Browse code
FreshClam: Deprecate SafeBrowsing config option
The SafeBrowsing option will no longer do anything.
For more details, see:
https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html
If generating your own safebrowing.gdb database, use the
DatabaseCustomURL option in freshclam.conf to download it.
Micah Snyder authored on 2021/03/21 06:15:45Showing 5 changed files
- docs/man/freshclam.conf.5.in
- etc/freshclam.conf.sample
- freshclam/freshclam.c
- shared/optparser.c
- win32/conf_examples/freshclam.conf.sample
| ... | ... |
@@ -203,11 +203,6 @@ Maximum time in seconds for each download operation. 0 means no timeout. |
| 203 | 203 |
.br |
| 204 | 204 |
Default: 0 |
| 205 | 205 |
.TP |
| 206 |
-\fBSafeBrowsing BOOL\fR |
|
| 207 |
-This option enables support for Google Safe Browsing. When activated for the first time, freshclam will download a new database file (safebrowsing.cvd) which will be automatically loaded by clamd and clamscan during the next reload, provided that the heuristic phishing detection is turned on. This database includes information about websites that may be phishing sites or possible sources of malware. When using this option, it's mandatory to run freshclam at least every 30 minutes. Freshclam uses the ClamAV's mirror infrastructure to distribute the database and its updates but all the contents are provided under Google's terms of use. See https://support.google.com/code/answer/70015 and https://www.clamav.net/documents/safebrowsing for more information. |
|
| 208 |
-.br |
|
| 209 |
-Default: no |
|
| 210 |
-.TP |
|
| 211 | 206 |
\fBBytecode BOOL\fR |
| 212 | 207 |
This option enables downloading of bytecode.cvd, which includes additional detection mechanisms and improvements to the ClamAV engine. |
| 213 | 208 |
.br |
| ... | ... |
@@ -183,21 +183,6 @@ DatabaseMirror database.clamav.net |
| 183 | 183 |
# Default: yes |
| 184 | 184 |
#TestDatabases yes |
| 185 | 185 |
|
| 186 |
-# This option enables support for Google Safe Browsing. When activated for |
|
| 187 |
-# the first time, freshclam will download a new database file |
|
| 188 |
-# (safebrowsing.cvd) which will be automatically loaded by clamd and |
|
| 189 |
-# clamscan during the next reload, provided that the heuristic phishing |
|
| 190 |
-# detection is turned on. This database includes information about websites |
|
| 191 |
-# that may be phishing sites or possible sources of malware. When using this |
|
| 192 |
-# option, it's mandatory to run freshclam at least every 30 minutes. |
|
| 193 |
-# Freshclam uses the ClamAV's mirror infrastructure to distribute the |
|
| 194 |
-# database and its updates but all the contents are provided under Google's |
|
| 195 |
-# terms of use. |
|
| 196 |
-# See https://transparencyreport.google.com/safe-browsing/overview |
|
| 197 |
-# and https://www.clamav.net/documents/safebrowsing for more information. |
|
| 198 |
-# Default: no |
|
| 199 |
-#SafeBrowsing yes |
|
| 200 |
- |
|
| 201 | 186 |
# This option enables downloading of bytecode.cvd, which includes additional |
| 202 | 187 |
# detection mechanisms and improvements to the ClamAV engine. |
| 203 | 188 |
# Default: yes |
| ... | ... |
@@ -1701,16 +1701,6 @@ int main(int argc, char **argv) |
| 1701 | 1701 |
status = ret; |
| 1702 | 1702 |
goto done; |
| 1703 | 1703 |
} |
| 1704 |
- if (optget(opts, "SafeBrowsing")->enabled) {
|
|
| 1705 |
- if (FC_SUCCESS != (ret = string_list_add("safebrowsing", &optInList, &nOptIns))) {
|
|
| 1706 |
- free_string_list(optInList, nOptIns); |
|
| 1707 |
- optInList = NULL; |
|
| 1708 |
- |
|
| 1709 |
- mprintf("!Failed to add safebrowsing to list of opt-in databases.\n");
|
|
| 1710 |
- status = ret; |
|
| 1711 |
- goto done; |
|
| 1712 |
- } |
|
| 1713 |
- } |
|
| 1714 | 1704 |
|
| 1715 | 1705 |
/* |
| 1716 | 1706 |
* Collect list of database opt-outs. |
| ... | ... |
@@ -550,14 +550,13 @@ const struct clam_option __clam_options[] = {
|
| 550 | 550 |
|
| 551 | 551 |
{"ReceiveTimeout", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_FRESHCLAM, "Maximum time in seconds for each download operation. 0 means no timeout.", "0"},
|
| 552 | 552 |
|
| 553 |
- {"SafeBrowsing", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "This option enables support for Google Safe Browsing. When activated for\nthe first time, freshclam will download a new database file (safebrowsing.cvd)\nwhich will be automatically loaded by clamd and clamscan during the next\nreload, provided that the heuristic phishing detection is turned on. This\ndatabase includes information about websites that may be phishing sites or\npossible sources of malware. When using this option, it's mandatory to run\nfreshclam at least every 30 minutes.\nFreshclam uses the ClamAV's mirror infrastructure to distribute the\ndatabase and its updates but all the contents are provided under Google's\nterms of use. See https://transparencyreport.google.com/safe-browsing/overview \n and https://www.clamav.net/documents/safebrowsing for more information.", "yes"},
|
|
| 554 |
- |
|
| 555 | 553 |
{"Bytecode", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_FRESHCLAM, "This option enables downloading of bytecode.cvd, which includes additional\ndetection mechanisms and improvements to the ClamAV engine.", "yes"},
|
| 556 | 554 |
|
| 557 | 555 |
{"DisableCertCheck", "nocerts", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Disable authenticode certificate chain verification in PE files.", "no"},
|
| 558 | 556 |
|
| 559 | 557 |
/* Deprecated options */ |
| 560 | 558 |
|
| 559 |
+ {"SafeBrowsing", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "Deprecated option to download signatures derived from the Google Safe Browsing API. See https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html for more details.", "no"},
|
|
| 561 | 560 |
{"TimeLimit", "timelimit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "Deprecated option to set the max-scantime.\nThe value is in milliseconds.", "120000"},
|
| 562 | 561 |
{"DetectBrokenExecutables", "detect-broken", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "Deprecated option to alert on broken PE and ELF executable files.", "no"},
|
| 563 | 562 |
{"AlgorithmicDetection", "algorithmic-detection", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Deprecated option to enable heuristic alerts (e.g. \"Heuristics.<sig name>\")", "no"},
|
| ... | ... |
@@ -180,21 +180,6 @@ DatabaseMirror database.clamav.net |
| 180 | 180 |
# Default: yes |
| 181 | 181 |
#TestDatabases yes |
| 182 | 182 |
|
| 183 |
-# This option enables support for Google Safe Browsing. When activated for |
|
| 184 |
-# the first time, freshclam will download a new database file |
|
| 185 |
-# (safebrowsing.cvd) which will be automatically loaded by clamd and |
|
| 186 |
-# clamscan during the next reload, provided that the heuristic phishing |
|
| 187 |
-# detection is turned on. This database includes information about websites |
|
| 188 |
-# that may be phishing sites or possible sources of malware. When using this |
|
| 189 |
-# option, it's mandatory to run freshclam at least every 30 minutes. |
|
| 190 |
-# Freshclam uses the ClamAV's mirror infrastructure to distribute the |
|
| 191 |
-# database and its updates but all the contents are provided under Google's |
|
| 192 |
-# terms of use. |
|
| 193 |
-# See https://transparencyreport.google.com/safe-browsing/overview |
|
| 194 |
-# and https://www.clamav.net/documents/safebrowsing for more information. |
|
| 195 |
-# Default: no |
|
| 196 |
-#SafeBrowsing yes |
|
| 197 |
- |
|
| 198 | 183 |
# This option enables downloading of bytecode.cvd, which includes additional |
| 199 | 184 |
# detection mechanisms and improvements to the ClamAV engine. |
| 200 | 185 |
# Default: yes |