mirrors/gentoo-ebuilds
3
0
Fork 0
mirror of https://anongit.gentoo.org/git/repo/gentoo.git synced 2025-12-19 16:38:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gentoo-ebuilds/app-antivirus/clamav/files/clamav-0.103.12-impersonate-user-agent.patch
Michael Orlitzky d7245560ca
 app-antivirus/clamav: impersonate version with 0.103.x 
Cisco is now preventing v0.103.x clients from updating via freshclam,
though the signatures are entirely compatible. For lack of a better
option, we now impersonate the version via HTTPUserAgent, set by
default.

Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
2025-10-01 18:53:14 -04:00

108 lines
4.1 KiB
Diff
Raw Permalink Blame History

From f166433a660647836bdfd398d0edc0edec36caf3 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Fri, 28 Mar 2025 15:25:45 -0400
Subject: [PATCH 1/3] freshclam/freshclam.c: always allow HTTPUserAgent
---
freshclam/freshclam.c | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)
diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c
index 7c23b9e..5da6251 100644
--- a/freshclam/freshclam.c
+++ b/freshclam/freshclam.c
@@ -928,22 +928,10 @@ static fc_error_t initialize(struct optstruct *opts)
}
if (optget(opts, "HTTPUserAgent")->enabled) {
-
- if (!(optget(opts, "PrivateMirror")->enabled) &&
- (optget(opts, "DatabaseMirror")->enabled) &&
- (strstr(optget(opts, "DatabaseMirror")->strarg, "clamav.net"))) {
- /*
- * Using the official project CDN.
- */
- logg("In an effort to reduce CDN data costs, HTTPUserAgent may not be used when updating from clamav.net.\n");
- logg("The HTTPUserAgent specified in your config will be ignored so that FreshClam is not blocked by the CDN.\n");
- logg("If ClamAV's user agent is not allowed through your firewall/proxy, please contact your network administrator.\n\n");
- } else {
- /*
- * Using some other CDN or private mirror.
- */
- fcConfig.userAgent = optget(opts, "HTTPUserAgent")->strarg;
- }
+ /*
+ * Using some other CDN or private mirror.
+ */
+ fcConfig.userAgent = optget(opts, "HTTPUserAgent")->strarg;
}
fcConfig.maxAttempts = optget(opts, "MaxAttempts")->numarg;
--
2.45.2
From 58177ecd5dc2dec6f0170fd4eb346272fa3877df Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Fri, 28 Mar 2025 15:26:08 -0400
Subject: [PATCH 2/3] etc/freshclam.conf.sample: demonstrate version override
The HTTPUserAgent option can be used to trick the database server
into thinking your version of ClamAV is not outdated. Now we give
an example that does that.
---
etc/freshclam.conf.sample | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/etc/freshclam.conf.sample b/etc/freshclam.conf.sample
index 5d38500..b5612b4 100644
--- a/etc/freshclam.conf.sample.in.in
+++ b/etc/freshclam.conf.sample.in.in
@@ -138,7 +138,7 @@ DatabaseMirror database.clamav.net
# As of ClamAV 0.103.3, this setting may not be used when updating from the
# clamav.net CDN and can only be used when updating from a private mirror.
# Default: clamav/version_number (OS: ..., ARCH: ..., CPU: ..., UUID: ...)
-#HTTPUserAgent SomeUserAgentIdString
+HTTPUserAgent ClamAV/1.4.3
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
--
2.45.2
From 67ef383deec72aa6a299b70a4be93aae15126eb0 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Fri, 28 Mar 2025 15:27:23 -0400
Subject: [PATCH 3/3] libfreshclam/libfreshclam_internal.c: append junk to
HTTPUserAgent
Sending the bare HTTPUserAgent to the CDN won't work because we need
the other junk (package info, arch, UUID, etc.) We update the
user-agent routine to combine the user-supplied agent with the
required mumbo jumbo.
---
libfreshclam/libfreshclam_internal.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libfreshclam/libfreshclam_internal.c b/libfreshclam/libfreshclam_internal.c
index f6128e6..0af1d81 100644
--- a/libfreshclam/libfreshclam_internal.c
+++ b/libfreshclam/libfreshclam_internal.c
@@ -587,7 +587,14 @@ static fc_error_t create_curl_handle(
}
if (g_userAgent) {
- strncpy(userAgent, g_userAgent, sizeof(userAgent));
+ /*
+ * Use the HTTPUserAgent supplied by the user instead of the
+ * default PACKAGE/get_version().
+ */
+ snprintf(userAgent, sizeof(userAgent),
+ "%s (OS: " TARGET_OS_TYPE ", ARCH: " TARGET_ARCH_TYPE ", CPU: " TARGET_CPU_TYPE ", UUID: %s)",
+ g_userAgent,
+ g_freshclamDat->uuid);
} else {
/*
* Use a randomly generated UUID in the User-Agent
--
2.45.2
Reference in a new issue View git blame Copy permalink