public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Oguz Bektas <o.bektas@proxmox.com>, pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pmg-api 1/2] clamav: remove deprecated SafeBrowsing
Date: Tue, 27 Apr 2021 12:26:09 +0200	[thread overview]
Message-ID: <d2b5a4b2-361e-28da-1cf8-0fe0aee7b5d6@proxmox.com> (raw)
In-Reply-To: <20210426142125.1875120-2-o.bektas@proxmox.com>

On 26.04.21 16:21, Oguz Bektas wrote:
> see
> https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html

links tend to 404, and more important, as probably told >100 times, the why is
important to actually have in the commit message.

Just including a sentence that this specific DB was discontinued in 2019
due to legal reasons would be close to zero work and give some context.

A short docs or wiki (whatever stoiko prefers) about how one can create their
own such signature DB[0] and use it in PMG if they have access to the Google
Safe Browsing service [1] would be quite probably good too.

[0]: https://github.com/Cisco-Talos/clamav-safebrowsing
[1]: https://safebrowsing.google.com/

> 
> * remove from freshclam.conf.in template
> * remove from description
> * default to 0 just to be sure
> * if 'safebrowsing' set in pmg.conf, this is now ignored
> 
> note about removing the option in PMG 7.0
> 
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
>  src/PMG/Config.pm               | 9 +++++----
>  src/PMG/Utils.pm                | 3 ---
>  src/templates/freshclam.conf.in | 3 +--
>  3 files changed, 6 insertions(+), 9 deletions(-)
> 
> diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
> index 155990b..719b451 100755
> --- a/src/PMG/Config.pm
> +++ b/src/PMG/Config.pm
> @@ -186,7 +186,7 @@ sub properties {
>  	    type => 'string',
>  	},
>  	clamav_heuristic_score => {
> -	    description => "Score for ClamAV heuristics (Encrypted Archives/Documents, Google Safe Browsing database, PhishingScanURLs, ...).",
> +	    description => "Score for ClamAV heuristics (Encrypted Archives/Documents, PhishingScanURLs, ...).",
>  	    type => 'integer',
>  	    minimum => 0,
>  	    maximum => 1000,
> @@ -388,10 +388,11 @@ sub properties {
>  	    minimum => 0,
>  	    default => 0,
>  	},
> +	# FIXME: remove for PMG 7.0 - https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
>  	safebrowsing => {
> -	    description => "Enables support for Google Safe Browsing.",
> +	    description => "Enables support for Google Safe Browsing. (deprecated option, will be ignored)",
>  	    type => 'boolean',
> -	    default => 1
> +	    default => 0
>  	},
>  	scriptedupdates => {
>  	    description => "Enables ScriptedUpdates (incremental download of signatures)",
> @@ -410,7 +411,7 @@ sub options {
>  	maxscansize  => { optional => 1 },
>  	dbmirror => { optional => 1 },
>  	maxcccount => { optional => 1 },
> -	safebrowsing => { optional => 1 },
> +	safebrowsing => { optional => 1 }, # FIXME: remove for PMG 7.0
>  	scriptedupdates => { optional => 1},
>      };
>  }
> diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
> index 51d6c70..43a866d 100644
> --- a/src/PMG/Utils.pm
> +++ b/src/PMG/Utils.pm
> @@ -861,9 +861,6 @@ sub clamav_dbstat {
>      $filename = "/var/lib/clamav/bytecode.cvd";
>      $read_cvd_info->('bytecode', $filename) if -f $filename;
>  
> -    $filename = "/var/lib/clamav/safebrowsing.cvd";
> -    $read_cvd_info->('safebrowsing', $filename) if -f $filename;
> -
>      my $ss_dbs_fn = "/var/lib/clamav-unofficial-sigs/configs/ss-include-dbs.txt";
>      my $ss_dbs_files = {};
>      if (my $ssfh = IO::File->new("<${ss_dbs_fn}")) {
> diff --git a/src/templates/freshclam.conf.in b/src/templates/freshclam.conf.in
> index b915511..03a19d4 100644
> --- a/src/templates/freshclam.conf.in
> +++ b/src/templates/freshclam.conf.in
> @@ -6,7 +6,7 @@ LogFileMaxSize 0
>  Foreground false
>  Debug false
>  MaxAttempts 5
> -Checks [% IF pmg.clamav.safebrowsing %]48[% ELSE %]24[% END %]
> +Checks 24
>  DatabaseDirectory /var/lib/clamav/
>  PidFile /var/run/clamav/freshclam.pid
>  DatabaseMirror [% pmg.clamav.dbmirror %]
> @@ -15,7 +15,6 @@ ScriptedUpdates [% IF pmg.clamav.scriptedupdates %]true[% ELSE %]false[% END %]
>  CompressLocalDatabase no
>  NotifyClamd /etc/clamav/clamd.conf
>  Bytecode true
> -SafeBrowsing [% IF pmg.clamav.safebrowsing %]true[% ELSE %]false[% END %]
>  DNSDatabaseInfo current.cvd.clamav.net
>  [% IF proxy.host %]
>  HTTPProxyServer [% proxy.host %]
> 





  reply	other threads:[~2021-04-27 10:34 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-26 14:21 [pmg-devel] SPAM: [PATCH 0/2] remove clamav safebrowsing Oguz Bektas
2021-04-26 14:21 ` [pmg-devel] [PATCH pmg-api 1/2] clamav: remove deprecated SafeBrowsing Oguz Bektas
2021-04-27 10:26   ` Thomas Lamprecht [this message]
2021-04-26 14:21 ` [pmg-devel] [PATCH pmg-gui 2/2] remove deprecated safebrowsing from clamav tab Oguz Bektas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d2b5a4b2-361e-28da-1cf8-0fe0aee7b5d6@proxmox.com \
    --to=t.lamprecht@proxmox.com \
    --cc=o.bektas@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal