#!/bin/bash

hvconfig_pre()
{
    groupadd --system -f clamav
    hv_useradd --system -g clamav -s /bin/false -c Clam-AntiVirus clamav

    # Is this really necessary?
    export SENDMAIL="/usr/sbin/sendmail"

    CONFIGURE_OPTS+=" \
        --with-dbdir=/srv/clamav \
        --enable-milter"
}

hvconfig_post()
{
    unset SENDMAIL
}

hvbuild_post()
{
    install -v -m644 ${SCRDIR}/misc/freshclam /etc/fcron/fcron.d

    touch /var/log/clamd.log
    chmod 600 /var/log/clamd.log
    chown clamav /var/log/clamd.log
    touch /var/log/freshclam.log
    chmod 600 /var/log/freshclam.log
    chown clamav /var/log/freshclam.log

    # Configuration file
    cat > /etc/clamd.conf << "EOF"
# clamd.conf
# Configuration file for the Clam AV daemon

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# A full path is required.
LogFile /var/log/clamd.log

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
LogFileMaxSize 0

# Log time with each message.
LogTime 1

# Enable verbose logging.
#LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamav/clamd.pid

# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /srv/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
LocalSocket /var/run/clamav/clamd.sock

# Remove stale socket after unclean shutdown.
FixStaleSocket 1

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
MaxThreads 200

# Maximal depth directories are scanned at.
# Default: 15
MaxDirectoryRecursion 15

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as a selected user (clamd must be started by root).
# Default: disabled
User clamav

# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Documents
##

# This option enables scanning of Microsoft Office document macros.
ScanOLE2 1

##
## Mail files
##

# Enable internal e-mail scanner.
ScanMail 1

##
## Archives
##

# ClamAV can scan within archives and compressed files.
ScanArchive 1

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# Files larger than this limit won't be scanned.
# Value of 0 disables the limit.
MaxFileSize 10M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
MaxRecursion 100

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
MaxFiles 0
EOF

    # Freshclam configuration file
    cat > /etc/freshclam.conf << "EOF"
# freshclam.conf
# Configuration file for Freshclam

# Path to the database directory.
DatabaseDirectory /srv/clamav

# Path to the log file (make sure it has proper permissions)
UpdateLogFile /var/log/freshclam.log

# Enable verbose logging.
#LogVerbose

# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
DatabaseOwner clamav

# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. We highly recommend enabling
# this option.
DNSDatabaseInfo current.cvd.clamav.net

# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
DatabaseMirror db.ca.clamav.net

# database.clamav.net is a round-robin record which points to our most 
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is 
# not working.
DatabaseMirror database.clamav.net

# Send the RELOAD command to clamd.
# Default: disabled
#NotifyClamd

# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command

# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
EOF

    # Create the DB directory
    mkdir -p /srv/clamav
    chown clamav:clamav /srv/clamav
    chmod 755 /srv/clamav

    # Create the run directory
    mkdir -p /var/run/clamav
    chown clamav:clamav /var/run/clamav
    chmod 755 /var/run/clamav

    # Bootscript
    install -v -m740 ${SCRDIR}/bootscripts/clamav /etc/rc.d/init.d

    # script-name start stop
    bootscript_add_rc3 clamav 55 35
}