From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Oguz Bektas <o.bektas@proxmox.com>, pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pmg-api 1/2] clamav: remove deprecated SafeBrowsing
Date: Tue, 27 Apr 2021 12:26:09 +0200 [thread overview]
Message-ID: <d2b5a4b2-361e-28da-1cf8-0fe0aee7b5d6@proxmox.com> (raw)
In-Reply-To: <20210426142125.1875120-2-o.bektas@proxmox.com>
On 26.04.21 16:21, Oguz Bektas wrote:
> see
> https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
links tend to 404, and more important, as probably told >100 times, the why is
important to actually have in the commit message.
Just including a sentence that this specific DB was discontinued in 2019
due to legal reasons would be close to zero work and give some context.
A short docs or wiki (whatever stoiko prefers) about how one can create their
own such signature DB[0] and use it in PMG if they have access to the Google
Safe Browsing service [1] would be quite probably good too.
[0]: https://github.com/Cisco-Talos/clamav-safebrowsing
[1]: https://safebrowsing.google.com/
>
> * remove from freshclam.conf.in template
> * remove from description
> * default to 0 just to be sure
> * if 'safebrowsing' set in pmg.conf, this is now ignored
>
> note about removing the option in PMG 7.0
>
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
> src/PMG/Config.pm | 9 +++++----
> src/PMG/Utils.pm | 3 ---
> src/templates/freshclam.conf.in | 3 +--
> 3 files changed, 6 insertions(+), 9 deletions(-)
>
> diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
> index 155990b..719b451 100755
> --- a/src/PMG/Config.pm
> +++ b/src/PMG/Config.pm
> @@ -186,7 +186,7 @@ sub properties {
> type => 'string',
> },
> clamav_heuristic_score => {
> - description => "Score for ClamAV heuristics (Encrypted Archives/Documents, Google Safe Browsing database, PhishingScanURLs, ...).",
> + description => "Score for ClamAV heuristics (Encrypted Archives/Documents, PhishingScanURLs, ...).",
> type => 'integer',
> minimum => 0,
> maximum => 1000,
> @@ -388,10 +388,11 @@ sub properties {
> minimum => 0,
> default => 0,
> },
> + # FIXME: remove for PMG 7.0 - https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
> safebrowsing => {
> - description => "Enables support for Google Safe Browsing.",
> + description => "Enables support for Google Safe Browsing. (deprecated option, will be ignored)",
> type => 'boolean',
> - default => 1
> + default => 0
> },
> scriptedupdates => {
> description => "Enables ScriptedUpdates (incremental download of signatures)",
> @@ -410,7 +411,7 @@ sub options {
> maxscansize => { optional => 1 },
> dbmirror => { optional => 1 },
> maxcccount => { optional => 1 },
> - safebrowsing => { optional => 1 },
> + safebrowsing => { optional => 1 }, # FIXME: remove for PMG 7.0
> scriptedupdates => { optional => 1},
> };
> }
> diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
> index 51d6c70..43a866d 100644
> --- a/src/PMG/Utils.pm
> +++ b/src/PMG/Utils.pm
> @@ -861,9 +861,6 @@ sub clamav_dbstat {
> $filename = "/var/lib/clamav/bytecode.cvd";
> $read_cvd_info->('bytecode', $filename) if -f $filename;
>
> - $filename = "/var/lib/clamav/safebrowsing.cvd";
> - $read_cvd_info->('safebrowsing', $filename) if -f $filename;
> -
> my $ss_dbs_fn = "/var/lib/clamav-unofficial-sigs/configs/ss-include-dbs.txt";
> my $ss_dbs_files = {};
> if (my $ssfh = IO::File->new("<${ss_dbs_fn}")) {
> diff --git a/src/templates/freshclam.conf.in b/src/templates/freshclam.conf.in
> index b915511..03a19d4 100644
> --- a/src/templates/freshclam.conf.in
> +++ b/src/templates/freshclam.conf.in
> @@ -6,7 +6,7 @@ LogFileMaxSize 0
> Foreground false
> Debug false
> MaxAttempts 5
> -Checks [% IF pmg.clamav.safebrowsing %]48[% ELSE %]24[% END %]
> +Checks 24
> DatabaseDirectory /var/lib/clamav/
> PidFile /var/run/clamav/freshclam.pid
> DatabaseMirror [% pmg.clamav.dbmirror %]
> @@ -15,7 +15,6 @@ ScriptedUpdates [% IF pmg.clamav.scriptedupdates %]true[% ELSE %]false[% END %]
> CompressLocalDatabase no
> NotifyClamd /etc/clamav/clamd.conf
> Bytecode true
> -SafeBrowsing [% IF pmg.clamav.safebrowsing %]true[% ELSE %]false[% END %]
> DNSDatabaseInfo current.cvd.clamav.net
> [% IF proxy.host %]
> HTTPProxyServer [% proxy.host %]
>
next prev parent reply other threads:[~2021-04-27 10:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-26 14:21 [pmg-devel] SPAM: [PATCH 0/2] remove clamav safebrowsing Oguz Bektas
2021-04-26 14:21 ` [pmg-devel] [PATCH pmg-api 1/2] clamav: remove deprecated SafeBrowsing Oguz Bektas
2021-04-27 10:26 ` Thomas Lamprecht [this message]
2021-04-26 14:21 ` [pmg-devel] [PATCH pmg-gui 2/2] remove deprecated safebrowsing from clamav tab Oguz Bektas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d2b5a4b2-361e-28da-1cf8-0fe0aee7b5d6@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=o.bektas@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox