#!/bin/sh
# cpanel - clamavconnector/install                Copyright(c) 2012 cPanel, Inc.
#                                                           All rights Reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

AVV=0.97.8
AVVOLD=0.97.6

CHKSERVD_SUSPENDED=""

if [ -x /usr/local/cpanel/3rdparty/bin/perl ]; then
    PERL=/usr/local/cpanel/3rdparty/bin/perl
else
    PERL=/usr/bin/perl
fi

# Suspend chkservd notifications
if [ ! -e "/var/run/chkservd.suspend" ]; then
    touch /var/run/chkservd.suspend
    CHKSERVD_SUSPENDED="yes"
fi

if [ -d "clamav-${AVVOLD}" ]; then
    cd clamav-${AVVOLD}
    make uninstall
    killall -9 clamd
    cd ..
    rm -rf clamav-${AVVOLD}
fi

if [ -e "clamav-${AVVOLD}.tar.gz" ]; then
    rm -f clamav-${AVVOLD}.tar.gz
fi

if [ -e "clamav-${AVVOLD}.tar.gz.sig" ]; then
    rm -f clamav-${AVVOLD}.tar.gz.sig
fi

CPANEL_EXECUTABLE=/usr/local/cpanel/cpanel
if [ ! -e "$CPANEL_EXECUTABLE" ]; then
	CPANEL_EXECUTABLE=/usr/local/cpanel/cpanel.pl
fi

if [ "`$CPANEL_EXECUTABLE -V | sed -e 's/-.*$//' | awk -F. '{print $1$2}'`" -lt 96 ]; then
    echo "Sorry, you must have cPanel 9.6 or later to use this feature"
	if [ -e "/var/cpanel/addonmoduleversions/clamavconnector" ]; then
		echo -n "failed" > /var/cpanel/addonmoduleversions/clamavconnector
	fi
	if [ -e "/var/run/chkservd.suspend" -a "$CHKSERVD_SUSPENDED" = "yes" ]; then
	    rm -f /var/run/chkservd.suspend
	fi
	exit 1
fi

if [ "`whoami`" != "root" ]; then
	echo "You must be root to install clamav"
	if [ -e "/var/run/chkservd.suspend" -a "$CHKSERVD_SUSPENDED" = "yes" ]; then
	    rm -f /var/run/chkservd.suspend
	fi
	exit 1
fi

if [ -e "/etc/debian_version" ]; then
    /scripts/ensurerpm libgmp3-dev bzip2-devel zlib-devel
elif [ -e "/etc/gentoo-release" ]; then
    /scripts/ensurerpm gmp zlib bzip2
elif [ "`uname -s`" = "FreeBSD" ]; then
    /scripts/ensurerpm libgmp zip
else
    /scripts/ensurerpm bzip2-devel zlib-devel zlib1g-dev gmp-devel
fi

/scripts/adduser clamav /usr/local 0 >/dev/null 2>&1
chsh -s /bin/false clamav >/dev/null 2>&1
if [ -e "/usr/sbin/pw" ]; then
	/usr/sbin/pw lock clamav 2>/dev/null
else
	passwd -l clamav 2>/dev/null
fi

echo "zlib version checking disabled. zlib versions <= 1.2.1 have a known security vulnerability"
echo "See http://www.zlib.net/ for more information"

if [ -e clamav-$AVV ]; then
    rm -rf clamav-$AVV
fi

BSDTAR="no"
if [ "`tar --version | grep bsdtar`" != "" ]; then
    BSDTAR="yes"
fi

if [ "$BSDTAR" = "yes" ]; then
    tar -x -z -o -v -f clamav-$AVV.tar.gz
else
    tar -x -z --no-same-owner --no-same-permissions -v -f clamav-$AVV.tar.gz
fi

# These lead to lots of false positives, so disable them by default.
$PERL -pi -e "s/^\s*#?\s*PhishingSignatures.*/PhishingSignatures no/" clamav-$AVV/etc/clamd.conf
$PERL -pi -e "s/^\s*#?\s*PhishingScanURLs.*/PhishingScanURLs no/" clamav-$AVV/etc/clamd.conf

libdir=""
if [ -e "/usr/lib64" ]; then
    libdir="--libdir=/usr/lib64"
fi

(cd clamav-$AVV && ./configure --prefix=/usr $libdir --sysconfdir=/etc --disable-ipv6 --disable-zlib-vcheck && make && make install)

if [ "x$?" != "x0" ]; then
    exit 1
fi

mkdir /usr/share/clamav
chown clamav:clamav /usr/share/clamav

touch /var/log/clam-update.log
chmod 600 /var/log/clam-update.log
chown clamav /var/log/clam-update.log

(cd /usr/local/bin;ln -s ../../bin/freshclam)

$PERL -pi -e "s/^\s*Example.*/# Example/g" /etc/freshclam.conf

/usr/bin/freshclam

# Create freshclam cronjob
./setupcrontab

if [ "`grep LocalSocketGroup /etc/clamd.conf`" = "" ]; then
	echo "Detected broken /etc/clamd.conf. Installing default version."
	cp -f clamav-$AVV/etc/clamd.conf /etc/clamd.conf
fi

if [ "`grep FixStaleSocket /etc/clamd.conf`" = "" ]; then
	echo "FixStaleSocket yes" >> /etc/clamd.conf
fi

if [ "`grep 'LocalSocket ' /etc/clamd.conf`" = "" ]; then
	echo "Adding missing LocalSocket directive to /etc/clamd.conf."
	echo "LocalSocket /var/clamd" >> /etc/clamd.conf
fi

$PERL -pi -e "s/^\s*Example.*/# Example/g" /etc/clamd.conf
$PERL -pi -e "s/^\s*#?\s*FixStaleSocket.*/FixStaleSocket yes/g" /etc/clamd.conf
$PERL -pi -e "s/^\s*#?\s*ScanMail.*/ScanMail yes/" /etc/clamd.conf
$PERL -pi -e "s/^\s*#?\s*LocalSocket\s.*/LocalSocket \/var\/clamd/" /etc/clamd.conf

if [ -x /usr/local/cpanel/scripts/restartsrv_clamd ]; then
    /usr/local/cpanel/scripts/restartsrv_clamd
else
    killall -TERM clamd
    sleep 1
    killall -KILL clamd
    /usr/sbin/clamd
fi

# Allowing time for clamd socket to become available after restarting clamd.
# (This is to prevent race condition in which exim process in the subsequent step
# is also trying to access the same clamd socket -- /var/clamd.)
sleep 7;

# Include clamd entry in "/etc/chkserv.d/chkservd.conf" for clamd monitoring service
chkserv_conf_file='/etc/chkserv.d/chkservd.conf'
if [ -e $chkserv_conf_file ]; then
  if [ "`grep '^clamd:[0-1]' $chkserv_conf_file`" == "" ]; then
      echo 'clamd:1' >> $chkserv_conf_file
  fi
else
  echo "Warning: \"clamd\" could not be added for chkservd monitoring -- expected config file \"$chkserv_conf_file\" does not exist."
fi

# Unsuspend chkservd notifications
if [ -e "/var/run/chkservd.suspend" -a "$CHKSERVD_SUSPENDED" = "yes" ]; then
    rm -f /var/run/chkservd.suspend
fi

echo "service[clamd]=x,x,x,/scripts/restartsrv_clamd,clamd,root" > /etc/chkserv.d/clamd
if [ -x /usr/local/cpanel/scripts/restartsrv_chkservd ]; then
    /usr/local/cpanel/scripts/restartsrv_chkservd
elif [ -x /etc/rc.d/init.d/chkservd ]; then
    /etc/rc.d/init.d/chkservd restart
elif [ -e /var/run/chkservd.pid ]; then
    kill `cat /var/run/chkservd.pid`
    /usr/local/cpanel/libexec/chkservd
fi

/usr/local/cpanel/scripts/buildeximconf
/usr/local/cpanel/scripts/restartsrv_exim

CPARGS="-afv"

if [ "`uname -s`" = "FreeBSD" ]; then
	CPARGS="-Rpf"
fi

# Always use "ClamScanner.pm" from the install package (fb #41777)
if [ -e "/usr/local/cpanel/Cpanel/OSSys.pm" ]; then
    cp $CPARGS Cpanel/ClamScanner.pm /usr/local/cpanel/Cpanel/ClamScanner.pm
else
    cp $CPARGS Cpanel/ClamScanner.pm.pre11 /usr/local/cpanel/Cpanel/ClamScanner.pm
fi

# make sure that we have File::Scan::ClamAV installed
if [ -x /usr/local/cpanel/bin/cpanm ]; then
    $PERL /usr/local/cpanel/bin/cpanm File::Scan::ClamAV
fi

theme_dir='/usr/local/cpanel/base/frontend'

# Setting when "x" theme dir is detected
if [ -d "$theme_dir/x" ]; then
    cp $CPARGS html/clamavconnector $theme_dir/x

    mkdir $theme_dir/x/cells
    cp $CPARGS cells/clamavconnector.html $theme_dir/x/cells/
fi

# Setting when "x2" theme dir is detected
if [ -d "$theme_dir/x2" ]; then

    if [ -d "$theme_dir/x" ]; then
        ln -s $theme_dir/x/clamavconnector $theme_dir/x2/clamavconnector
        ln -s $theme_dir/x/cells $theme_dir/x2/cells
    else
        cp $CPARGS html/clamavconnector $theme_dir/x2

        mkdir $theme_dir/x2/cells
        cp $CPARGS cells/clamavconnector.html $theme_dir/x2/cells/
    fi
fi

if [ -f "/usr/local/cpanel/whostmgr/addonsfeatures" ]; then
   rm -f /usr/local/cpanel/whostmgr/addonsfeatures
fi

if [ ! -e "/usr/local/cpanel/whostmgr/addonsfeatures" ]; then
   mkdir -p /usr/local/cpanel/whostmgr/addonsfeatures
fi

cp $CPARGS whmaddons/clamavconnector /usr/local/cpanel/whostmgr/addonsfeatures/

cp $CPARGS addon_clamavconnector.cgi /usr/local/cpanel/whostmgr/docroot/cgi

if [ -e "/usr/local/cpanel/bin/register_appconfig" ]; then
  /usr/local/cpanel/bin/register_appconfig appconfig/clamavconnector.conf
else
  if [ ! -e "/var/cpanel/apps" ]; then
    mkdir /var/cpanel/apps
    chmod 755 /var/cpanel/apps
  fi
  cp $CPARGS appconfig/clamavconnector.conf /var/cpanel/apps/clamavconnector.conf
fi

echo "zlib version checking was disabled. zlib versions <= 1.2.1 have a known security vulnerability"
echo "See http://www.zlib.net/ for more information"
