With hat:       secteam
Security:       http://secunia.com/advisories/23347/,
http://www.quantenblog.net/security/virus-scanner-bypass

Forced commit to note las one was:

PR:             ports/105198
Submitted by:   Samm & <root@ukrlex.net>

Update to 0.88.6

- Update to 0.88.5
- portlint(1)

Approved by:    portmgr (mnag with secteam hat), garga (maintainer)
Security:      
http://lurker.clamav.net/message/20061016.015114.dc6a8930.en.html,
                http://secunia.com/advisories/22370/

Respect DESTDIR

Reworked by:    gabor
Tested by:      gabor

- Update to 0.88.4
- Use USE_LDCONFIG instead obsolete INSTALLS_SHLIB
- Use new MASTER_SITES magic to SF

Security:       http://www.clamav.net/security/0.88.4.html

Update to 0.88.3

- Add an option to print logs on stderr instead stdout, it's useful to catch
  logs and use on smtp log. In preparation to update spamcontro to 2.4 series.
- s/unarj/arj/ on clamscan man [1]
- Bump PORTREVISION because man change

Reported by:    Anton Yuzhaninov <citrin at citrin.ru> [1]

Depend of archivers/arj instead archivers/unarj

Use archivers/unzoo on DEPENDS instead zoo

Proposed by:    Anton Yuzhaninov <citrin at citrin.ru>

Chase gmp library and bump PORTREVISION.

Update to 0.88.2

Take over maintainership

Approved by:    maintainer by email

- Update to 0.88.1 -- Fix multiple vulnerabilities
 * CVE-2006-1614
    Damian Put discovered an integer overflow in the PE header parser.
    This is only exploitable if the ArchiveMaxFileSize option is disabled.
 * CVE-2006-1615
    Format string vulnerabilities in the logging code have been discovered,
    which might lead to the execution of arbitrary code.
 * CVE-2006-1630
    David Luyer discovered, that ClamAV can be tricked into an invalid
    memory access in the cli_bitset_set() function, which may lead to
    a denial of service.

- Use USE_RC_SUBR=script

PR:             ports/95403
Submitted by:   garga
Approved by:    maintainer timeout (mnag on behalf of secteam)
Security:       VuXML 6a5174bd-c580-11da-9110-00123ffe8333

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

Remove the FreeBSD KEYWORD from all rc.d scripts where it appears.
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.

Update to 0.88, a possible heap overflow in the UPX code has been fixed

PR:             91593
Submitted by:   Boris B. Samorodov <bsam@ipt.ru>
Approved by:    simon (secteam)
Security:       612a34ec-81dc-11da-a043-0002a5c3d308 (VuXML)

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

Update to 0.87.1

PR:             88482
Submitted by:   garga
Approved by:    rob@debank.tv (simon bypass maintainer timeout)
Security:       CAN-2005-3303,
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html

Fix package list when use LIBUNRAR
If use LIBUNRAR don't need archivers/unrar
Remake patches to work without autotools
Bump PORTREVISION

PR:             87338
Approved by:    Rob <rob@debank.tv> (maintainer)

Fix using of libunrar in OPTIONS variable.

Noted by:       ache

Allow clamav to use rar 3 archives using archivers/libunrar.

PR:             86510
Submitted by:   Alex Samorukov <samm@os2.kiev.ua>,
                Rob <r.evers@nedstat.com> (maintainer)

- presrve downloaded cvd files on deinstall
Approved by:    Rob Evers

Fix build with milter on FreeBSD 4.X.

- Update to 0.87

PR:             ports/86276
Submitted by:   dawnshade <h-k@mail.ru>
Approved by:    maintainer timeout (3 days)
                timeout rushed by simon (secteam hat)
Security:       CAN-2005-2919, CAN-2005-2920,
                http://www.secunia.com/advisories/16848/

- Bandaid compilation on FreeBSD 5.2.1

PR:             ports/84131
Submitted by:   Thorolf <thorolf@grid.einherjar.de>
Approved by:    maintainer timeout (1 month)

5 vulnerabilities affecting 13 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities