Bump EVR

This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

If there will be no comments in two weeks, I will merge this.

.gitignore

@@ -0,0 +1,4 @@
+/clamav-*-norar.tar.xz
+/main*.cvd
+/daily*.cvd
+/bytecode*.cvd

ChangeLog-rpm.old

@@ -0,0 +1,279 @@
+* Tue Dec 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.7-1
+- updated to 0.88.7
+
+* Sun Nov  5 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.6-1
+- updated to 0.88.6
+
+* Wed Oct 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.5-1
+- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295
+- added patch to set '__attribute__ ((visibility("hidden")))' for
+  exported MD5_*() functions (fixes #202043)
+
+* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.88.4-4
+ - rebuilt for unwind info generation, broken in gcc-4.1.1-21
+
+* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-3
+- splitted SysV initscripts of -milter and -server into own subpackages
+
+* Fri Sep 15 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-2
+- rebuilt
+
+* Tue Aug  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-1
+- updated to 0.88.4 (SECURITY)
+
+* Wed Jul 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+- removed the clamdscan(1) manpage from the -server subpackage
+
+* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+- removed a superfluous '}'
+- removed some code which was relevant for FC-3 only
+
+* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.3-1
+- updated to 0.88.3
+- updated to new fedora-usermgmt macros
+
+* Tue May 16 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-2
+- cleanups: removed unneeded curlies, use plain command instead of
+  %%__XXX macro, whitespace cleanup, removed unneeded versioned
+  dependencies
+- added a 'Requires(post): group(clamav)' dependencies for -update and
+  added the corresponding Provides: to -data
+- removed the %%_without_milter conditional; you won't gain anything
+  when milter would be disabled at buildtime
+
+* Sun Apr 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-1
+- updated to 0.88.2 (SECURITY)
+- rediffed patches; most issues handled by 0.88.1-2 are fixed in
+  0.88.2
+
+* Mon Apr 24 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-2
+- added patch which fixes some classes of compiler warnings; at least
+  the using of implicitly declared functions was reported to cause
+  segfaults on AMD64 (brought to my attention by Marc Perkel)
+- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
+
+* Thu Apr 06 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-1
+- updated to 0.88.1 (SECURITY)
+
+* Sat Feb 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-2
+- rebuilt for FC5
+
+* Tue Jan 10 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-1
+- updated to 0.88
+- added pseudo-versions for the 'init(...)' provides as a first step
+  for the support of alternative initmethods
+
+* Tue Nov 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-2
+- moved 'freshclam.conf.5' man page into the -update subpackage (#173221)
+- ship 'clamd.conf.5' man page in the -server subpackage *too*. The
+  same file is contained in multiple packages now, but this man-page
+  can not be removed from the base package because it also applies to
+  'clamdscan' there (#173221).
+
+* Fri Nov  4 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-1
+- updated to 0.87.1
+
+* Sat Sep 17 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87-1
+- updated to 0.87 (SECURITY)
+- removed -timeout patch; it is solved upstream
+- reverted the -exim changes; they add yet more complexity, their
+  functionality can go into an own package and they contained flaws
+
+* Fri Sep  9 2005 David Woodhouse <dwmw2@infradead.org> - 0.86.2-5
+- Add clamav-exim configuration package
+
+* Fri Jul 29 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-4
+- [milter] create the milter-logfile in the %%post scriptlet
+- [milter] reverted the change of the default child_timeout value; it
+  was set to 5 minutes in 0.86.2 which conflicts with the internal
+  mode where a timeout must not be set. So, the clamav-milter would
+  not run with the default configuration
+
+* Thu Jul 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-3
+- Fixed calculation of sleep duration; on some systems/IPs, `hostid`
+  results in a negative number which is retained by the bash
+  modulo-operation. So the sleep may get a negative number of seconds
+  being interpreted as an option. This version makes sure that the
+  module-operations returns a non-negative value. [BZ #164494, James
+  Wilkinson]
+- added support for a /usr/sbin/clamav-notify-servers.local hook; this
+  file will be executed (source'd) before all other actions and can
+  abort the entire processing by invoking 'exit'
+
+* Mon Jul 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-2
+- updated to 0.86.2 (SECURITY)
+- changed the freshclam updating mechanism (again); now, it consists
+  of a crontab which does not need to be changed and a helper script
+  (freshclam-sleep). This helper script is configured by
+  /etc/sysconfig/freshclam
+
+* Sat Jun 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.1-2
+- updated to 0.86.1
+- fixed randomization in %%post scriptlet: hour should be a range but
+  not a single number
+
+* Tue Jun 21 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86-1
+- updated to 0.86
+- randomize freshclam startup times in -update's %%post script (suggested
+  by Stephen Smoogen); this requires some more Requires(post): also
+
+* Wed May 18 2005 Warren Togami <wtogami@redhat.com> - 0.85.1-4
+- fix dist tagging the way Enrico wants it
+
+* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at>					  - 0.85.1-2
+- Rebuild
+
+* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at>					  - 0.85.1-1
+- Update
+
+* Sat May 14 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.85-0
+- updated to 0.85
+
+* Sun May  1 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.84-0
+- updated to 0.84
+
+* Fri Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
+- rebuilt
+
+* Tue Feb 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.83-1
+- updated to 0.83
+
+* Tue Feb  8 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.82-1
+- updated to 0.82
+- minor spec cleanups
+
+* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.2
+- build the package with '--disable-zlib-vcheck' because RH is unable to
+  apply a fix for a 5 month old and solved security issue.  Please fill
+  your comments at https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385
+- added 'BuildRequires: bc' (should work without also, but ./configure
+  gives out ugly warnings else)
+
+* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.1
+- updated to 0.81
+- do not ship the 'clamd.milter' daemon anymore; clamav-milter supports
+  an internal mode now which is enabled by default
+- updated -milter %%description
+
+* Thu Jan 20 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.2
+- s!cron.d/clamav!cron.d/clamav-update! in the %%description of the -update
+  subpackage (https://bugzilla.fedora.us/show_bug.cgi?id=1715#c39)
+
+* Wed Nov  3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.1
+- updated to 0.80
+- removed DMS, FreeBSD-HOWTO and localized docs as it is not shipped anymore
+- buildrequire 'curl-devel'
+- renamed clamav.conf to clamd.conf (upstream change)
+- updated -initoff patch
+
+* Tue Sep 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75.1-0.fdr.1
+- updated to 0.75.1
+- use %%configure, the problems with the architecture specification
+  seem to have passed (probably because of an autoconf update)
+- set mode 0600 for the cron-script (required by vixie-cron)
+- made the cronjob a spambot and send mail about deactivated freshclam
+  service to nearly everybody... (root, postmaster, webmaster)
+- other fixes in the notification cronjob
+
+* Fri Jul 23 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75-0.fdr.1
+- updated to 0.75
+
+* Thu Jul 15 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.2
+- moved /usr/bin/clamav-config from main into -devel
+
+* Wed Jun 30 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.1
+- updated to 0.74
+
+* Mon Jun 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.73-0.fdr.1
+- updated to 0.73
+- added pkgconfig file
+
+* Fri Jun 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.3
+- notify the user about a deactivated clamav-update service
+- added clamd-gen script which generates template spec-files for
+  services using clamd
+- copied template configuration files to %pkgdatadir/template (needed
+  for clamd-gen)
+- moved the clamd-wrapper from %_initrddir to %{pkgdatadir}; a symlink
+  will be provided for compatibility reasons
+- conditionalized building of the -milter subpackage ('--without
+  milter' switch) to enable builds on RH73 (bug #1715, comment #5/#7)
+
+* Fri Jun  4 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.2
+- removed 'BuildRequires: dietlibc'; it was a leftover from the
+  pre-use-signal era (before 0.70) (bug #1716)
+
+* Thu Jun  3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.1
+- updated to 0.72
+
+* Thu May 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.2
+- removed the randomization in the cronjob; it seems to be impossible
+  to use the mod-operator (%%) there. Instead of, the user has to
+  replace some placeholders...
+
+* Wed May 19 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.1
+- updated to 0.71
+
+* Fri May  7 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1.1
+- quote 'EOF' to delay $RANDOM expansion
+
+* Tue Apr 27 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.2
+- updated GECOS entry for the 'clamav' user to describe its purpose
+  more accurately
+- use explicit '-m755' when creating directories with install
+
+* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1
+- updated to 0.70; rediffed some patches
+- updated logrotate script to use signals and documented the steps
+  which are needed to make it work
+- adapted initscript to use signals instead of sockwrite
+- removed sockwrite; signals can now be used to reload the database
+- added logfile to the -milter subpackage
+
+* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2.1
+- tagged some Requires:, since clamav-server is required in the milter-%%post* scriptlets
+
+* Sat Mar 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2
+- split the double Requires(...,...): statements; see
+  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118773
+- require the recent fedora-usermgmt package (0.7) which fixes similar
+  ordering issues
+
+* Thu Mar 18 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.1
+- updated to 0.68 (using the -1 version)
+- ship milter-files in the -milter instead of the -server subpackage
+
+* Tue Feb 24 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.3
+- fixed ':' vs. '.' in chown
+
+* Tue Feb 17 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.2
+- randomize freshclam startup to prevent server peaks
+
+* Mon Feb 16 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.1
+- updated to 0.67 (using the -1 version)
+
+* Wed Feb 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.66-0.fdr.2
+- updated to 0.66; important, packaging-relevant changes are
+  freshclam:
+  * $http_proxy is not supported anymore; you have to configure it in
+    /etc/freshclam.conf
+  * the logfile has been renamed to /var/log/freshclam.log
+- removed %%check section; buildroot check is implemented in local
+  testsuite already
+- added some %%verify(not mtime) modifiers to avoid unnecessary .rpmnew
+  files
+- added some directory-Requires:
+- activated milter-package and made it work
+- added patch to disable clamav-milter service by default
+- renamed /var/run/clamav.<SERVICE> to /var/run/clamd.<SERVICE>; this
+  makes things more consistently but can break backward compatibility. The
+  initscript should deal with the old version too, but I would not bet on
+  it...
+- updated some descriptions
+- fixed the update-mechanism; now it happens in two stages: at first,
+  the files will be downloaded as user 'clamav' and then, root initiates
+  the daemon-reload.
+
+* Mon Feb  9 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.65-0.fdr.5
+- added security fix for
+  http://www.securityfocus.com/archive/1/353194/2004-02-06/2004-02-12/1

README.fedora.md

@@ -0,0 +1,113 @@
+## README.fedora.md (mainly clamav-milter) 
+
+
+Please note for Fedora and EPEL 7+ we use only systemd.
+
+A clamav-milter setup consists of the following three components:
+
+### The clamav-milter itself
+
+  The main configuration is in /etc/mail/clamav-milter.conf and MUST
+  be changed before first use.
+
+  This can be enabled with: 'systemctl enable clamav-milter.service'
+
+### A clamav scanner daemon
+
+  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
+  edited before first use).
+
+  This can be enabled with: 'systemctl enable clamd@scan.service'
+
+### The MTA (sendmail/postfix)
+
+  --> you should know how to install this...
+
+  When communicating across unix sockets with the clamav-milter, it is
+  suggested to use the /run/clamav-milter/clamav-milter.socket
+  path.  You have to add something like
+
+    INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
+
+  to your sendmail.mc.
+
+### Changing permissions of directory /var/lib/clamav  
+
+  - Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate  
+  - If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ...
+  - Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion.
+  - Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes)  If the executable path is prefixed with "+" then the process is executed with full privileges.
+
+
+EXAMPLE
+=======
+
+For clamav-milter, a possible setup might be created by
+
+A)  On the MTA  (assumed hostname 'host-mta')
+
+  1. Add to sendmail.mc
+
+    | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
+
+  2. Rebuild sendmail.cf
+
+
+B)  On the clamav-milter host (assumed hostname 'host-milter')
+
+  1. Install clamav-milter + clamav-milter-upstart packages
+
+  2. Set in /etc/mail/clamav-milter.conf
+
+    | MilterSocket	inet:6666
+    | ClamdSocket	tcp:host-scanner:6665
+
+     and all the other options which are required on your system
+
+  3. Enable clamav-milter.service:
+
+    | systemctl enable clamav-milter.service
+
+     Restart your system or execute
+
+    | systemctl start clamav-milter.service
+
+  4. Add something like
+
+    | iptables -N IN-cmilt
+    | iptables -A IN-cmilt -s host-mta -j ACCEPT
+    | iptables -A IN-cmilt -j DROP
+
+    | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
+
+     to your firewall setup
+
+C)  On the clamav-scanner host (assumed hostname 'host-scanner')
+
+  1. Install clamd
+
+  2. Add to /etc/clamd.d/scan.conf
+
+    | TCPSocket 6665
+    | TCPAddr   host-scanner
+
+     comment out possible 'LocalSocket' lines and set all the other
+     options which are required on your system
+
+  3. Enable clamd@scan.service:
+
+    | systemctl enable clamd@scan.service
+
+     Restart your system or execute
+
+    | systemctl start clamd@scan.service
+
+  4. Add something like
+
+    | iptables -N IN-cscan
+    | iptables -A IN-cscan -s host-milter -j ACCEPT
+    | iptables -A IN-cscan -j DROP
+
+    | iptables -A INPUT -p tcp --dport 6665 -j IN-csan
+
+     to your firewall setup

clamav-clamonacc-service.patch

@@ -0,0 +1,20 @@
+diff -up clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-1.4.0/clamonacc/clamav-clamonacc.service.in
+--- clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service	2024-08-15 20:12:56.950984705 -0600
++++ clamav-1.4.0/clamonacc/clamav-clamonacc.service.in	2024-08-15 20:14:19.088770747 -0600
+@@ -4,14 +4,12 @@
+ [Unit]
+ Description=ClamAV On-Access Scanner
+ Documentation=man:clamonacc(8) man:clamd.conf(5) https://docs.clamav.net/
+-Requires=clamav-daemon.service
+-After=clamav-daemon.service syslog.target network.target
++After=clamd@scan.service syslog.target network.target
+ 
+ [Service]
+ Type=simple
+ User=root
+-ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done"
+-ExecStart=@prefix@/sbin/clamonacc -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
++ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf
+ ExecStop=/bin/kill -SIGKILL $MAINPID
+ 
+ [Install]

clamav-default_confs.patch

@@ -0,0 +1,87 @@
+diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c
+--- clamav-0.104.3/clamconf/clamconf.c.default_confs	2022-05-02 00:24:50.000000000 -0600
++++ clamav-0.104.3/clamconf/clamconf.c	2022-05-12 22:04:42.883348923 -0600
+@@ -63,9 +63,9 @@ static struct _cfgfile {
+     const char *name;
+     int tool;
+ } cfgfile[] = {
+-    {"clamd.conf", OPT_CLAMD},
++    {"clamd.d/scan.conf", OPT_CLAMD},
+     {"freshclam.conf", OPT_FRESHCLAM},
+-    {"clamav-milter.conf", OPT_MILTER},
++    {"mail/clamav-milter.conf", OPT_MILTER},
+     {NULL, 0}};
+ 
+ static void printopts(struct optstruct *opts, int nondef)
+diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in
+--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs	2022-05-12 22:04:42.885348940 -0600
++++ clamav-0.104.3/docs/man/clamav-milter.8.in	2022-05-12 22:05:25.031719791 -0600
+@@ -27,7 +27,7 @@ Print the version number and exit.
+ Read configuration from FILE.
+ .SH "FILES"
+ .LP
+-@CONFDIR@/clamav-milter.conf
++@CONFDIR@/mail/clamav-milter.conf
+ .SH "AUTHOR"
+ .LP
+ aCaB <acab@clamav.net>
+diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in
+--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs	2022-05-12 22:04:42.887348958 -0600
++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in	2022-05-12 22:05:48.834929418 -0600
+@@ -239,7 +239,7 @@ Default: no
+ All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
+ .SH "FILES"
+ .LP
+-@CONFDIR@/clamav-milter.conf
++@CONFDIR@/mail/clamav-milter.conf
+ .SH "AUTHOR"
+ .LP
+ aCaB <acab@clamav.net>
+diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in
+--- clamav-0.104.3/docs/man/clamd.8.in.default_confs	2022-05-12 22:04:42.888348967 -0600
++++ clamav-0.104.3/docs/man/clamd.8.in	2022-05-12 22:07:01.657570942 -0600
+@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
+ clamd [options]
+ .SH "DESCRIPTION"
+ .LP
+-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf
++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf
+ .SH "COMMANDS"
+ .LP
+ It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
+@@ -133,7 +133,7 @@ Reload the signature databases.
+ Perform a clean exit.
+ .SH "FILES"
+ .LP
+-@CONFDIR@/clamd.conf
++@CONFDIR@/clamd.d/scan.conf
+ .SH "CREDITS"
+ Please check the full documentation for credits.
+ .SH "AUTHOR"
+diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in
+--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs	2022-05-12 22:04:42.889348976 -0600
++++ clamav-0.104.3/docs/man/clamd.conf.5.in	2022-05-12 22:06:21.800219822 -0600
+@@ -765,7 +765,7 @@ Default: no
+ All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
+ .SH "FILES"
+ .LP
+-@CONFDIR@/clamd.conf
++@CONFDIR@/clamd.d/scan.conf
+ .SH "AUTHORS"
+ .LP
+ Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
+diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in
+--- clamav-0.104.3/platform.h.in.default_confs	2022-05-02 00:24:50.000000000 -0600
++++ clamav-0.104.3/platform.h.in	2022-05-12 22:04:42.891348993 -0600
+@@ -112,9 +112,9 @@ typedef unsigned int in_addr_t;
+ #endif
+ 
+ #ifndef _WIN32
+-#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.conf"
++#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.d/scan.conf"
+ #define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
+-#define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
++#define CONFDIR_MILTER CONFDIR PATHSEP "mail/clamav-milter.conf"
+ #endif
+ 
+ #ifndef WORDS_BIGENDIAN

clamav-freshclam.service.patch

@@ -0,0 +1,12 @@
+diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in
+--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service	2022-05-12 22:07:25.472780737 -0600
++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in	2022-05-12 22:08:06.280140224 -0600
+@@ -2,7 +2,7 @@
+ Description=ClamAV virus database updater
+ Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/
+ # If user wants it run from cron, don't start the daemon.
+-ConditionPathExists=!/etc/cron.d/clamav-freshclam
++# ConditionPathExists=!/etc/cron.d/clamav-freshclam
+ Wants=network-online.target
+ After=network-online.target
+ 

clamav-milter.systemd

@@ -0,0 +1,25 @@
+[Unit]
+Description = Milter module for the Clam Antivirus scanner
+After = syslog.target nss-lookup.target network.target
+Before = sendmail.service
+Before = postfix.service
+After = clamd@scan.service
+
+[Service]
+Type = forking
+ExecStart = /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
+Restart = on-failure
+
+User=clamilt
+Group=clamilt
+
+PrivateTmp=yes
+PrivateDevices=yes
+CapabilityBoundingSet=CAP_KILL
+
+ReadOnlyDirectories=/etc
+ReadOnlyDirectories=/usr
+ReadOnlyDirectories=/var/lib
+
+[Install]
+WantedBy = multi-user.target

clamav-private.patch

@@ -0,0 +1,36 @@
+--- clamav-0.99/libclamav.pc.in			2015-09-18 22:48:25.000000000 +0200
++++ clamav-0.99/libclamav.pc.in.private		2015-12-02 01:30:30.055231319 +0100
+@@ -7,6 +7,6 @@
+ Description: A GPL virus scanner
+ Version: @PACKAGE_VERSION@
+ Libs: -L${libdir} -lclamav
+-Libs.private: @LIBCLAMAV_LIBS@
++Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
+ Cflags: -I${includedir}
+ 
+diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in
+--- clamav-1.0.0/clamav-config.in.private	2023-01-22 17:40:01.711757908 -0700
++++ clamav-1.0.0/clamav-config.in	2023-01-22 18:01:06.188743168 -0700
+@@ -4,7 +4,6 @@
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ includedir=@includedir@
+-libdir=@libdir@
+ 
+ usage()
+ {
+@@ -54,12 +54,8 @@
+ 	usage 0
+ 	;;
+ 
+-    --cflags)
+-       	echo -I@includedir@ @CFLAGS@
+-       	;;
+-
+-    --libs)
+-       	echo -L@libdir@ @LIBCLAMAV_LIBS@
++    (--cflags|--libs)
++	${PKG_CONFIG:-pkg-config} "$1" libclamav
+        	;;
+ 
+     *)

clamav-rust-dependency-versions.patch

@@ -0,0 +1,21 @@
+diff -Naur clamav-1.4.3-original/libclamav_rust/Cargo.toml clamav-1.4.3/libclamav_rust/Cargo.toml
+--- clamav-1.4.3-original/libclamav_rust/Cargo.toml	2025-12-04 10:01:33.233889863 +0000
++++ clamav-1.4.3/libclamav_rust/Cargo.toml	2025-12-04 10:02:29.088468217 +0000
+@@ -12,7 +12,7 @@
+ sha2 = "0.10"
+ tempfile = "3"
+ thiserror = "1"
+-image = "0.24"
++image = ">=0.24, <0.26"
+ rustdct = "0.7"
+ transpose = "0.2"
+ num-traits = "0.2"
+@@ -21,7 +21,7 @@
+ unicode-segmentation = "1.10"
+ bindgen = "0.69"
+ onenote_parser = "0.3.1"
+-hex-literal = "0.4"
++hex-literal = ">=0.4, <2.0"
+ inflate = "0.4"
+ bzip2-rs = "0.1"
+ byteorder = "1.5"

clamav-rustflags.patch

@@ -0,0 +1,54 @@
+diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake
+--- clamav-1.0.2/cmake/FindRust.cmake.rustflags	2023-08-15 16:24:07.000000000 -0600
++++ clamav-1.0.2/cmake/FindRust.cmake	2023-08-17 21:17:03.957070383 -0600
+@@ -236,7 +236,7 @@ function(add_rust_executable)
+     # Build the executable.
+     add_custom_command(
+         OUTPUT "${OUTPUT}"
+-        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS}
++        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
+         WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
+         DEPENDS ${EXE_SOURCES}
+         COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
+@@ -287,8 +287,8 @@ function(add_rust_library)
+     if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$")
+         add_custom_command(
+             OUTPUT "${OUTPUT}"
+-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
+-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
++            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
++            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
+             COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}"
+             COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}"
+             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
+@@ -312,7 +312,7 @@ function(add_rust_library)
+     else()
+         add_custom_command(
+             OUTPUT "${OUTPUT}"
+-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS}
++            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
+             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
+             DEPENDS ${LIB_SOURCES}
+             COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:  ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
+@@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES
+     list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET})
+ endif()
+ 
+-set(RUSTFLAGS "")
+-
+ if(NOT CMAKE_BUILD_TYPE)
+     set(CARGO_BUILD_TYPE "debug")
+ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel")
+@@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel
+ elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo")
+     set(CARGO_BUILD_TYPE "release")
+     list(APPEND CARGO_ARGS "--release")
+-    set(RUSTFLAGS "-g")
++    string(APPEND RUSTFLAGS " -g")
+ else()
+     set(CARGO_BUILD_TYPE "debug")
+ endif()
++string(STRIP "${RUSTFLAGS}" RUSTFLAGS)
+ 
+ find_package_handle_standard_args(Rust
+     REQUIRED_VARS cargo_EXECUTABLE

clamav-types.h

@@ -0,0 +1,14 @@
+#ifndef CLAMAV_TYPES_H_MULTILIB
+#define CLAMAV_TYPES_H_MULTILIB
+
+#include <bits/wordsize.h>
+
+#if __WORDSIZE == 32
+# include "clamav-types-32.h"
+#elif __WORDSIZE == 64
+# include "clamav-types-64.h"
+#else
+# error "unexpected value for __WORDSIZE macro"
+#endif
+
+#endif

clamav-update.crond

@@ -0,0 +1,6 @@
+## Adjust this line...
+MAILTO=root
+
+## It is ok to execute it as root; freshclam drops privileges and becomes
+## user 'clamupdate' as soon as possible
+0  */3 * * * root /usr/share/clamav/freshclam-sleep > /dev/null

clamav-update.logrotate

@@ -0,0 +1,8 @@
+/var/log/freshclam.log {
+        monthly
+        notifempty
+        missingok
+        postrotate
+                systemctl try-restart clamav-freshclam.service
+        endscript
+}

clamd-README

@@ -0,0 +1,86 @@
+Update 2021: Log to syslog is obsolete, journalctl superseded it
+
+  By default, clamd provides a general "scan" service that requires minimal
+configuration.  To configure, edit /etc/clamd/scan.conf and:
+
+  * set LocalSocket for localhost access or TCPSocket for network access.
+
+  Default configuration will:
+
+  * Log to syslog
+  * Run as the user "clamscan"
+
+  When LogFile feature is wanted, it must be writable for the assigned
+User.  The recommended way is to:
+
+  * make it owned by the User's *group*
+  * assign at least 0620 (u+rw,g+w) permissions
+
+  A suitable command might be
+  | # touch <logfile>
+  | # chgrp <user> <logfile>
+  | # chmod 0620   <logfile>
+  | # restorecon <logfile>
+
+  NEVER use 'clamav' as the user since it can modify the database.  This is
+the user who is running the application; e.g. for mimedefang
+(http://www.roaringpenguin.com/mimedefang), the user might be 'defang'.
+Theoretically, distinct users could be used, but it must be made sure that
+the application-user can write into the socket-file, and that the clamd-user
+can access the files asked by the application to be checked.
+
+  The default service can be enabled and started with:
+
+  systemctl enable clamd@scan.service
+  systemctl start clamd@scan.service
+
+  To create other individual clamd-instances take the following files in
+/usr/share/doc/clamd/ and modify/copy them in the suggested way:
+
+clamd.conf, copy to /etc/clamd.d/<SERVICE>.conf
+  * Change <SERVICE> as to match name of config file
+  * Any other changes as noted above
+
+clamd.logrotate: (only when LogFile feature is used)
+  * set the correct value for the logfile
+  * place it into /etc/logrotate.d
+
+  Additionally, when using LocalSocket instead of TCPSocket, the directory
+for the socket file must be created.  For tmpfiles based systems, you might
+want to create a file /etc/tmpfiles.d/clamd.<SERVICE>.conf with a content of
+
+ | d /run/clamd.<SERVICE> <MODE> <USER> <GROUP>
+
+  Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
+so that the socket can be accessed by clamd and by the applications using
+clamd. Make sure that the socket is not world accessible; else, DOS attacks
+or worse are trivial.
+
+  After emulating these steps by hand (or else rebooting), you still need set
+SELinux:
+
+ chcon -t clamd_var_run_t /run/clamd.<SERVICE>
+or
+ restorecon -R -v "/run/clamd.<SERVICE>"
+
+More SELinux notes:
+you may need run:
+
+ setsebool -P antivirus_can_scan_system 1
+
+and also maybe this one (I need to confirm that is obsolete)
+
+ setsebool -P antivirus_use_jit 1
+
+  The new service can be enabled and started with:
+
+  systemctl enable clamd@<SERVICE>.service
+  systemctl start clamd@<SERVICE>.service
+
+
+[Disclaimer:
+ this file and the script/configfiles are not part of the official
+ clamav package.
+
+ Please send complaints and comments to
+ https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=clamav]

clamd.logrotate

@@ -0,0 +1,9 @@
+/var/log/clamd.<SERVICE> {
+	monthly
+	notifempty
+	missingok
+
+	postrotate
+		pkill -u <USER> -HUP -f "/usr/sbin/clamd -c /etc/clamd.d/<SERVICE>.conf" >/dev/null 2>&1 || :
+	endscript
+}

clamd@.service

@@ -0,0 +1,15 @@
+[Unit]
+Description = clamd scanner (%i) daemon
+Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
+After = syslog.target nss-lookup.target network.target
+
+[Service]
+Type = forking
+ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
+# Reload the database
+ExecReload=/bin/kill -USR2 $MAINPID
+Restart = on-failure
+TimeoutStartSec=420
+
+[Install]
+WantedBy = multi-user.target

dead.package

@@ -1 +0,0 @@
-epel8-playground decommissioned : https://pagure.io/epel/issue/136

freshclam-sleep

@@ -0,0 +1,52 @@
+#! /bin/bash
+# Copyright (C) 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+FRESHCLAM_MOD=$[ 3*60 ]		# 3 hours
+
+f=/etc/sysconfig/freshclam
+test ! -e "$f" || . "$f"
+
+
+case x"$1" in
+    (xnow)		FRESHCLAM_DELAY=0;;
+    (x|xrandom)		: ${FRESHCLAM_DELAY:=$[ 0x`hostid` ]};;
+    (*)			FRESHCLAM_DELAY=$1;;
+esac
+
+set -e
+
+case $FRESHCLAM_DELAY in
+    (disabled-warn)
+	echo $"\
+WARNING: update of clamav database is disabled; please see
+  '$f'
+  for information how to enable the periodic update resp. how to turn
+  off this message." >&2
+	exit 1
+	;;
+
+    (disabled)
+	exit 0
+	;;
+
+    (*)
+	let FRESHCLAM_MOD*=60
+	sleep $[ (FRESHCLAM_DELAY % FRESHCLAM_MOD + FRESHCLAM_MOD) % FRESHCLAM_MOD ]
+	;;
+esac
+
+/usr/bin/freshclam --quiet > /dev/null

freshclam.sysconfig

@@ -0,0 +1,18 @@
+## When changing the periodicity of freshclam runs in the crontab,
+## this value must be adjusted also. Its value is the timespan between
+## two subsequent freshclam runs in minutes. E.g. for the default
+##
+## | 0 */3 * * *  ...
+##
+## crontab line, the value is 180 (minutes).
+# FRESHCLAM_MOD=
+
+## A predefined value for the delay in seconds. By default, the value is
+## calculated by the 'hostid' program. This predefined value guarantees
+## constant timespans of 3 hours between two subsequent freshclam runs.
+##
+## This option accepts two special values:
+## 'disabled-warn'  ...  disables the automatic freshclam update and
+##                         gives out a warning
+## 'disabled'       ...  disables the automatic freshclam silently
+# FRESHCLAM_DELAY=

libclamav-pe-Use-endian-wrapper-in-more-places.patch

@@ -0,0 +1,73 @@
+diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
+--- clamav-1.4.0/libclamav/pe.c.big-endian	2024-08-13 14:24:46.000000000 -0600
++++ clamav-1.4.0/libclamav/pe.c	2024-08-15 20:16:02.017730419 -0600
+@@ -2424,22 +2424,22 @@ static cl_error_t hash_imptbl(cli_ctx *c
+ 
+     /* If the PE doesn't have an import table then skip it. This is an
+      * uncommon case but can happen. */
+-    if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) {
++    if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) {
+         cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n");
+         status = CL_BREAK;
+         goto done;
+     }
+ 
+     // TODO Add EC32 wrappers
+-    impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
+-    if (err || impoff + peinfo->dirs[1].Size > fsize) {
++    impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
++    if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) {
+         cli_dbgmsg("scan_pe: invalid rva for import table data\n");
+         status = CL_BREAK;
+         goto done;
+     }
+ 
+     // TODO Add EC32 wrapper
+-    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size);
++    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size));
+     if (impdes == NULL) {
+         cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
+         status = CL_EREAD;
+@@ -2449,7 +2449,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
+ 
+     /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
+      * would have failed if the size exceeds the end of the fmap. */
+-    left = peinfo->dirs[1].Size;
++    left = EC32(peinfo->dirs[1].Size);
+ 
+     if (genhash[CLI_HASH_MD5]) {
+         hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
+@@ -2556,7 +2556,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
+ 
+ done:
+     if (needed_impoff) {
+-        fmap_unneed_off(map, impoff, peinfo->dirs[1].Size);
++        fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size));
+     }
+ 
+     for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
+@@ -3241,7 +3241,7 @@ int cli_scanpe(cli_ctx *ctx)
+ 
+     /* Trojan.Swizzor.Gen */
+     if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
+-        if (peinfo->dirs[2].Size) {
++        if (EC32(peinfo->dirs[2].Size)) {
+             struct swizz_stats *stats = calloc(1, sizeof(*stats));
+             unsigned int m            = 1000;
+             ret                       = CL_CLEAN;
+@@ -5250,13 +5250,13 @@ cl_error_t cli_peheader(fmap_t *map, str
+         cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
+     }
+ 
+-    if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size)
++    if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
+         peinfo->res_addr = 0;
+     else
+         peinfo->res_addr = peinfo->dirs[2].VirtualAddress;
+ 
+     while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
+-           peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {
++           peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) {
+         struct vinfo_list vlist;
+         const uint8_t *vptr, *baseptr;
+         uint32_t rva, res_sz;

sources

@@ -0,0 +1,4 @@
+SHA512 (clamav-1.4.3-norar.tar.xz) = d9e6835b88e4934a36b037d28cf01e627b7843e52ef9fc6858f59000acf26120f3534e7a6b262d3ad66a2668557f3a1d0a93fb676711c91f64c8b97fa36fe191
+SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e
+SHA512 (daily-27673.cvd) = e0447f80ef2cc8981b0e1ea430a7006a1027de0b989f5a3256766804f74a50aac52f577ef929c8e1789b9353d1a4cf18d289a27b1f7e609098e11ad81bb62226
+SHA512 (bytecode-336.cvd) = 62a7f8b62da2a2476d3f66851d71e84f055f84543112b18f14e86484b02370d4daff0cb3e2b9ec77acf4a179327619a8b9950122e7882003074a9a0bf4a7ebab

update_clamav.sh

@@ -0,0 +1,86 @@
+VERSION=1.4.3
+REPOS="n"
+
+if [ -z "$1" ]
+then
+      stage=0
+else
+      stage=$1
+fi
+
+NAME=clamav
+TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
+TARBALL=${NAME}-${VERSION}.tar.gz
+
+echo "Usage: $0 stage"
+echo "stage 0: prepare sources"
+echo "stage 1: get cvd using cvdupdate https://pypi.org/project/cvdupdate/"
+echo "stage 2: ask for scratch build and upload sources"
+echo "stage 3: push and build on rawhide"
+echo "stage 4: build on others branches"
+echo ""
+
+if test $stage -le 0
+then
+echo STAGE 0
+echo Press enter to prepare sources and bump version or n to skip ; read dummy;
+if [[ "$dummy" != "n" ]]; then
+wget -c https://www.clamav.net/downloads/production/${TARBALL}
+wget -c https://www.clamav.net/downloads/production/${TARBALL}.sig
+gpg --verify ${TARBALL}.sig ${TARBALL}
+zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN}
+git checkout rawhide
+git pull
+rpmdev-bumpspec -n $VERSION -c "Update to $VERSION" clamav.spec
+fi
+fi
+
+if test $stage -le 1
+then
+echo STAGE 1
+echo Press enter convert cvd into spec or n to skip ; read dummy;
+if [[ "$dummy" != "n" ]]; then
+./update_clamav_data.sh
+fi
+fi
+
+if test $stage -le 2
+then
+echo STAGE 2
+echo Press enter scratch-build or n to skip ; read dummy;
+if [[ "$dummy" != "n" ]]; then
+#fkinit -u sergiomb
+fedpkg scratch-build --srpm
+fi
+echo Press enter to upload sources and commit or n to skip; read dummy;
+if [[ "$dummy" != "n" ]]; then
+echo fedpkg new-sources ${TARBALL_CLEAN} $main_ver $daily_ver $bytecode_ver
+fedpkg new-sources ${TARBALL_CLEAN} $(spectool -l clamav.spec | grep -P "Source10|Source11|Source12" | sed 's/.* //')
+fedpkg ci -c && git show
+fi
+fi
+
+if test $stage -le 3
+then
+echo STAGE 3
+echo Press enter to build rawhide or n to skip; read dummy;
+if [[ "$dummy" != "n" ]]; then
+git push && fedpkg build --nowait
+fi
+fi
+
+echo STAGE 4
+for repo in $REPOS ; do
+echo Press enter to build on branch $repo or n to skip; read dummy;
+if [[ "$dummy" != "n" ]]; then
+git checkout $repo && git merge rawhide && fedpkg push && fedpkg build --nowait; git checkout rawhide
+fi
+done
+
+exit
+# not finished yet
+/usr/bin/bodhi updates new --autokarma --autotime --type bugfix --severity medium --notes "https://blog.clamav.net/2021/06/clamav-01033-patch-release.html" --bugs 1974601 --request testing clamav-0.103.3-1.fc34
+/usr/bin/bodhi updates new --autokarma --autotime --type bugfix --severity medium --notes "https://blog.clamav.net/2021/06/clamav-01033-patch-release.html" --bugs 1974601 --request testing clamav-0.103.3-1.fc33
+/usr/bin/bodhi updates new --autokarma --autotime --type bugfix --severity medium --notes "https://blog.clamav.net/2021/06/clamav-01033-patch-release.html" --bugs 1974601 --request testing clamav-0.103.3-1.el8
+
+sha512sum --tag  ${TARBALL_CLEAN} $main_ver $daily_ver $bytecode_ver > sources

update_clamav_data.sh

@@ -0,0 +1,20 @@
+# dnf install python3-cvdupdate
+# python -m cvdupdate.cvdupdate --help
+cvd config set --dbdir my_dbs
+cvdupdate list
+cvdupdate update
+pushd my_dbs
+main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/')
+daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/')
+bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/')
+popd
+
+pushd my_dbs
+cp -f main.cvd ../$main_ver
+cp -f daily.cvd ../$daily_ver
+cp -f bytecode.cvd ../$bytecode_ver
+popd
+
+sed -i "s|^Source10: .*|Source10:   $main_ver|" clamav.spec
+sed -i "s|^Source11: .*|Source11:   $daily_ver|" clamav.spec
+sed -i "s|^Source12: .*|Source12:   $bytecode_ver|" clamav.spec