@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2007-2012 Sourcefire, Inc.

  *

  *  Authors: Tomasz Kojm

@@ -290,10 +290,6 @@ void help(void)

     mprintf("    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.\n");

     mprintf("    --pcre-max-filesize=#n               Maximum size file to perform PCRE subsig matching.\n");

 #endif /* HAVE_PCRE */

-    mprintf("    --enable-stats                       Enable statistical reporting of malware\n");

-    mprintf("    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions\n");

-    mprintf("    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server\n");

-    mprintf("    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.\n");

     mprintf("    --disable-cache                      Disable caching and cache checks for hash sums of scanned files.\n");

     mprintf("\n");

     mprintf("(*) Default scan settings\n");

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2007-2013 Sourcefire, Inc.

  *

  *  Authors: Tomasz Kojm

@@ -675,42 +675,6 @@ int scanmanager(const struct optstruct *opts)

     if (optget(opts, "disable-cache")->enabled)

         cl_engine_set_num(engine, CL_ENGINE_DISABLE_CACHE, 1);

-    if (optget(opts, "disable-pe-stats")->enabled) {

-        cl_engine_set_num(engine, CL_ENGINE_DISABLE_PE_STATS, 1);

-    }

-

-    if (optget(opts, "enable-stats")->enabled) {

-        cl_engine_stats_enable(engine);

-    }

-

-    if (optget(opts, "stats-timeout")->enabled) {

-        cl_engine_set_num(engine, CL_ENGINE_STATS_TIMEOUT, optget(opts, "StatsTimeout")->numarg);

-    }

-

-    if (optget(opts, "stats-host-id")->enabled) {

-        char *p = optget(opts, "stats-host-id")->strarg;

-

-        if (strcmp(p, "default")) {

-            if (!strcmp(p, "none")) {

-                cl_engine_set_clcb_stats_get_hostid(engine, NULL);

-            } else if (!strcmp(p, "anonymous")) {

-                strcpy(hostid, STATS_ANON_UUID);

-            } else {

-                if (strlen(p) > 36) {

-                    logg("!Invalid HostID\n");

-

-                    cl_engine_set_clcb_stats_submit(engine, NULL);

-                    cl_engine_free(engine);

-                    return 2;

-                }

-

-                strcpy(hostid, p);

-            }

-

-            cl_engine_set_clcb_stats_get_hostid(engine, get_hostid);

-        }

-    }

-

     if(optget(opts, "detect-pua")->enabled) {

         dboptions |= CL_DB_PUA;

         if((opt = optget(opts, "exclude-pua"))->enabled) {

@@ -1,6 +1,6 @@

 %  Clam AntiVirus: User Manual

 %

-%  Copyright (C) 2016 Cisco Systems, Inc.

+%  Copyright (C) 2016-2017 Cisco Systems, Inc.

 %  Copyright (C) 2008-2013 Sourcefire, Inc.

 %  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm*clamav.net>

 %  Version 0.2x corrected by Dennis Leeuw <dleeuw*made-it.com>

@@ -84,6 +84,7 @@

     \noindent

     \begin{boxedminipage}[b]{\textwidth}

     ClamAV User Manual,

+87d

     \copyright \  2017 Cisco Systems, Inc.

     Authors: Tomasz Kojm\\

     This document is distributed under the terms of the GNU General

@@ -583,29 +584,6 @@ N * * * *	/usr/local/bin/freshclam --quiet

     mirror fails for some reason. The full list of two-letters country codes

     is available at \url{http://www.iana.org/cctld/cctld-whois.htm}

-    \subsection{ClamAV Active Malware Report}

-

-    The ClamAV Active Malware Report that was introduced in ClamAV 0.94.1 uses

-    freshclam to send summary data to our server about the malware that has

-    been detected. This data is then used to generate real-time reports on

-    active malware. These reports, along with geographical and historic trends,

-    will be published on \url{http://www.clamav.net/}.

-    \\\\

-    The more data that we receive from ClamAV users, the more reports, and the

-    better the quality of the reports, will be. To enable the submission of

-    data to us for use in the Active Malware Report, enable

-    SubmitDetectionStats in freshclam.conf, and LogTime and LogFile in

-    clamd.conf. You should only enable this feature if you're running clamd

-    to scan incoming data in your environment.

-    \\\\

-    The only private data that is transferred is an IP address, which is used

-    to create the geographical data. The size of the data that is sent is small;

-    it contains just the filename, malware name and time of detection. The data

-    is sent in sets of 10 records, up to 50 records per session. For example,

-    if you have 45 new records, then freshclam will submit 40; if 78 then it

-    will submit the latest 50 entries; and if you have 9 records no statistics

-    will be sent.

-

     \section{Usage}

     \subsection{Clam daemon}\label{clamd}

@@ -689,26 +689,6 @@ Default: disabled

 Disable authenticode certificate chain verification in PE files.

 .br

 Default: no

-.TP

-\fBStatsEnabled BOOL\fR

-Enable submission of statistical data

-.br

-Default: no

-.TP

-\fBStatsHostID STRING\fR

-HostID in the form of an UUID to use when submitting statistical information.

-.br

-Default: auto

-.TP

-\fBStatsPEDisabled BOOL\fR

-Disable submission of PE section statistical data.

-.br

-Default: no

-.TP

-\fBStatsTimeout NUMBER\fR

-Timeout in seconds to timeout communication with the stats server.

-.br

-Default: 10

 .SH "NOTES"

 .LP 

 All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum.

@@ -241,18 +241,6 @@ Maximum recursive calls to the PCRE match function (default: 5000).

 \fB\-\-pcre-max-filesize=#n\fR

 Maximum size file to perform PCRE subsig matching (default: 25 MB, max: <4 GB).

 .TP

-\fB\-\-enable\-stats\fR

-This option enables submission of statistical data. (Default: stats submissions disabled)

-.TP

-\fB\-\-stats\-host\-id\fR

-This option sets the HostID, in the form of an UUID, to use when submitting statistical information.

-.TP

-\fB\-\-disable\-pe\-stats\fR

-This option disables the submission of PE section data. (Default: submitting of PE section data enabled if stats submissions as a whole is enabled).

-.TP

-\fB\-\-stats\-timeout=#n\fR

-This option sets the timeout in seconds to wait for communication back from the stats server. (Default: 10).

-.TP

 \fB\-\-disable\-cache\fR

 Disable caching and cache checks for hash sums of scanned files.

 .SH "EXAMPLES"

@@ -75,17 +75,8 @@ Execute COMMAND when freshclam reports outdated version. In the command string %

 \fB\-\-list\-mirrors\fR

 Print mirror details from mirrors.dat (cache file for the mirror manager).

 .TP

-\fB\-\-submit\-stats[=/path/to/clamd.conf]\fR

-Upload detection statistics to the ClamAV Project (see freshclam.conf(5):SubmitDetectionStats for more details). No database update will be performed. This option only works in the interactive mode.

-.TP

 \fB\-\-update\-db=DBNAME\fR

 With this option you can limit updates to a subset of database files. The DBNAME should be "main", "daily", "bytecode", "safebrowsing" or one of the 3rd party database names. This option can be used multiple times and only works with the official and 3rd party databases distrubuted through the ClamAV mirrors, your custom databases (specified with DatabaseCustomURL in freshclam.conf) will not be ignored.

-.TP

-\fB\-\-enable\-stats\fR

-Enable submission of statistical data.

-.TP

-\fB\-\-stats\-host\-id=UUID\fR

-HostID in the form of an UUID to use when submitting statistical information.

 .SH "EXAMPLES"

 .LP 

 .TP 

@@ -186,16 +186,6 @@ Timeout in seconds when reading from database server.

 .br 

 Default: 30

 .TP

-\fBSubmitDetectionStats STRING\fR

-When enabled freshclam will submit statistics to the ClamAV Project about the latest virus detections in your environment. The ClamAV maintainers will then use this data to determine what types of malware are the most detected in the field and in what geographic area they are. Freshclam will connect to clamd in order to get the recent statistics. The path for clamd.conf file must be provided.

-.br

-Default: disabled

-.TP

-\fBDetectionStatsCountry STRING\fR

-Country of origin of malware/detection statistics (for statistical purposes only). The statistics collector at ClamAV.net will look up your IP address to determine the geographical origin of the malware reported by your installation. If this installation is mainly used to scan data which comes from a different location, please enable this option and enter a two-letter code (see http://www.iana.org/domains/root/db/) of the country of origin.

-.br

-Default: disabled

-.TP

 \fBSafeBrowsing BOOL\fR

 This option enables support for Google Safe Browsing. When activated for the first time, freshclam will download a new database file (safebrowsing.cvd) which will be automatically loaded by clamd and clamscan during the next reload, provided that the heuristic phishing detection is turned on. This database includes information about websites that may be phishing sites or possible sources of malware. When using this option, it's mandatory to run freshclam at least every 30 minutes. Freshclam uses the ClamAV's mirror infrastructure to distribute the database and its updates but all the contents are provided under Google's terms of use. See http://code.google.com/support/bin/answer.py?answer=70015 and http://safebrowsing.clamav.net for more information.

 .br

@@ -664,19 +664,3 @@ Example

 ##

 ## Statistics gathering and submitting

 ##

-

-# Enable statistical reporting.

-# Default: no

-#StatsEnabled yes

-

-# Disable submission of individual PE sections for files flagged as malware.

-# Default: no

-#StatsPEDisabled yes

-

-# HostID in the form of an UUID to use when submitting statistical information.

-# Default: auto

-#StatsHostID auto

-

-# Time in seconds to wait for the stats server to come back with a response

-# Default: 10

-#StatsTimeout 10

@@ -169,24 +169,6 @@ DatabaseMirror database.clamav.net

 # Default: yes

 #TestDatabases yes

-# When enabled freshclam will submit statistics to the ClamAV Project about

-# the latest virus detections in your environment. The ClamAV maintainers

-# will then use this data to determine what types of malware are the most

-# detected in the field and in what geographic area they are.

-# Freshclam will connect to clamd in order to get recent statistics.

-# Default: no

-#SubmitDetectionStats /path/to/clamd.conf

-

-# Country of origin of malware/detection statistics (for statistical

-# purposes only). The statistics collector at ClamAV.net will look up

-# your IP address to determine the geographical origin of the malware

-# reported by your installation. If this installation is mainly used to

-# scan data which comes from a different location, please enable this

-# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)

-# of the country of origin.

-# Default: disabled

-#DetectionStatsCountry country-code

-

 # This option enables support for Google Safe Browsing. When activated for

 # the first time, freshclam will download a new database file (safebrowsing.cvd)

 # which will be automatically loaded by clamd and clamscan during the next

@@ -70,7 +70,6 @@ int sigchld_wait = 1;

 const char *pidfile = NULL;

 char hostid[37];

-void submit_host_info(struct optstruct *opts);

 char *get_hostid(void *cbdata);

 int is_valid_hostid(void);

@@ -146,16 +145,20 @@ help (void)

 {

     mprintf_stdout = 1;

-    mprintf ("\n");

-    mprintf ("                   Clam AntiVirus: freshclam  %s\n",

-             get_version ());

-    printf ("           By The ClamAV Team: http://www.clamav.net/about.html#credits\n");

-    printf ("           (C) 2007-2017 Cisco Systems, Inc.\n\n");

-

-    mprintf ("    --help               -h              show help\n");

+    mprintf 

+        ("\n");

+    mprintf 

+        ("                   Clam AntiVirus: freshclam  %s\n", get_version ());

+    printf 

+        ("           By The ClamAV Team: http://www.clamav.net/about.html#credits\n");

+    printf 

+        ("           (C) 2007-2017 Cisco Systems, Inc.\n\n");

+    mprintf 

+        ("    --help               -h              show help\n");

     mprintf

         ("    --version            -V              print version number and exit\n");

-    mprintf ("    --verbose            -v              be verbose\n");

+    mprintf 

+        ("    --verbose            -v              be verbose\n");

     mprintf

         ("    --debug                              enable debug messages\n");

     mprintf

@@ -166,15 +169,19 @@ help (void)

         ("    --stdout                             write to stdout instead of stderr\n");

     mprintf

         ("    --show-progress                      show download progress percentage\n");

-    mprintf ("\n");

+    mprintf 

+        ("\n");

     mprintf

         ("    --config-file=FILE                   read configuration from FILE.\n");

-    mprintf ("    --log=FILE           -l FILE         log into FILE\n");

+    mprintf 

+        ("    --log=FILE           -l FILE         log into FILE\n");

 #ifndef _WIN32

-    mprintf ("    --daemon             -d              run in daemon mode\n");

+    mprintf 

+        ("    --daemon             -d              run in daemon mode\n");

     mprintf

         ("    --pid=FILE           -p FILE         save daemon's pid in FILE\n");

-    mprintf ("    --user=USER          -u USER         run as USER\n");

+    mprintf 

+        ("    --user=USER          -u USER         run as USER\n");

 #endif

     mprintf

         ("    --no-dns                             force old non-DNS verification method\n");

@@ -197,10 +204,6 @@ help (void)

     mprintf

         ("    --list-mirrors                       print mirrors from mirrors.dat\n");

     mprintf

-        ("    --enable-stats                       enable statistical information reporting\n");

-    mprintf

-        ("    --stats-host-id=UUID                 HostID in the form of an UUID to use when submitting statistical information\n");

-    mprintf

         ("    --update-db=DBNAME                   only update database DBNAME\n");

     mprintf ("\n");

@@ -363,28 +366,6 @@ main (int argc, char **argv)

         return 0;

     }

-    /* Stats/intelligence gathering  */

-    if (optget(opts, "stats-host-id")->enabled) {

-        char *p = optget(opts, "stats-host-id")->strarg;

-

-        if (strcmp(p, "default")) {

-            if (!strcmp(p, "anonymous")) {

-                strcpy(hostid, STATS_ANON_UUID);

-            } else {

-                if (strlen(p) > 36) {

-                    logg("!Invalid HostID\n");

-                    optfree(opts);

-                    return FCE_INIT;

-                }

-

-                strcpy(hostid, p);

-            }

-        } else {

-            strcpy(hostid, "default");

-        }

-    }

-    submit_host_info(opts);

-

     if (optget (opts, "HTTPProxyPassword")->enabled)

     {

         if (CLAMSTAT (cfgfile, &statbuf) == -1)

@@ -771,54 +752,6 @@ main (int argc, char **argv)

     return (ret);

 }

-void submit_host_info(struct optstruct *opts)

-{

-    struct cl_engine *engine;

-    cli_intel_t *intel;

-

-    if (!optget(opts, "enable-stats")->enabled)

-        return;

-

-    engine = cl_engine_new();

-    if (!(engine))

-        return;

-

-    if (optget (opts, "Debug")->enabled || optget (opts, "debug")->enabled)

-        cl_debug ();

-

-    if (optget (opts, "verbose")->enabled)

-        mprintf_verbose = 1;

-

-    cl_engine_stats_enable(engine);

-

-    intel = engine->stats_data;

-    if (!(intel)) {

-        engine->cb_stats_submit = NULL;

-        cl_engine_free(engine);

-        return;

-    }

-

-    intel->host_info = calloc(1, strlen(TARGET_OS_TYPE) + strlen(TARGET_ARCH_TYPE) + 2);

-    if (!(intel->host_info)) {

-        engine->cb_stats_submit = NULL;

-        cl_engine_free(engine);

-        return;

-    }

-

-    sprintf(intel->host_info, "%s %s", TARGET_OS_TYPE, TARGET_ARCH_TYPE);

-

-    if (!strcmp(hostid, "none"))

-        cl_engine_set_clcb_stats_get_hostid(engine, NULL);

-    else if (strcmp(hostid, "default"))

-        cl_engine_set_clcb_stats_get_hostid(engine, get_hostid);

-

-    if (optget(opts, "stats-timeout")->enabled) {

-        cl_engine_set_num(engine, CL_ENGINE_STATS_TIMEOUT, optget(opts, "StatsTimeout")->numarg);

-    }

-

-    cl_engine_free(engine);

-}

-

 int is_valid_hostid(void)

 {

     int count, i;

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2008-2013 Sourcefire, Inc.

  *

  *  Author: Tomasz Kojm <tkojm@clamav.net>

@@ -194,14 +194,6 @@ const struct clam_option __clam_options[] = {

     { "LogFile", "log", 'l', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN | OPT_CLAMDSCAN, "Save all reports to a log file.", "/tmp/clamav.log" },

-    { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN, "HostID in the form of an UUID to use when submitting statistical information. See the clamscan manpage for more information.", "default" },

-

-    { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN, "Enable submission of statistical data", "yes" },

-

-    { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Disable submission of PE section statistical data", "no" },

-

-    { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM, "Timeout in seconds to timeout communication with the stats server.", "10" },

-

     { "LogFileUnlock", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_MILTER, "By default the log file is locked for writing and only a single\ndaemon process can write to it. This option disables the lock.", "yes" },

     { "LogFileMaxSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 1048576, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Maximum size of the log file.\nValue of 0 disables the limit.", "5M" },

@@ -485,10 +477,6 @@ const struct clam_option __clam_options[] = {

     { "ReceiveTimeout", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 30, NULL, 0, OPT_FRESHCLAM, "Timeout in seconds when reading from database server.", "30" },

-    { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM, "When enabled freshclam will submit statistics to the ClamAV Project about\nthe latest virus detections in your environment. The ClamAV maintainers\nwill then use this data to determine what types of malware are the most\ndetected in the field and in what geographic area they are.\nFreshclam will connect to clamd in order to get recent statistics.", "/path/to/clamd.conf" },

-

-    { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM, "Country of origin of malware/detection statistics (for statistical\npurposes only). The statistics collector at ClamAV.net will look up\nyour IP address to determine the geographical origin of the malware\nreported by your installation. If this installation is mainly used to\nscan data which comes from a different location, please enable this\noption and enter a two-letter code (see http://www.iana.org/domains/root/db/)\nof the country of origin.", "country-code" },

-

     { "SafeBrowsing", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "This option enables support for Google Safe Browsing. When activated for\nthe first time, freshclam will download a new database file (safebrowsing.cvd)\nwhich will be automatically loaded by clamd and clamscan during the next\nreload, provided that the heuristic phishing detection is turned on. This\ndatabase includes information about websites that may be phishing sites or\npossible sources of malware. When using this option, it's mandatory to run\nfreshclam at least every 30 minutes.\nFreshclam uses the ClamAV's mirror infrastructure to distribute the\ndatabase and its updates but all the contents are provided under Google's\nterms of use. See http://www.google.com/transparencyreport/safebrowsing\nand http://www.clamav.net/doc/safebrowsing.html for more information.", "yes" },

     { "Bytecode", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_FRESHCLAM, "This option enables downloading of bytecode.cvd, which includes additional\ndetection mechanisms and improvements to the ClamAV engine.", "yes" },