Box: disabilitare firme standard di clamav (5136)

gsanchietti commented 7 years ago

Nei box con 2GB di RAM, clamav occupa molta memoria poichè carica il database delle firme standard. Il database OFFICIAL è praticamente inutile, rimuoverne l'utilizzo su tutti i box.

Modifiche richieste al pacchetto nethserver-box:

aggiungere un frammento che disabiliti freshclam:

echo "FRESHCLAM_DELAY=disabled" >> /etc/e-smith/templates/etc/sysconfig/freshclam/80box
expand-template /etc/sysconfig/freshclam

aggiungere un'azione nell'evento update che elimini i database main e daily:

rm -f /var/lib/clamav/main.c?d /var/lib/clamav/daily.c?d

rimuovere template /etc/cron.daily/freshclam
installare clamav-data-empty nell'immagine base dei box

gsanchietti commented 7 years ago

ks nsec: add clamav-data-empty. Nethesis/dev#5136

gsanchietti commented 7 years ago

Remove freshclam cron.daily. Nethesis/dev#5136

gsanchietti commented 7 years ago

Disable clamav official db. Nethesis/dev#5136

gsanchietti commented 7 years ago

In nethesis-testing:

nethserver-box-2.0.3-1.3.gad9a08d.ns7.noarch.rpm

Test case

Installare su un box
Verificare che i file main e daily siano eliminati
Verificare che il template /etc/sysconfig/freshclam sia espanso

gsanchietti commented 7 years ago

Ho installato il pacchetto e funziona correttamente:

1)i file main.c?d and daily.c?d sono stati rimossi

[root@box ~]# ll /var/lib/clamav
total 19736   
-rw-r--r-- 1 clamupdate clamupdate   69106 May 18 17:24 badmacro.ndb
-rw-r--r-- 1 clamupdate clamupdate  123300 May 19 09:54 blurl.ndb
-rw-r--r-- 1 clamupdate clamupdate    2388 May 19 09:47 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate  105288 May 19 09:47 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamupdate clamupdate     464 May 19 09:47 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate    1750 May 19 09:47 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate   76781 Jun 13  2016 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate      82 Jul 13  2016 crdfam.clamav.hdb
-rw-r--r-- 1 clamupdate clamupdate     162 Apr 13 10:30 eicar.ndb
-rw-r--r-- 1 clamupdate clamupdate   88115 May 17 09:54 foxhole_filename.cdb
-rw-r--r-- 1 clamupdate clamupdate   45596 Jan 25 09:53 foxhole_generic.cdb
-rw-r--r-- 1 clamupdate clamupdate 6958822 May 18 12:53 junk.ndb
-rw-r--r-- 1 clamupdate clamupdate  411738 May 19 09:54 jurlbl.ndb
-rw-r--r-- 1 clamupdate clamupdate 3979321 May 18 14:52 phish.ndb
-rw-r--r-- 1 clamupdate clamupdate 4085168 May 19 09:46 phishtank.ndb
-rw-r--r-- 1 clamupdate clamupdate   72964 May 19 09:46 porcupine.hsb
-rw-r--r-- 1 clamupdate clamupdate   82949 May 19 09:46 porcupine.ndb
-rw-r--r-- 1 clamupdate clamupdate   25928 May 19 03:52 rogue.hdb
-rw-r--r-- 1 clamupdate clamupdate   11098 Oct 18  2016 sanesecurity.ftm
-rw-r--r-- 1 clamupdate clamupdate 1891474 May 16 12:10 scam.ndb
-rw-r--r-- 1 clamupdate clamupdate    7422 Apr  6 12:01 sigwhitelist.ign2
-rw-r--r-- 1 clamupdate clamupdate    1391 Apr 28 09:56 spamattach.hdb
-rw-r--r-- 1 clamupdate clamupdate    7109 May 18 09:52 spamimg.hdb
-rw-r--r-- 1 clamupdate clamupdate  526635 Apr 13 09:45 winnow.attachments.hdb
-rw-r--r-- 1 clamupdate clamupdate      66 Apr 13 09:45 winnow_bad_cw.hdb
-rw-r--r-- 1 clamupdate clamupdate   53407 May 19 09:45 winnow_extended_malware.hdb
-rw-r--r-- 1 clamupdate clamupdate  230513 May 19 09:45 winnow_malware.hdb
-rw-r--r-- 1 clamupdate clamupdate 1289671 May 19 09:45 winnow_malware_links.ndb

2) Il file /etc/sysconfig/freshclam è stato espanso e presenta la modifica:

[root@box ~]# grep DELAY /etc/sysconfig/freshclam 
# FRESHCLAM_DELAY=
FRESHCLAM_DELAY=disabled

gsanchietti commented 7 years ago

Rilasciato: nethserver-box-2.0.4-1.ns7.noarch.rpm

nethesis / dev

Box: disabilitare firme standard di clamav (5136) #5136