diff -Naur clamav-0.98.3/etc/clamav-milter.conf.sample clamav-0.98.3.oden/etc/clamav-milter.conf.sample --- clamav-0.98.3/etc/clamav-milter.conf.sample 2014-05-06 20:39:56.000000000 +0200 +++ clamav-0.98.3.oden/etc/clamav-milter.conf.sample 2014-05-16 09:01:10.130997997 +0200 @@ -2,10 +2,6 @@ ## Example config file for clamav-milter ## -# Comment or remove the line below. -Example - - ## ## Main options ## @@ -19,6 +15,7 @@ # Default: no default #MilterSocket /tmp/clamav-milter.socket #MilterSocket inet:7357 +MilterSocket /var/lib/clamav/clamav-milter.socket # Define the group ownership for the (unix) milter socket. # Default: disabled (the primary group of the user running clamd) @@ -31,17 +28,17 @@ # Remove stale socket after unclean shutdown. # # Default: yes -#FixStaleSocket yes +FixStaleSocket yes # Run as another user (clamav-milter must be started by root for this option to work) # # Default: unset (don't drop privileges) -#User clamav +User clamav # Initialize supplementary group access (clamav-milter must be started by root). # # Default: no -#AllowSupplementaryGroups no +AllowSupplementaryGroups yes # Waiting for data from clamd will timeout after this time (seconds). # Value of 0 disables the timeout. @@ -64,12 +61,12 @@ # daemon (main thread). # # Default: disabled -#PidFile /var/run/clamav-milter.pid +PidFile /var/run/clamav/clamav-milter.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). # -#TemporaryDirectory /var/tmp +TemporaryDirectory /var/lib/clamav/tmp ## ## Clamd options @@ -91,6 +88,7 @@ # # Default: no default #ClamdSocket tcp:scanner.mydomain:7357 +ClamdSocket unix:/var/lib/clamav/clamd.socket ## @@ -212,7 +210,7 @@ # A full path is required. # # Default: disabled -#LogFile /tmp/clamav-milter.log +LogFile /var/log/clamav/clamav-milter.log # By default the log file is locked for writing - the lock protects against # running clamav-milter multiple times. @@ -250,7 +248,7 @@ # Enable verbose logging. # # Default: no -#LogVerbose yes +LogVerbose yes # Enable log rotation. Always enabled when LogFileMaxSize is enabled. # Default: no diff -Naur clamav-0.98.3/etc/clamd.conf.sample clamav-0.98.3.oden/etc/clamd.conf.sample --- clamav-0.98.3/etc/clamd.conf.sample 2014-05-06 20:39:56.000000000 +0200 +++ clamav-0.98.3.oden/etc/clamd.conf.sample 2014-05-16 09:01:24.222998785 +0200 @@ -3,15 +3,11 @@ ## Please read the clamd.conf(5) manual before editing this file. ## - -# Comment or remove the line below. -Example - # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled -#LogFile /tmp/clamd.log +LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please @@ -50,7 +46,7 @@ # Enable verbose logging. # Default: no -#LogVerbose yes +LogVerbose yes # Enable log rotation. Always enabled when LogFileMaxSize is enabled. # Default: no @@ -63,15 +59,15 @@ # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled -#PidFile /var/run/clamd.pid +PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). -#TemporaryDirectory /var/tmp +TemporaryDirectory /var/lib/clamav/tmp # Path to the database directory. # Default: hardcoded (depends on installation options) -#DatabaseDirectory /var/lib/clamav +DatabaseDirectory /var/lib/clamav # Only load the official signatures published by the ClamAV project. # Default: no @@ -82,7 +78,7 @@ # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) -#LocalSocket /tmp/clamd.socket +LocalSocket /var/lib/clamav/clamd.socket # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) @@ -94,7 +90,7 @@ # Remove stale socket after unclean shutdown. # Default: yes -#FixStaleSocket yes +FixStaleSocket yes # TCP port address. # Default: no @@ -129,11 +125,11 @@ # Maximum number of threads running at the same time. # Default: 10 -#MaxThreads 20 +MaxThreads 64 # Waiting for data from a client socket will timeout after this time (seconds). # Default: 120 -#ReadTimeout 300 +ReadTimeout 300 # This option specifies the time (in seconds) after which clamd should # timeout if a client doesn't provide any initial command after connecting. @@ -153,7 +149,7 @@ # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) # # Default: 100 -#MaxQueue 200 +MaxQueue 200 # Waiting for a new job will timeout after this time (seconds). # Default: 30 @@ -171,11 +167,11 @@ # Follow directory symlinks. # Default: no -#FollowDirectorySymlinks yes +FollowDirectorySymlinks yes # Follow regular file symlinks. # Default: no -#FollowFileSymlinks yes +FollowFileSymlinks yes # Scan files and directories on other filesystems. # Default: yes @@ -192,11 +188,11 @@ # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges -#User clamav +User clamav # Initialize supplementary group access (clamd must be started by root). # Default: no -#AllowSupplementaryGroups no +AllowSupplementaryGroups yes # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes @@ -265,7 +261,7 @@ # and Petite. If you turn off this option, the original files will still be # scanned, but without additional processing. # Default: yes -#ScanPE yes +ScanPE yes # Certain PE files contain an authenticode signature. By default, we check # the signature chain in the PE file against a database of trusted and @@ -299,7 +295,7 @@ # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanOLE2 yes +ScanOLE2 yes # With this option enabled OLE2 files with VBA macros, which were not # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". @@ -327,7 +323,7 @@ # If you turn off this option, the original files will still be scanned, but # without parsing individual messages/attachments. # Default: yes -#ScanMail yes +ScanMail yes # Scan RFC1341 messages split over many emails. # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. @@ -339,7 +335,7 @@ # With this option enabled ClamAV will try to detect phishing attempts by using # signatures. # Default: yes -#PhishingSignatures yes +PhishingSignatures yes # Scan URLs found in mails for phishing attempts using heuristics. # Default: yes @@ -369,9 +365,9 @@ # the end of a scan. If an archive contains both a heuristically detected # virus/phish, and a real malware, the real malware will be reported # -# Keep this disabled if you intend to handle "*.Heuristics.*" viruses +# Keep this disabled if you intend to handle "*.Heuristics.*" viruses # differently from "real" malware. -# If a non-heuristically-detected virus (signature-based) is found first, +# If a non-heuristically-detected virus (signature-based) is found first, # the scan is interrupted immediately, regardless of this config option. # # Default: no @@ -415,7 +411,7 @@ # Default: yes # If you turn off this option, the original files will still be scanned, but # without additional processing. -#ScanHTML yes +ScanHTML yes ## @@ -426,7 +422,7 @@ # If you turn off this option, the original files will still be scanned, but # without unpacking and additional processing. # Default: yes -#ScanArchive yes +ScanArchive yes # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: no @@ -589,7 +585,7 @@ # Enable statistical reporting. # Default: no -#StatsEnabled yes +StatsEnabled no # Disable submission of individual PE sections for files flagged as malware. # Default: no diff -Naur clamav-0.98.3/etc/freshclam.conf.sample clamav-0.98.3.oden/etc/freshclam.conf.sample --- clamav-0.98.3/etc/freshclam.conf.sample 2014-05-06 20:39:56.000000000 +0200 +++ clamav-0.98.3.oden/etc/freshclam.conf.sample 2014-05-16 09:01:10.144997998 +0200 @@ -3,18 +3,14 @@ ## Please read the freshclam.conf(5) manual before editing this file. ## - -# Comment or remove the line below. -Example - # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) -#DatabaseDirectory /var/lib/clamav +DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled -#UpdateLogFile /var/log/freshclam.log +UpdateLogFile /var/log/clamav/freshclam.log # Maximum size of the log file. # Value of 0 disables the limit. @@ -31,7 +27,7 @@ # Enable verbose logging. # Default: no -#LogVerbose yes +LogVerbose yes # Use system logger (can work together with UpdateLogFile). # Default: no @@ -48,16 +44,16 @@ # This option allows you to save the process identifier of the daemon # Default: disabled -#PidFile /var/run/freshclam.pid +PidFile /var/run/clamav/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) -#DatabaseOwner clamav +DatabaseOwner clamav # Initialize supplementary group access (freshclam must be started by root). # Default: no -#AllowSupplementaryGroups yes +AllowSupplementaryGroups yes # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. With this directive you can change @@ -65,7 +61,7 @@ # WARNING: Do not touch it unless you're configuring freshclam to use your # own database verification domain. # Default: current.cvd.clamav.net -#DNSDatabaseInfo current.cvd.clamav.net +DNSDatabaseInfo current.cvd.clamav.net # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. @@ -80,12 +76,12 @@ # How many attempts to make before giving up. # Default: 3 (per mirror) -#MaxAttempts 5 +MaxAttempts 5 # With this option you can control scripted updates. It's highly recommended # to keep it enabled. # Default: yes -#ScriptedUpdates yes +ScriptedUpdates yes # By default freshclam will keep the local databases (.cld) uncompressed to # make their handling faster. With this option you can enable the compression; @@ -114,7 +110,7 @@ # Number of database checks per day. # Default: 12 (every two hours) -#Checks 24 +Checks 24 # Proxy settings # Default: disabled @@ -136,7 +132,7 @@ # Send the RELOAD command to clamd. # Default: no -#NotifyClamd /path/to/clamd.conf +NotifyClamd /etc/clamd.conf # Run command after successful database update. # Default: disabled