Thursday, May 09, 2019

Building ClamAV on Solaris 11.4 using solaris-userland

Well, I have started moving all the software I use over to solaris-userland builds so next in line after my last blog of building FFmpeg is ClamAV. The reason for this it speed the process of build, IPS Build and install for packages which have a quick release schedule.
  1. Check out FFmpeg on Solaris 11.4 using solaris-userland for solaris-userland setup instructions.
  2. Creates a clamd service which is disabled by default
  3. clamav user created via IPS
  4. freshclam will need to be run (manually) as clamav user after IPS install
  5. crontab entry needs to be created (manually) to update virus signatures
  6. /etc/clamav/{clamd.conf,freshclam.conf} needs to be altered to your setup
  7. Things to fix:
    • start up script required to create log files and run freshclam for first time
    • log files contain in package (see previous)
    • uninstall should not remove virus signatures "/var/clamav"
    • crontab entry to run freshclam needs to be moved to a SMF
    • Update 2019 Aug 6th: --enable-strni removed from configure (0.101.3+)
$ mkdir components/clamav
$ cd components/clamav
$ cat Makefile
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END

#
# Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
#
BUILD_BITS=64
COMPILER=gcc
include ../../make-rules/shared-macros.mk

COMPONENT_NAME=         clamav
COMPONENT_VERSION=      0.101.2
COMPONENT_SRC=          $(COMPONENT_NAME)-$(COMPONENT_VERSION)
IPS_COMPONENT_VERSION=  $(COMPONENT_VERSION)
BUILD_VERSION=          1

COMPONENT_PROJECT_URL=  http://www.clamav.net

COMPONENT_ARCHIVE=      clamav-$(COMPONENT_VERSION).tar.gz
COMPONENT_ARCHIVE_URL=  http://www.clamav.net/downloads/production/$(COMPONENT_ARCHIVE)
COMPONENT_ARCHIVE_HASH=
COMPONENT_MAKE_JOBS=    1

BUILD_STYLE=    configure

# configure does not accept many of the options set in
# configure.mk (CC=, CXX=, --bindir, --libdir, --sbindir).
#CONFIGURE_DEFAULT_DIRS set to NO since we need "--libdir=/usr/lib/amd64" set 
# otherwise it could have been YES
CONFIGURE_DEFAULT_DIRS= no
CONFIGURE_OPTIONS += --prefix=/usr
CONFIGURE_OPTIONS += --mandir=/usr/share/man
CONFIGURE_OPTIONS += --bindir=/usr/bin
CONFIGURE_OPTIONS += --libdir=/usr/lib/amd64

# Need to add all config options by hand
CONFIGURE_OPTIONS += --with-user=defang8
CONFIGURE_OPTIONS += --with-group=nogroup
CONFIGURE_OPTIONS += --enable-readdir_r
CONFIGURE_OPTIONS += -enable-milter
#CONFIGURE_OPTIONS += --enable-strni   # Not required 0.101.3+
CONFIGURE_OPTIONS += --sysconfdir=/etc/clamav
CONFIGURE_OPTIONS += --with-dbdir=/var/clamav
CONFIGURE_OPTIONS += --datarootdir=/var/clamav
CONFIGURE_OPTIONS += --sbindir=/usr/lib/inet
#CONFIGURE_OPTIONS += --enable-shared
#CONFIGURE_OPTIONS += --strip=gstrip 
#CONFIGURE_OPTIONS += --disable-x86asm
#CONFIGURE_OPTIONS += --mandir=/usr/share/man
#CONFIGURE_OPTIONS += --bindir=/usr/bin
#CONFIGURE_OPTIONS += --libdir=/usr/lib/amd64

COMPONENT_POST_BUILD_ACTION= \
        (cd $(PROTO_DIR) ; $(MKDIR) -p var/spool/MIMEDefang var/clamav)

TEST_TARGET= $(NO_TESTS)
include $(WS_MAKE_RULES)/common.mk

# remove warnings that packages are missing 
IPS_PKG_NAME=         storage/clamav
REQUIRED_PACKAGES += library/security/openssl
REQUIRED_PACKAGES += library/libxml2
REQUIRED_PACKAGES += system/library/gcc/gcc-c-runtime
REQUIRED_PACKAGES += library/zlib
REQUIRED_PACKAGES += system/library/gcc/gcc-c++-runtime
REQUIRED_PACKAGES += library/json-c 
REQUIRED_PACKAGES += web/curl
REQUIRED_PACKAGES += library/ncurses
REQUIRED_PACKAGES += library/libmilter
REQUIRED_PACKAGES += system/library/math
REQUIRED_PACKAGES += library/pcre 

$ gmake install
Now we need to create a sample-manifest which I will use as a starting point, but you will need to edit it to get it to work. Downloadable version is here
$ gmake sample-manifest
$ cat clamav.p5m  
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
#
 default mangler.man.stability volatile>
set name=pkg.fmri \
    value=pkg:/storage/clamav@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
set name=pkg.summary value=clamav
set name=com.oracle.info.description \
    value="ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats"
set name=info.classification \
    value="org.opensolaris.category.2008:Applications/System Utilities"
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
set name=org.opensolaris.arc-caseid value=PSARC/YYYY/XXX
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
#
dir  path=etc/clamav
file path=etc/clamav/clamav-milter.conf.sample
#
# config. file
file clamd.conf path=etc/clamav/clamd.conf mode=0644 overlay=allow preserve=true
file path=etc/clamav/clamd.conf.sample
file freshclam.conf path=etc/clamav/freshclam.conf mode=0644 overlay=allow \
    preserve=true
file path=etc/clamav/freshclam.conf.sample
#
# SMF(5)
#file prof_service-network-clamd path=etc/security/prof_attr.d/service-network-clamd
file clamd.xml path=lib/svc/manifest/network/clamd.xml \
    disable_fmri=svc:/application/clamd:default
file path=usr/bin/clamav-config
file path=usr/bin/clambc
file path=usr/bin/clamconf
file path=usr/bin/clamdscan
file path=usr/bin/clamdtop
file path=usr/bin/clamscan
file path=usr/bin/clamsubmit
file path=usr/bin/freshclam
file path=usr/bin/sigtool
file path=usr/include/clamav-types.h
file path=usr/include/clamav.h
link path=usr/lib/$(MACH64)/libclamav.so target=libclamav.so.9.0.2
link path=usr/lib/$(MACH64)/libclamav.so.9 target=libclamav.so.9.0.2
file path=usr/lib/$(MACH64)/libclamav.so.9.0.2
link path=usr/lib/$(MACH64)/libclammspack.so target=libclammspack.so.0.1.0
link path=usr/lib/$(MACH64)/libclammspack.so.0 target=libclammspack.so.0.1.0
file path=usr/lib/$(MACH64)/libclammspack.so.0.1.0
link path=usr/lib/$(MACH64)/libclamunrar.so target=libclamunrar.so.9.0.2
link path=usr/lib/$(MACH64)/libclamunrar.so.9 target=libclamunrar.so.9.0.2
file path=usr/lib/$(MACH64)/libclamunrar.so.9.0.2
link path=usr/lib/$(MACH64)/libclamunrar_iface.so \
    target=libclamunrar_iface.so.9.0.2
link path=usr/lib/$(MACH64)/libclamunrar_iface.so.9 \
    target=libclamunrar_iface.so.9.0.2
file path=usr/lib/$(MACH64)/libclamunrar_iface.so.9.0.2
file path=usr/lib/$(MACH64)/pkgconfig/libclamav.pc
file path=usr/lib/inet/clamd
file path=usr/sbin/clamav-milter
file path=usr/share/man/man1/clambc.1
file path=usr/share/man/man1/clamconf.1
file path=usr/share/man/man1/clamdscan.1
file path=usr/share/man/man1/clamdtop.1
file path=usr/share/man/man1/clamscan.1
file path=usr/share/man/man1/clamsubmit.1
file path=usr/share/man/man1/freshclam.1
file path=usr/share/man/man1/sigtool.1
file path=usr/share/man/man5/clamav-milter.conf.5
file path=usr/share/man/man5/clamd.conf.5
file path=usr/share/man/man5/freshclam.conf.5
file path=usr/share/man/man8/clamav-milter.8
file path=usr/share/man/man8/clamd.8
dir  path=var/clamav owner=clamav group=clamav mode=0755
#
# Add log files (not a good way of doing it)
file clamd.log path=var/log/clamd.log owner=clamav group=clamav mode=0640 \
    overlay=allow preserve=true
file freshclam.log path=var/log/freshclam.log owner=clamav group=clamav \
    mode=0640 overlay=allow preserve=true
#
dir  path=var/spool/MIMEDefang owner=clamav group=clamav mode=0700
#
# user/group (added by pkg)
group groupname=clamav gid=76
user username=clamav ftpuser=false gcos-field="CLAMAV Reserved UID" \
    group=clamav uid=76
#
license COPYING.all license=COPYING.all

$ rm ./build/manifest-i386-generated.p5m
$ gmake publish
Now lets see if the pkg has been built:
$ pkg info -r -g file:/scratch/solaris-userland/i386/repo clamav
             Name: storage/clamav
          Summary: clamav
         Category: Applications/System Utilities
            State: Installed
        Publisher: nightly
          Version: 0.101.2
           Branch: None
   Packaging Date: May  7, 2019 at  4:13:52 PM
Last Install Time: May  7, 2019 at  4:15:27 PM
             Size: 4.99 MB
             FMRI: pkg://nightly/storage/clamav@0.101.2:20190507T161352Z
      Project URL: http://www.clamav.net
       Source URL: http://www.clamav.net/downloads/production/clamav-0.101.2.tar.gz

$ pkg install -v -g file:/scratch/solaris-userland/i386/repo storage/clamav
           Packages to install:         1
            Services to change:         1
     Estimated space available: 248.60 GB
Estimated space to be consumed: 371.50 MB
       Create boot environment:        No
Create backup boot environment:        No
          Rebuild boot archive:        No

Changed packages:
nightly
  storage/clamav
    None -> 0.101.2

Services:
  restart_fmri:
    svc:/system/manifest-import:default

Editable files to change:
  Install:
    etc/clamav/clamd.conf
    etc/clamav/freshclam.conf
    var/log/clamd.log
    var/log/freshclam.log

DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                                1/1         40/40      1.9/1.9 47.6M/s

PHASE                                          ITEMS
Installing new actions                         81/81
Updating package state database                 Done 
Updating package cache                           0/0 
Updating image state                            Done 
Creating fast lookup database                   Done 
Reading search index                            Done 
Updating search index                            1/1 
Updating package cache                           5/5 

$ clamscan --version
ClamAV 0.101.2/25442/Tue May  7 09:01:24 2019

$ su - clamav -c "/usr/bin/freshclam"

$ crontab -l clamav
## Format( minutes  hours  day-of-month  month  day-of-week command
#
03 11 * * * find /var/spool/MD-Quarantine -name "qdir*" -type d -mtime +7 -exec rm -rf {} \;
10 * * * * /usr/bin/freshclam --quiet

No comments: