Name: maldetect Version: 1.4.0 Release: 3%{?dist} Summary: Linux malware detector BuildArch: noarch Group: Applications/File License: GPLv2 URL: http://www.rfxn.com/projects/linux-malware-detect/ # The author does not provide a way of download a specifc version. # The md5sum of the tarball in this SRPM will differ becasue the signatures # included are constantly updated. # # To confirm the tarball in this SRPM is the same as the one in Source0, the # line below delete the signatures and generate the md5sum. If you run the below # command on the tarball from the author's website and the tarball from the # SRPM, they should be the same # # gunzip -c ./maldetect-current.tar.gz | tar --delete -f - maldetect-1.4.0/files/sigs | tar -Oxf - | md5sum Source0: http://www.rfxn.com/downloads/maldetect-current.tar.gz # change the paths where it looks for stuff and remove autoupdate from the # cron job Patch0: maldetect-paths.patch # remove autoupdate functionality completely since it includes an i386 library # and binary that won't work on other architectures # # an update using the author's method will install the updated version using the # author's method which doesn't meet the Fedora packaging guidelines Patch1: maldetect-no-autoupdate.patch # take out lines that make the config files executables # they are sourced from another bash script so they are redundant Patch2: maldetect-bash.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) # intoify was introduced in kernel 2.6.13 so leaving el4 out is intentional %if 0%{?el5}%{?el6}%{?fedora} Requires: inotify-tools >= 3.14 %endif Requires: wget %description Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV. %prep %setup -q -n %{name}-%{version} # delete the library and binary bundled with the tarball rm files/inotify/libinotifytools.so.0 rm files/inotify/inotifywait sed -i 's/\r//' COPYING.GPL %patch0 -p1 -b .maldetect-paths %patch1 -p1 -b .maldetect-no-autoupdate %patch2 -p1 -b .maldetect-bash %build %install rm -rf %{buildroot} mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_datadir}/%{name} mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}%{_sysconfdir}/cron.daily mkdir -p %{buildroot}%{_libexecdir}/%{name} mkdir -p %{buildroot}%{_var}/lib/%{name} cp -pr files/clean %{buildroot}%{_var}/lib/%{name} cp -pr files/inotify %{buildroot}%{_var}/lib/%{name} cp -pr files/quarantine %{buildroot}%{_var}/lib/%{name} cp -pr files/sess %{buildroot}%{_var}/lib/%{name} cp -pr files/sigs %{buildroot}%{_var}/lib/%{name} cp -pr files/tmp %{buildroot}%{_datadir}/%{name} cp -p files/hexstring.pl %{buildroot}%{_libexecdir}/%{name}/ cp -p files/hexfifo.pl %{buildroot}%{_libexecdir}/%{name}/ cp -p files/ignore_* %{buildroot}%{_datadir}/%{name} cp -p files/VERSION.hash %{buildroot}%{_datadir}/%{name} cp -p files/internals.conf %{buildroot}%{_datadir}/%{name} cp -p files/conf.maldet %{buildroot}%{_sysconfdir}/%{name}.conf cp -p cron.daily %{buildroot}%{_sysconfdir}/cron.daily/%{name} cp -p files/maldet %{buildroot}%{_bindir}/ %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) %doc CHANGELOG COPYING.GPL README %{_bindir}/maldet %{_datadir}/maldetect %{_var}/lib/maldetect %{_libexecdir}/maldetect %config(noreplace) %{_sysconfdir}/cron.daily/maldetect %config(noreplace) %{_sysconfdir}/maldetect.conf %changelog * Wed Oct 12 2011 Mark McKinstry - 1.4.0-3 - update license * Thu Sep 08 2011 Mark McKinstry - 1.4.0-2 - update/fix comments in spec file - add hexfifo.pl to the RPM and fix the path where it is located * Thu Aug 04 2011 Mark McKinstry - 1.4.0-1 - upgrade to 1.4.0 - change name to maldetect - add a comment explaining the md5sum of the tarball - use plain old rm, sed, and friends instead of the macro version - make sure it owns its own directory - update the license to GPLv2 and GPLv2+ for now * Fri Mar 18 2011 Mark McKinstry - 1.3.9-1 - upgrade to 1.3.9 * Tue Nov 29 2010 Mark McKinstry - 1.3.7-1 - consolidate patches - make sure we're using inotify-tools >= 3.14 - upgrade to 1.3.7 * Thu Nov 11 2010 Mark McKinstry - 1.3.6-1 - initial build