diff --git a/README b/README index 7ad65a3..6e4d391 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ # Welcome to MailScanner! # -# Current version: 5.0.6-5 release +# Current version: 5.0.7-1 release # -# Jerry Benton - 29 September 2017 +# Jerry Benton - 25 December 2017 # # # @@ -20,12 +20,18 @@ # Manual: https://s3.amazonaws.com/msv5/docs/ms-admin-guide.pdf # Support: http://lists.mailscanner.info/mailman/listinfo/mailscanner # -# Install/Update: +# Install # tar -xvzf MailScanner-5.x.x-x.distro.tar.gz # cd MailScanner-5.x.x-x # ./install.sh # (reboot may be required) # +# Update +# tar -xvzf MailScanner-5.x.x-x.distro.tar.gz +# cd MailScanner-5.x.x-x +# ./install.sh --update +# (reboot may be required) +# # MTA Guides: # sendmail - https://www.mailscanner.info/sendmail # postfix - https://www.mailscanner.info/postfix diff --git a/changelog b/changelog index 58c1330..4f9937f 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,21 @@ +12/25/2017 Changes in v5.0.7-1 +================================== +- Fix parsing an email address into local-part and domain +- Fix syntax in Debian/postrm +- Escape space before passing to unrar extract +- Add gz to unzipable files +- Only run freshclam if it is not running yet (debian) +- 7zip support +- Remove execute flag on systemd service (debian) +- Add update flag to install.sh +- Fix configuration chaining for spamassassin rules actions +- Add --force for cpanm +- CentOS/RHEL 7 clamav configuration support +- Fix broken clamav install prompt block +- Include 2 perl modules for spammassassin from debian tree +- Support for Fedora 27 +- Fix install.sh modifying clamav-wrapper before MailScanner is installed + 09/29/2017 Changes in v5.0.6-5 ================================== - Return result of mta installation diff --git a/debian/changelog b/debian/changelog index 6dd1f78..0521663 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,5 @@ -MailScanner (5.0.6-5) stable; urgency=low +MailScanner (5.0.7-1) stable; urgency=low * Maintenance release - -- Jerry Benton Fri, 29 September 2017 01:00:00 -0400 + -- Jerry Benton Mon, 25 December 2017 01:00:00 -0400 diff --git a/debian/install.sh b/debian/install.sh index 7d9bd8e..030cd4f 100644 --- a/debian/install.sh +++ b/debian/install.sh @@ -95,12 +95,12 @@ while [ $# -gt 0 ]; do --help) printf "MailScanner Installation for Debian Based Systems\n\n" printf "Usage: %s [--update] [--MTA=sendmail|postfix|exim|none] [--installClamav=Y|N] [--installCPAN=Y|N] [--ignoreDeps=Y|N] [--ramdiskSize=value]\n\n" "$0" - printf -- "--update Perform an update on an existing install using the following options (can be overridden):" - printf -- " --MTA=none (assumed already installed)" - printf -- " --installClamav=N (assumed already installed)" - printf -- " --installCPAN=Y" - printf -- " --ignoreDeps=N" - printf -- " --ramdiskSize=0 (assumed already configured)" + printf -- "--update Perform an update on an existing install using the following options (can be overridden):\n" + printf " --MTA=none (assumed already installed)\n" + printf " --installClamav=N (assumed already installed)\n" + printf " --installCPAN=Y\n" + printf " --ignoreDeps=N\n" + printf " --ramdiskSize=0 (assumed already configured)\n\n" printf -- "--MTA=value Select the Mail Transfer Agent (MTA) to be installed (sendmail|postfix|exim|none)\n" printf " Recommended: sendmail\n\n" printf -- "--installClamav=Y|N Install or update Clam AV during installation (Y or N)\n" diff --git a/rhel/install.sh b/rhel/install.sh index 2aef5bf..9e3ca0f 100644 --- a/rhel/install.sh +++ b/rhel/install.sh @@ -7,15 +7,15 @@ # # Tested distributions: CentOS 5,6,7 # RHEL 6,7 -# Fedora 26 +# Fedora 26,27 # # Written by: # Jerry Benton < mailscanner@mailborder.com > # 29 APR 2016 # Updated by: # Manuel Dalla Lana < endelwar@aregar.it > -# Shawn Iverson < shawniverson@gmail.com > -# 24 SEP 2017 +# Shawn Iverson < shawniverson@efa-project.org > +# 25 Dec 2017 # clear the screen. yay! clear @@ -28,6 +28,7 @@ while [ $# -gt 0 ]; do # Set update mode and move forward arg_MTA="none"; arg_installClamav=0; + arg_configClamav=0; arg_installCPAN=1; arg_ignoreDeps=0; arg_ramdiskSize=0 @@ -63,6 +64,19 @@ while [ $# -gt 0 ]; do exit 1 fi ;; + + --configClamav=*) + if [[ ${1#*=} =~ ^([yY])$ ]]; then + arg_configClamav=1; + ((parsedCommands++)); + elif [[ ${1#*=} =~ ^([nN])$ ]]; then + arg_configClamav=0; + ((parsedCommands++)); + else + printf "Error: Invalid value for configClamav: only Y or N values are accepted.\n" + exit 1 + fi + ;; --installCPAN=*) if [[ ${1#*=} =~ ^([yY])$ ]]; then @@ -167,24 +181,27 @@ while [ $# -gt 0 ]; do --help) printf "MailScanner Installation for Red Hat Based Systems\n\n" - printf "Usage: %s [--update] [--MTA=sendmail|postfix|exim|none] [--installEPEL=Y|N] [--installClamav=Y|N] [--installTNEF=Y|N] [--installUnrar=Y|N] [--installCPAN=Y|N] [--installDf=Y|N] [--ignoreDeps=Y|N] [--SELPermissive=Y|N] [--ramdiskSize=value]\n\n" "$0" - printf -- "--update Perform an update on an existing install using the following options (can be overridden):" - printf -- " --MTA=none (assumed already installed)" - printf -- " --installEPEL=N (assumed already installed)" - printf -- " --installClamav=N (assumed already installed)" - printf -- " --installTNEF=N (assumed already installed)" - printf -- " --installUnrar=N (assumed already installed)" - printf -- " --installCPAN=Y" - printf -- " --installDf=N (assumed already installed)" - printf -- " --SELPermissive=N (assumed already configured)" - printf -- " --ignoreDeps=N" - printf -- " --ramdiskSize=0 (assumed already configured)" + printf "Usage: %s [--update] [--MTA=sendmail|postfix|exim|none] [--installEPEL=Y|N] [--installClamav=Y|N] [--configClamav=Y|N] [--installTNEF=Y|N] [--installUnrar=Y|N] [--installCPAN=Y|N] [--installDf=Y|N] [--ignoreDeps=Y|N] [--SELPermissive=Y|N] [--ramdiskSize=value]\n\n" "$0" + printf -- "--update Perform an update on an existing install using the following options (can be overridden):\n" + printf " --MTA=none (assumed already installed)\n" + printf " --installEPEL=N (assumed already installed)\n" + printf " --installClamav=N (assumed already installed)\n" + printf " --configClamav=N (assumed already installed)\n" + printf " --installTNEF=N (assumed already installed)\n" + printf " --installUnrar=N (assumed already installed)\n" + printf " --installCPAN=Y\n" + printf " --installDf=N (assumed already installed)\n" + printf " --SELPermissive=N (assumed already configured)\n" + printf " --ignoreDeps=N\n" + printf " --ramdiskSize=0 (assumed already configured)\n\n" printf -- "--MTA=value Select the Mail Transfer Agent (MTA) to be installed (sendmail|postfix|exim|none)\n" printf " Recommended: sendmail\n\n" printf -- "--installEPEL=Y|N Install and use EPEL repository (Y or N)\n" printf " Recommended: Y (yes)\n\n" printf -- "--installClamav=Y|N Install or update Clam AV during installation (requires EPEL) (Y or N)\n" printf " Recommended: Y (yes)\n\n" + printf -- "--configClamav=Y|N Configure Clam AV (CentOS 7 only) (Y or N)\n" + printf " Recommended: Y (yes)\n\n" printf -- "--installTNEF=Y|N Install tnef via RPM (Y or N)\n" printf " Recommended: Y (yes)\n\n" printf -- "--installUnrar=Y|N Install unrar via RPM (Y or N)\n" @@ -271,6 +288,9 @@ if [ -f /etc/fedora-release ]; then if grep -qs 'release 26' /etc/fedora-release ; then # Fedora 26 FEDORA=26 + elif grep -qs 'release 27' /etc/fedora-release ; then + # Fedora 27 + FEDORA=27 else # Unsupported release FEDORA=0 @@ -371,16 +391,13 @@ if [ -z $FEDORA ]; then fi # ask if the user wants Clam AV installed if they selected EPEL or if this is a Fedora Server -if [ $EPEL == 1 || -n $FEDORA ]; then +if [[ $EPEL -eq 1 || -n $FEDORA ]]; then clear echo; echo "Do you want to install or update Clam AV during this installation process?"; echo; echo "This package is recommended unless you plan on using a different virus scanner."; echo "Note that you may use more than one virus scanner at once with MailScanner."; echo; - echo "Even if you already have Clam AV installed you should select this option so I"; - echo "will know to check the clamav-wrapper and make corrections if required."; - echo; echo "Recommended: Y (yes)"; echo; if [ -z "${arg_installClamav+x}" ]; then read -r -p "Install or update Clam AV? [n/Y] : " response @@ -390,10 +407,10 @@ if [ $EPEL == 1 || -n $FEDORA ]; then # some of these options may result in a 'no package available' on # some distributions, but that is ok CAV=1 - CAVOPTION="clamav clamd clamav-update clamav-server"; + CAVOPTION="clamav clamd clamav-update clamav-server clamav-devel"; elif [ -z $response ]; then CAV=1 - CAVOPTION="clamav clamd clamav-update clamav-server"; + CAVOPTION="clamav clamd clamav-update clamav-server clamav-devel"; else # user does not want clam av CAV=0 @@ -403,7 +420,7 @@ if [ $EPEL == 1 || -n $FEDORA ]; then CAV=${arg_installClamav} CAVOPTION= if [ ${CAV} -eq 1 ]; then - CAVOPTION="clamav clamd clamav-update clamav-server"; + CAVOPTION="clamav clamd clamav-update clamav-server clamav-devel"; fi fi else @@ -412,6 +429,33 @@ else CAVOPTION= fi +# Check if clamav is being installed on CentOS 7 and ask if user wants to configure +if [[ $RHEL -eq 7 && $CAV -eq 1 ]]; then + clear + echo; + echo "Do you want to configure clam AV during this installation process?"; echo; + echo; + echo "Choosing yes will install required configuration files and settings for"; + echo "Clam AV to function out of the box on CentOS 7 installations"; + echo; + echo "Recommended: Y (yes)"; echo; + if [ -z "${arg_configClamav+x}" ]; then + read -r -p "Configure Clam AV? [n/Y] : " response + + if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then + # user wants clam av configured + CONFCAV=1 + elif [ -z $response ]; then + CONFCAV=1 + else + CONFCAV=0 + fi + fi +else + # Not CentOS/RHEL7 or Clam not being installed/updated + CONFCAV=0 +fi + # ask if the user wants to install tnef by RPM if missing TNEF="tnef"; clear @@ -904,6 +948,86 @@ if [ $CAV == 1 ]; then freshclam fi +# Configure clamav if required +if [ $CONFCAV -eq 1 ]; then + # Get clam version + clamav_version=$(rpm -q --queryformat=%{VERSION} clamav-server) + # Grab sample config if not present + if [ ! -f /etc/clamd.d/clamd.conf ]; then + cp /usr/share/doc/clamav-server-$clamav_version/clamd.conf /etc/clamd.d/clamd.conf + fi + # Enable config + sed -i '/^Example/ c\#Example' /etc/clamd.d/clamd.conf + # Create clam user if not present + id -u clam >/dev/null 2>&1 + if [ $? -ne 0 ]; then + useradd -d /var/lib/clamav -c "Clam Anti Virus Checker" -G virusgroup,clamupdate -s /sbin/nologin -M clam + fi + # More config options + sed -i '/^User / c\User clam' /etc/clamd.d/clamd.conf + sed -i '/#LocalSocket \/var\/run\/clamd.\/clamd.sock/ c\LocalSocket /var/run/clamd.scan/clamd.sock' /etc/clamd.d/clamd.conf + sed -i '/#LogFile \/var\/log\/clamd./ c\LogFile /var/log/clamd.scan/scan.log' /etc/clamd.d/clamd.conf + # Log rotation if not present + if [ ! -f /etc/logrotate.d/clamd.logrotate ]; then + cp /usr/share/doc/clamav-server-$clamav_version/clamd.logrotate /etc/logrotate.d/ + fi + # Filesystem/Permissions/SELinux + chown -R clam:clam /etc/clamd.d + mkdir -p /var/log/clamd.scan + chown -R clam:clam /var/log/clamd.scan + chcon -u system_u -r object_r -t antivirus_log_t /var/log/clamd.scan + mkdir -p /var/run/clamd.scan + chown -R clam:clam /var/run/clamd.scan + chcon -u system_u -r object_r -t antivirus_var_run_t /var/run/clamd.scan + echo "d /var/run/clamd.scan 0750 clam clam -" > /usr/lib/tmpfiles.d/clamd.conf + # sysconfig file + if [ ! -f /etc/sysconfig/clamd ]; then + cat > /etc/sysconfig/clamd << 'EOF' +CLAMD_CONFIGFILE=/etc/clamd.d/clamd.conf +CLAMD_SOCKET=/var/run/clamd.scan/clamd.sock +#CLAMD_OPTIONS= +EOF + fi + + # Systemd services + if [ ! -f /usr/lib/systemd/system/clam.freshclam.service ]; then + cat > /usr/lib/systemd/system/clam.freshclam.service << 'EOF' +[Unit] +Description = freshclam scanner +After = network.target + +[Service] +Type = forking +ExecStart = /usr/bin/freshclam -d -c 4 +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target +EOF + fi + + if [ ! -f /usr/lib/systemd/system/clam.scan.service ]; then + cat > /usr/lib/systemd/system/clam.scan.service << 'EOF' +[Unit] +Description = clamd scanner daemon +After = syslog.target nss-lookup.target network.target + +[Service] +Type = forking +ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target +EOF + fi + + systemctl enable clam.freshclam + systemctl enable clam.scan +fi + # now check for missing perl modules and install them via cpan # if the user elected to do so clear; echo; @@ -967,29 +1091,6 @@ done # will pause if a perl module was missing timewait $PMODWAIT -# fix the clamav wrapper if the user does not exist -if [ -f '/etc/freshclam.conf' ]; then - if id -u clam >/dev/null 2>&1; then - #clam is being used instead of clamav - OLDCAVUSR='ClamUser="clamav"'; - NEWCAVUSR='ClamUser="clam"' - - OLDCAVGRP='ClamGroup="clamav"'; - NEWCAVGRP='ClamGroup="clam"'; - - if [ -f '/usr/lib/MailScanner/wrapper/clamav-wrapper' ]; then - perl -pi -e 's/'$OLDCAVUSR'/'$NEWCAVUSR'/;' /usr/lib/MailScanner/wrapper/clamav-wrapper - perl -pi -e 's/'$OLDCAVGRP'/'$NEWCAVGRP'/;' /usr/lib/MailScanner/wrapper/clamav-wrapper - fi - - freshclam 2>/dev/null - fi - - if [ -f '/etc/init.d/clamd' ]; then - chkconfig clamd on - fi -fi - # selinux if [ $SELMODE == 1 ]; then OLDTHING='SELINUX=enforcing'; @@ -1007,6 +1108,12 @@ if [ $SELMODE == 1 ]; then fi fi +# Freshclam +if [ -f '/etc/init.d/clamd' ]; then + chkconfig clamd on +fi +freshclam 2>/dev/null + # make sure in starting directory cd "$THISCURRPMDIR" @@ -1084,6 +1191,19 @@ else /usr/sbin/ms-update-phishing >/dev/null 2>&1 + # fix the clamav wrapper if the user does not exist + if [ -f '/etc/freshclam.conf' ]; then + if id -u clam >/dev/null 2>&1; then + #clam is being used instead of clamav + OLDCAVUSR='ClamUser="clamav"'; + NEWCAVUSR='ClamUser="clam"' + + if [ -f '/usr/lib/MailScanner/wrapper/clamav-wrapper' ]; then + perl -pi -e 's/'$OLDCAVUSR'/'$NEWCAVUSR'/;' /usr/lib/MailScanner/wrapper/clamav-wrapper + fi + fi + fi + echo; echo '----------------------------------------------------------'; echo 'Installation Complete'; echo; diff --git a/rhel/mailscanner.spec b/rhel/mailscanner.spec index 21653df..824c5d7 100644 --- a/rhel/mailscanner.spec +++ b/rhel/mailscanner.spec @@ -221,7 +221,7 @@ EOF install usr/lib/MailScanner/init/ms-init ${RPM_BUILD_ROOT}/usr/lib/MailScanner/init/ install usr/lib/MailScanner/init/ms-sendmail-init ${RPM_BUILD_ROOT}/usr/lib/MailScanner/init/ -while read f +while read f do install usr/lib/MailScanner/systemd/$f ${RPM_BUILD_ROOT}/usr/lib/MailScanner/systemd done << EOF @@ -231,7 +231,7 @@ ms-sendmail-in ms-sendmail-out EOF -while read f +while read f do install usr/lib/MailScanner/wrapper/$f ${RPM_BUILD_ROOT}/usr/lib/MailScanner/wrapper done << EOF diff --git a/suse/install.sh b/suse/install.sh index 3b05db0..21ea876 100644 --- a/suse/install.sh +++ b/suse/install.sh @@ -96,12 +96,12 @@ while [ $# -gt 0 ]; do --help) printf "MailScanner Installation for SuSE Based Systems\n\n" printf "Usage: %s [--update] [--MTA=sendmail|postfix|exim|none] [--installClamav=Y|N] [--installCPAN=Y|N] [--ignoreDeps=Y|N] [--ramdiskSize=value]\n\n" "$0" - printf -- "--update Perform an update on an existing install using the following options (can be overridden):" - printf -- " --MTA=none (assumed already installed)" - printf -- " --installClamav=N (assumed already installed)" - printf -- " --installCPAN=Y" - printf -- " --ignoreDeps=N" - printf -- " --ramdiskSize=0 (assumed already configured)" + printf -- "--update Perform an update on an existing install using the following options (can be overridden):\n" + printf " --MTA=none (assumed already installed)\n" + printf " --installClamav=N (assumed already installed)\n" + printf " --installCPAN=Y\n" + printf " --ignoreDeps=N\n" + printf " --ramdiskSize=0 (assumed already configured)\n\n" printf -- "--MTA=value Select the Mail Transfer Agent (MTA) to be installed (sendmail|postfix|exim|none)\n" printf " Recommended: sendmail\n\n" printf -- "--installClamav=Y|N Install or update Clam AV during installation (Y or N)\n" @@ -597,30 +597,12 @@ timewait $PMODWAIT # go to where i started cd "$THISCURRPMDIR" -# fix the clamav wrapper if the user does not exist -if [ -f '/etc/freshclam.conf' ]; then - if id -u vscan >/dev/null 2>&1; then - #clam is being used instead of clamav - OLDCAVUSR='ClamUser="clamav"'; - NEWCAVUSR='ClamUser="vscan"' - - OLDCAVGRP='ClamGroup="clamav"'; - NEWCAVGRP='ClamGroup="vscan"'; - - perl -pi -e 's/'$OLDCAVUSR'/'$NEWCAVUSR'/;' /usr/share/MailScanner/clamav-wrapper - perl -pi -e 's/'$OLDCAVGRP'/'$NEWCAVGRP'/;' /usr/share/MailScanner/clamav-wrapper - - COUT='#Example'; - perl -pi -e 's/Example/'$COUT'/;' /etc/freshclam.conf - - if [ $CAV == 1 ]; then - systemctl enable clamd.service - fi - - mkdir -p /var/run/clamav - chown vscan:vscan /var/run/clamav - freshclam 2>/dev/null - fi +# Freshclam +if [ $CAV == 1 ]; then + COUT='#Example'; + perl -pi -e 's/Example/'$COUT'/;' /etc/freshclam.conf + systemctl enable clamd.service + freshclam 2>/dev/null fi clear @@ -670,6 +652,22 @@ else /usr/sbin/ms-update-phishing > /dev/null 2>&1 + # fix the clamav wrapper if the user does not exist + if [ -f '/etc/freshclam.conf' ]; then + if id -u vscan >/dev/null 2>&1; then + #vscan is being used instead of clamav + OLDCAVUSR='ClamUser="clamav"'; + NEWCAVUSR='ClamUser="vscan"' + + if [ -f '/usr/lib/MailScanner/wrapper/clamav-wrapper' ]; then + perl -pi -e 's/'$OLDCAVUSR'/'$NEWCAVUSR'/;' /usr/lib/MailScanner/wrapper/clamav-wrapper + fi + + mkdir -p /var/run/clamav + chown vscan:vscan /var/run/clamav + fi + fi + echo; echo '----------------------------------------------------------'; echo 'Installation Complete'; echo;