saving uncommitted changes in /etc prior to dnf run

committing changes in /etc made by "-bash"
2024-02-15 00:40:14 +02:00 · 2024-02-08 19:10:52 +02:00 · 2024-02-02 14:02:38 +02:00 · 2024-02-02 13:49:32 +02:00 · 2023-12-29 20:15:47 +02:00 · 2023-12-20 12:40:27 +02:00
1483 changed files with 68241 additions and 96879 deletions
--- a/.etckeeper
+++ b/.etckeeper
--- a/ImageMagick-6/delegates.xml
+++ b/ImageMagick-6/delegates.xml
@@ -116,6 +116,6 @@
  <delegate decode="xps:cmyk" stealth="True" command="&quot;gxps&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=bmpsep8&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;"/>
  <delegate decode="xps:color" stealth="True" command="&quot;gxps&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=ppmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;"/>
  <delegate decode="xps:mono" stealth="True" command="&quot;gxps&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pbmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;"/>
-  <delegate decode="video:decode" command="&quot;ffmpeg&quot; -nostdin -v -1 -i &quot;%i&quot; -vframes %S -vcodec pam -an -f rawvideo -y &quot;%u.pam&quot; 2&gt; &quot;%u&quot;"/>
+  <delegate decode="video:decode" command="&quot;ffmpeg&quot; -nostdin -loglevel error -i &quot;%s&quot; -an -f rawvideo -y %s &quot;%s&quot;"/>
-  <delegate encode="video:encode" stealth="True" command="&quot;ffmpeg&quot; -nostdin -v -1 -i &quot;%M%%d.pam&quot; -plays %I &quot;%u.%m&quot; 2&gt; &quot;%u&quot;"/>
+  <delegate encode="video:encode" stealth="True" command="&quot;ffmpeg&quot; -nostdin -loglevel error -i &quot;%s%%d.%s&quot; %s &quot;%s.%s&quot;"/>
 </delegatemap>
--- a/ImageMagick-6/mime.xml
+++ b/ImageMagick-6/mime.xml
@@ -1143,4 +1143,7 @@
  <mime type="application/x-t602" description="T602 document" priority="100" pattern="*.602" />
  <mime type="application/x-cisco-vpn-settings" description="Cisco VPN Settings" data-type="string" offset="0" magic="[main]" priority="50" />
  <mime type="application/x-cisco-vpn-settings" description="Cisco VPN Settings" priority="100" pattern="*.pcf" />
  <mime type="image/apng" acronym="APNG" description="PNG image" priority="100" pattern="*.apng" />
  <mime type="image/avif" acronym="AVIF" description="AVIF image" priority="100" pattern="*.avif" />
  <mime type="image/webp" acronym="WEBP" description="Web/P image" priority="100" pattern="*.webp" />
 </mimemap>
--- a/ImageMagick-6/policy.xml
+++ b/ImageMagick-6/policy.xml
@@ -38,7 +38,7 @@
    <policy domain="resource" name="area" value="1GP"/>
-  Use the default system font unless overwridden by the application:
+  Use the default system font unless overridden by the application:
    <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
--- a/ImageMagick-6/thresholds.xml
+++ b/ImageMagick-6/thresholds.xml
@@ -31,7 +31,7 @@
  Each of the "levels" integer values (each value representing the threshold
  intensity "level/divisor" at which that pixel is turned on.  The "levels"
-  integers given can be any postive integers between "0" and the "divisor",
+  integers given can be any positive integers between "0" and the "divisor",
  excluding those limits.
  The "divisor" not only defines the upper limit and threshold divisor for each
@@ -127,7 +127,7 @@
  These patterns initially start as circles, but then form diamonds
  pattern at the 50% threshold level, before forming negated circles,
-  as it approached the other threshold extereme.
+  as it approached the other threshold extreme.
 -->
  <threshold map="h4x4a" alias="4x1">
    <description>Halftone 4x4 (angled)</description>
@@ -169,12 +169,12 @@
  Halftones - Orthogonally Aligned, or Un-angled
  Initially added by Anthony Thyssen, IM v6.2.9-5 using techniques from
-  "Dithering & Halftoning" by Gernot Haffmann
+  "Dithering & Halftoning" by Gernot Hoffmann
  http://www.fho-emden.de/~hoffmann/hilb010101.pdf
  These patterns initially start as circles, but then form square
  pattern at the 50% threshold level, before forming negated circles,
-  as it approached the other threshold extereme.
+  as it approached the other threshold extreme.
 -->
  <threshold map="h4x4o">
    <description>Halftone 4x4 (orthogonal)</description>
@@ -214,7 +214,7 @@
  <threshold map="h16x16o">
    <!--
-       Direct extract from "Dithering & Halftoning" by Gernot Haffmann.
+       Direct extract from "Dithering & Halftoning" by Gernot Hoffmann.
       This may need some fine tuning for symmetry of the halftone dots,
       as it was a mathematically formulated pattern.
    -->
--- a/ImageMagick-6/type-urw-base35.xml
+++ b/ImageMagick-6/type-urw-base35.xml
@@ -21,7 +21,7 @@
  <type name="Bookman-DemiItalic" fullname="Bookman DemiBold Italic" family="Bookman" foundry="URW" weight="600" style="italic" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/URWBookman-DemiItalic.afm" glyphs="/usr/share/fonts/urw-base35/URWBookman-DemiItalic.t1"/>
  <type name="Bookman-Light" fullname="Bookman Light" family="Bookman" foundry="URW" weight="300" style="normal" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/URWBookman-Light.afm" glyphs="/usr/share/fonts/urw-base35/URWBookman-Light.t1"/>
  <type name="Bookman-LightItalic" fullname="Bookman Light Italic" family="Bookman" foundry="URW" weight="300" style="italic" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/URWBookman-LightItalic.afm" glyphs="/usr/share/fonts/urw-base35/URWBookman-LightItalic.t1"/>
-  <type name="Courier" fullname="Courier Regular" family="Courier" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/NimbusMonoPS-Refular.afm" glyphs="/usr/share/fonts/urw-base35/NimbusMonoPS-Regular.t1"/>
+  <type name="Courier" fullname="Courier Regular" family="Courier" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/NimbusMonoPS-Regular.afm" glyphs="/usr/share/fonts/urw-base35/NimbusMonoPS-Regular.t1"/>
  <type name="Courier-Bold" fullname="Courier Bold" family="Courier" foundry="URW" weight="700" style="normal" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/NimbusMonoPS-Bold.afm" glyphs="/usr/share/fonts/urw-base35/NimbusMonoPS-Bold.t1"/>
  <type name="Courier-Oblique" fullname="Courier Regular Oblique" family="Courier" foundry="URW" weight="400" style="oblique" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/NimbusMonoPS-Italic.afm" glyphs="/usr/share/fonts/urw-base35/NimbusMonoPS-Italic.t1"/>
  <type name="Courier-BoldOblique" fullname="Courier Bold Oblique" family="Courier" foundry="URW" weight="700" style="oblique" stretch="normal" format="type1" metrics="/usr/share/fonts/urw-base35/NimbusMonoPS-BoldItalic.afm" glyphs="/usr/share/fonts/urw-base35/NimbusMonoPS-BoldItalic.t1"/>
--- a/X11/fontpath.d/liberation-mono-fonts
+++ b/X11/fontpath.d/liberation-mono-fonts
@@ -0,0 +1 @@
 /usr/share/fonts/liberation-mono
--- a/aliases.db
+++ b/aliases.db
--- a/2
+++ b/2
@@ -1 +1 @@
-AlmaLinux release 8.6 (Sky Tiger)
+AlmaLinux release 8.9 (Midnight Oncilla)
--- a/2
+++ b/2
@@ -1 +1 @@
-Derived from Red Hat Enterprise Linux 8.6 (Source)
+Derived from Red Hat Enterprise Linux 8.9 (Source)
--- a/alternatives/alt-java
+++ b/alternatives/alt-java
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/alt-java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/alt-java
--- a/alternatives/alt-java.1.gz
+++ b/alternatives/alt-java.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/ifdown
+++ b/alternatives/ifdown
@@ -1 +0,0 @@
 /etc/sysconfig/network-scripts/ifdown
--- a/alternatives/ifup
+++ b/alternatives/ifup
@@ -1 +0,0 @@
 /etc/sysconfig/network-scripts/ifup
--- a/alternatives/java
+++ b/alternatives/java
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/java
--- a/alternatives/java.1.gz
+++ b/alternatives/java.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/jjs
+++ b/alternatives/jjs
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/jjs
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/jjs
--- a/alternatives/jjs.1.gz
+++ b/alternatives/jjs.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/jre
+++ b/alternatives/jre
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre
--- a/alternatives/jre_1.8.0
+++ b/alternatives/jre_1.8.0
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre
--- a/alternatives/jre_1.8.0_openjdk
+++ b/alternatives/jre_1.8.0_openjdk
@@ -1 +1 @@
-/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64
+/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64
--- a/alternatives/jre_openjdk
+++ b/alternatives/jre_openjdk
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre
--- a/alternatives/keytool
+++ b/alternatives/keytool
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/keytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/keytool
--- a/alternatives/keytool.1.gz
+++ b/alternatives/keytool.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/orbd
+++ b/alternatives/orbd
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/orbd
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/orbd
--- a/alternatives/orbd.1.gz
+++ b/alternatives/orbd.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/pack200
+++ b/alternatives/pack200
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/pack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/pack200
--- a/alternatives/pack200.1.gz
+++ b/alternatives/pack200.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/policytool
+++ b/alternatives/policytool
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/policytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/policytool
--- a/alternatives/policytool.1.gz
+++ b/alternatives/policytool.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/rmid
+++ b/alternatives/rmid
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/rmid
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/rmid
--- a/alternatives/rmid.1.gz
+++ b/alternatives/rmid.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/rmiregistry
+++ b/alternatives/rmiregistry
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/rmiregistry
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/rmiregistry
--- a/alternatives/rmiregistry.1.gz
+++ b/alternatives/rmiregistry.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/servertool
+++ b/alternatives/servertool
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/servertool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/servertool
--- a/alternatives/servertool.1.gz
+++ b/alternatives/servertool.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/tnameserv
+++ b/alternatives/tnameserv
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/tnameserv
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/tnameserv
--- a/alternatives/tnameserv.1.gz
+++ b/alternatives/tnameserv.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/alternatives/unpack200
+++ b/alternatives/unpack200
@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/unpack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/unpack200
--- a/alternatives/unpack200.1.gz
+++ b/alternatives/unpack200.1.gz
@@ -1 +1 @@
-/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz
+/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz
--- a/amavisd/amavisd.conf.rpmnew
+++ b/amavisd/amavisd.conf.rpmnew
@@ -1,828 +0,0 @@
 use strict;
 # a minimalistic configuration file for amavisd-new with all necessary settings
 #
 #   see amavisd.conf-default for a list of all variables with their defaults;
 #   for more details see documentation in INSTALL, README_FILES/*
 #   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
 # COMMONLY ADJUSTED SETTINGS:
 # @bypass_virus_checks_maps = (1);  # controls running of anti-virus code
 # @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
 # $bypass_decode_parts = 1;         # controls running of decoders&dearchivers
 # $myprogram_name = $0; # set to 'amavisd' or similar to avoid process name
                        # truncation in /proc/<pid>/stat and ps -e output
 $max_servers = 2;            # num of pre-forked children (2..30 is common), -m
 $daemon_user  = 'amavis';    # (no default;  customary: vscan or amavis), -u
 $daemon_group = 'amavis';    # (no default;  customary: vscan or amavis), -g
 $mydomain = 'example.com';   # a convenient default for other settings
 $MYHOME = '/var/spool/amavisd';   # a convenient default for other settings, -H
 $TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
 $ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
 $QUARANTINEDIR = undef;      # -Q
 # $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine
 # $release_format = 'resend';     # 'attach', 'plain', 'resend'
 # $report_format  = 'arf';        # 'attach', 'plain', 'resend', 'arf'
 # $daemon_chroot_dir = $MYHOME;   # chroot directory or undef, -R
 $db_home   = "$MYHOME/db";        # dir for bdb nanny/cache/snmp databases, -D
 # $helpers_home = "$MYHOME/var";  # working directory for SpamAssassin, -S
 $lock_file = "/run/amavisd/amavisd.lock";  # -L
 $pid_file  = "/run/amavisd/amavisd.pid";   # -P
 #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
 $log_level = 0;              # verbosity 0..5, -d
 $log_recip_templ = undef;    # disable by-recipient level-0 log entries
 $do_syslog = 1;              # log via syslogd (preferred)
 $syslog_facility = 'mail';   # Syslog facility as a string
           # e.g.: mail, daemon, user, local0, ... local7
 $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 # $enable_zmq = 1;           # enable use of ZeroMQ (SNMP and nanny)
 $nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
 $enable_dkim_verification = 1;  # enable DKIM signatures verification
 $enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key
@local_domains_maps = ( [".$mydomain"] );  # list of all local domains
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
 $unix_socketname = "/run/amavisd/amavisd.sock";  # amavisd-release or amavis-milter
               # option(s) -p overrides $inet_socket_port and $unix_socketname
 # The default receiving port in the Fedora and RHEL SELinux policy is 10024.
 # To allow additional ports you need to label them as 'amavisd_recv_port_t'
 # For example: semanage port -a -t amavisd_recv_port_t -p tcp 10022
 $inet_socket_port = 10024;   # listen on this local TCP port(s)
 # $inet_socket_port = [10022,10024];  # listen on multiple TCP ports
 $policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
 };
 # it is up to MTA to re-route mail from authenticated roaming users or
 # from internal hosts to a dedicated TCP port (such as 10022) for filtering
 $interface_policy{'10022'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["virusalert\@$mydomain"],
  spam_admin_maps  => ["virusalert\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10025',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
 };
 $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
 # Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c
 # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'):
 $policy_bank{'AM.PDP-SOCK'} = {
  protocol => 'AM.PDP',
  auth_required_release => 0,  # do not require secret_id for amavisd-release
 };
 $sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
 $sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
 $sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
 $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is suppressed
 $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
 # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
 $penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
 $penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
 $bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
 $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
 $sa_local_tests_only = 0;    # only tests which do not require internet access?
 # @lookup_sql_dsn =
 #   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
 #     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
 #     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
 # @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database
 # @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} );
 # $redis_logging_key = 'amavis-log';
 # $redis_logging_queue_size_limit = 300000;  # about 250 MB / 100000
 # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP;
 #   defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16)
 $virus_admin               = undef;                    # notifications recip.
 $mailfrom_notify_admin     = undef;                    # notifications sender
 $mailfrom_notify_recip     = undef;                    # notifications sender
 $mailfrom_notify_spamadmin = undef;                    # notifications sender
 $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps      = ('virus');
@addr_extension_banned_maps     = ('banned');
@addr_extension_spam_maps       = ('spam');
@addr_extension_bad_header_maps = ('badh');
 # $recipient_delimiter = '+';  # undef disables address extensions altogether
 # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
 $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
 # $dspam = 'dspam';
 $MAXLEVELS = 14;
 $MAXFILES = 3000;
 $MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
 $MAX_EXPANSION_QUOTA = 500*1024*1024;  # bytes  (default undef, not enforced)
 $sa_spam_subject_tag = '***Spam*** ';
 $defang_virus  = 1;  # MIME-wrap passed infected mail
 $defang_banned = 1;  # MIME-wrap passed mail containing banned name
 # for defanging bad headers only turn on certain minor contents categories:
 $defang_by_ccat{CC_BADH.",3"} = 1;  # NUL or CR character in header
 $defang_by_ccat{CC_BADH.",5"} = 1;  # header line longer than 998 characters
 $defang_by_ccat{CC_BADH.",6"} = 1;  # header field syntax error
 # OTHER MORE COMMON SETTINGS (defaults may suffice):
 # $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
 # The default forwarding port in the Fedora and RHEL SELinux policy is 10025.
 # To allow additional ports you need to label them as 'amavisd_send_port_t'.
 # For example: semanage port -a -t amavisd_send_port_t -p tcp 10023
 # $notify_method  = 'smtp:[127.0.0.1]:10023';
 # $forward_method = 'smtp:[127.0.0.1]:10023';  # set to undef with milter!
 $final_virus_destiny      = D_DISCARD;
 $final_banned_destiny     = D_BOUNCE;
 $final_spam_destiny       = D_DISCARD;  #!!!  D_DISCARD / D_REJECT
 $final_bad_header_destiny = D_BOUNCE;
 # $bad_header_quarantine_method = undef;
 # $os_fingerprint_method = 'p0f:*:2345';  # to query p0f-analyzer.pl
 ## hierarchy by which a final setting is chosen:
 ##   policy bank (based on port or IP address) -> *_by_ccat
 ##   *_by_ccat (based on mail contents) -> *_maps
 ##   *_maps (based on recipient address) -> final configuration value
 # SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all)
 # $warnbadhsender,
 # $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps)
 #
 # @bypass_virus_checks_maps, @bypass_spam_checks_maps,
 # @bypass_banned_checks_maps, @bypass_header_checks_maps,
 #
 # @virus_lovers_maps, @spam_lovers_maps,
 # @banned_files_lovers_maps, @bad_header_lovers_maps,
 #
 # @blacklist_sender_maps, @score_sender_maps,
 #
 # $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
 # $bad_header_quarantine_to, $spam_quarantine_to,
 #
 # $defang_bad_header, $defang_undecipherable, $defang_spam
 # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
@keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',                # let virus scanner see full original message
  qr'^MAIL-UNDECIPHERABLE$', # same as ^MAIL$ if mail is undecipherable
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 # qr'^Zip archive data',     # don't trust Archive::Zip
 ));
 $banned_filename_re = new_RE(
 ### BLOCKED ANYWHERE
 # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
 # qr'^\.(exe|lha|cab|dll)$',              # banned file(1) types
 ### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
 # [ qr'^\.(gz|bz2)$'             => 0 ],  # allow any in gzip or bzip2
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
 # qr'^\.zip$',                            # block zip type
 ### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
 # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives
  qr'^application/x-msdownload$'i,        # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
 # qr'^message/partial$'i,         # rfc2046 MIME type
 # qr'^message/external-body$'i,   # rfc2046 MIME type
 # qr'^(application/x-msmetafile|image/x-wmf)$'i,  # Windows Metafile MIME type
 # qr'^\.wmf$',                            # Windows Metafile file(1) type
  # block certain double extensions in filenames
  qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
 # qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
 # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose
  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
 # qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
 # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
 #        inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi|
 #        msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd|
 #        wmf|wsc|wsf|wsh)$'ix,                # banned extensions - long
 # qr'.\.(asd|asf|asx|url|vcs|wmd|wmz)$'i,     # consider also
 # qr'.\.(ani|cur|ico)$'i,                 # banned cursors and icons filename
 # qr'^\.ani$',                            # banned animated cursor file(1) type
 # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
 );
 # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
 # and http://www.cknow.com/vtutor/vtextensions.htm
 # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed
 # ## per-recipient personal tables  (NOTE: positive: black, negative: white)
 # 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
 # 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
 # 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
 #                           '.cleargreen.com'           => -5.0}],
  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost
   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),
 #  read_hash("/var/amavis/sender_scores_sitewide"),
   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,
   },
  ],  # end of site-wide tables
 });
@decoders = (
  ['mail', \&do_mime_decode],
 # [[qw(asc uue hqx ync)], \&do_ascii],  # not safe
  ['F',    \&do_uncompress, ['unfreeze', 'freeze -d', 'melt', 'fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress', 'gzip -d', 'zcat'] ],
  ['gz',   \&do_uncompress, 'gzip -d'],
  ['gz',   \&do_gunzip],
  ['bz2',  \&do_uncompress, 'bzip2 -d'],
  ['xz',   \&do_uncompress,
           ['xzdec', 'xz -dc', 'unxz -c', 'xzcat'] ],
  ['lzma', \&do_uncompress,
           ['lzmadec', 'xz -dc --format=lzma',
            'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ],
 #  ['lrz',  \&do_uncompress,
 #           ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ],
  ['lzo',  \&do_uncompress, 'lzop -d'],
  ['lz4',  \&do_uncompress, ['lz4c -d'] ],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl', 'rpm2cpio'] ],
  [['cpio','tar'], \&do_pax_cpio, ['pax', 'gcpio', 'cpio'] ],
           # ['/usr/local/heirloom/usr/5bin/pax', 'pax', 'gcpio', 'cpio']
  ['deb',  \&do_ar, 'ar'],
 # ['a',    \&do_ar, 'ar'],  # unpacking .a seems an overkill
  ['rar',  \&do_unrar, ['unrar', 'rar'] ],
  ['arj',  \&do_unarj, ['unarj', 'arj'] ],
  ['arc',  \&do_arc,   ['nomarch', 'arc'] ],
  ['zoo',  \&do_zoo,   ['zoo', 'unzoo'] ],
 # ['doc',  \&do_ole,   'ripole'],  # no ripole package so far
  ['cab',  \&do_cabextract, 'cabextract'],
 # ['tnef', \&do_tnef_ext, 'tnef'],  # use internal do_tnef() instead
  ['tnef', \&do_tnef],
 # ['lha',  \&do_lha,   'lha'],  # not safe, use 7z instead
 # ['sit',  \&do_unstuff, 'unstuff'],  # not safe
  [['zip','kmz'], \&do_7zip,  ['7za', '7z'] ],
  [['zip','kmz'], \&do_unzip],
  ['7z',   \&do_7zip,  ['7zr', '7za', '7z'] ],
  [[qw(gz bz2 Z tar)],
           \&do_7zip,  ['7za', '7z'] ],
  [[qw(xz lzma jar cpio arj rar swf lha iso cab deb rpm)],
           \&do_7zip,  '7z' ],
  ['exe',  \&do_executable, ['unrar','rar'], 'lha', ['unarj','arj'] ],
 );
@av_scanners = (
 # ### http://www.sophos.com/
 # ['Sophos-SSSP',  # SAV Dynamic Interface
 #   \&ask_daemon, ["{}", 'sssp:/run/savdi/sssp.sock'],
 #           # or: ["{}", 'sssp:[127.0.0.1]:4010'],
 #   qr/^DONE OK\b/m, qr/^VIRUS\b/m, qr/^VIRUS\s*(\S*)/m ],
 # ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/)
 # ['Sophie',
 #   \&ask_daemon, ["{}/\n", 'sophie:/run/sophie'],
 #   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
 #   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ],
 # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
 # ['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ],
 # ['Avira SAVAPI',
 #   \&ask_daemon, ["*", 'savapi:/var/tmp/.savapi3', 'product-id'],
 #   qr/^(200|210)/m,  qr/^(310|420|319)/m,
 #   qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ],
 # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1
  ### http://www.clamav.net/
  ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/run/clamd.amavisd/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  # NOTE: run clamd under the same user as amavisd - or run it under its own
  #   uid such as clamav, add user clamav to the amavis group, and then add
  #   AllowSupplementaryGroups to clamd.conf;
  # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
  #   this entry; when running chrooted one may prefer a socket under $MYHOME.
 # ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)
 # # note that Mail::ClamAV requires perl to be build with threading!
 # ['Mail::ClamAV', \&ask_daemon, ['{}','clamav-perl:'],
 #   [0], [1], qr/^INFECTED: (.+)/m],
 # ### http://www.openantivirus.org/
 # ['OpenAntiVirus ScannerDaemon (OAV)',
 #   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
 #   qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ],
 # ### http://www.vanja.com/tools/trophie/
 # ['Trophie',
 #   \&ask_daemon, ["{}/\n", 'trophie:/run/trophie'],
 #   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/m,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/m,
 #   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ],
 # ### http://www.grisoft.com/
 # ['AVG Anti-Virus',
 #   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
 #   qr/^200/m, qr/^403/m, qr/^403[- ].*: ([^\r\n]+)/m ],
 # ### http://www.f-prot.com/
 # ['F-Prot fpscand',  # F-PROT Antivirus for BSD/Linux/Solaris, version 6
 #   \&ask_daemon,
 #   ["SCAN FILE {}/*\n", '127.0.0.1:10200'],
 #   qr/^(0|8|64) /m,
 #   qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m,
 #   qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ],
 # ### http://www.f-prot.com/
 # ['F-Prot f-protd',  # old version
 #   \&ask_daemon,
 #   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
 #     ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202',
 #      '127.0.0.1:10203', '127.0.0.1:10204'] ],
 #   qr/(?i)<summary[^>]*>clean<\/summary>/m,
 #   qr/(?i)<summary[^>]*>infected<\/summary>/m,
 #   qr/(?i)<name>(.+)<\/name>/m ],
 # ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
 # ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
 #   [pack('N',1).  # DRWEBD_SCAN_CMD
 #    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
 #    pack('N',     # path length
 #      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")).
 #    '{}/*'.       # path
 #    pack('N',0).  # content size
 #    pack('N',0),
 #    '/var/drweb/run/drwebd.sock',
 #  # '/var/amavis/run/drwebd.sock',   # suitable for chroot
 #  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
 #  # '127.0.0.1:3000',                    # or over an inet socket
 #   ],
 #   qr/\A\x00[\x10\x11][\x00\x10]\x00/sm,        # IS_CLEAN,EVAL_KEY; SKIPPED
 #   qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF
 #   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm,
 # ],
 # # NOTE: If using amavis-milter, change length to:
 # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx").
  ### http://www.kaspersky.com/  (kav4mailservers)
  ['KasperskyLab AVP - aveclient',
    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
     '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
    '-p /run/aveserver -s {}/*',
    [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
    qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
  ],
  # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
  # currupted or protected archives are to be handled
  ### http://www.kaspersky.com/
  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
    '-* -P -B -Y -O- {}', [0,3,6,8], [2,4],    # any use for -A -K   ?
    qr/infected: (.+)/m,
    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
  ],
  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
  ### products and replaced by aveserver and aveclient
  ['KasperskyLab AVPDaemonClient',
    [ '/opt/AVP/kavdaemon',       'kavdaemon',
      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
      '/opt/AVP/avpdc', 'avpdc' ],
    "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
    # change the startup-script in /etc/init.d/kavd to:
    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
    # adjusting /var/amavis above to match your $TEMPBASE.
    # The '-f=/var/amavis' is needed if not running it as root, so it
    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
    #   directory $TEMPBASE specifies) in the 'Names=' section.
    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
    # cp AvpDaemonClient /opt/AVP/
    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
  ### http://www.centralcommand.com/
  ['CentralCommand Vexira (new) vascan',
    ['vascan','/usr/lib/Vexira/vascan'],
    "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
    "--log=/var/log/vascan.log {}",
    [0,3], [1,2,5],
    qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
    # Adjust the path of the binary and the virus database as needed.
    # 'vascan' does not allow to have the temp directory to be the same as
    # the quarantine directory, and the quarantine option can not be disabled.
    # If $QUARANTINEDIR is not used, then another directory must be specified
    # to appease 'vascan'. Move status 3 to the second list if password
    # protected files are to be considered infected.
  ### http://www.avira.com/
  ### old Avira AntiVir 2.x (ex H+BEDV) or old CentralCommand Vexira Antivirus
  ['Avira AntiVir', ['antivir','vexira'],
    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
    # NOTE: if you only have a demo version, remove -z and add 214, as in:
    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
  ### http://www.avira.com/
  ### Avira for UNIX 3.x
  ['Avira AntiVir', ['avscan'],
   '-s --batch --alert-action=none {}', [0,4], qr/(?:ALERT|FUND):/m,
   qr/(?:ALERT|FUND): (?:.* <<< )?(.+?)(?: ; |$)/m ],
  ### http://www.commandsoftware.com/
  ['Command AntiVirus for Linux', 'csav',
    '-all -archive -packed {}', [50], [51,52,53],
    qr/Infection: (.+)/m ],
  ### http://www.symantec.com/
  ['Symantec CarrierScan via Symantec CommandLineScanner',
    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
    qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
    qr/^(?:Info|Virus Name):\s+(.+)/m ],
  ### http://www.symantec.com/
  ['Symantec AntiVirus Scan Engine',
    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
    [0], qr/^Infected\b/m,
    qr/^(?:Info|Virus Name):\s+(.+)/m ],
    # NOTE: check options and patterns to see which entry better applies
 # ### http://www.f-secure.com/products/anti-virus/  version 5.52
 #  ['F-Secure Antivirus for Linux servers',
 #   ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
 #   '--virus-action1=report --archive=yes --auto=yes '.
 #   '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
 #   qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
 #   # NOTE: internal archive handling may be switched off by '--archive=no'
 #   #   to prevent fsav from exiting with status 9 on broken archives
  ### http://www.f-secure.com/ version 9.14
   ['F-Secure Linux Security',
    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
    '--virus-action1=report --archive=yes --auto=yes '.
    '--list=no --nomimeerr {}', [0], [3,4,6,8],
    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
    # NOTE: internal archive handling may be switched off by '--archive=no'
    #   to prevent fsav from exiting with status 9 on broken archives
 # ### http://www.avast.com/
 # ['avast! Antivirus daemon',
 #   \&ask_daemon,  # greets with 220, terminate with QUIT
 #   ["SCAN {}\015\012QUIT\015\012", '/run/avast4/mailscanner.sock'],
 #   qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t[0-9]+\s+([^[ \t\015\012]+)/m ],
 # ### http://www.avast.com/
 # ['avast! Antivirus - Client/Server Version', 'avastlite',
 #   '-a /run/avast4/mailscanner.sock -n {}', [0], [1],
 #   qr/\t\[L\]\t([^[ \t\015\012]+)/m ],
  ['CAI InoculateIT', 'inocucmd',  # retired product
    '-sec -nex {}', [0], [100],
    qr/was infected by virus (.+)/m ],
  # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
  ### http://www3.ca.com/Solutions/Product.asp?ID=156  (ex InoculateIT)
  ['CAI eTrust Antivirus', 'etrust-wrapper',
    '-arc -nex -spm h {}', [0], [101],
    qr/is infected by virus: (.+)/m ],
    # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
    # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
  ### http://mks.com.pl/english.html
  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
    '-s {}/*', [0], [1,2],
    qr/--[ \t]*(.+)/m ],
  ### http://mks.com.pl/english.html
  ['MkS_Vir daemon', 'mksscan',
    '-s -q {}', [0], [1..7],
    qr/^... (\S+)/m ],
 # ### http://www.nod32.com/,  version v2.52 (old)
 # ['ESET NOD32 for Linux Mail servers',
 #   ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
 #    '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '.
 #    '-w -a --action-on-infected=accept --action-on-uncleanable=accept '.
 #    '--action-on-notscanned=accept {}',
 #   [0,3], [1,2], qr/virus="([^"]+)"/m ],
 # ### http://www.eset.com/, version v2.7 (old)
 # ['ESET NOD32 Linux Mail Server - command line interface',
 #   ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
 #   '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/m ],
 # ### http://www.eset.com/, version 2.71.12
 # ['ESET Software ESETS Command Line Interface',
 #   ['/usr/bin/esets_cli', 'esets_cli'],
 #   '--subdir {}', [0], [1,2,3], qr/virus="([^"]+)"/m ],
  ### http://www.eset.com/, version 3.0
  ['ESET Software ESETS Command Line Interface',
    ['/usr/bin/esets_cli', 'esets_cli'],
    '--subdir {}', [0], [1,2,3],
    qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
  ## http://www.nod32.com/,  NOD32LFS version 2.5 and above
  ['ESET NOD32 for Linux File servers',
    ['/opt/eset/nod32/sbin/nod32','nod32'],
    '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
    '-w -a --action=1 -b {}',
    [0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
 # Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
 # ['ESET Software NOD32 Client/Server (NOD32SS)',
 #   \&ask_daemon2,    # greets with 200, persistent, terminate with QUIT
 #   ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
 #   qr/^200 File OK/m, qr/^201 /m, qr/^201 (.+)/m ],
  ### http://www.norman.com/products_nvc.shtml
  ['Norman Virus Control v5 / Linux', 'nvcc',
    '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
    qr/(?i).* virus in .* -> \'(.+)\'/m ],
  ### http://www.pandasoftware.com/
  ['Panda CommandLineSecure 9 for Linux',
    ['/opt/pavcl/usr/bin/pavcl','pavcl'],
    '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
    qr/Number of files infected[ .]*: 0+(?!\d)/m,
    qr/Number of files infected[ .]*: 0*[1-9]/m,
    qr/Found virus :\s*(\S+)/m ],
  # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
  # before starting amavisd - the bases are then loaded only once at startup.
  # To reload bases in a signature update script:
  #   /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
  # Please review other options of pavcl, for example:
  #  -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
 # ### http://www.pandasoftware.com/
 # ['Panda Antivirus for Linux', ['pavcl'],
 #   '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
 #   [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
 #   qr/Found virus :\s*(\S+)/m ],
 # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
 # Check your RAV license terms before fiddling with the following two lines!
 # ['GeCAD RAV AntiVirus 8', 'ravav',
 #   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/m ],
 # # NOTE: the command line switches changed with scan engine 8.5 !
 # # (btw, assigning stdin to /dev/null causes RAV to fail)
  ### http://www.nai.com/
  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
    '--secure -rv --mime --summary --noboot - {}', [0], [13],
    qr/(?x) Found (?:
        \ the\ (.+)\ (?:virus|trojan)  |
        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
        :\ (.+)\ NOT\ a\ virus)/m,
  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
  # sub {delete $ENV{LD_PRELOAD}},
  ],
  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
  # and then clear it when finished to avoid confusing anything else.
  # NOTE2: to treat encrypted files as viruses replace the [13] with:
  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
  ### http://www.virusbuster.hu/en/
  ['VirusBuster', ['vbuster', 'vbengcl'],
    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
    qr/: '(.*)' - Virus/m ],
  # VirusBuster Ltd. does not support the daemon version for the workstation
  # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
  # binaries, some parameters AND return codes have changed (from 3 to 1).
  # See also the new Vexira entry 'vascan' which is possibly related.
 # ### http://www.virusbuster.hu/en/
 # ['VirusBuster (Client + Daemon)', 'vbengd',
 #   '-f -log scandir {}', [0], [3],
 #   qr/Virus found = (.*);/m ],
 # # HINT: for an infected file it always returns 3,
 # # although the man-page tells a different story
  ### http://www.cyber.com/
  ['CyberSoft VFind', 'vfind',
    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
  ],
 # ### http://www.avast.com/  (old)
 # ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
 #   '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
 # ### http://www.avast.com/
 # ['avast! Antivirus', '/bin/scan', '{}', [0], [1], qr/\t(.+)/m ],
  ### http://www.ikarus-software.com/
  ['Ikarus AntiVirus for Linux', 'ikarus',
    '{}', [0], [40], qr/Signature (.+) found/m ],
  ### http://www.bitdefender.com/
  ['BitDefender', 'bdscan',  # new version
    '--action=ignore --no-list {}', qr/^Infected files\s*:\s*0+(?!\d)/m,
    qr/^(?:Infected files|Identified viruses|Suspect files)\s*:\s*0*[1-9]/m,
    qr/(?:suspected|infected)\s*:\s*(.*)(?:\033|$)/m ],
  ### http://www.bitdefender.com/
  ['BitDefender', 'bdc',  # old version
    '--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
    qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
  # not apply to your version of bdc, check documentation and see 'bdc --help'
  ### ArcaVir for Linux and Unix http://www.arcabit.pl/
  ['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
    '-v 1 -summary 0 -s {}', [0], [1,2],
    qr/(?:VIR|WIR):[ \t]*(.+)/m ],
 # ### a generic SMTP-client interface to a SMTP-based virus scanner
 # ['av_smtp', \&ask_av_smtp,
 #   ['{}', 'smtp:[127.0.0.1]:5525', 'dummy@localhost'],
 #   qr/^2/, qr/^5/, qr/^\s*(.*?)\s*$/m ],
 # ['File::Scan', sub {Amavis::AV::ask_av(sub{
 #   use File::Scan; my($fn)=@_;
 #   my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0);
 #   my($vname) = $f->scan($fn);
 #   $f->error ? (2,"Error: ".$f->error)
 #   : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) },
 #   ["{}/*"], [0], [1], qr/^(.*) FOUND$/m ],
 # ### fully-fledged checker for JPEG marker segments of invalid length
 # ['check-jpeg',
 #   sub { use JpegTester (); Amavis::AV::ask_av(\&JpegTester::test_jpeg, @_) },
 #   ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/m ],
 # # NOTE: place file JpegTester.pm somewhere where Perl can find it,
 # #       for example in /usr/local/lib/perl5/site_perl
 );
@av_scanners_backup = (
  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 # ### http://www.clamav.net/ - using remote clamd scanner as a backup
 # ['ClamAV-clamdscan', 'clamdscan',
 #   "--stdout --no-summary --config-file=/etc/clamd-client.conf {}",
 #   [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
 # ['ClamAV-clamd-stream',
 #   \&ask_daemon, ["*", 'clamd:/run/clamav/clamd.sock'],
 #   qr/\bOK$/m, qr/\bFOUND$/m,
 #   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  ### http://www.f-prot.com/   - backs up F-Prot Daemon, V6
  ['F-PROT Antivirus for UNIX', ['fpscan'],
    '--report --mount --adware {}',  # consider: --applications -s 4 -u 3 -z 10
    [0,8,64],  [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
    qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
  ### http://www.f-prot.com/   - backs up F-Prot Daemon (old)
  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
    '-dumb -archive -packed {}', [0,8], [3,6],   # or: [0], [3,6,8],
    qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
  ### http://www.trendmicro.com/   - backs up Trophie
  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
    '-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
  ### http://www.sald.com/, http://drweb.imshop.de/   - backs up DrWebD
  ['drweb - DrWeb Antivirus',  # security LHA hole in Dr.Web 4.33 and earlier
    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
    '-path={} -al -go -ot -cn -upn -ok-',
    [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
   ### http://www.kaspersky.com/
   ['Kaspersky Antivirus v5.5',
     ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
      '/opt/kav/5.5/kav4unix/bin/kavscanner',
      '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
     '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
     qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
 #    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
 #    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
   ],
  ### http://www.sophos.com/
  ['Sophos Anti Virus (savscan)',   # formerly known as 'sweep'
    ['/opt/sophos-av/bin/savscan', 'savscan'],  # 'sweep'
    '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
    '--no-reset-atime {}',
    [0,2], qr/Virus .*? found/m,
    qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
  ],
  # other options to consider: -idedir=/usr/local/sav
  # A name 'sweep' clashes with a name of an audio editor (Debian and FreeBSD).
  # Make sure the correct 'sweep' is found in the path if using the old name.
 # Always succeeds and considers mail clean.
 # Potentially useful when all other scanners fail and it is desirable
 # to let mail continue to flow with no virus checking (when uncommented).
 # ['always-clean', sub {0}],
 );
 1;  # insure a defined return value
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -28,6 +28,10 @@
 ## www[001:006].example.com
 # You can also use ranges for multiple hosts: 
 ## db-[99:101]-node.example.com
 # Ex 3: A collection of database servers in the 'dbservers' group:
 ## [dbservers]
@@ -37,8 +41,14 @@
 ## 10.25.1.56
 ## 10.25.1.57
 # Here's another example of host ranges, this time there are no
 # leading 0s:
-## db-[99:101]-node.example.com
+# Ex4: Multiple hosts arranged into groups such as 'Debian' and 'openSUSE':
 ## [Debian]
 ## alpha.example.org
 ## beta.example.org
 ## [openSUSE]
 ## green.example.com
 ## blue.example.com
--- a/audit/auditd.conf
+++ b/audit/auditd.conf
@@ -9,7 +9,7 @@ log_group = root
 log_format = ENRICHED
 flush = INCREMENTAL_ASYNC
 freq = 50
-max_log_file = 8
+max_log_file = 10
 num_logs = 5
 priority_boost = 4
 name_format = NONE
--- a/authselect/user-nsswitch.conf
+++ b/authselect/user-nsswitch.conf
@@ -35,8 +35,6 @@
 #
 # Notes:
 #
 # 'sssd' performs its own 'files'-based caching, so it should generally
 # come before 'files'.
 #
 # WARNING: Running nscd with a secondary caching service like sssd may
 # 	   lead to unexpected behaviour, especially with how long
@@ -53,9 +51,9 @@
 # group:     db files
 # In order of likelihood of use to accelerate lookup.
-passwd:      sss files systemd
+passwd:      files sss systemd
 shadow:     files sss
-group:       sss files systemd
+group:       files sss systemd
 hosts:      files dns myhostname
 services:   files sss
 netgroup:   sss
--- a/authselect/user-nsswitch.conf.save_by_rpm
+++ b/authselect/user-nsswitch.conf.save_by_rpm
@@ -0,0 +1,72 @@
 #
 # /etc/nsswitch.conf
 #
 # Name Service Switch config file. This file should be
 # sorted with the most-used services at the beginning.
 #
 # Valid databases are: aliases, ethers, group, gshadow, hosts,
 # initgroups, netgroup, networks, passwd, protocols, publickey,
 # rpc, services, and shadow.
 #
 # Valid service provider entries include (in alphabetical order):
 #
 #	compat			Use /etc files plus *_compat pseudo-db
 #	db			Use the pre-processed /var/db files
 #	dns			Use DNS (Domain Name Service)
 #	files			Use the local files in /etc
 #	hesiod			Use Hesiod (DNS) for user lookups
 #	nis			Use NIS (NIS version 2), also called YP
 #	nisplus			Use NIS+ (NIS version 3)
 #
 # See `info libc 'NSS Basics'` for more information.
 #
 # Commonly used alternative service providers (may need installation):
 #
 #	ldap			Use LDAP directory server
 #	myhostname		Use systemd host names
 #	mymachines		Use systemd machine names
 #	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
 #	resolve			Use systemd resolved resolver
 #	sss			Use System Security Services Daemon (sssd)
 #	systemd			Use systemd for dynamic user option
 #	winbind			Use Samba winbind support
 #	wins			Use Samba wins support
 #	wrapper			Use wrapper module for testing
 #
 # Notes:
 #
 # 'sssd' performs its own 'files'-based caching, so it should generally
 # come before 'files'.
 #
 # WARNING: Running nscd with a secondary caching service like sssd may
 # 	   lead to unexpected behaviour, especially with how long
 # 	   entries are cached.
 #
 # Installation instructions:
 #
 # To use 'db', install the appropriate package(s) (provide 'makedb' and
 # libnss_db.so.*), and place the 'db' in front of 'files' for entries
 # you want to be looked up first in the databases, like this:
 #
 # passwd:    db files
 # shadow:    db files
 # group:     db files
 # In order of likelihood of use to accelerate lookup.
 passwd:      sss files systemd
 shadow:     files sss
 group:       sss files systemd
 hosts:      files dns myhostname
 services:   files sss
 netgroup:   sss
 automount:  files sss
 aliases:    files
 ethers:     files
 gshadow:    files
 # Allow initgroups to default to the setting for group.
 # initgroups: files
 networks:   files dns
 protocols:  files
 publickey:  files
 rpc:        files
--- a/bash_completion.d/torsocks
+++ b/bash_completion.d/torsocks
@@ -0,0 +1,3 @@
 #-*- mode: shell-script;-*-
 complete -F _command torsocks
--- a/chrony.conf.rpmnew
+++ b/chrony.conf.rpmnew
@@ -1,38 +0,0 @@
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 pool 2.cloudlinux.pool.ntp.org iburst
 # Record the rate at which the system clock gains/losses time.
 driftfile /var/lib/chrony/drift
 # Allow the system clock to be stepped in the first three updates
 # if its offset is larger than 1 second.
 makestep 1.0 3
 # Enable kernel synchronization of the real-time clock (RTC).
 rtcsync
 # Enable hardware timestamping on all interfaces that support it.
 #hwtimestamp *
 # Increase the minimum number of selectable sources required to adjust
 # the system clock.
 #minsources 2
 # Allow NTP client access from local network.
 #allow 192.168.0.0/16
 # Serve time even if not synchronized to a time source.
 #local stratum 10
 # Specify file containing keys for NTP authentication.
 keyfile /etc/chrony.keys
 # Get TAI-UTC offset and leap seconds from the system tz database.
 leapsectz right/UTC
 # Specify directory for log files.
 logdir /var/log/chrony
 # Select which information is logged.
 #log measurements statistics tracking
--- a/cl.selector/selector.conf
+++ b/cl.selector/selector.conf
--- a/clamd.conf.rpmnew
+++ b/clamd.conf.rpmnew
@@ -1,791 +0,0 @@
 ##
 ## Example config file for the Clam AV daemon
 ## Please read the clamd.conf(5) manual before editing this file.
 ##
 # Comment or remove the line below.
 Example
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
 #LogFile /tmp/clamd.log
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
 # the daemon with --config-file option).
 # This option disables log file locking.
 # Default: no
 #LogFileUnlock yes
 # Maximum size of the log file.
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
 # rotation (the LogRotate option) will always be enabled.
 # Default: 1M
 #LogFileMaxSize 2M
 # Log time with each message.
 # Default: no
 #LogTime yes
 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
 # Default: no
 #LogClean yes
 # Use system logger (can work together with LogFile).
 # Default: no
 #LogSyslog yes
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
 #LogFacility LOG_MAIL
 # Enable verbose logging.
 # Default: no
 #LogVerbose yes
 # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
 # Default: no
 #LogRotate yes
 # Enable Prelude output.
 # Default: no
 #PreludeEnable yes
 #
 # Set the name of the analyzer used by prelude-admin.
 # Default: ClamAV
 #PreludeAnalyzerName ClamAV
 # Log additional information about the infected file, such as its
 # size and hash, together with the virus name.
 #ExtendedDetectionInfo yes
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # This file will be owned by root, as long as clamd was started by root.
 # It is recommended that the directory where this file is stored is
 # also owned by root to keep other users from tampering with it.
 # Default: disabled
 #PidFile /var/run/clamd.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
 #TemporaryDirectory /var/tmp
 # Path to the database directory.
 # Default: hardcoded (depends on installation options)
 #DatabaseDirectory /var/lib/clamav
 # Only load the official signatures published by the ClamAV project.
 # Default: no
 #OfficialDatabaseOnly no
 # The daemon can work in local mode, network mode or both.
 # Due to security reasons we recommend the local mode.
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 #LocalSocket /tmp/clamd.socket
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
 #LocalSocketGroup virusgroup
 # Sets the permissions on the unix socket to the specified mode.
 # Default: disabled (socket is world accessible)
 #LocalSocketMode 660
 # Remove stale socket after unclean shutdown.
 # Default: yes
 #FixStaleSocket yes
 # TCP port address.
 # Default: no
 #TCPSocket 3310
 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
 # Enable the following to provide some degree of protection
 # from the outside world. This option can be specified multiple
 # times if you want to listen on multiple IPs. IPv6 is now supported.
 # Default: no
 #TCPAddr 127.0.0.1
 # Maximum length the queue of pending connections may grow to.
 # Default: 200
 #MaxConnectionQueueLength 30
 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.
 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
 #StreamMaxLength 10M
 # Limit port range.
 # Default: 1024
 #StreamMinPort 30000
 # Default: 2048
 #StreamMaxPort 32000
 # Maximum number of threads running at the same time.
 # Default: 10
 #MaxThreads 20
 # Waiting for data from a client socket will timeout after this time (seconds).
 # Default: 120
 #ReadTimeout 300
 # This option specifies the time (in seconds) after which clamd should
 # timeout if a client doesn't provide any initial command after connecting.
 # Default: 30
 #CommandReadTimeout 30
 # This option specifies how long to wait (in milliseconds) if the send buffer
 # is full.
 # Keep this value low to prevent clamd hanging.
 #
 # Default: 500
 #SendBufTimeout 200
 # Maximum number of queued items (including those being processed by
 # MaxThreads threads).
 # It is recommended to have this value at least twice MaxThreads if possible.
 # WARNING: you shouldn't increase this too much to avoid running out  of file
 # descriptors, the following condition should hold:
 # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
 # max is 1024).
 #
 # Default: 100
 #MaxQueue 200
 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
 #IdleTimeout 60
 # Don't scan files and directories matching regex
 # This directive can be used multiple times
 # Default: scan all
 #ExcludePath ^/proc/
 #ExcludePath ^/sys/
 # Maximum depth directories are scanned at.
 # Default: 15
 #MaxDirectoryRecursion 20
 # Follow directory symlinks.
 # Default: no
 #FollowDirectorySymlinks yes
 # Follow regular file symlinks.
 # Default: no
 #FollowFileSymlinks yes
 # Scan files and directories on other filesystems.
 # Default: yes
 #CrossFilesystems yes
 # Perform a database check.
 # Default: 600 (10 min)
 #SelfCheck 600
 # Enable non-blocking (multi-threaded/concurrent) database reloads.
 # This feature will temporarily load a second scanning engine while scanning
 # continues using the first engine. Once loaded, the new engine takes over.
 # The old engine is removed as soon as all scans using the old engine have
 # completed.
 # This feature requires more RAM, so this option is provided in case users are
 # willing to block scans during reload in exchange for lower RAM requirements.
 # Default: yes
 #ConcurrentDatabaseReload no
 # Execute a command when virus is found. In the command string %v will
 # be replaced with the virus name.
 # Default: no
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
 #User clamav
 # Stop daemon when libclamav reports out of memory condition.
 #ExitOnOOM yes
 # Don't fork into background.
 # Default: no
 #Foreground yes
 # Enable debug messages in libclamav.
 # Default: no
 #Debug yes
 # Do not remove temporary files (for debug purposes).
 # Default: no
 #LeaveTemporaryFiles yes
 # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
 # any ALLMATCHSCAN command as invalid.
 # Default: yes
 #AllowAllMatchScan no
 # Detect Possibly Unwanted Applications.
 # Default: no
 #DetectPUA yes
 # Exclude a specific PUA category. This directive can be used multiple times.
 # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
 # the complete list of PUA categories.
 # Default: Load all categories (if DetectPUA is activated)
 #ExcludePUA NetTool
 #ExcludePUA PWTool
 # Only include a specific PUA category. This directive can be used multiple
 # times.
 # Default: Load all categories (if DetectPUA is activated)
 #IncludePUA Spy
 #IncludePUA Scanner
 #IncludePUA RAT
 # This option causes memory or nested map scans to dump the content to disk.
 # If you turn on this option, more data is written to disk and is available
 # when the LeaveTemporaryFiles option is enabled.
 #ForceToDisk yes
 # This option allows you to disable the caching feature of the engine. By
 # default, the engine will store an MD5 in a cache of any files that are
 # not flagged as virus or that hit limits checks. Disabling the cache will
 # have a negative performance impact on large scans.
 # Default: no
 #DisableCache yes
 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to detect abnormal patterns and behaviors that
 # may be malicious.  This option enables alerting on such heuristically
 # detected potential threats.
 # Default: yes
 #HeuristicAlerts yes
 # Allow heuristic alerts to take precedence.
 # When enabled, if a heuristic scan (such as phishingScan) detects
 # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
 # scan-time.
 # When disabled, virus/phish detected by heuristic scans will be reported only
 # at the end of a scan. If an archive contains both a heuristically detected
 # virus/phish, and a real malware, the real malware will be reported
 #
 # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
 # differently from "real" malware.
 # If a non-heuristically-detected virus (signature-based) is found first,
 # the scan is interrupted immediately, regardless of this config option.
 #
 # Default: no
 #HeuristicScanPrecedence yes
 ##
 ## Heuristic Alerts
 ##
 # With this option clamav will try to detect broken executables (both PE and
 # ELF) and alert on them with the Broken.Executable heuristic signature.
 # Default: no
 #AlertBrokenExecutables yes
 # With this option clamav will try to detect broken media file (JPEG,
 # TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature.
 # Default: no
 #AlertBrokenMedia yes
 # Alert on encrypted archives _and_ documents with heuristic signature
 # (encrypted .zip, .7zip, .rar, .pdf).
 # Default: no
 #AlertEncrypted yes
 # Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip,
 # .rar).
 # Default: no
 #AlertEncryptedArchive yes
 # Alert on encrypted archives with heuristic signature (encrypted .pdf).
 # Default: no
 #AlertEncryptedDoc yes
 # With this option enabled OLE2 files containing VBA macros, which were not
 # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
 # Default: no
 #AlertOLE2Macros yes
 # Alert on SSL mismatches in URLs, even if the URL isn't in the database.
 # This can lead to false positives.
 # Default: no
 #AlertPhishingSSLMismatch yes
 # Alert on cloaked URLs, even if URL isn't in database.
 # This can lead to false positives.
 # Default: no
 #AlertPhishingCloak yes
 # Alert on raw DMG image files containing partition intersections
 # Default: no
 #AlertPartitionIntersection yes
 ##
 ## Executable files
 ##
 # PE stands for Portable Executable - it's an executable file format used
 # in all 32 and 64-bit versions of Windows operating systems. This option
 # allows ClamAV to perform a deeper analysis of executable files and it's also
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite. If you turn off this option, the original files will still be
 # scanned, but without additional processing.
 # Default: yes
 #ScanPE yes
 # Certain PE files contain an authenticode signature. By default, we check
 # the signature chain in the PE file against a database of trusted and
 # revoked certificates if the file being scanned is marked as a virus.
 # If any certificate in the chain validates against any trusted root, but
 # does not match any revoked certificate, the file is marked as whitelisted.
 # If the file does match a revoked certificate, the file is marked as virus.
 # The following setting completely turns off authenticode verification.
 # Default: no
 #DisableCertCheck yes
 # Executable and Linking Format is a standard format for UN*X executables.
 # This option allows you to control the scanning of ELF files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanELF yes
 ##
 ## Documents
 ##
 # This option enables scanning of OLE2 files, such as Microsoft Office
 # documents and .msi files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanOLE2 yes
 # This option enables scanning within PDF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanPDF yes
 # This option enables scanning within SWF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanSWF yes
 # This option enables scanning xml-based document files supported by libclamav.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanXMLDOCS yes
 # This option enables scanning of HWP3 files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanHWP3 yes
 ##
 ## Mail files
 ##
 # Enable internal e-mail scanner.
 # If you turn off this option, the original files will still be scanned, but
 # without parsing individual messages/attachments.
 # Default: yes
 #ScanMail yes
 # Scan RFC1341 messages split over many emails.
 # You will need to periodically clean up $TemporaryDirectory/clamav-partial
 # directory.
 # WARNING: This option may open your system to a DoS attack.
 #	   Never use it on loaded servers.
 # Default: no
 #ScanPartialMessages yes
 # With this option enabled ClamAV will try to detect phishing attempts by using
 # HTML.Phishing and Email.Phishing NDB signatures.
 # Default: yes
 #PhishingSignatures no
 # With this option enabled ClamAV will try to detect phishing attempts by
 # analyzing URLs found in emails using WDB and PDB signature databases.
 # Default: yes
 #PhishingScanURLs no
 ##
 ## Data Loss Prevention (DLP)
 ##
 # Enable the DLP module
 # Default: No
 #StructuredDataDetection yes
 # This option sets the lowest number of Credit Card numbers found in a file
 # to generate a detect.
 # Default: 3
 #StructuredMinCreditCardCount 5
 # With this option enabled the DLP module will search for valid Credit Card
 # numbers only. Debit and Private Label cards will not be searched.
 # Default: no
 #StructuredCCOnly yes
 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
 #StructuredMinSSNCount 5
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxx-yy-zzzz
 # Default: yes
 #StructuredSSNFormatNormal yes
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxxyyzzzz
 # Default: no
 #StructuredSSNFormatStripped yes
 ##
 ## HTML
 ##
 # Perform HTML normalisation and decryption of MS Script Encoder code.
 # Default: yes
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 #ScanHTML yes
 ##
 ## Archives
 ##
 # ClamAV can scan within archives and compressed files.
 # If you turn off this option, the original files will still be scanned, but
 # without unpacking and additional processing.
 # Default: yes
 #ScanArchive yes
 ##
 ## Limits
 ##
 # The options below protect your system against Denial of Service attacks
 # using archive bombs.
 # This option sets the maximum amount of time to a scan may take.
 # In this version, this field only affects the scan time of ZIP archives.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result allow scanning
 # of certain files to lock up the scanning process/threads resulting in a
 # Denial of Service.
 # Time is in milliseconds.
 # Default: 120000
 #MaxScanTime 300000
 # This option sets the maximum amount of data to be scanned for each input
 # file. Archives and other containers are recursively extracted and scanned
 # up to this value.
 # Value of 0 disables the limit
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 100M
 #MaxScanSize 150M
 # Files larger than this limit won't be scanned. Affects the input file itself
 # as well as files contained inside it (when the input file is an archive, a
 # document or some other kind of container).
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 25M
 #MaxFileSize 30M
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deeply the process should be continued.
 # Note: setting this limit too high may result in severe damage to the system.
 # Default: 16
 #MaxRecursion 10
 # Number of files to be scanned within an archive, a document, or any other
 # container file.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10000
 #MaxFiles 15000
 # Maximum size of a file to check for embedded PE. Files larger than this value
 # will skip the additional analysis step.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxEmbeddedPE 10M
 # Maximum size of a HTML file to normalize. HTML files larger than this value
 # will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxHTMLNormalize 10M
 # Maximum size of a normalized HTML file to scan. HTML files larger than this
 # value after normalization will not be scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 2M
 #MaxHTMLNoTags 2M
 # Maximum size of a script file to normalize. Script content larger than this
 # value will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 5M
 #MaxScriptNormalize 5M
 # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
 # than this value will skip the step to potentially reanalyze as PE.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 1M
 #MaxZipTypeRcg 1M
 # This option sets the maximum number of partitions of a raw disk image to be
 # scanned.
 # Raw disk images with more partitions than this value will have up to
 # the value number partitions scanned. Negative values are not allowed.
 # Note: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 50
 #MaxPartitions 128
 # This option sets the maximum number of icons within a PE to be scanned.
 # PE files with more icons than this value will have up to the value number
 # icons scanned.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 100
 #MaxIconsPE 200
 # This option sets the maximum recursive calls for HWP3 parsing during
 # scanning. HWP3 files using more than this limit will be terminated and
 # alert the user.
 # Scans will be unable to scan any HWP3 attachments if the recursive limit
 # is reached.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 16
 #MaxRecHWP3 16
 # This option sets the maximum calls to the PCRE match function during
 # an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user
 # but the scan will continue.
 # For more information on match_limit, see the PCRE documentation.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 100000
 #PCREMatchLimit 20000
 # This option sets the maximum recursive calls to the PCRE match function
 # during an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user
 # but the scan will continue.
 # For more information on match_limit_recursion, see the PCRE documentation.
 # Negative values are not allowed and values > PCREMatchLimit are superfluous.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 2000
 #PCRERecMatchLimit 10000
 # This option sets the maximum filesize for which PCRE subsigs will be
 # executed. Files exceeding this limit will not have PCRE subsigs executed
 # unless a subsig is encompassed to a smaller buffer.
 # Negative values are not allowed.
 # Setting this value to zero disables the limit.
 # WARNING: setting this limit too high or disabling it may severely impact
 # performance.
 # Default: 25M
 #PCREMaxFileSize 100M
 # When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or
 # MaxRecursion limit will be flagged with the virus
 # "Heuristics.Limits.Exceeded".
 # Default: no
 #AlertExceedsMax yes
 ##
 ## On-access Scan Settings
 ##
 # Don't scan files larger than OnAccessMaxFileSize
 # Value of 0 disables the limit.
 # Default: 5M
 #OnAccessMaxFileSize 10M
 # Max number of scanning threads to allocate to the OnAccess thread pool at
 # startup. These threads are the ones responsible for creating a connection
 # with the daemon and kicking off scanning after an event has been processed.
 # To prevent clamonacc from consuming all clamd's resources keep this lower
 # than clamd's max threads.
 # Default: 5
 #OnAccessMaxThreads 10
 # Max amount of time (in milliseconds) that the OnAccess client should spend
 # for every connect, send, and recieve attempt when communicating with clamd
 # via curl.
 # Default: 5000 (5 seconds)
 # OnAccessCurlTimeout 10000
 # Toggles dynamic directory determination. Allows for recursively watching
 # include paths.
 # Default: no
 #OnAccessDisableDDD yes
 # Set the include paths (all files inside them will be scanned). You can have
 # multiple OnAccessIncludePath directives but each directory must be added
 # in a separate line.
 # Default: disabled
 #OnAccessIncludePath /home
 #OnAccessIncludePath /students
 # Set the exclude paths. All subdirectories are also excluded.
 # Default: disabled
 #OnAccessExcludePath /home/user
 # Modifies fanotify blocking behaviour when handling permission events.
 # If off, fanotify will only notify if the file scanned is a virus,
 # and not perform any blocking.
 # Default: no
 #OnAccessPrevention yes
 # When using prevention, if this option is turned on, any errors that occur
 # during scanning will result in the event attempt being denied. This could
 # potentially lead to unwanted system behaviour with certain configurations,
 # so the client defaults this to off and prefers allowing access events in
 # case of scan or connection error.
 # Default: no
 #OnAccessDenyOnError yes
 # Toggles extra scanning and notifications when a file or directory is
 # created or moved.
 # Requires the  DDD system to kick-off extra scans.
 # Default: no
 #OnAccessExtraScanning yes
 # Set the  mount point to be scanned. The mount point specified, or the mount
 # point containing the specified directory will be watched. If any directories
 # are specified, this option will preempt (disable and ignore all options
 # related to) the DDD system. This option will result in verdicts only.
 # Note that prevention is explicitly disallowed to prevent common, fatal
 # misconfigurations. (e.g. watching "/" with prevention on and no exclusions
 # made on vital system directories)
 # It can be used multiple times.
 # Default: disabled
 #OnAccessMountPath /
 #OnAccessMountPath /home/user
 # With this option you can whitelist the root UID (0). Processes run under
 # root with be able to access all files without triggering scans or
 # permission denied events.
 # Note that if clamd cannot check the uid of the process that generated an
 # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
 # the process already exited), clamd will perform a scan.  Thus, setting
 # OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
 # root user from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: no
 #OnAccessExcludeRootUID no
 # With this option you can whitelist specific UIDs. Processes with these UIDs
 # will be able to access all files without triggering scans or permission
 # denied events.
 # This option can be used multiple times (one per line).
 # Using a value of 0 on any line will disable this option entirely.
 # To whitelist the root UID (0) please enable the OnAccessExcludeRootUID
 # option.
 # Also note that if clamd cannot check the uid of the process that generated an
 # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
 # the process already exited), clamd will perform a scan.  Thus, setting
 # OnAccessExcludeUID is not *guaranteed* to prevent every access by the
 # specified uid from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: disabled
 #OnAccessExcludeUID -1
 # This option allows exclusions via user names when using the on-access
 # scanning client. It can be used multiple times.
 # It has the same potential race condition limitations of the
 # OnAccessExcludeUID option.
 # Default: disabled
 #OnAccessExcludeUname clamav
 # Number of times the OnAccess client will retry a failed scan due to
 # connection problems (or other issues).
 # Default: 0
 #OnAccessRetryAttempts 3
 ##
 ## Bytecode
 ##
 # With this option enabled ClamAV will load bytecode from the database.
 # It is highly recommended you keep this option on, otherwise you'll miss
 # detections for many new viruses.
 # Default: yes
 #Bytecode yes
 # Set bytecode security level.
 # Possible values:
 #   None -      No security at all, meant for debugging.
 #               DO NOT USE THIS ON PRODUCTION SYSTEMS.
 #               This value is only available if clamav was built
 #               with --enable-debug!
 #   TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
 #               runtime safety checks for bytecode loaded from other sources.
 #   Paranoid -  Don't trust any bytecode, insert runtime checks for all.
 # Recommended: TrustSigned, because bytecode in .cvd files already has these
 # checks.
 # Note that by default only signed bytecode is loaded, currently you can only
 # load unsigned bytecode in --enable-debug mode.
 #
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 # Allow loading bytecode from outside digitally signed .c[lv]d files.
 # **Caution**: You should NEVER run bytecode signatures from untrusted sources.
 # Doing so may result in arbitrary code execution.
 # Default: no
 #BytecodeUnsigned yes
 # Set bytecode timeout in milliseconds.
 #
 # Default: 5000
 # BytecodeTimeout 1000
--- a/clamd.conf.rpmsave
+++ b/clamd.conf.rpmsave
@@ -1,452 +0,0 @@
 ##
 ## Example config file for the Clam AV daemon
 ## Please read the clamd.conf(5) manual before editing this file.
 ##
 # Comment or remove the line below.
 #Example
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
 LogFile /var/log/clamav/clamd.log
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
 # the daemon with --config-file option).
 # This option disables log file locking.
 # Default: no
 #LogFileUnlock yes
 # Maximum size of the log file.
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers.
 # Default: 1M
 LogFileMaxSize 0
 # Log time with each message.
 # Default: no
 LogTime yes
 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
 # Default: no
 LogClean no
 # Use system logger (can work together with LogFile).
 # Default: no
 LogSyslog yes
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
 LogFacility LOG_MAIL
 # Enable verbose logging.
 # Default: no
 LogVerbose yes
 # Log additional information about the infected file, such as its
 # size and hash, together with the virus name.
 ExtendedDetectionInfo yes
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # Default: disabled
 PidFile /var/run/clamav/clamd.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
 TemporaryDirectory /var/tmp
 # Path to the database directory.
 # Default: hardcoded (depends on installation options)
 DatabaseDirectory /var/lib/clamav
 # Only load the official signatures published by the ClamAV project.
 # Default: no
 #OfficialDatabaseOnly no
 # The daemon can work in local mode, network mode or both. 
 # Due to security reasons we recommend the local mode.
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 LocalSocket /var/run/clamav/clamd.sock
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
 #LocalSocketGroup virusgroup
 # Sets the permissions on the unix socket to the specified mode.
 # Default: disabled (socket is world accessible)
 #LocalSocketMode 660
 # Remove stale socket after unclean shutdown.
 # Default: yes
 FixStaleSocket yes
 # TCP port address.
 # Default: no
 TCPSocket 3310
 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
 # Enable the following to provide some degree of protection
 # from the outside world.
 # Default: no
 TCPAddr 127.0.0.1
 # Maximum length the queue of pending connections may grow to.
 # Default: 200
 MaxConnectionQueueLength 30
 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.
 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
 StreamMaxLength 10M
 # Limit port range.
 # Default: 1024
 #StreamMinPort 30000
 # Default: 2048
 #StreamMaxPort 32000
 # Maximum number of threads running at the same time.
 # Default: 10
 MaxThreads 5
 # Waiting for data from a client socket will timeout after this time (seconds).
 # Default: 120
 ReadTimeout 120
 # This option specifies the time (in seconds) after which clamd should
 # timeout if a client doesn't provide any initial command after connecting.
 # Default: 5
 CommandReadTimeout 5
 # This option specifies how long to wait (in miliseconds) if the send buffer is full.
 # Keep this value low to prevent clamd hanging
 #
 # Default: 500
 SendBufTimeout 200
 # Maximum number of queued items (including those being processed by MaxThreads threads)
 # It is recommended to have this value at least twice MaxThreads if possible.
 # WARNING: you shouldn't increase this too much to avoid running out  of file descriptors,
 # the following condition should hold:
 # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
 #
 # Default: 100
 MaxQueue 50
 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
 IdleTimeout 10
 # Don't scan files and directories matching regex
 # This directive can be used multiple times
 # Default: scan all
 #ExcludePath ^/proc/
 #ExcludePath ^/sys/
 # Maximum depth directories are scanned at.
 # Default: 15
 #MaxDirectoryRecursion 20
 # Follow directory symlinks.
 # Default: no
 #FollowDirectorySymlinks yes
 # Follow regular file symlinks.
 # Default: no
 #FollowFileSymlinks yes
 # Scan files and directories on other filesystems.
 # Default: yes
 CrossFilesystems yes
 # Perform a database check.
 # Default: 600 (10 min)
 SelfCheck 43200
 # Execute a command when virus is found. In the command string %v will
 # be replaced with the virus name.
 # Default: no
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
 User amavis
 # Initialize supplementary group access (clamd must be started by root).
 # Default: no
 #AllowSupplementaryGroups yes
 # Stop daemon when libclamav reports out of memory condition.
 ExitOnOOM yes
 # Don't fork into background.
 # Default: no
 #Foreground yes
 # Enable debug messages in libclamav.
 # Default: no
 #Debug yes
 # Do not remove temporary files (for debug purposes).
 # Default: no
 LeaveTemporaryFiles no
 # Detect Possibly Unwanted Applications.
 # Default: no
 DetectPUA yes
 # Exclude a specific PUA category. This directive can be used multiple times.
 # See http://www.clamav.net/support/pua for the complete list of PUA
 # categories.
 # Default: Load all categories (if DetectPUA is activated)
 #ExcludePUA NetTool
 #ExcludePUA PWTool
 # Only include a specific PUA category. This directive can be used multiple
 # times.
 # Default: Load all categories (if DetectPUA is activated)
 IncludePUA Spy
 IncludePUA Scanner
 IncludePUA RAT
 IncludePUA Packed
 IncludePUA PwTool
 IncludePUA NetTool
 IncludePUA P2P
 IncludePUA IRC
 IncludePUA Tool
 IncludePUA Server
 IncludePUA Script
 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to provide accurate detection. This option
 # controls the algorithmic detection.
 # Default: yes
 AlgorithmicDetection yes
 ##
 ## Executable files
 ##
 # PE stands for Portable Executable - it's an executable file format used
 # in all 32 and 64-bit versions of Windows operating systems. This option allows
 # ClamAV to perform a deeper analysis of executable files and it's also
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite.
 # Default: yes
 ScanPE yes
 # Executable and Linking Format is a standard format for UN*X executables.
 # This option allows you to control the scanning of ELF files.
 # Default: yes
 ScanELF yes
 # With this option clamav will try to detect broken executables (both PE and
 # ELF) and mark them as Broken.Executable.
 # Default: no
 #DetectBrokenExecutables yes
 ##
 ## Documents
 ##
 # This option enables scanning of OLE2 files, such as Microsoft Office
 # documents and .msi files.
 # Default: yes
 ScanOLE2 yes
 # With this option enabled OLE2 files with VBA macros, which were not
 # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
 # Default: no
 OLE2BlockMacros yes
 # This option enables scanning within PDF files.
 # Default: yes
 ScanPDF yes
 ##
 ## Mail files
 ##
 # Enable internal e-mail scanner.
 # Default: yes
 ScanMail yes
 # Scan RFC1341 messages split over many emails.
 # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
 # WARNING: This option may open your system to a DoS attack.
 #	   Never use it on loaded servers.
 # Default: no
 ScanPartialMessages no
 # With this option enabled ClamAV will try to detect phishing attempts by using
 # signatures.
 # Default: yes
 PhishingSignatures yes
 # Scan URLs found in mails for phishing attempts using heuristics.
 # Default: yes
 PhishingScanURLs yes
 # Always block SSL mismatches in URLs, even if the URL isn't in the database.
 # This can lead to false positives.
 #
 # Default: no
 PhishingAlwaysBlockSSLMismatch no
 # Always block cloaked URLs, even if URL isn't in database.
 # This can lead to false positives.
 #
 # Default: no
 PhishingAlwaysBlockCloak no
 # Allow heuristic match to take precedence.
 # When enabled, if a heuristic scan (such as phishingScan) detects
 # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
 # scan-time.
 # When disabled, virus/phish detected by heuristic scans will be reported only at
 # the end of a scan. If an archive contains both a heuristically detected
 # virus/phish, and a real malware, the real malware will be reported
 #
 # Keep this disabled if you intend to handle "*.Heuristics.*" viruses 
 # differently from "real" malware.
 # If a non-heuristically-detected virus (signature-based) is found first, 
 # the scan is interrupted immediately, regardless of this config option.
 #
 # Default: no
 HeuristicScanPrecedence no
 ##
 ## Data Loss Prevention (DLP)
 ##
 # Enable the DLP module
 # Default: No
 StructuredDataDetection no
 # This option sets the lowest number of Credit Card numbers found in a file
 # to generate a detect.
 # Default: 3
 #StructuredMinCreditCardCount 5
 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
 #StructuredMinSSNCount 5
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxx-yy-zzzz
 # Default: yes
 StructuredSSNFormatNormal no
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxxyyzzzz
 # Default: no
 StructuredSSNFormatStripped no
 ##
 ## HTML
 ##
 # Perform HTML normalisation and decryption of MS Script Encoder code.
 # Default: yes
 ScanHTML yes
 ##
 ## Archives
 ##
 # ClamAV can scan within archives and compressed files.
 # Default: yes
 ScanArchive yes
 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
 # Default: no
 ArchiveBlockEncrypted no
 ##
 ## Limits
 ##
 # The options below protect your system against Denial of Service attacks
 # using archive bombs.
 # This option sets the maximum amount of data to be scanned for each input file.
 # Archives and other containers are recursively extracted and scanned up to this
 # value.
 # Value of 0 disables the limit
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 100M
 MaxScanSize 50M
 # Files larger than this limit won't be scanned. Affects the input file itself
 # as well as files contained inside it (when the input file is an archive, a
 # document or some other kind of container).
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 25M
 MaxFileSize 30M
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deeply the process should be continued.
 # Note: setting this limit too high may result in severe damage to the system.
 # Default: 16
 MaxRecursion 10
 # Number of files to be scanned within an archive, a document, or any other
 # container file.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10000
 #MaxFiles 15000
 # With this option enabled ClamAV will load bytecode from the database. 
 # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
 # Default: yes
 Bytecode yes
 # Set bytecode security level.
 # Possible values:
 #       None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
 #         This value is only available if clamav was built with --enable-debug!
 #       TrustSigned - trust bytecode loaded from signed .c[lv]d files,
 #                insert runtime safety checks for bytecode loaded from other sources
 #       Paranoid - don't trust any bytecode, insert runtime checks for all
 # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
 # Note that by default only signed bytecode is loaded, currently you can only
 # load unsigned bytecode in --enable-debug mode.
 #
 # Default: TrustSigned
 BytecodeSecurity TrustSigned
 # Set bytecode timeout in miliseconds.
 # 
 # Default: 5000
 BytecodeTimeout 3000
--- a/clamd.d/scan.conf.rpmnew
+++ b/clamd.d/scan.conf.rpmnew
@@ -1,762 +0,0 @@
 ##
 ## Example config file for the Clam AV daemon
 ## Please read the clamd.conf(5) manual before editing this file.
 ##
 # Comment or remove the line below.
 #Example
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
 #LogFile /var/log/clamd.scan
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
 # the daemon with --config-file option).
 # This option disables log file locking.
 # Default: no
 #LogFileUnlock yes
 # Maximum size of the log file.
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
 # rotation (the LogRotate option) will always be enabled.
 # Default: 1M
 #LogFileMaxSize 2M
 # Log time with each message.
 # Default: no
 #LogTime yes
 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
 # Default: no
 #LogClean yes
 # Use system logger (can work together with LogFile).
 # Default: no
 LogSyslog yes
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
 #LogFacility LOG_MAIL
 # Enable verbose logging.
 # Default: no
 #LogVerbose yes
 # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
 # Default: no
 #LogRotate yes
 # Enable Prelude output.
 # Default: no
 #PreludeEnable yes
 #
 # Set the name of the analyzer used by prelude-admin.
 # Default: ClamAV
 #PreludeAnalyzerName ClamAV
 # Log additional information about the infected file, such as its
 # size and hash, together with the virus name.
 #ExtendedDetectionInfo yes
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # Default: disabled
 #PidFile /run/clamd.scan/clamd.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
 #TemporaryDirectory /var/tmp
 # Path to the database directory.
 # Default: hardcoded (depends on installation options)
 #DatabaseDirectory /var/lib/clamav
 # Only load the official signatures published by the ClamAV project.
 # Default: no
 #OfficialDatabaseOnly no
 # The daemon can work in local mode, network mode or both.
 # Due to security reasons we recommend the local mode.
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 #LocalSocket /run/clamd.scan/clamd.sock
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
 #LocalSocketGroup virusgroup
 # Sets the permissions on the unix socket to the specified mode.
 # Default: disabled (socket is world accessible)
 #LocalSocketMode 660
 # Remove stale socket after unclean shutdown.
 # Default: yes
 #FixStaleSocket yes
 # TCP port address.
 # Default: no
 #TCPSocket 3310
 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
 # Enable the following to provide some degree of protection
 # from the outside world. This option can be specified multiple
 # times if you want to listen on multiple IPs. IPv6 is now supported.
 # Default: no
 #TCPAddr 127.0.0.1
 # Maximum length the queue of pending connections may grow to.
 # Default: 200
 #MaxConnectionQueueLength 30
 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.
 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
 #StreamMaxLength 10M
 # Limit port range.
 # Default: 1024
 #StreamMinPort 30000
 # Default: 2048
 #StreamMaxPort 32000
 # Maximum number of threads running at the same time.
 # Default: 10
 #MaxThreads 20
 # Waiting for data from a client socket will timeout after this time (seconds).
 # Default: 120
 #ReadTimeout 300
 # This option specifies the time (in seconds) after which clamd should
 # timeout if a client doesn't provide any initial command after connecting.
 # Default: 30
 #CommandReadTimeout 30
 # This option specifies how long to wait (in milliseconds) if the send buffer
 # is full.
 # Keep this value low to prevent clamd hanging.
 #
 # Default: 500
 #SendBufTimeout 200
 # Maximum number of queued items (including those being processed by
 # MaxThreads threads).
 # It is recommended to have this value at least twice MaxThreads if possible.
 # WARNING: you shouldn't increase this too much to avoid running out  of file
 # descriptors, the following condition should hold:
 # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
 # max is 1024).
 #
 # Default: 100
 #MaxQueue 200
 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
 #IdleTimeout 60
 # Don't scan files and directories matching regex
 # This directive can be used multiple times
 # Default: scan all
 #ExcludePath ^/proc/
 #ExcludePath ^/sys/
 # Maximum depth directories are scanned at.
 # Default: 15
 #MaxDirectoryRecursion 20
 # Follow directory symlinks.
 # Default: no
 #FollowDirectorySymlinks yes
 # Follow regular file symlinks.
 # Default: no
 #FollowFileSymlinks yes
 # Scan files and directories on other filesystems.
 # Default: yes
 #CrossFilesystems yes
 # Perform a database check.
 # Default: 600 (10 min)
 #SelfCheck 600
 # Execute a command when virus is found. In the command string %v will
 # be replaced with the virus name.
 # Default: no
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
 User clamscan
 # Stop daemon when libclamav reports out of memory condition.
 #ExitOnOOM yes
 # Don't fork into background.
 # Default: no
 #Foreground yes
 # Enable debug messages in libclamav.
 # Default: no
 #Debug yes
 # Do not remove temporary files (for debug purposes).
 # Default: no
 #LeaveTemporaryFiles yes
 # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
 # any ALLMATCHSCAN command as invalid.
 # Default: yes
 #AllowAllMatchScan no
 # Detect Possibly Unwanted Applications.
 # Default: no
 #DetectPUA yes
 # Exclude a specific PUA category. This directive can be used multiple times.
 # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
 # the complete list of PUA categories.
 # Default: Load all categories (if DetectPUA is activated)
 #ExcludePUA NetTool
 #ExcludePUA PWTool
 # Only include a specific PUA category. This directive can be used multiple
 # times.
 # Default: Load all categories (if DetectPUA is activated)
 #IncludePUA Spy
 #IncludePUA Scanner
 #IncludePUA RAT
 # This option causes memory or nested map scans to dump the content to disk.
 # If you turn on this option, more data is written to disk and is available
 # when the LeaveTemporaryFiles option is enabled.
 #ForceToDisk yes
 # This option allows you to disable the caching feature of the engine. By
 # default, the engine will store an MD5 in a cache of any files that are
 # not flagged as virus or that hit limits checks. Disabling the cache will
 # have a negative performance impact on large scans.
 # Default: no
 #DisableCache yes
 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to detect abnormal patterns and behaviors that
 # may be malicious.  This option enables alerting on such heuristically
 # detected potential threats.
 # Default: yes
 #HeuristicAlerts yes
 # Allow heuristic alerts to take precedence.
 # When enabled, if a heuristic scan (such as phishingScan) detects
 # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
 # scan-time.
 # When disabled, virus/phish detected by heuristic scans will be reported only
 # at the end of a scan. If an archive contains both a heuristically detected
 # virus/phish, and a real malware, the real malware will be reported
 #
 # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
 # differently from "real" malware.
 # If a non-heuristically-detected virus (signature-based) is found first,
 # the scan is interrupted immediately, regardless of this config option.
 #
 # Default: no
 #HeuristicScanPrecedence yes
 ##
 ## Heuristic Alerts
 ##
 # With this option clamav will try to detect broken executables (both PE and
 # ELF) and alert on them with the Broken.Executable heuristic signature.
 # Default: no
 #AlertBrokenExecutables yes
 # Alert on encrypted archives _and_ documents with heuristic signature
 # (encrypted .zip, .7zip, .rar, .pdf).
 # Default: no
 #AlertEncrypted yes
 # Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip,
 # .rar).
 # Default: no
 #AlertEncryptedArchive yes
 # Alert on encrypted archives with heuristic signature (encrypted .pdf).
 # Default: no
 #AlertEncryptedDoc yes
 # With this option enabled OLE2 files containing VBA macros, which were not
 # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
 # Default: no
 #AlertOLE2Macros yes
 # Alert on SSL mismatches in URLs, even if the URL isn't in the database.
 # This can lead to false positives.
 # Default: no
 #AlertPhishingSSLMismatch yes
 # Alert on cloaked URLs, even if URL isn't in database.
 # This can lead to false positives.
 # Default: no
 #AlertPhishingCloak yes
 # Alert on raw DMG image files containing partition intersections
 # Default: no
 #AlertPartitionIntersection yes
 ##
 ## Executable files
 ##
 # PE stands for Portable Executable - it's an executable file format used
 # in all 32 and 64-bit versions of Windows operating systems. This option
 # allows ClamAV to perform a deeper analysis of executable files and it's also
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite. If you turn off this option, the original files will still be
 # scanned, but without additional processing.
 # Default: yes
 #ScanPE yes
 # Certain PE files contain an authenticode signature. By default, we check
 # the signature chain in the PE file against a database of trusted and
 # revoked certificates if the file being scanned is marked as a virus.
 # If any certificate in the chain validates against any trusted root, but
 # does not match any revoked certificate, the file is marked as whitelisted.
 # If the file does match a revoked certificate, the file is marked as virus.
 # The following setting completely turns off authenticode verification.
 # Default: no
 #DisableCertCheck yes
 # Executable and Linking Format is a standard format for UN*X executables.
 # This option allows you to control the scanning of ELF files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanELF yes
 ##
 ## Documents
 ##
 # This option enables scanning of OLE2 files, such as Microsoft Office
 # documents and .msi files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanOLE2 yes
 # This option enables scanning within PDF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanPDF yes
 # This option enables scanning within SWF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanSWF yes
 # This option enables scanning xml-based document files supported by libclamav.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanXMLDOCS yes
 # This option enables scanning of HWP3 files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanHWP3 yes
 ##
 ## Mail files
 ##
 # Enable internal e-mail scanner.
 # If you turn off this option, the original files will still be scanned, but
 # without parsing individual messages/attachments.
 # Default: yes
 #ScanMail yes
 # Scan RFC1341 messages split over many emails.
 # You will need to periodically clean up $TemporaryDirectory/clamav-partial
 # directory.
 # WARNING: This option may open your system to a DoS attack.
 #	   Never use it on loaded servers.
 # Default: no
 #ScanPartialMessages yes
 # With this option enabled ClamAV will try to detect phishing attempts by using
 # HTML.Phishing and Email.Phishing NDB signatures.
 # Default: yes
 #PhishingSignatures no
 # With this option enabled ClamAV will try to detect phishing attempts by
 # analyzing URLs found in emails using WDB and PDB signature databases.
 # Default: yes
 #PhishingScanURLs no
 ##
 ## Data Loss Prevention (DLP)
 ##
 # Enable the DLP module
 # Default: No
 #StructuredDataDetection yes
 # This option sets the lowest number of Credit Card numbers found in a file
 # to generate a detect.
 # Default: 3
 #StructuredMinCreditCardCount 5
 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
 #StructuredMinSSNCount 5
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxx-yy-zzzz
 # Default: yes
 #StructuredSSNFormatNormal yes
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxxyyzzzz
 # Default: no
 #StructuredSSNFormatStripped yes
 ##
 ## HTML
 ##
 # Perform HTML normalisation and decryption of MS Script Encoder code.
 # Default: yes
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 #ScanHTML yes
 ##
 ## Archives
 ##
 # ClamAV can scan within archives and compressed files.
 # If you turn off this option, the original files will still be scanned, but
 # without unpacking and additional processing.
 # Default: yes
 #ScanArchive yes
 ##
 ## Limits
 ##
 # The options below protect your system against Denial of Service attacks
 # using archive bombs.
 # This option sets the maximum amount of time to a scan may take.
 # In this version, this field only affects the scan time of ZIP archives.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result allow scanning
 # of certain files to lock up the scanning process/threads resulting in a
 # Denial of Service.
 # Time is in milliseconds.
 # Default: 120000
 #MaxScanTime 300000
 # This option sets the maximum amount of data to be scanned for each input
 # file. Archives and other containers are recursively extracted and scanned
 # up to this value.
 # Value of 0 disables the limit
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 100M
 #MaxScanSize 150M
 # Files larger than this limit won't be scanned. Affects the input file itself
 # as well as files contained inside it (when the input file is an archive, a
 # document or some other kind of container).
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 25M
 #MaxFileSize 30M
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deeply the process should be continued.
 # Note: setting this limit too high may result in severe damage to the system.
 # Default: 16
 #MaxRecursion 10
 # Number of files to be scanned within an archive, a document, or any other
 # container file.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10000
 #MaxFiles 15000
 # Maximum size of a file to check for embedded PE. Files larger than this value
 # will skip the additional analysis step.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxEmbeddedPE 10M
 # Maximum size of a HTML file to normalize. HTML files larger than this value
 # will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxHTMLNormalize 10M
 # Maximum size of a normalized HTML file to scan. HTML files larger than this
 # value after normalization will not be scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 2M
 #MaxHTMLNoTags 2M
 # Maximum size of a script file to normalize. Script content larger than this
 # value will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 5M
 #MaxScriptNormalize 5M
 # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
 # than this value will skip the step to potentially reanalyze as PE.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 1M
 #MaxZipTypeRcg 1M
 # This option sets the maximum number of partitions of a raw disk image to be
 # scanned.
 # Raw disk images with more partitions than this value will have up to
 # the value number partitions scanned. Negative values are not allowed.
 # Note: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 50
 #MaxPartitions 128
 # This option sets the maximum number of icons within a PE to be scanned.
 # PE files with more icons than this value will have up to the value number
 # icons scanned.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 100
 #MaxIconsPE 200
 # This option sets the maximum recursive calls for HWP3 parsing during
 # scanning. HWP3 files using more than this limit will be terminated and
 # alert the user.
 # Scans will be unable to scan any HWP3 attachments if the recursive limit
 # is reached.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 16
 #MaxRecHWP3 16
 # This option sets the maximum calls to the PCRE match function during
 # an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user
 # but the scan will continue.
 # For more information on match_limit, see the PCRE documentation.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 100000
 #PCREMatchLimit 20000
 # This option sets the maximum recursive calls to the PCRE match function
 # during an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user
 # but the scan will continue.
 # For more information on match_limit_recursion, see the PCRE documentation.
 # Negative values are not allowed and values > PCREMatchLimit are superfluous.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 2000
 #PCRERecMatchLimit 10000
 # This option sets the maximum filesize for which PCRE subsigs will be
 # executed. Files exceeding this limit will not have PCRE subsigs executed
 # unless a subsig is encompassed to a smaller buffer.
 # Negative values are not allowed.
 # Setting this value to zero disables the limit.
 # WARNING: setting this limit too high or disabling it may severely impact
 # performance.
 # Default: 25M
 #PCREMaxFileSize 100M
 # When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or
 # MaxRecursion limit will be flagged with the virus
 # "Heuristics.Limits.Exceeded".
 # Default: no
 #AlertExceedsMax yes
 ##
 ## On-access Scan Settings
 ##
 # Don't scan files larger than OnAccessMaxFileSize
 # Value of 0 disables the limit.
 # Default: 5M
 #OnAccessMaxFileSize 10M
 # Max number of scanning threads to allocate to the OnAccess thread pool at
 # startup. These threads are the ones responsible for creating a connection
 # with the daemon and kicking off scanning after an event has been processed.
 # To prevent clamonacc from consuming all clamd's resources keep this lower
 # than clamd's max threads.
 # Default: 5
 #OnAccessMaxThreads 10
 # Max amount of time (in milliseconds) that the OnAccess client should spend
 # for every connect, send, and recieve attempt when communicating with clamd
 # via curl.
 # Default: 5000 (5 seconds)
 # OnAccessCurlTimeout 10000
 # Toggles dynamic directory determination. Allows for recursively watching
 # include paths.
 # Default: no
 #OnAccessDisableDDD yes
 # Set the include paths (all files inside them will be scanned). You can have
 # multiple OnAccessIncludePath directives but each directory must be added
 # in a separate line.
 # Default: disabled
 #OnAccessIncludePath /home
 #OnAccessIncludePath /students
 # Set the exclude paths. All subdirectories are also excluded.
 # Default: disabled
 #OnAccessExcludePath /home/user
 # Modifies fanotify blocking behaviour when handling permission events.
 # If off, fanotify will only notify if the file scanned is a virus,
 # and not perform any blocking.
 # Default: no
 #OnAccessPrevention yes
 # When using prevention, if this option is turned on, any errors that occur
 # during scanning will result in the event attempt being denied. This could
 # potentially lead to unwanted system behaviour with certain configurations,
 # so the client defaults this to off and prefers allowing access events in
 # case of scan or connection error.
 # Default: no
 #OnAccessDenyOnError yes
 # Toggles extra scanning and notifications when a file or directory is
 # created or moved.
 # Requires the  DDD system to kick-off extra scans.
 # Default: no
 #OnAccessExtraScanning yes
 # Set the  mount point to be scanned. The mount point specified, or the mount
 # point containing the specified directory will be watched. If any directories
 # are specified, this option will preempt (disable and ignore all options
 # related to) the DDD system. This option will result in verdicts only.
 # Note that prevention is explicitly disallowed to prevent common, fatal
 # misconfigurations. (e.g. watching "/" with prevention on and no exclusions
 # made on vital system directories)
 # It can be used multiple times.
 # Default: disabled
 #OnAccessMountPath /
 #OnAccessMountPath /home/user
 # With this option you can whitelist the root UID (0). Processes run under
 # root with be able to access all files without triggering scans or
 # permission denied events.
 # Note that if clamd cannot check the uid of the process that generated an
 # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
 # the process already exited), clamd will perform a scan.  Thus, setting
 # OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
 # root user from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: no
 #OnAccessExcludeRootUID no
 # With this option you can whitelist specific UIDs. Processes with these UIDs
 # will be able to access all files without triggering scans or permission
 # denied events.
 # This option can be used multiple times (one per line).
 # Using a value of 0 on any line will disable this option entirely.
 # To whitelist the root UID (0) please enable the OnAccessExcludeRootUID
 # option.
 # Also note that if clamd cannot check the uid of the process that generated an
 # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
 # the process already exited), clamd will perform a scan.  Thus, setting
 # OnAccessExcludeUID is not *guaranteed* to prevent every access by the
 # specified uid from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: disabled
 #OnAccessExcludeUID -1
 # This option allows exclusions via user names when using the on-access
 # scanning client. It can be used multiple times.
 # It has the same potential race condition limitations of the
 # OnAccessExcludeUID option.
 # Default: disabled
 #OnAccessExcludeUname clamav
 # Number of times the OnAccess client will retry a failed scan due to
 # connection problems (or other issues).
 # Default: 0
 #OnAccessRetryAttempts 3
 ##
 ## Bytecode
 ##
 # With this option enabled ClamAV will load bytecode from the database.
 # It is highly recommended you keep this option on, otherwise you'll miss
 # detections for many new viruses.
 # Default: yes
 #Bytecode yes
 # Set bytecode security level.
 # Possible values:
 #   None -      No security at all, meant for debugging.
 #               DO NOT USE THIS ON PRODUCTION SYSTEMS.
 #               This value is only available if clamav was built
 #               with --enable-debug!
 #   TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
 #               runtime safety checks for bytecode loaded from other sources.
 #   Paranoid -  Don't trust any bytecode, insert runtime checks for all.
 # Recommended: TrustSigned, because bytecode in .cvd files already has these
 # checks.
 # Note that by default only signed bytecode is loaded, currently you can only
 # load unsigned bytecode in --enable-debug mode.
 #
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 # Set bytecode timeout in milliseconds.
 #
 # Default: 5000
 # BytecodeTimeout 1000
--- a/clamd.d/scan.conf.rpmsave
+++ b/clamd.d/scan.conf.rpmsave
@@ -1,674 +0,0 @@
 ##
 ## Example config file for the Clam AV daemon
 ## Please read the clamd.conf(5) manual before editing this file.
 ##
 # Comment or remove the line below.
 #Example
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
 LogFile /var/log/clamd.scan
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
 # the daemon with --config-file option).
 # This option disables log file locking.
 # Default: no
 #LogFileUnlock yes
 # Maximum size of the log file.
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
 # rotation (the LogRotate option) will always be enabled.
 # Default: 1M
 #LogFileMaxSize 2M
 # Log time with each message.
 # Default: no
 LogTime yes
 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
 # Default: no
 #LogClean yes
 # Use system logger (can work together with LogFile).
 # Default: no
 LogSyslog yes
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
 #LogFacility LOG_MAIL
 # Enable verbose logging.
 # Default: no
 #LogVerbose yes
 # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
 # Default: no
 LogRotate yes
 # Log additional information about the infected file, such as its
 # size and hash, together with the virus name.
 ExtendedDetectionInfo yes
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # Default: disabled
 PidFile /var/run/clamd.scan/clamd.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
 TemporaryDirectory /var/tmp
 # Path to the database directory.
 # Default: hardcoded (depends on installation options)
 DatabaseDirectory /var/clamav
 # Only load the official signatures published by the ClamAV project.
 # Default: no
 #OfficialDatabaseOnly no
 # The daemon can work in local mode, network mode or both. 
 # Due to security reasons we recommend the local mode.
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 LocalSocket /var/run/clamav/clamd.sock
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
 #LocalSocketGroup virusgroup
 # Sets the permissions on the unix socket to the specified mode.
 # Default: disabled (socket is world accessible)
 #LocalSocketMode 660
 # Remove stale socket after unclean shutdown.
 # Default: yes
 #FixStaleSocket yes
 # TCP port address.
 # Default: no
 #TCPSocket 3310
 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
 # Enable the following to provide some degree of protection
 # from the outside world. This option can be specified multiple
 # times if you want to listen on multiple IPs. IPv6 is now supported.
 # Default: no
 #TCPAddr 127.0.0.1
 # Maximum length the queue of pending connections may grow to.
 # Default: 200
 #MaxConnectionQueueLength 30
 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.
 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
 #StreamMaxLength 10M
 # Limit port range.
 # Default: 1024
 #StreamMinPort 30000
 # Default: 2048
 #StreamMaxPort 32000
 # Maximum number of threads running at the same time.
 # Default: 10
 #MaxThreads 20
 # Waiting for data from a client socket will timeout after this time (seconds).
 # Default: 120
 #ReadTimeout 300
 # This option specifies the time (in seconds) after which clamd should
 # timeout if a client doesn't provide any initial command after connecting.
 # Default: 5
 #CommandReadTimeout 5
 # This option specifies how long to wait (in miliseconds) if the send buffer is full.
 # Keep this value low to prevent clamd hanging
 #
 # Default: 500
 #SendBufTimeout 200
 # Maximum number of queued items (including those being processed by MaxThreads threads)
 # It is recommended to have this value at least twice MaxThreads if possible.
 # WARNING: you shouldn't increase this too much to avoid running out  of file descriptors,
 # the following condition should hold:
 # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
 #
 # Default: 100
 #MaxQueue 200
 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
 #IdleTimeout 60
 # Don't scan files and directories matching regex
 # This directive can be used multiple times
 # Default: scan all
 #ExcludePath ^/proc/
 #ExcludePath ^/sys/
 # Maximum depth directories are scanned at.
 # Default: 15
 #MaxDirectoryRecursion 20
 # Follow directory symlinks.
 # Default: no
 #FollowDirectorySymlinks yes
 # Follow regular file symlinks.
 # Default: no
 #FollowFileSymlinks yes
 # Scan files and directories on other filesystems.
 # Default: yes
 #CrossFilesystems yes
 # Perform a database check.
 # Default: 600 (10 min)
 #SelfCheck 600
 # Execute a command when virus is found. In the command string %v will
 # be replaced with the virus name.
 # Default: no
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
 User amavis
 # Initialize supplementary group access (clamd must be started by root).
 # Default: no
 AllowSupplementaryGroups yes
 # Stop daemon when libclamav reports out of memory condition.
 #ExitOnOOM yes
 # Don't fork into background.
 # Default: no
 #Foreground yes
 # Enable debug messages in libclamav.
 # Default: no
 #Debug yes
 # Do not remove temporary files (for debug purposes).
 # Default: no
 #LeaveTemporaryFiles yes
 # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
 # any ALLMATCHSCAN command as invalid.
 # Default: yes
 #AllowAllMatchScan no
 # Detect Possibly Unwanted Applications.
 # Default: no
 #DetectPUA yes
 # Exclude a specific PUA category. This directive can be used multiple times.
 # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for 
 # the complete list of PUA categories.
 # Default: Load all categories (if DetectPUA is activated)
 #ExcludePUA NetTool
 #ExcludePUA PWTool
 # Only include a specific PUA category. This directive can be used multiple
 # times.
 # Default: Load all categories (if DetectPUA is activated)
 #IncludePUA Spy
 #IncludePUA Scanner
 #IncludePUA RAT
 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to provide accurate detection. This option
 # controls the algorithmic detection.
 # Default: yes
 #AlgorithmicDetection yes
 # This option causes memory or nested map scans to dump the content to disk.
 # If you turn on this option, more data is written to disk and is available
 # when the LeaveTemporaryFiles option is enabled.
 #ForceToDisk yes
 # This option allows you to disable the caching feature of the engine. By
 # default, the engine will store an MD5 in a cache of any files that are
 # not flagged as virus or that hit limits checks. Disabling the cache will
 # have a negative performance impact on large scans.
 # Default: no
 #DisableCache yes
 ##
 ## Executable files
 ##
 # PE stands for Portable Executable - it's an executable file format used
 # in all 32 and 64-bit versions of Windows operating systems. This option allows
 # ClamAV to perform a deeper analysis of executable files and it's also
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite. If you turn off this option, the original files will still be
 # scanned, but without additional processing.
 # Default: yes
 #ScanPE yes
 # Certain PE files contain an authenticode signature. By default, we check
 # the signature chain in the PE file against a database of trusted and
 # revoked certificates if the file being scanned is marked as a virus.
 # If any certificate in the chain validates against any trusted root, but
 # does not match any revoked certificate, the file is marked as whitelisted.
 # If the file does match a revoked certificate, the file is marked as virus.
 # The following setting completely turns off authenticode verification.
 # Default: no
 #DisableCertCheck yes
 # Executable and Linking Format is a standard format for UN*X executables.
 # This option allows you to control the scanning of ELF files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanELF yes
 # With this option clamav will try to detect broken executables (both PE and
 # ELF) and mark them as Broken.Executable.
 # Default: no
 #DetectBrokenExecutables yes
 ##
 ## Documents
 ##
 # This option enables scanning of OLE2 files, such as Microsoft Office
 # documents and .msi files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanOLE2 yes
 # With this option enabled OLE2 files with VBA macros, which were not
 # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
 # Default: no
 #OLE2BlockMacros no
 # This option enables scanning within PDF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanPDF yes
 # This option enables scanning within SWF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanSWF yes
 # This option enables scanning xml-based document files supported by libclamav.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanXMLDOCS yes
 # This option enables scanning of HWP3 files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanHWP3 yes
 ##
 ## Mail files
 ##
 # Enable internal e-mail scanner.
 # If you turn off this option, the original files will still be scanned, but
 # without parsing individual messages/attachments.
 # Default: yes
 #ScanMail yes
 # Scan RFC1341 messages split over many emails.
 # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
 # WARNING: This option may open your system to a DoS attack.
 #	   Never use it on loaded servers.
 # Default: no
 #ScanPartialMessages yes
 # With this option enabled ClamAV will try to detect phishing attempts by using
 # signatures.
 # Default: yes
 #PhishingSignatures yes
 # Scan URLs found in mails for phishing attempts using heuristics.
 # Default: yes
 #PhishingScanURLs yes
 # Always block SSL mismatches in URLs, even if the URL isn't in the database.
 # This can lead to false positives.
 #
 # Default: no
 #PhishingAlwaysBlockSSLMismatch no
 # Always block cloaked URLs, even if URL isn't in database.
 # This can lead to false positives.
 #
 # Default: no
 #PhishingAlwaysBlockCloak no
 # Detect partition intersections in raw disk images using heuristics.
 # Default: no
 #PartitionIntersection no
 # Allow heuristic match to take precedence.
 # When enabled, if a heuristic scan (such as phishingScan) detects
 # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
 # scan-time.
 # When disabled, virus/phish detected by heuristic scans will be reported only at
 # the end of a scan. If an archive contains both a heuristically detected
 # virus/phish, and a real malware, the real malware will be reported
 #
 # Keep this disabled if you intend to handle "*.Heuristics.*" viruses 
 # differently from "real" malware.
 # If a non-heuristically-detected virus (signature-based) is found first, 
 # the scan is interrupted immediately, regardless of this config option.
 #
 # Default: no
 #HeuristicScanPrecedence yes
 ##
 ## Data Loss Prevention (DLP)
 ##
 # Enable the DLP module
 # Default: No
 #StructuredDataDetection yes
 # This option sets the lowest number of Credit Card numbers found in a file
 # to generate a detect.
 # Default: 3
 #StructuredMinCreditCardCount 5
 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
 #StructuredMinSSNCount 5
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxx-yy-zzzz
 # Default: yes
 #StructuredSSNFormatNormal yes
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxxyyzzzz
 # Default: no
 #StructuredSSNFormatStripped yes
 ##
 ## HTML
 ##
 # Perform HTML normalisation and decryption of MS Script Encoder code.
 # Default: yes
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 #ScanHTML yes
 ##
 ## Archives
 ##
 # ClamAV can scan within archives and compressed files.
 # If you turn off this option, the original files will still be scanned, but
 # without unpacking and additional processing.
 # Default: yes
 #ScanArchive yes
 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
 # Default: no
 #ArchiveBlockEncrypted no
 ##
 ## Limits
 ##
 # The options below protect your system against Denial of Service attacks
 # using archive bombs.
 # This option sets the maximum amount of data to be scanned for each input file.
 # Archives and other containers are recursively extracted and scanned up to this
 # value.
 # Value of 0 disables the limit
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 100M
 #MaxScanSize 150M
 # Files larger than this limit won't be scanned. Affects the input file itself
 # as well as files contained inside it (when the input file is an archive, a
 # document or some other kind of container).
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 25M
 #MaxFileSize 30M
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deeply the process should be continued.
 # Note: setting this limit too high may result in severe damage to the system.
 # Default: 16
 #MaxRecursion 10
 # Number of files to be scanned within an archive, a document, or any other
 # container file.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10000
 #MaxFiles 15000
 # Maximum size of a file to check for embedded PE. Files larger than this value
 # will skip the additional analysis step.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxEmbeddedPE 10M
 # Maximum size of a HTML file to normalize. HTML files larger than this value
 # will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxHTMLNormalize 10M
 # Maximum size of a normalized HTML file to scan. HTML files larger than this
 # value after normalization will not be scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 2M
 #MaxHTMLNoTags 2M
 # Maximum size of a script file to normalize. Script content larger than this
 # value will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 5M
 #MaxScriptNormalize 5M
 # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
 # than this value will skip the step to potentially reanalyze as PE.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 1M
 #MaxZipTypeRcg 1M
 # This option sets the maximum number of partitions of a raw disk image to be scanned.
 # Raw disk images with more partitions than this value will have up to the value number
 # partitions scanned. Negative values are not allowed.
 # Note: setting this limit too high may result in severe damage or impact performance.
 # Default: 50
 #MaxPartitions 128
 # This option sets the maximum number of icons within a PE to be scanned.
 # PE files with more icons than this value will have up to the value number icons scanned.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact performance.
 # Default: 100
 #MaxIconsPE 200
 # This option sets the maximum recursive calls for HWP3 parsing during scanning.
 # HWP3 files using more than this limit will be terminated and alert the user.
 # Scans will be unable to scan any HWP3 attachments if the recursive limit is reached.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact performance.
 # Default: 16
 #MaxRecHWP3 16
 # This option sets the maximum calls to the PCRE match function during an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user but the scan will continue.
 # For more information on match_limit, see the PCRE documentation.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 10000
 #PCREMatchLimit 20000
 # This option sets the maximum recursive calls to the PCRE match function during an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user but the scan will continue.
 # For more information on match_limit_recursion, see the PCRE documentation.
 # Negative values are not allowed and values > PCREMatchLimit are superfluous.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 5000
 #PCRERecMatchLimit 10000
 # This option sets the maximum filesize for which PCRE subsigs will be executed.
 # Files exceeding this limit will not have PCRE subsigs executed unless a subsig is encompassed to a smaller buffer.
 # Negative values are not allowed.
 # Setting this value to zero disables the limit.
 # WARNING: setting this limit too high or disabling it may severely impact performance.
 # Default: 25M
 #PCREMaxFileSize 100M
 ##
 ## On-access Scan Settings
 ##
 # Enable on-access scanning. Currently, this is supported via fanotify.
 # Clamuko/Dazuko support has been deprecated.
 # Default: no
 #ScanOnAccess yes
 # Set the  mount point to be scanned. The mount point specified, or the mount point 
 # containing the specified directory will be watched. If any directories are specified, 
 # this option will preempt the DDD system. This will notify only. It can be used multiple times.
 # (On-access scan only)
 # Default: disabled
 #OnAccessMountPath /
 #OnAccessMountPath /home/user
 # Don't scan files larger than OnAccessMaxFileSize
 # Value of 0 disables the limit.
 # Default: 5M
 #OnAccessMaxFileSize 10M
 # Set the include paths (all files inside them will be scanned). You can have
 # multiple OnAccessIncludePath directives but each directory must be added
 # in a separate line. (On-access scan only)
 # Default: disabled
 #OnAccessIncludePath /home
 #OnAccessIncludePath /students
 # Set the exclude paths. All subdirectories are also excluded.
 # (On-access scan only)
 # Default: disabled
 #OnAccessExcludePath /home/bofh
 # With this option you can whitelist specific UIDs. Processes with these UIDs
 # will be able to access all files.
 # This option can be used multiple times (one per line).
 # Default: disabled
 #OnAccessExcludeUID 0
 # Toggles dynamic directory determination. Allows for recursively watching include paths.
 # (On-access scan only)
 # Default: no
 #OnAccessDisableDDD yes
 # Modifies fanotify blocking behaviour when handling permission events.
 # If off, fanotify will only notify if the file scanned is a virus,
 # and not perform any blocking.
 # (On-access scan only)
 # Default: no
 #OnAccessPrevention yes
 # Toggles extra scanning and notifications when a file or directory is created or moved.
 # Requires the  DDD system to kick-off extra scans.
 # (On-access scan only)
 # Default: no
 #OnAccessExtraScanning yes
 ##
 ## Bytecode
 ##
 # With this option enabled ClamAV will load bytecode from the database. 
 # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
 # Default: yes
 #Bytecode yes
 # Set bytecode security level.
 # Possible values:
 #       None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
 #         This value is only available if clamav was built with --enable-debug!
 #       TrustSigned - trust bytecode loaded from signed .c[lv]d files,
 #                insert runtime safety checks for bytecode loaded from other sources
 #       Paranoid - don't trust any bytecode, insert runtime checks for all
 # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
 # Note that by default only signed bytecode is loaded, currently you can only
 # load unsigned bytecode in --enable-debug mode.
 #
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 # Set bytecode timeout in miliseconds.
 # 
 # Default: 5000
 # BytecodeTimeout 1000
 ##
 ## Statistics gathering and submitting
 ##
 # Enable statistical reporting.
 # Default: no
 #StatsEnabled yes
 # Disable submission of individual PE sections for files flagged as malware.
 # Default: no
 #StatsPEDisabled yes
 # HostID in the form of an UUID to use when submitting statistical information.
 # Default: auto
 #StatsHostID auto
 # Time in seconds to wait for the stats server to come back with a response
 # Default: 10
 #StatsTimeout 10
--- a/cloud/cloud.cfg.rpmsave
+++ b/cloud/cloud.cfg.rpmsave
@@ -1,69 +0,0 @@
 users:
 - default
 disable_root: 1
 ssh_pwauth:   0
 mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
 resize_rootfs_tmp: /dev
 ssh_deletekeys:   0
 ssh_genkeytypes:  ~
 syslog_fix_perms: ~
 disable_vmware_customization: false
 cloud_init_modules:
 - disk_setup
 - migrator
 - bootcmd
 - write-files
 - growpart
 - resizefs
 - set_hostname
 - update_hostname
 - update_etc_hosts
 - rsyslog
 - users-groups
 - ssh
 cloud_config_modules:
 - mounts
 - locale
 - set-passwords
 - rh_subscription
 - yum-add-repo
 - package-update-upgrade-install
 - timezone
 - puppet
 - chef
 - salt-minion
 - mcollective
 - disable-ec2-metadata
 - runcmd
 cloud_final_modules:
 - rightscale_userdata
 - scripts-per-once
 - scripts-per-boot
 - scripts-per-instance
 - scripts-user
 - ssh-authkey-fingerprints
 - keys-to-console
 - phone-home
 - final-message
 - power-state-change
 system_info:
  default_user:
    name: centos
    lock_passwd: true
    gecos: Cloud User
    groups: [adm, systemd-journal]
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /bin/bash
  distro: rhel
  paths:
    cloud_dir: /var/lib/cloud
    templates_dir: /etc/cloud/templates
  ssh_svcname: sshd
 # vim:syntax=yaml
--- a/cron.d/clamav-unofficial-sigs
+++ b/cron.d/clamav-unofficial-sigs
@@ -26,6 +26,6 @@
 # 60 - 600 seconds.  To Adjust the cron values, edit your configs and run
 # bash clamav-unofficial-sigs.sh --install-cron to generate a new file.
 MAILTO=root
-1 0 * * *  root [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --force && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --update && chown amavis:amavis /etc/clamd.d/ -R && chown amavis:amavis /etc/clamd.conf && sudo systemctl restart clamd
+1 0 * * * root cronitor exec no4Ch4 "[ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --force && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --update && chown amavis:amavis /etc/clamd.d/ -R && chown amavis:amavis /etc/clamd.conf && sudo systemctl restart clamd"
 # https://eXtremeSHOK.com ######################################################
--- a/cron.d/csf_update
+++ b/cron.d/csf_update
@@ -1,2 +1,2 @@
 SHELL=/bin/sh
-7 20 * * * root /usr/sbin/csf -u
+7 20 * * * root cronitor exec V8JpWv /usr/sbin/csf -u
--- a/cron.d/lfd-cron
+++ b/cron.d/lfd-cron
@@ -1,2 +1,2 @@
 SHELL=/bin/sh
-0 0 * * * root /usr/sbin/csf --lfd restart > /dev/null 2>&1
+0 0 * * * root cronitor exec 9v9pQX /usr/sbin/csf --lfd restart > /dev/null 2>&1
--- a/cron.d/maldet_pub
+++ b/cron.d/maldet_pub
@@ -1 +1 @@
-*/5 * * * * root /usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1
+*/5 * * * * root cronitor exec okp04n /usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1
--- a/cron.daily/csget
+++ b/cron.daily/csget
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 ###############################################################################
-# Copyright 2006-2020, Way to the Web Limited
+# Copyright 2006-2023, Way to the Web Limited
 # URL: http://www.configserver.com
 # Email: sales@waytotheweb.com
 ###############################################################################
--- a/cron.daily/maldet
+++ b/cron.daily/maldet
@@ -88,8 +88,8 @@ elif [ "$cron_daily_scan" == "1" ]; then
 	elif [ -d "/var/customers/webs" ]; then
 		# froxlor
 		$inspath/maldet -b -r /var/customers/webs/ $scan_days >> /dev/null 2>&1
-        elif [ -d "/usr/local/vesta" ]; then
+        elif [ -d "/usr/local/vesta" ] || [ -d "/usr/local/hestia" ]; then
-                # VestaCP
+                # VestaCP or HestiaCP
                $inspath/maldet -b -r /home/?/web/?/public_html/,/home/?/web/?/public_shtml/,/home/?/tmp/,/home/?/web/?/private/ $scan_days >> /dev/null 2>&1
        elif [ -d "/usr/share/dtc" ]; then
                # DTC
@@ -99,7 +99,7 @@ elif [ "$cron_daily_scan" == "1" ]; then
                $inspath/maldet -b -r ${conf_hosting_path:-/var/www/sites}/?/?/subdomains/?/html/ $scan_days >> /dev/null 2>&1
 	else
 		# cpanel, interworx and other standard home/user/public_html setups
-	        $inspath/maldet -b -r /home?/?/public_html/,/var/www/html/,/usr/local/apache/htdocs/ $scan_days >> /dev/null 2>&1
+	        $inspath/maldet -b -r /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ $scan_days >> /dev/null 2>&1
 	fi
 fi
--- a/cron.daily/netdata-updater
+++ b/cron.daily/netdata-updater
@@ -0,0 +1 @@
 /usr/libexec/netdata/netdata-updater.sh
--- a/cronitor/cronitor.json
+++ b/cronitor/cronitor.json
@@ -0,0 +1,7 @@
 {
    "CRONITOR_API_KEY": "a580c8932f144886b56140690063b52b",
    "CRONITOR_PING_API_KEY": "",
    "CRONITOR_HOSTNAME": "",
    "CRONITOR_LOG": "",
    "CRONITOR_ENV": ""
 }
--- a/crowdsec/collections/apache2.yaml
+++ b/crowdsec/collections/apache2.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/apache2.yaml
--- a/crowdsec/collections/base-http-scenarios.yaml
+++ b/crowdsec/collections/base-http-scenarios.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/base-http-scenarios.yaml
--- a/crowdsec/collections/http-cve.yaml
+++ b/crowdsec/collections/http-cve.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/http-cve.yaml
--- a/crowdsec/collections/linux.yaml
+++ b/crowdsec/collections/linux.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/linux.yaml
--- a/crowdsec/collections/mysql.yaml
+++ b/crowdsec/collections/mysql.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/mysql.yaml
--- a/crowdsec/collections/nginx.yaml
+++ b/crowdsec/collections/nginx.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/nginx.yaml
--- a/crowdsec/collections/sshd.yaml
+++ b/crowdsec/collections/sshd.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/collections/crowdsecurity/sshd.yaml
--- a/crowdsec/parsers/s00-raw/syslog-logs.yaml
+++ b/crowdsec/parsers/s00-raw/syslog-logs.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
--- a/crowdsec/parsers/s01-parse/apache2-logs.yaml
+++ b/crowdsec/parsers/s01-parse/apache2-logs.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/apache2-logs.yaml
--- a/crowdsec/parsers/s01-parse/mysql-logs.yaml
+++ b/crowdsec/parsers/s01-parse/mysql-logs.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/mysql-logs.yaml
--- a/crowdsec/parsers/s01-parse/nginx-logs.yaml
+++ b/crowdsec/parsers/s01-parse/nginx-logs.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/nginx-logs.yaml
--- a/crowdsec/parsers/s01-parse/sshd-logs.yaml
+++ b/crowdsec/parsers/s01-parse/sshd-logs.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
--- a/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml
+++ b/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
--- a/crowdsec/parsers/s02-enrich/geoip-enrich.yaml
+++ b/crowdsec/parsers/s02-enrich/geoip-enrich.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
--- a/crowdsec/parsers/s02-enrich/http-logs.yaml
+++ b/crowdsec/parsers/s02-enrich/http-logs.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/http-logs.yaml
--- a/crowdsec/parsers/s02-enrich/whitelists.yaml
+++ b/crowdsec/parsers/s02-enrich/whitelists.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
--- a/crowdsec/scenarios/CVE-2019-18935.yaml
+++ b/crowdsec/scenarios/CVE-2019-18935.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2019-18935.yaml
--- a/crowdsec/scenarios/CVE-2022-26134.yaml
+++ b/crowdsec/scenarios/CVE-2022-26134.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-26134.yaml
--- a/crowdsec/scenarios/CVE-2022-35914.yaml
+++ b/crowdsec/scenarios/CVE-2022-35914.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-35914.yaml
--- a/crowdsec/scenarios/CVE-2022-37042.yaml
+++ b/crowdsec/scenarios/CVE-2022-37042.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-37042.yaml
--- a/crowdsec/scenarios/CVE-2022-40684.yaml
+++ b/crowdsec/scenarios/CVE-2022-40684.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-40684.yaml
--- a/crowdsec/scenarios/CVE-2022-41082.yaml
+++ b/crowdsec/scenarios/CVE-2022-41082.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-41082.yaml
--- a/crowdsec/scenarios/CVE-2022-41697.yaml
+++ b/crowdsec/scenarios/CVE-2022-41697.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-41697.yaml
--- a/crowdsec/scenarios/CVE-2022-42889.yaml
+++ b/crowdsec/scenarios/CVE-2022-42889.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-42889.yaml
--- a/crowdsec/scenarios/CVE-2022-44877.yaml
+++ b/crowdsec/scenarios/CVE-2022-44877.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-44877.yaml
--- a/crowdsec/scenarios/CVE-2022-46169.yaml
+++ b/crowdsec/scenarios/CVE-2022-46169.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2022-46169.yaml
--- a/crowdsec/scenarios/CVE-2023-22515.yaml
+++ b/crowdsec/scenarios/CVE-2023-22515.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22515.yaml
--- a/crowdsec/scenarios/CVE-2023-22518.yaml
+++ b/crowdsec/scenarios/CVE-2023-22518.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22518.yaml
--- a/crowdsec/scenarios/apache_log4j2_cve-2021-44228.yaml
+++ b/crowdsec/scenarios/apache_log4j2_cve-2021-44228.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml
--- a/crowdsec/scenarios/f5-big-ip-cve-2020-5902.yaml
+++ b/crowdsec/scenarios/f5-big-ip-cve-2020-5902.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml
--- a/crowdsec/scenarios/fortinet-cve-2018-13379.yaml
+++ b/crowdsec/scenarios/fortinet-cve-2018-13379.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml
--- a/crowdsec/scenarios/grafana-cve-2021-43798.yaml
+++ b/crowdsec/scenarios/grafana-cve-2021-43798.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/grafana-cve-2021-43798.yaml
--- a/crowdsec/scenarios/http-backdoors-attempts.yaml
+++ b/crowdsec/scenarios/http-backdoors-attempts.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-backdoors-attempts.yaml
--- a/crowdsec/scenarios/http-bad-user-agent.yaml
+++ b/crowdsec/scenarios/http-bad-user-agent.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-bad-user-agent.yaml
--- a/crowdsec/scenarios/http-crawl-non_statics.yaml
+++ b/crowdsec/scenarios/http-crawl-non_statics.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-crawl-non_statics.yaml
--- a/crowdsec/scenarios/http-cve-2021-41773.yaml
+++ b/crowdsec/scenarios/http-cve-2021-41773.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-cve-2021-41773.yaml
--- a/crowdsec/scenarios/http-cve-2021-42013.yaml
+++ b/crowdsec/scenarios/http-cve-2021-42013.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-cve-2021-42013.yaml
--- a/crowdsec/scenarios/http-generic-bf.yaml
+++ b/crowdsec/scenarios/http-generic-bf.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-generic-bf.yaml
--- a/crowdsec/scenarios/http-open-proxy.yaml
+++ b/crowdsec/scenarios/http-open-proxy.yaml
@@ -0,0 +1 @@
 /etc/crowdsec/hub/scenarios/crowdsecurity/http-open-proxy.yaml
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
bms8197	6ccbd30ba3	saving uncommitted changes in /etc prior to dnf run	2024-02-15 00:40:14 +02:00
bms8197	fa83660086	saving uncommitted changes in /etc prior to dnf run	2024-02-08 19:10:52 +02:00
bms8197	ff685aec55	committing changes in /etc made by "-bash" Package changes:	2024-02-02 14:02:38 +02:00
bms8197	d28c0d8e44	saving uncommitted changes in /etc prior to dnf run	2024-02-02 13:49:32 +02:00
bms8197	bfb6798dff	saving uncommitted changes in /etc prior to dnf run	2023-12-29 20:15:47 +02:00
bms8197	d86b00a508	committing changes in /etc made by "-bash" Package changes:	2023-12-20 12:40:27 +02:00
bms8197	251b71f61f	saving uncommitted changes in /etc prior to dnf run	2023-12-20 12:38:17 +02:00
bms8197	14b2ede753	saving uncommitted changes in /etc prior to dnf run	2023-11-27 23:35:41 +02:00
bms8197	e8ff7fce2f	committing changes in /etc made by "-bash" Package changes:	2023-11-26 12:16:34 +02:00
bms8197	c1fb419da5	saving uncommitted changes in /etc prior to dnf run	2023-11-26 12:09:12 +02:00
bms8197	f9fdf2322f	committing changes in /etc made by "-bash" Package changes:	2023-11-17 20:27:00 +02:00
bms8197	dc6cd9f4e0	committing changes in /etc made by "-bash" Package changes:	2023-11-17 20:26:19 +02:00
bms8197	503948dc29	committing changes in /etc made by "-bash" Package changes:	2023-11-17 20:09:52 +02:00
bms8197	0f42fc294d	saving uncommitted changes in /etc prior to dnf run	2023-11-17 20:08:58 +02:00
bms8197	e11f2a29c2	committing changes in /etc made by "-bash" Package changes:	2023-11-17 20:02:25 +02:00
bms8197	a26f09059a	committing changes in /etc made by "-bash" Package changes:	2023-11-17 20:00:37 +02:00
bms8197	4bc34dfb47	committing changes in /etc made by "-bash" Package changes:	2023-11-17 20:00:12 +02:00
bms8197	2ff7a6d330	saving uncommitted changes in /etc prior to dnf run	2023-11-17 19:58:12 +02:00
bms8197	4dc04f9948	committing changes in /etc made by "-bash" Package changes:	2023-11-16 20:46:14 +02:00
bms8197	5ef92006b6	saving uncommitted changes in /etc prior to dnf run	2023-11-16 20:45:20 +02:00
bms8197	5583cdecd3	saving uncommitted changes in /etc prior to dnf run	2023-11-16 14:08:19 +02:00
bms8197	a6d2827810	saving uncommitted changes in /etc prior to dnf run	2023-11-10 10:40:04 +02:00
bms8197	fec2482135	committing changes in /etc made by "-bash" Package changes:	2023-10-23 15:57:39 +03:00
bms8197	7817b40ae2	saving uncommitted changes in /etc prior to dnf run	2023-10-23 15:56:04 +03:00
bms8197	04237a62d6	committing changes in /etc made by "-bash" Package changes:	2023-09-21 09:45:14 +03:00
bms8197	68dd493848	saving uncommitted changes in /etc prior to dnf run	2023-09-21 09:43:18 +03:00
bms8197	59d3c2af55	committing changes in /etc made by "-bash" Package changes:	2023-09-07 07:14:17 +03:00
bms8197	8c945ffc5e	saving uncommitted changes in /etc prior to dnf run	2023-09-07 07:10:56 +03:00
bms8197	0ea67db15e	committing changes in /etc made by "-bash" Package changes:	2023-09-04 09:19:01 +03:00
bms8197	dac424ac1f	saving uncommitted changes in /etc prior to dnf run	2023-09-04 09:15:26 +03:00
bms8197	b9d544b9c6	saving uncommitted changes in /etc prior to dnf run	2023-08-10 11:58:05 +03:00
bms8197	2d84c3580c	saving uncommitted changes in /etc prior to dnf run	2023-06-27 22:18:38 +03:00
bms8197	43d4d203a1	daily autocommit	2023-06-24 11:25:47 +03:00
bms8197	9b764da8f5	committing changes in /etc made by "-bash" Package changes:	2023-06-17 19:40:56 +03:00
bms8197	63cea6f394	daily autocommit	2023-06-17 19:37:25 +03:00
bms8197	f462f45609	saving uncommitted changes in /etc prior to dnf run	2023-06-13 09:55:55 +03:00
bms8197	f7af00565c	committing changes in /etc made by "-bash" Package changes:	2023-06-12 09:31:52 +03:00
bms8197	c0fa2707f8	saving uncommitted changes in /etc prior to dnf run	2023-06-12 09:28:21 +03:00
bms8197	e785e0b85d	daily autocommit	2023-06-01 06:56:13 +03:00
bms8197	825d70ab00	saving uncommitted changes in /etc prior to dnf run	2023-05-25 15:28:45 +03:00
bms8197	d564162974	committing changes in /etc made by "-bash" Package changes:	2023-05-25 13:41:40 +03:00
bms8197	a96e2e2fa1	saving uncommitted changes in /etc prior to dnf run	2023-05-25 13:34:42 +03:00
bms8197	8cef75f735	saving uncommitted changes in /etc prior to dnf run	2023-05-21 00:34:33 +03:00
bms8197	b3b28f4d51	saving uncommitted changes in /etc prior to dnf run	2023-05-18 01:26:51 +03:00
bms8197	1286f18d7d	committing changes in /etc made by "-bash" Package changes:	2023-05-14 11:40:59 +03:00
bms8197	9e4b84c951	saving uncommitted changes in /etc prior to dnf run	2023-04-18 23:28:10 +03:00
bms8197	8710bcfdbd	committing changes in /etc made by "-bash" Package changes:	2023-04-14 01:32:52 +03:00
bms8197	72dfd9177b	saving uncommitted changes in /etc prior to dnf run	2023-04-14 01:29:05 +03:00
bms8197	63e9df51ef	saving uncommitted changes in /etc prior to dnf run	2023-03-31 00:39:27 +03:00
bms8197	9a0e53350d	committing changes in /etc made by "-bash" Package changes:	2023-03-26 20:38:37 +03:00
bms8197	cc404f64a0	saving uncommitted changes in /etc prior to dnf run	2023-03-26 20:37:13 +03:00
bms8197	b2079753b5	saving uncommitted changes in /etc prior to dnf run	2023-03-16 13:11:21 +02:00
bms8197	af4042f69f	saving uncommitted changes in /etc prior to dnf run	2023-03-12 10:41:59 +02:00
bms8197	e5d4220c2b	committing changes in /etc made by "-bash" Package changes:	2023-02-27 18:18:40 +02:00
bms8197	6ac4ecd99b	saving uncommitted changes in /etc prior to dnf run	2023-02-27 18:16:17 +02:00
bms8197	9ba65281c7	saving uncommitted changes in /etc prior to dnf run	2023-02-19 12:18:27 +02:00
bms8197	30c2983dd2	saving uncommitted changes in /etc prior to dnf run	2023-02-19 09:26:00 +02:00
bms8197	bfb4916e2b	committing changes in /etc made by "bash i360deploy.sh --uninstall" Package changes:	2023-02-13 12:13:05 +02:00
bms8197	df88f452e8	saving uncommitted changes in /etc prior to dnf run	2023-02-13 12:11:16 +02:00
bms8197	54c4e5b173	committing changes in /etc made by "bash i360deploy.sh --key IMUNX4Nv23rDqdjndBH" Package changes:	2023-02-09 14:52:03 +02:00
bms8197	4911d0453d	saving uncommitted changes in /etc prior to dnf run	2023-02-09 14:51:39 +02:00
bms8197	f150a7c81b	saving uncommitted changes in /etc prior to dnf run	2023-02-09 14:41:26 +02:00
bms8197	b78b22077d	committing changes in /etc made by "-bash" Package changes:	2023-02-06 14:26:39 +02:00
bms8197	e582ddedad	committing changes in /etc made by "sh /tmp/netdata-kickstart.sh --claim-token aLhhRAZeOuysZlEP2bXAEarAjyl6z0IlFnLpMtFWsqkdYLI6WmChuWGDFb4yhAopbktpArp9VzOZWVnjNXyjXOeaa3YDjx1-lkEtn8eUVo6tmzvLmla3qos98YymqYnDdQFLpAw --claim-url https://app.netdata.cloud " Package changes:	2023-01-24 13:04:06 +02:00
bms8197	59be7aacb9	committing changes in /etc made by "sh /tmp/netdata-kickstart.sh --claim-token aLhhRAZeOuysZlEP2bXAEarAjyl6z0IlFnLpMtFWsqkdYLI6WmChuWGDFb4yhAopbktpArp9VzOZWVnjNXyjXOeaa3YDjx1-lkEtn8eUVo6tmzvLmla3qos98YymqYnDdQFLpAw --claim-url https://app.netdata.cloud " Package changes:	2023-01-24 13:02:24 +02:00
bms8197	559dda8aca	saving uncommitted changes in /etc prior to dnf run	2023-01-24 13:01:42 +02:00
bms8197	8020b94673	committing changes in /etc made by "-bash" Package changes:	2023-01-21 21:29:46 +02:00
bms8197	a6522d599d	saving uncommitted changes in /etc prior to dnf run	2023-01-21 21:29:16 +02:00
bms8197	561a4bb235	committing changes in /etc made by "-bash" Package changes:	2023-01-21 21:07:09 +02:00
bms8197	39d237c16a	saving uncommitted changes in /etc prior to dnf run	2023-01-21 21:05:51 +02:00
bms8197	2eee942fa0	committing changes in /etc made by "-bash" Package changes:	2023-01-03 11:02:25 +02:00
bms8197	3f16c9650c	saving uncommitted changes in /etc prior to dnf run	2022-12-28 12:36:50 +02:00
bms8197	dc029b16a4	committing changes in /etc made by "-bash" Package changes:	2022-12-15 13:18:49 +02:00
bms8197	8a3dd155de	saving uncommitted changes in /etc prior to dnf run	2022-12-15 13:17:17 +02:00
bms8197	933e1a68af	committing changes in /etc made by "-bash" Package changes:	2022-12-06 15:24:54 +02:00
bms8197	8d5c8e7d51	saving uncommitted changes in /etc prior to dnf run	2022-12-06 15:23:01 +02:00
bms8197	c2bc13380e	committing changes in /etc made by "-bash" Package changes:	2022-12-06 15:21:59 +02:00
bms8197	2900721b19	saving uncommitted changes in /etc prior to dnf run	2022-12-06 15:21:35 +02:00
bms8197	36b77bfee3	committing changes in /etc made by "-bash" Package changes:	2022-12-02 12:29:18 +02:00
bms8197	c92cb0f5b2	saving uncommitted changes in /etc prior to dnf run	2022-12-02 12:27:10 +02:00
bms8197	90c134cd7f	committing changes in /etc made by "-bash" Package changes:	2022-11-16 16:04:55 +02:00
bms8197	78c5f6b37f	saving uncommitted changes in /etc prior to dnf run	2022-11-16 16:04:08 +02:00
bms8197	b7016aaf8d	saving uncommitted changes in /etc prior to dnf run	2022-11-14 23:19:14 +02:00
bms8197	4e7bd584fa	committing changes in /etc made by "-bash" Package changes:	2022-11-12 19:11:07 +02:00
`@@ -1 +1 @@`
	`AlmaLinux release 8.6 (Sky Tiger)`	`AlmaLinux release 8.9 (Midnight Oncilla)`
`@@ -1 +1 @@`
	`Derived from Red Hat Enterprise Linux 8.6 (Source)`	`Derived from Red Hat Enterprise Linux 8.9 (Source)`
		`@@ -1 +1 @@`
			`/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/alt-java`				`/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64/jre/bin/alt-java`
		`@@ -1 +1 @@`
			`/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz`				`/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz`
		`@@ -1 +1 @@`
			`/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz`				`/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz`
		`@@ -1 +1 @@`
			`/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz`				`/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz`
		`@@ -1 +1 @@`
			`/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64`				`/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64`
		`@@ -1 +1 @@`
			`/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz`				`/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz`
		`@@ -1 +1 @@`
			`/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.1.gz`				`/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.1.gz`