From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Oguz Bektas <o.bektas@proxmox.com>, pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pmg-api 1/2] clamav: remove deprecated SafeBrowsing
Date: Tue, 27 Apr 2021 12:26:09 +0200 [thread overview]
Message-ID: <d2b5a4b2-361e-28da-1cf8-0fe0aee7b5d6@proxmox.com> (raw)
In-Reply-To: <20210426142125.1875120-2-o.bektas@proxmox.com>
On 26.04.21 16:21, Oguz Bektas wrote:
> see
> https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
links tend to 404, and more important, as probably told >100 times, the why is
important to actually have in the commit message.
Just including a sentence that this specific DB was discontinued in 2019
due to legal reasons would be close to zero work and give some context.
A short docs or wiki (whatever stoiko prefers) about how one can create their
own such signature DB[0] and use it in PMG if they have access to the Google
Safe Browsing service [1] would be quite probably good too.
[0]: https://github.com/Cisco-Talos/clamav-safebrowsing
[1]: https://safebrowsing.google.com/
>
> * remove from freshclam.conf.in template
> * remove from description
> * default to 0 just to be sure
> * if 'safebrowsing' set in pmg.conf, this is now ignored
>
> note about removing the option in PMG 7.0
>
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
> src/PMG/Config.pm | 9 +++++----
> src/PMG/Utils.pm | 3 ---
> src/templates/freshclam.conf.in | 3 +--
> 3 files changed, 6 insertions(+), 9 deletions(-)
>
> diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
> index 155990b..719b451 100755
> --- a/src/PMG/Config.pm
> +++ b/src/PMG/Config.pm
> @@ -186,7 +186,7 @@ sub properties {
> type => 'string',
> },
> clamav_heuristic_score => {
> - description => "Score for ClamAV heuristics (Encrypted Archives/Documents, Google Safe Browsing database, PhishingScanURLs, ...).",
> + description => "Score for ClamAV heuristics (Encrypted Archives/Documents, PhishingScanURLs, ...).",
> type => 'integer',
> minimum => 0,
> maximum => 1000,
> @@ -388,10 +388,11 @@ sub properties {
> minimum => 0,
> default => 0,
> },
> + # FIXME: remove for PMG 7.0 - https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
> safebrowsing => {
> - description => "Enables support for Google Safe Browsing.",
> + description => "Enables support for Google Safe Browsing. (deprecated option, will be ignored)",
> type => 'boolean',
> - default => 1
> + default => 0
> },
> scriptedupdates => {
> description => "Enables ScriptedUpdates (incremental download of signatures)",
> @@ -410,7 +411,7 @@ sub options {
> maxscansize => { optional => 1 },
> dbmirror => { optional => 1 },
> maxcccount => { optional => 1 },
> - safebrowsing => { optional => 1 },
> + safebrowsing => { optional => 1 }, # FIXME: remove for PMG 7.0
> scriptedupdates => { optional => 1},
> };
> }
> diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
> index 51d6c70..43a866d 100644
> --- a/src/PMG/Utils.pm
> +++ b/src/PMG/Utils.pm
> @@ -861,9 +861,6 @@ sub clamav_dbstat {
> $filename = "/var/lib/clamav/bytecode.cvd";
> $read_cvd_info->('bytecode', $filename) if -f $filename;
>
> - $filename = "/var/lib/clamav/safebrowsing.cvd";
> - $read_cvd_info->('safebrowsing', $filename) if -f $filename;
> -
> my $ss_dbs_fn = "/var/lib/clamav-unofficial-sigs/configs/ss-include-dbs.txt";
> my $ss_dbs_files = {};
> if (my $ssfh = IO::File->new("<${ss_dbs_fn}")) {
> diff --git a/src/templates/freshclam.conf.in b/src/templates/freshclam.conf.in
> index b915511..03a19d4 100644
> --- a/src/templates/freshclam.conf.in
> +++ b/src/templates/freshclam.conf.in
> @@ -6,7 +6,7 @@ LogFileMaxSize 0
> Foreground false
> Debug false
> MaxAttempts 5
> -Checks [% IF pmg.clamav.safebrowsing %]48[% ELSE %]24[% END %]
> +Checks 24
> DatabaseDirectory /var/lib/clamav/
> PidFile /var/run/clamav/freshclam.pid
> DatabaseMirror [% pmg.clamav.dbmirror %]
> @@ -15,7 +15,6 @@ ScriptedUpdates [% IF pmg.clamav.scriptedupdates %]true[% ELSE %]false[% END %]
> CompressLocalDatabase no
> NotifyClamd /etc/clamav/clamd.conf
> Bytecode true
> -SafeBrowsing [% IF pmg.clamav.safebrowsing %]true[% ELSE %]false[% END %]
> DNSDatabaseInfo current.cvd.clamav.net
> [% IF proxy.host %]
> HTTPProxyServer [% proxy.host %]
>
next prev parent reply other threads:[~2021-04-27 10:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-26 14:21 [pmg-devel] SPAM: [PATCH 0/2] remove clamav safebrowsing Oguz Bektas
2021-04-26 14:21 ` [pmg-devel] [PATCH pmg-api 1/2] clamav: remove deprecated SafeBrowsing Oguz Bektas
2021-04-27 10:26 ` Thomas Lamprecht [this message]
2021-04-26 14:21 ` [pmg-devel] [PATCH pmg-gui 2/2] remove deprecated safebrowsing from clamav tab Oguz Bektas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d2b5a4b2-361e-28da-1cf8-0fe0aee7b5d6@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=o.bektas@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal