ports/57382: [PATCH] security/amavisd-new 20030616.p5

Tue Sep 30 20:40:20 UTC 2003

The following reply was made to PR ports/57382; it has been noted by GNATS.

From: Blaz Zupan <blaz at si.FreeBSD.org>
To: freebsd-gnats-submit at FreeBSD.org
Cc: martin at tradex.sk
Subject: Re: ports/57382: [PATCH] security/amavisd-new 20030616.p5
Date: Tue, 30 Sep 2003 22:36:32 +0200 (CEST)

 Thanks for the submission.

 I agree with the idea, but I don't agree with the patch as it is. IMHO a
 separate log directory is not needed as the default configuration logs to
 syslog. The user can manually create the directory if the wants to log to a
 file, as he needs to change amavisd.conf anyway to do this.

 Also, creating a separate /var/run/amavis directory is IMHO overkill, we
 already have a perfectly valid directory for junk like this: /var/amavis. It's
 already in the default configuration and owned by the correct user.  Poluting
 /var/run with yet another directory is not needed in this case.

 I have also taken your cleanup of the SED script further, your original patch
 has two sed scripts with the second one being a subset of the first one, so I
 removed the second one.

 The amavis-milter.sh script should only be installed when milter support is
 detected in the system (AMAVIS_NOMILTER is not defined), my patch implements
 this.

 I have also added a pointer to Clam Antivirus to the installation message.

 diff -urN amavisd-new.orig/Makefile amavisd-new/Makefile
 --- amavisd-new.orig/Makefile	Sat Aug 30 11:18:15 2003
 +++ amavisd-new/Makefile	Tue Sep 30 22:07:59 2003
 @@ -8,6 +8,7 @@

  PORTNAME=	amavisd-new
  PORTVERSION=	20030616.p5
 +PORTREVISION=	1
  CATEGORIES=	security
  MASTER_SITES=	http://www.ijs.si/software/amavisd/
  DISTNAME=	${PORTNAME}-${PORTVERSION:S/.p/-p/}
 @@ -35,6 +36,7 @@
  		${LOCALBASE}/bin/zoo:${PORTSDIR}/archivers/zoo

  USE_PERL5_RUN=	yes
 +USE_RC_SUBR=	yes

  PKGINSTALL=	${WRKDIR}/INSTALL
  PKGDEINSTALL=	${WRKDIR}/DEINSTALL
 @@ -63,23 +65,20 @@
  BUILD_WRKSRC=	${WRKSRC}/helper-progs
  .endif

 +SED_SCRIPT=	-e 's,%%AMAVISUSER%%,${AMAVISUSER},g' \
 +		-e 's,%%AMAVISGROUP%%,${AMAVISGROUP},g' \
 +		-e 's,%%AMAVISDIR%%,${AMAVISDIR},g' \
 +		-e 's,%%AMAVISQUARANTINE%%,${AMAVISQUARANTINE},g' \
 +		-e 's,%%DOCSDIR%%,${DOCSDIR},g' \
 +		-e 's,%%PREFIX%%,${PREFIX},g' \
 +		-e 's,%%RC_SUBR%%,${RC_SUBR},g'
 +
  pre-build:
 -	for file in amavisd.sh INSTALL DEINSTALL MESSAGE; do \
 -		${SED} -e 's,%%AMAVISUSER%%,${AMAVISUSER},g' \
 -		       -e 's,%%AMAVISGROUP%%,${AMAVISGROUP},g' \
 -		       -e 's,%%AMAVISDIR%%,${AMAVISDIR},g' \
 -		       -e 's,%%AMAVISQUARANTINE%%,${AMAVISQUARANTINE},g' \
 -		       -e 's,%%DOCSDIR%%,${DOCSDIR},g' \
 -		       -e 's,%%PREFIX%%,${PREFIX},g' \
 -	               < ${FILESDIR}/$${file}.tmpl > ${WRKDIR}/$${file}; \
 +	for file in amavisd.sh amavis-milter.sh INSTALL DEINSTALL MESSAGE; do \
 +		${SED} ${SED_SCRIPT} < ${FILESDIR}/$${file}.tmpl > ${WRKDIR}/$${file}; \
  	done
  	for file in amavisd.conf amavisd; do \
 -		${SED} -e 's,%%AMAVISUSER%%,${AMAVISUSER},g' \
 -		       -e 's,%%AMAVISGROUP%%,${AMAVISGROUP},g' \
 -		       -e 's,%%AMAVISDIR%%,${AMAVISDIR},g' \
 -		       -e 's,%%AMAVISQUARANTINE%%,${AMAVISQUARANTINE},g' \
 -		       -e 's,%%PREFIX%%,${PREFIX},g' \
 -		       < ${WRKSRC}/$${file} > ${WRKDIR}/$${file}; \
 +		${SED} ${SED_SCRIPT} < ${WRKSRC}/$${file} > ${WRKDIR}/$${file}; \
  	done

  pre-install:
 @@ -89,6 +88,7 @@
  .if !defined(AMAVIS_NOMILTER)
  	${INSTALL_PROGRAM} ${WRKSRC}/helper-progs/amavis ${PREFIX}/sbin
  	${INSTALL_PROGRAM} ${WRKSRC}/helper-progs/amavis-milter ${PREFIX}/sbin
 +	${INSTALL_SCRIPT} ${WRKDIR}/amavis-milter.sh ${PREFIX}/etc/rc.d
  .endif
  	${INSTALL_SCRIPT} ${WRKDIR}/amavisd ${PREFIX}/sbin
  	${INSTALL_SCRIPT} ${WRKDIR}/amavisd.conf ${PREFIX}/etc/amavisd.conf-dist
 diff -urN amavisd-new.orig/files/MESSAGE.tmpl amavisd-new/files/MESSAGE.tmpl
 --- amavisd-new.orig/files/MESSAGE.tmpl	Sat Jan  4 11:07:30 2003
 +++ amavisd-new/files/MESSAGE.tmpl	Tue Sep 30 22:17:57 2003
 @@ -2,10 +2,17 @@
  *******************************************************************
   To use amavisd-new, you need to install at least one virus scanner.
   For example McAfee VirusScan is available as a FreeBSD port
 - in /usr/ports/security/vscan. If you want to use the amavis sendmail
 - milter interface, you need to type the following command:
 + in /usr/ports/security/vscan and Clam Antivirus is available
 + in /usr/ports/security/clamav.

 -	touch %%AMAVISDIR%%/use.milter
 + Enable amavisd-new in /etc/rc.conf with the following line:
 +
 +    amavisd_enable="YES"
 +
 + If you want to use the amavis sendmail milter interface,
 + you need the following additional line in /etc/rc.conf
 +
 +    amavis_milter_enable="YES"

   A configuration template is available in %%PREFIX%%/etc
   as amavisd.conf-dist. Copy it to amavisd.conf and edit it to
 diff -urN amavisd-new.orig/files/amavis-milter.sh.tmpl amavisd-new/files/amavis-milter.sh.tmpl
 --- amavisd-new.orig/files/amavis-milter.sh.tmpl	Thu Jan  1 01:00:00 1970
 +++ amavisd-new/files/amavis-milter.sh.tmpl	Tue Sep 30 21:30:21 2003
 @@ -0,0 +1,34 @@
 +#!/bin/sh
 +#
 +# $FreeBSD$
 +#
 +
 +# PROVIDE: amavis_milter
 +# REQUIRE: amavisd
 +# BEFORE: amavisd
 +# KEYWORD: FreeBSD shutdown
 +
 +#
 +# Add the following lines to /etc/rc.conf to enable amavis-milter:
 +#
 +#amavis_milter_enable="YES"
 +#
 +
 +. %%RC_SUBR%%
 +
 +name=amavis_milter
 +rcvar=`set_rcvar`
 +
 +command=%%PREFIX%%/sbin/amavis-milter
 +
 +amavis_milter_user=%%AMAVISUSER%%
 +
 +required_files=%%PREFIX%%/etc/amavisd.conf
 +
 +# set defaults
 +
 +amavis_milter_enable=${amavis_milter_enable:-"NO"}
 +amavis_milter_flags=${amavis_milter_flags:-"-D -p %%AMAVISDIR%%/amavis-milter.sock"}
 +
 +load_rc_config $name
 +run_rc_command "$1"
 diff -urN amavisd-new.orig/files/amavisd.sh.tmpl amavisd-new/files/amavisd.sh.tmpl
 --- amavisd-new.orig/files/amavisd.sh.tmpl	Wed Jun 11 18:45:47 2003
 +++ amavisd-new/files/amavisd.sh.tmpl	Tue Sep 30 22:09:02 2003
 @@ -1,36 +1,42 @@
  #!/bin/sh
 +#
 +# $FreeBSD: ports/security/clamav/files/amavisd.sh,v 1.1 2003/09/28 13:29:28 dinoex Exp $
 +#

 -if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
 -	echo "$0: Cannot determine the PREFIX" >&2
 -	exit 1
 -fi
 -
 -DIR=%%AMAVISDIR%%
 -PIDFILE=$DIR/amavisd.pid
 -SOCKFILES=$DIR/amavis*.sock
 -MILTERFLAG=$DIR/use.milter
 -
 -case "$1" in
 -start)
 -	if [ -e ${PREFIX}/etc/amavisd.conf ]; then
 -		rm -rf ${SOCKFILES}
 -		if [ -e $MILTERFLAG ]; then
 -			su %%AMAVISUSER%% -c "${PREFIX}/sbin/amavis-milter -D -p $DIR/amavis-milter.sock"
 -		fi
 -		su %%AMAVISUSER%% -c "${PREFIX}/sbin/amavisd > /dev/null 2>&1" && echo -n ' amavisd'
 -	fi
 -	;;
 -stop)
 -	if [ -e $MILTERFLAG ]; then
 -		killall -u %%AMAVISUSER%% amavis-milter >/dev/null 2>&1
 -	fi
 -	if [ -e $PIDFILE ]; then
 -		su %%AMAVISUSER%% -c "kill `cat $PIDFILE`" && echo -n ' amavisd'
 -	fi
 -	;;
 -*)
 -	echo "Usage: `basename $0` {start|stop}" >&2
 -	;;
 -esac
 +# PROVIDE: amavisd
 +# REQUIRE: LOGIN
 +# BEFORE: mail
 +# KEYWORD: FreeBSD shutdown

 -exit 0
 +#
 +# Add the following lines to /etc/rc.conf to enable amavisd:
 +#
 +#amavisd_enable="YES"
 +#
 +
 +. %%RC_SUBR%%
 +
 +name=amavisd
 +rcvar=`set_rcvar`
 +
 +command=%%PREFIX%%/sbin/amavisd > /dev/null 2>&1
 +
 +amavisd_user=%%AMAVISUSER%%
 +
 +pidfile=%%AMAVISDIR%%/amavisd.pid
 +required_files=%%PREFIX%%/etc/amavisd.conf
 +
 +stop_postcmd=stop_postcmd
 +
 +stop_postcmd()
 +{
 +  rm -f $pidfile
 +}
 +
 +# set defaults
 +
 +amavisd_enable=${amavisd_enable:-"NO"}
 +amavisd_flags=${amavisd_flags:-""}
 +
 +load_rc_config $name
 +run_rc_command "$1"
 diff -urN amavisd-new.orig/pkg-plist amavisd-new/pkg-plist
 --- amavisd-new.orig/pkg-plist	Sat Aug 30 11:18:15 2003
 +++ amavisd-new/pkg-plist	Tue Sep 30 21:57:33 2003
 @@ -19,6 +19,7 @@
  %%PORTDOCS%%%%DOCSDIR%%/RELEASE_NOTES
  %%PORTDOCS%%@dirrm %%DOCSDIR%%
  etc/amavisd.conf-dist
 +%%AMAVIS_NOMILTER%%etc/rc.d/amavis-milter.sh
  etc/rc.d/amavisd.sh
  %%AMAVIS_NOMILTER%%sbin/amavis
  %%AMAVIS_NOMILTER%%sbin/amavis-milter