github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 13:24:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Avoid clamav fixes if clamav is disabled

Browse source
This commit is contained in:
myvesta 2021-11-14 20:01:21 +01:00 committed by GitHub
commit d9202d91b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 61 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

119
src/deb/vesta/postinst
View file

@ -141,48 +141,68 @@ if [ "$check_cron" -eq 0 ]; then
crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -
fi
# make sure clamav-daemon.service has mkdir fix
if [ -f "/lib/systemd/system/clamav-daemon.service" ]; then
check_grep=$(grep -c 'mkdir' /lib/systemd/system/clamav-daemon.service)
if [ "$check_grep" -eq 0 ]; then
echo "=== patching clamav-daemon.service"
exec_pre1='ExecStartPre=-/bin/mkdir -p /var/run/clamav'
exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /var/run/clamav'
sed -i "s|\[Service\]|[Service]\n$exec_pre1\n$exec_pre2|g" /lib/systemd/system/clamav-daemon.service
systemctl daemon-reload
systemctl restart clamav-daemon
systemctl restart clamav-freshclam
fi
fi
# reverting to default clamd sock
if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v3" ]; then
touch /usr/local/vesta/data/upgrades/change-clamav-socket-v3
if [ -f "/etc/clamav/clamd.conf" ]; then
sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/exim4/exim4.conf.template
fi
if [ -f "/lib/systemd/system/clamav-daemon.socket" ]; then
sed -i "s#/var/lib/clamav/clamd.sock#/run/clamav/clamd.ctl#g" /lib/systemd/system/clamav-daemon.socket
fi
systemctl daemon-reload
systemctl restart clamav-daemon
systemctl restart clamav-freshclam
if [ -f "/etc/exim4/exim4.conf.template" ]; then
systemctl restart exim4
fi
fi
fi
# reverting to default clamd sock
if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v4" ]; then
touch /usr/local/vesta/data/upgrades/change-clamav-socket-v4
if [ -f "/etc/clamav/clamd.conf" ]; then
check_grep=$(grep -c '/var/lib/clamav/clamd.ctl' /etc/clamav/clamd.conf)
if [ "$check_grep" -eq 1 ]; then
sed -i "s#/var/lib/clamav/clamd.ctl#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf
unit_files="$(systemctl list-unit-files | grep clamav-daemon)"
if [[ ! "$unit_files" =~ "disabled" ]]; then
# make sure clamav-daemon.service has mkdir fix
if [ -f "/lib/systemd/system/clamav-daemon.service" ]; then
check_grep=$(grep -c 'mkdir' /lib/systemd/system/clamav-daemon.service)
if [ "$check_grep" -eq 0 ]; then
echo "=== patching clamav-daemon.service"
exec_pre1='ExecStartPre=-/bin/mkdir -p /var/run/clamav'
exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /var/run/clamav'
sed -i "s|\[Service\]|[Service]\n$exec_pre1\n$exec_pre2|g" /lib/systemd/system/clamav-daemon.service
systemctl daemon-reload
systemctl restart clamav-daemon
systemctl restart clamav-freshclam
fi
fi
# reverting to default clamd sock
if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v3" ]; then
touch /usr/local/vesta/data/upgrades/change-clamav-socket-v3
if [ -f "/etc/clamav/clamd.conf" ]; then
sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/exim4/exim4.conf.template
fi
if [ -f "/lib/systemd/system/clamav-daemon.socket" ]; then
sed -i "s#/var/lib/clamav/clamd.sock#/run/clamav/clamd.ctl#g" /lib/systemd/system/clamav-daemon.socket
fi
systemctl daemon-reload
systemctl restart clamav-daemon
systemctl restart clamav-freshclam
if [ -f "/etc/exim4/exim4.conf.template" ]; then
systemctl restart exim4
fi
fi
fi
# reverting to default clamd sock
if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v4" ]; then
touch /usr/local/vesta/data/upgrades/change-clamav-socket-v4
if [ -f "/etc/clamav/clamd.conf" ]; then
check_grep=$(grep -c '/var/lib/clamav/clamd.ctl' /etc/clamav/clamd.conf)
if [ "$check_grep" -eq 1 ]; then
sed -i "s#/var/lib/clamav/clamd.ctl#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf
systemctl restart clamav-daemon
fi
fi
fi
# Block executable files inside zip/rar/tar archives in ClamAV
if [ ! -f "/usr/local/vesta/data/upgrades/clamav_block_exe_in_archives" ]; then
touch /usr/local/vesta/data/upgrades/clamav_block_exe_in_archives
if [ -f "/etc/exim4/exim4.conf.template" ]; then
check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template)
if [ "$check_grep" -eq 0 ]; then
folder="/var/lib/clamav"
if [ -d "$folder" ]; then
echo "=== Blocking executable files inside zip/rar/tar archives in ClamAV"
wget -nv -O $folder/foxhole_all.cdb http://c.myvestacp.com/tools/clamav/foxhole_all.cdb
chown clamav:clamav $folder/foxhole_all.cdb
service clamav-daemon restart
fi
fi
fi
fi
fi
@ -204,23 +224,6 @@ if [ "$release" -eq 9 ] || [ "$release" -eq 10 ]; then
fi
fi
# Block executable files inside zip/rar/tar archives in ClamAV
if [ ! -f "/usr/local/vesta/data/upgrades/clamav_block_exe_in_archives" ]; then
touch /usr/local/vesta/data/upgrades/clamav_block_exe_in_archives
if [ -f "/etc/exim4/exim4.conf.template" ]; then
check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template)
if [ "$check_grep" -eq 0 ]; then
folder="/var/lib/clamav"
if [ -d "$folder" ]; then
echo "=== Blocking executable files inside zip/rar/tar archives in ClamAV"
wget -nv -O $folder/foxhole_all.cdb http://c.myvestacp.com/tools/clamav/foxhole_all.cdb
chown clamav:clamav $folder/foxhole_all.cdb
service clamav-daemon restart
fi
fi
fi
fi
# Clearing letsencrypt pipe
if [ ! -f "/usr/local/vesta/data/upgrades/clearing-letsencrypt-pipe" ]; then
touch /usr/local/vesta/data/upgrades/clearing-letsencrypt-pipe