Mailing List Archive: [clamav-users] Packaging ClamAV

[clamav-users] Packaging ClamAV

Aug 12, 2019, 4:33 AM

Post #1 of 12 (461 views)

Hi,
I am currently trying to help with packaging ClamAV for ClearOS, based
on the EPEL and FC repos. One thing I have noticed is that they
pre-package virus signatures which both makes the package large and the
signatures are necessarily out of date as soon as they are packaged.

As clamd won't start without any signatures, I was wondering if it were
possible to provide stub files for main.cvd, daily.cvd and bytecode.cvd
so clamd can successfully start while, at the same time, firing off a
"freshclam" on installation to get new signatures.

If this is not possible, what other strategies are available to package
ClamAV without signatures but automatically start clamd on installation?

Thanks,

Nick

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 12, 2019, 5:25 AM

Post #2 of 12 (461 views)

Permalink

main.cvd rarely changes (last update was Jan 2018), it is only when
the daily gets so large they push a bunch of signatures over. Bytecode
also does not get updated very often. Really the only things are daily
& safebrowsing (if enabled) that change regularly.

Since the are 'signed' files, there's really no way for a 3rd party to
fudge them (afaik).

I don't think it would be wise to include stub files, because if there
is a network issue during install a person could falsely believe that
their installation was successful and being protected, when they
really aren't. Even if you are including files that are slightly
outdated, that's giving them some level of protection out of the box.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

nick at howitts

Aug 12, 2019, 6:47 AM

Post #3 of 12 (460 views)

Permalink

On 12/08/2019 13:25, J.R. via clamav-users wrote:
> main.cvd rarely changes (last update was Jan 2018), it is only when
> the daily gets so large they push a bunch of signatures over. Bytecode
> also does not get updated very often. Really the only things are daily
> & safebrowsing (if enabled) that change regularly.
>
> Since the are 'signed' files, there's really no way for a 3rd party to
> fudge them (afaik).
>
> I don't think it would be wise to include stub files, because if there
> is a network issue during install a person could falsely believe that
> their installation was successful and being protected, when they
> really aren't. Even if you are including files that are slightly
> outdated, that's giving them some level of protection out of the box.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Thanks for replying.
Are you suggesting just packaging main.cvd and not packaging daily.cvd
or bytecode.cvd?

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 12, 2019, 7:06 AM

Post #4 of 12 (460 views)

Permalink

I would suggest not packaging them at all, and they should be downloaded from the update servers the first time the update is ran.

> On Aug 12, 2019, at 9:47 AM, Nick Howitt <nick@howitts.co.uk> wrote:
>
> On 12/08/2019 13:25, J.R. via clamav-users wrote:
>> main.cvd rarely changes (last update was Jan 2018), it is only when
>> the daily gets so large they push a bunch of signatures over. Bytecode
>> also does not get updated very often. Really the only things are daily
>> & safebrowsing (if enabled) that change regularly.
>>
>> Since the are 'signed' files, there's really no way for a 3rd party to
>> fudge them (afaik).
>>
>> I don't think it would be wise to include stub files, because if there
>> is a network issue during install a person could falsely believe that
>> their installation was successful and being protected, when they
>> really aren't. Even if you are including files that are slightly
>> outdated, that's giving them some level of protection out of the box.
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> Thanks for replying.
> Are you suggesting just packaging main.cvd and not packaging daily.cvd or bytecode.cvd?
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

nick at howitts

Aug 12, 2019, 8:19 AM

Post #5 of 12 (460 views)

Permalink

Then you can't start clamd on installation?

On 12/08/2019 15:06, Joel Esler (jesler) via clamav-users wrote:
> I would suggest not packaging them at all, and they should be downloaded from the update servers the first time the update is ran.
>
>> On Aug 12, 2019, at 9:47 AM, Nick Howitt <nick@howitts.co.uk> wrote:
>>
>> On 12/08/2019 13:25, J.R. via clamav-users wrote:
>>> main.cvd rarely changes (last update was Jan 2018), it is only when
>>> the daily gets so large they push a bunch of signatures over. Bytecode
>>> also does not get updated very often. Really the only things are daily
>>> & safebrowsing (if enabled) that change regularly.
>>>
>>> Since the are 'signed' files, there's really no way for a 3rd party to
>>> fudge them (afaik).
>>>
>>> I don't think it would be wise to include stub files, because if there
>>> is a network issue during install a person could falsely believe that
>>> their installation was successful and being protected, when they
>>> really aren't. Even if you are including files that are slightly
>>> outdated, that's giving them some level of protection out of the box.
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>> Thanks for replying.
>> Are you suggesting just packaging main.cvd and not packaging daily.cvd or bytecode.cvd?
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 12, 2019, 8:37 AM

Post #6 of 12 (460 views)

Permalink

On 12/08/2019, 16:21, "Nick Howitt" <nick@howitts.co.uk> wrote:
>
> Then you can't start clamd on installation?

Run a postinstall scriptlet that calls freshclam as part of the package installer, perhaps?

Graeme

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 12, 2019, 11:16 AM

Post #7 of 12 (460 views)

Permalink

> I would suggest not packaging them at all, and they
> should be downloaded from the update servers the
> first time the update is ran.

Ideally yes, I would agree.

However then you run into the edge-case of what if the machine has no
(or very limited) internet access? I *think* it's a requirement for
any package that it has to be able to run (even if there is some part
that is out-of-date).

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

nick at howitts

Aug 12, 2019, 1:49 PM

Post #8 of 12 (460 views)

Permalink

On 12/08/2019 19:16, J.R. via clamav-users wrote:
>> I would suggest not packaging them at all, and they
>> should be downloaded from the update servers the
>> first time the update is ran.
> Ideally yes, I would agree.
>
> However then you run into the edge-case of what if the machine has no
> (or very limited) internet access? I *think* it's a requirement for
> any package that it has to be able to run (even if there is some part
> that is out-of-date).
>
>
Interestingly, it seems clamd will just start with bytecode.cvd present,
so technically it appears to be possible just to package bytecode.cvd
and fire off a freshclam as part if the post-install. How does that sound?

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 12, 2019, 1:58 PM

Post #9 of 12 (460 views)

Permalink

On Monday, August 12, 2019 4:49:01 PM EDT Nick Howitt wrote:
> On 12/08/2019 19:16, J.R. via clamav-users wrote:
> >> I would suggest not packaging them at all, and they
> >> should be downloaded from the update servers the
> >> first time the update is ran.
> >
> > Ideally yes, I would agree.
> >
> > However then you run into the edge-case of what if the machine has no
> > (or very limited) internet access? I *think* it's a requirement for
> > any package that it has to be able to run (even if there is some part
> > that is out-of-date).
>
> Interestingly, it seems clamd will just start with bytecode.cvd present,
> so technically it appears to be possible just to package bytecode.cvd
> and fire off a freshclam as part if the post-install. How does that sound?

Presenting the user with a running clamd that has a very limited ability to
scan for threats seems misleading.

Scott K

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 12, 2019, 3:08 PM

Post #10 of 12 (460 views)

Permalink

Probably need to kick off freshclam as part of the install.

Sent from my ? iPhone

> On Aug 12, 2019, at 17:00, Scott Kitterman via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?On Monday, August 12, 2019 4:49:01 PM EDT Nick Howitt wrote:
>> On 12/08/2019 19:16, J.R. via clamav-users wrote:
>>>> I would suggest not packaging them at all, and they
>>>> should be downloaded from the update servers the
>>>> first time the update is ran.
>>>
>>> Ideally yes, I would agree.
>>>
>>> However then you run into the edge-case of what if the machine has no
>>> (or very limited) internet access? I *think* it's a requirement for
>>> any package that it has to be able to run (even if there is some part
>>> that is out-of-date).
>>
>> Interestingly, it seems clamd will just start with bytecode.cvd present,
>> so technically it appears to be possible just to package bytecode.cvd
>> and fire off a freshclam as part if the post-install. How does that sound?
>
> Presenting the user with a running clamd that has a very limited ability to
> scan for threats seems misleading.
>
> Scott K
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

tis at foobar

Aug 13, 2019, 4:46 AM

Post #11 of 12 (460 views)

Permalink

On Mon, 12 Aug 2019 15:37:47 +0000
Graeme Fowler via clamav-users <clamav-users@lists.clamav.net> wrote:

> On 12/08/2019, 16:21, "Nick Howitt" <nick@howitts.co.uk> wrote:
> >
> > Then you can't start clamd on installation?
>
> Run a postinstall scriptlet that calls freshclam as part of the
> package installer, perhaps?

Exactly. That's how I have done clamav packaging for years.

%post scriptlet has

if [ $1 -eq 1 ]; then
systemctl start freshclam.service >/dev/null 2>&1 || :
endif

So freshclam is run immediately from package install making sure
databases are there before anybody has time to even think starting
clamd.

--
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Packaging ClamAV [ In reply to ]

clamav-users at lists

Aug 13, 2019, 8:53 AM

Post #12 of 12 (449 views)

Permalink

> On Aug 13, 2019, at 7:46 AM, Tuomo Soini <tis@foobar.fi> wrote:
>
> On Mon, 12 Aug 2019 15:37:47 +0000
> Graeme Fowler via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>
>> On 12/08/2019, 16:21, "Nick Howitt" <nick@howitts.co.uk <mailto:nick@howitts.co.uk>> wrote:
>>>
>>> Then you can't start clamd on installation?
>>
>> Run a postinstall scriptlet that calls freshclam as part of the
>> package installer, perhaps?
>
> Exactly. That's how I have done clamav packaging for years.
>
> %post scriptlet has
>
> if [ $1 -eq 1 ]; then
> systemctl start freshclam.service >/dev/null 2>&1 || :
> endif
>
> So freshclam is run immediately from package install making sure
> databases are there before anybody has time to even think starting
> clamd.

This is ideal

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

Mailing List Archive

Attached Files:

Attached Files:

Attached Files: