[Pkg-clamav-commits] [SCM] packaging for clamav-unoffical-sigs branch, master, updated. debian/3.3-2-9-g703c0b0
Paul Wise
pabs at debian.org
Sun Jul 5 06:26:02 UTC 2009
The following commit has been merged in the master branch:
commit f644b10039e3904d1a9f5a1429301583f4e2ca51
Author: Paul Wise <pabs at debian.org>
Date: Sun Jul 5 14:10:57 2009 +0800
Imported Upstream version 3.5.4
diff --git a/CHANGELOG b/CHANGELOG
index 68e8e65..3630b01 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,80 @@ written by Bill Landry (bill at inetmsg.com). The script provides a simple
way to download, test and run the third-party ClamAV signature databases
provided by Sanesecurity, MSRBL, SecuriteInfo, MalwarePatrol, and OITC.
+Version 3.5.4 (updated 2009-06-25)
+ - Removed an unnecessary early database reload when a change was
+ detected by the script in the local.ign signature bypass file.
+ - The script was not properly handling exit status when configured
+ with full script output silence and database reloading was
+ disabled. Issue reported by Andreas Prieß.
+ - The script was not detecting bypass signature entry changes in
+ local.ign if the entry did not include the line number in the
+ bypass signature entry. Issue reported by Paul Enlund.
+ - Windows convention is to end each line of text with the carriage
+ return character followed by the newline character. In order to
+ work around this, the script now strips the CRLF from the end of
+ signature lines before testing for changes, modifications, or
+ removal of local.ign bypassed signature entries. Issue reported
+ by Paul Enlund.
+
+Version 3.5.3 (updated 2009-06-04)
+ - Replaced 'sed -i' (in-place) 'replace/remove' code in the script
+ with similar perl code. It was determined that sed varies too
+ much between OS platforms. The differences between FBSD, Linux,
+ Sun, and HPUX was too problematic to rely on sed for 'in-place'
+ editing. Thanks to Larry Rosenman for testing the new perl code
+ sections on all 4 platforms listed above.
+
+Version 3.5.2 (updated 2009-06-04)
+ - Renamed the cron and logrotate files, changing the "." to "-" due
+ the fact that some platform (such as Debian) have certain naming
+ restrictions on cron file names that does not allow for the use of
+ a "." in the file name. The documentation has also been updated.
+ Consider renaming your files. Issue reported by Yizhar Hurwitz.
+ - Added the sed "-e" (expression=script) flag to the 4 sed commands
+ that use the "-i" (edit in-place) in the script's "-b" (create
+ signature bypass) flag. Apparently without the sed "-e" flag,
+ FreeBSD intreprets part of the expanded variable as a command.
+ Issue reported by Larry Rosenman.
+ - Replaced a misplaced hard link with the appropriate variable in
+ the signature bypass section of the script. Issue reported by
+ Larry Rosenman.
+ - Added feedback in warning message regarding signature database name
+ misspelling as a possible issue when all rsync mirror sites fail.
+ - Improved the signature bypass code section that monitors hexadecimal
+ signature modifications and removals and keeps local.ign updated.
+
+Version 3.5.1 (updated 2009-05-30)
+ - Fixed an issue with the script exiting with an error condition if
+ both "clamd_reload" is disabled and all script silence options are
+ enabled. Issue reported by Andreas Prieß.
+ - Fixed a /path/file statement that was pointing to a scan test file
+ that was used while testing the script and then inadvertently left
+ in the released script. Issue reported by Lukasz Czarnowski.
+ - Moved all third-party signature databases labeled as medium and high
+ risk (as defined at http://www.sanesecurity.com/clamav/databases.htm)
+ into comment sections in the configuration file with a pointer to the
+ above URL. This will require script users to consciously enable the
+ usage of these potentially high false-positive risk databases rather
+ than have them enabled by default. Requested by Steve Basford.
+
+Version 3.5 (updated 2009-05-25)
+ - Added the '-m' flag that will make a hexadecimal signature database
+ file (*.ndb) from a clear text, ascii source file that contains one
+ data string entry per line that will then be converted into signature
+ lines in the new database file.
+ - Added the new INetMsg SpamDomains database to the config file.
+ - Updated the INSTALL, README and manual page.
+
+Version 3.4 (updated 2009-05-22)
+ - Modified the '-b' (create signature bypass) flag so that the script
+ no longer deletes the local.ign file. The script now tracks changes
+ to any signature bypass entries it creates in local.ign and will
+ remove the signature bypass entry if either the original offending
+ third-party signature being bypassed has been modified or has been
+ removed from the third-party database.
+ - Updated the INSTALL, README and manual page.
+
Version 3.3 (updated 2009-05-19)
- Updated the MalwarePatrol URL to now use their new download link.
- Added a new '-f' flag that can now hexadecimal encode formatted
@@ -19,7 +93,7 @@ Version 3.2 (updated 2009-05-14)
- Repositioned a badly placed 'echo' command that was causing empty
cron emails to be sent even if all silence variables were set in
the config file and no error conditions existed. Issue reported
- by Andreas PrieB.
+ by Andreas Prieß.
- Added a '-b' switch that can be used to create a bypass signature
for local.ign in order to temporarily resolve false-positive issues
with a third-party signature. The local.ign file will automatically
diff --git a/INSTALL b/INSTALL
index 40d19d6..0d0072c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -63,14 +63,14 @@ Install:
cp clamav-unofficial-sigs.sh /path/to/script_dir (usually something like /usr/local/bin)
cp clamav-unofficial-sigs.conf /path/to/config_dir (/etc & usually something like /usr/local/etc)
cp clamav-unofficial-sigs.8 /path/to/man/man8 (usually something like /usr/local/man/man8)
- cp clamav-unofficial-sigs.cron /path/to/cron.d (usually something like /etc/cron.d)
- cp clamav-unofficial-sigs.logrotate /path/to/logrotate.d (usually something like /etc/logrotate.d)
+ cp clamav-unofficial-sigs-cron /path/to/cron.d (usually something like /etc/cron.d)
+ cp clamav-unofficial-sigs-logrotate /path/to/logrotate.d (usually something like /etc/logrotate.d)
==================
USAGE INFORMATION:
==================
-To run at specific time intervals, edit crontab:
+To run at specific time intervals, either use the include cron file or edit the user crontab:
crontab -e
To run hourly, at 15 minute after the hour (for example), add the following to crontab:
@@ -110,6 +110,9 @@ To view Help and Usage instructions:
To output script configuration and system information:
/path/to/clamav-unofficial-sigs.sh -i
+To make a hexadecimal signature database file (*.ndb) from a clear text ascii file:
+ /path/to/clamav-unofficial-sigs.sh -m
+
To completely remove the script and all of its associated files, databases and work directories:
/path/to/clamav-unofficial-sigs.sh -r
diff --git a/README b/README
index 8d0d2a6..3a66dab 100644
--- a/README
+++ b/README
@@ -28,10 +28,10 @@ Files contained in the clamav-unofficial-sigs.tar.gz package:
7. clamav-unofficial-sigs.8 - This is the script's manual page.
-8. clamav-unofficial-sigs.cron - This is the script's cron file used to support automated
+8. clamav-unofficial-sigs-cron - This is the script's cron file used to support automated
script execution at specified time intervals.
-9. clamav-unofficial-sigs.logrotate - This is the script's logrotate file, used to rotate
+9. clamav-unofficial-sigs-logrotate - This is the script's logrotate file, used to rotate
and compress log files at a specified time-interval and to keep the log archives for a
specified time-frame.
@@ -59,5 +59,8 @@ Script (clamav-unofficial-sigs.sh) features & capabilities:
- Separate user configuration file, which will allow users to setup their configuration and not
have to redo the configuration with each new script update.
- The script can hexadecimal encode (for usage) and decode (for viewing) virus signatures.
+- Ability to create a hexadecimal signature database file from a clear text ascii file.
+- Script logging can be enabled/disabled in the configuration file.
+- Includes cron, manual, and logrotate files.
The latest version of the script will always be named: clamav-unofficial-sigs.tar.gz
diff --git a/clamav-unofficial-sigs.cron b/clamav-unofficial-sigs-cron
similarity index 100%
rename from clamav-unofficial-sigs.cron
rename to clamav-unofficial-sigs-cron
diff --git a/clamav-unofficial-sigs.logrotate b/clamav-unofficial-sigs-logrotate
similarity index 100%
rename from clamav-unofficial-sigs.logrotate
rename to clamav-unofficial-sigs-logrotate
diff --git a/clamav-unofficial-sigs.8 b/clamav-unofficial-sigs.8
index 55a07b1..5105c74 100644
--- a/clamav-unofficial-sigs.8
+++ b/clamav-unofficial-sigs.8
@@ -1,5 +1,5 @@
.\" Manual page for clamav-unofficial-sigs.sh
-.TH clamav-unofficial-sigs 8 "May 19, 2009" "Version 3.3" "SCRIPT COMMANDS"
+.TH clamav-unofficial-sigs 8 "June 25, 2009" "Version 3.5.4" "SCRIPT COMMANDS"
.SH NAME
clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases.
.SH SYNOPSIS
@@ -14,9 +14,9 @@ This script follows the standard GNU command line syntax.
A summary of the options is shown below.
.TP
.B \-b
-Add a bypass signature entry to local.ign in order to temporarily resolve a false-positive issue with
-a third-party signature. The local.ign file will automatically be deleted and the databases reloaded
-once the local.ign file's timestamp is 24 hours old.
+Add a bypass signature entry to local.ign in order to temporarily resolve a false-positive issue with a
+third-party signature. The script will monitor any entries it makes to local.ign and will automatically
+remove bypass entries if either the original signature has been modified or removed from the database.
.TP
.B \-c FILE-NAME
Source configuration information from a different file.
@@ -43,6 +43,10 @@ Print the script help and usage information.
.B \-i
Print system and script configuration information.
.TP
+.B \-m
+Make a hexadecimal signature database file (*.ndb) from a clear text ascii file. Provides support for
+both full and formatted signatures. Additional information is provided when using the flag.
+.TP
.B -r
Remove the clamav-unofficial-sigs script and all of its associated
files, databases and work directories from the system.
diff --git a/clamav-unofficial-sigs.conf b/clamav-unofficial-sigs.conf
index d068428..810ca35 100644
--- a/clamav-unofficial-sigs.conf
+++ b/clamav-unofficial-sigs.conf
@@ -35,7 +35,7 @@ PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
export PATH
# Set the appropriate ClamD user and group accounts for your system.
-# If you do not what the script to set user and group permissions on
+# If you do not want the script to set user and group permissions on
# files and directories, comment the next two variables.
clam_user="clamav"
clam_group="clamav"
@@ -108,36 +108,50 @@ max_sleep_time="600" # Default maximum is 600 seconds (10 minutes).
# Sanesecurity Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
-# disable any of the Sanesecurity database file downloads, remove the
-# appropriate database file name lines below. To disable Sanesecurity
-# database downloads, comment all of the following lines.
+# disable usage of any of the Sanesecurity distributed database files
+# shown, remove the database file name from the quoted section below.
+# To disable usage of all Sanesecurity distributed databases, comment
+# all of the quoted lines below. Only the following "low" risk define
+# signature databases have been enabled by default (for additional
+# information about the signature database ratings, see:
+# http://www.sanesecurity.com/clamav/databases.htm). Finally, make
+# sure that the database names are spelled correctly or you will
+# experience issues when the script runs.
ss_dbs="
junk.ndb
jurlbl.ndb
- jurlbla.ndb
- lott.ndb
phish.ndb
rogue.hdb
sanesecurity.ftm
scam.ndb
- spam.ldb
spamimg.hdb
- spear.ndb
winnow_malware.hdb
winnow_malware_links.ndb
- winnow_phish_complete.ndb
- winnow_spam_complete.ndb
"
-# By default the script is using "winnow_phish_complete.ndb" If you wish to
-# be more conservative, change this to "winnow_phish_complete_url.ndb" above.
-# Descriptions:
-# - winnow_phish_complete.ndb - Signatures to detect phishing and other
-# malicious URLs and compromised hosts. This collection of signatures
-# are derived in a similar fashion to SURBL and URIBL. For example:
-# example.com (aggressive).
-# - winnow_phish_complete_url.ndb - Similar to winnow_phish_complete.ndb,
-# except that the entire URL/Path is used to derive the signature. For
-# example: example.com/path/file.html (conservative).
+# Additional Sanesecruity distributed database that can be used and
+# their associated potential fales-positive ratings:
+#
+# USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES:
+#
+# INetMsg-SpamDomains-2w.ndb : HIGH false-positive rating
+# INetMsg-SpamDomains-2m.ndb : HIGH false-positive rating
+#
+# ONE DATABASE CONTAINS THE LAST TWO WEEKS OF COLLECTED SPAM DOMAINS (2w), AND
+# THE OTHER DATABASE CONTAINS THE LAST TWO MONTHS OF COLLECTED SPAM DOMAINS (2m).
+#
+# jurlbla.ndb : HIGH false-positive rating
+# lott.ndb : MEDIUM false-positive rating
+# spam.ldb : MEDIUM false-positive rating
+# spear.ndb : MEDIUM false-positive rating
+# winnow_spam_complete.ndb : HIGH false-positive rating
+#
+# USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES:
+#
+# winnow_phish_complete.ndb : HIGH false-positive rating
+# winnow_phish_complete_url.ndb : MEDIUM false-positive rating
+#
+# ONE CONTAINS THE COMPLETE URL PATH (MEDIUM RISK), AND THE OTHER
+# CONTAINS ONLY THE URL, WITHOUT THE FULL PATH (HIGH RISK).
# =================
# MSRBL Database(s)
@@ -156,14 +170,17 @@ msrbl_dbs="
# ========================
# Add or remove database file names between quote marks as needed. To
# disable any SecuriteInfo database downloads, remove the appropriate
-# lines below. To disable SecuriteInfo database file downloads,
+# lines below. To disable all SecuriteInfo database file downloads,
# comment all of the following lines.
si_dbs="
- antispam.ndb
honeynet.hdb
securiteinfo.hdb
vx.hdb
"
+# An additional SecuriteInfo database that can be used and its rating
+# (for additional information about signature database ratings, see:
+# http://www.sanesecurity.com/clamav/databases.htm):
+# antispam.ndb : HIGH false-positive rating
# Since the SecuriteInfo databases are only updated a few time each
# month, set a time interval to do database update checks.
diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
index 6d9f380..8288e94 100755
--- a/clamav-unofficial-sigs.sh
+++ b/clamav-unofficial-sigs.sh
@@ -21,7 +21,7 @@
default_config="/etc/clamav-unofficial-sigs.conf"
-version="v3.3 (updated 2009-05-19)"
+version="v3.5.4 (updated 2009-06-25)"
output_ver="
`basename $0` $version
"
@@ -31,11 +31,11 @@ ClamAV Unofficial Signature Databases Update Script - $version
Usage: `basename $0` [OPTION] [PATH|FILE]
- -b Add a bypass signature entry to local.ign in order
- to temporarily resolve a false-positive issue with
- a third-party signature. The local.ign file will
- automatically be deleted and the databases reloaded
- once the local.ign file's timestamp is 24 hours old.
+ -b Add a bypass signature entry to local.ign in order to
+ temporarily resolve a false-positive issue with a specific
+ third-party signature. The script added local.ign entries
+ will automatically be removed if the original signature is
+ either modified or removed from the third-party database.
-c Direct script to use a specific configuration file
e.g.: '-c /path/to/`basename "$default_config"`'
@@ -60,6 +60,10 @@ ClamAV Unofficial Signature Databases Update Script - $version
-i Output system and configuration information for
viewing or possible debugging purposes
+ -m Make a signature database from an ascii file containing
+ data strings, with one data string per line. Additional
+ information is provided when using this flag.
+
-r Remove the clamav-unofficial-sigs script and all of
its associated files and databases from the system.
@@ -93,11 +97,11 @@ perms () {
}
# Take input from the commandline and process.
-while getopts 'bc:defg:hirs:v' option ; do
+while getopts 'bc:defg:himrs:v' option ; do
case $option in
b) no_default_config
echo "Input a third-party signature name that you wish to bypass due to false-positives"
- echo "and press enter (do not include '.UNOFFICIAL' in the signature name nor add quote"
+ echo "and press enter (do not include '.UNOFFICIAL' in the signature name nor add quote"
echo "marks to any input string):"
echo ""
read input
@@ -105,18 +109,35 @@ while getopts 'bc:defg:hirs:v' option ; do
then
cd "$clam_dbs"
input=`echo "$input" | tr -d "'" | tr -d '"'`
- sig_ign=`grep -n "$input:" *.ndb | cut -d ":" -f-3`
+ file_sig=`grep -n "$input:" *.ndb`
+ sig_ign=`echo "$file_sig" | cut -d ":" -f-3`
if [ -n "$sig_ign" ]
then
if ! grep "$sig_ign" local.ign > /dev/null 2>&1
then
- echo "$sig_ign" >> local.ign
- perms chown $clam_user:$clam_group local.ign
- chmod 0644 local.ign
- $reload_opt
- echo ""
- echo "Signature '$input' has been added to local.ign and databases have been reloaded."
- echo "The local.ign file will automatically be deleted once the file's timestamp is 24 hour old."
+ cp -f local.ign "$config_dir" 2>/dev/null
+ echo "$sig_ign" | tr -d "\r" >> "$config_dir/local.ign"
+ echo "$file_sig" | tr -d "\r" >> "$config_dir/monitor-ign.txt"
+ if clamscan --quiet -d $config_dir/local.ign $config_dir/scan-test.txt
+ then
+ if rsync -cqt $config_dir/local.ign $clam_dbs
+ then
+ perms chown $clam_user:$clam_group local.ign
+ chmod 0644 local.ign "$config_dir/monitor-ign.txt"
+ $reload_opt
+ echo ""
+ echo "Signature '$input' has been added to the local.ign signature bypass"
+ echo "file and databases have been reloaded. The script will track any changes to the"
+ echo "offending third-party signature and will automatically remove the signature bypass"
+ echo "entry if either the signature is modified or removed from the third-party database."
+ else
+ echo ""
+ echo "Failed to successfully update local.ign file - SKIPPING."
+ fi
+ else
+ echo ""
+ echo "Clamscan reports local.ign database integrity is bad - SKIPPING."
+ fi
else
echo ""
echo "Signature '$input' already exists in local.ign - no action taken."
@@ -125,7 +146,7 @@ while getopts 'bc:defg:hirs:v' option ; do
echo ""
echo "Signature '$input' could not be found."
echo ""
- echo "This script will only create a bypass entry in local.ign for ClamAV"
+ echo "This script will only create a bypass entry in local.ign for ClamAV."
echo "'UNOFFICIAL' third-Party signatures as found in the *.ndb databases."
fi
else
@@ -259,6 +280,128 @@ while getopts 'bc:defg:hirs:v' option ; do
echo ""
exit
;;
+ m) no_default_config
+ echo "
+ The '-m' script flag provides a way to create a ClamAV hexadecimal signature database (*.ndb) file
+ from a list of data strings stored in a clear-text ascii file, with one data string entry per line.
+
+ - Hexadecimal encoding can be either 'full' or 'formatted' on a per line basis:
+
+ Full line encoding should be used if there are no formatted spacing entries [{}, (), *]
+ included on the line. Prefix unformatted lines with: '-:' (no quote marks).
+
+ Example:
+
+ -:This signature contains no formatted spacing fields
+
+ Encodes to:
+
+ 54686973207369676e617475726520636f6e7461696e73206e6f20666f726d61747465642073706163696e67206669656c6473
+
+ Formatted line encoding should be used if there are user added spacing entries [{}, (), *]
+ included on the line. Prefix formatted lines with '=:' (no quote marks).
+
+ Example:
+
+ =:This signature{-10}contains several(5|6|7)formatted spacing*fields
+
+ Encodes to:
+
+ 54686973207369676e6174757265{-10}636f6e7461696e73207365766572616c(5|6|7)666f726d61747465642073706163696e67*6669656c6473
+
+ Use 'full' encoding if you want to encode everything on the line [including {}, (), *] and 'formatted'
+ encoding if you want to encode everything on the line except the formatted character spacing fields.
+
+ The prefixes ('-:' and '=:') will be stripped from the line before hexadecimal encoding is done.
+ If no prefix is found at the beginning of the line, full line encoding will be done (default).
+
+ - It is assumed that the signatures will be created for email scanning purposes, thus the '4'
+ target type is used and full file scanning is enabled (see ClamAV signatures.pdf for details).
+
+ - Line numbering will be done automatically by the script.
+ " | sed 's/^ //g'
+ echo -n "Do you wish to continue? (y/n): "
+ read reply
+ if [ "$reply" = "y" -o "$reply" = "Y" ]
+ then
+ echo ""
+ echo -n "Enter the source file as /path/filename: "
+ read source
+ if [ -s "$source" ]
+ then
+ source_file=`basename "$source"`
+ echo ""
+ echo "What signature prefix would you like to use? For example: 'Phish.Domains'"
+ echo "will create signatures that looks like: 'Phish.Domains.1:4:*:HexSigHere'"
+ echo ""
+ echo -n "Enter signature prefix: "
+ read prefix
+ path_file=`echo "$source" | cut -d "." -f-1 | sed 's/$/.ndb/'`
+ db_file=`basename $path_file`
+ rm -f "$path_file"
+ total=`wc -l "$source" | cut -d " " -f1`
+ line_num=1
+ echo ""
+ cat "$source" | while read line ; do
+ line_prefix=`echo "$line" | awk -F ':' '{print $1}'`
+ if [ "$line_prefix" = "-" ]
+ then
+ echo "$line" | cut -d ":" -f2- | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
+ elif [ "$line_prefix" = "=" ] ; then
+ echo "$line" | cut -d ":" -f2- | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' | sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
+ else
+ echo "$line" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
+ fi
+ echo -ne "Hexadecimal encoding $source_file line: $line_num of $total\r"
+ line_num=$(($line_num + 1))
+ done
+ else
+ echo ""
+ echo "Source file not found, exiting..."
+ echo ""
+ exit
+ fi
+ echo ""
+ echo ""
+ echo "Signature database file created at: $path_file"
+ if clamscan --quiet -d $path_file $config_dir/scan-test.txt 2>/dev/null
+ then
+ echo ""
+ echo "Clamscan reports database integrity tested good."
+ echo ""
+ echo -n "Would you like to move '$db_file' into '$clam_dbs' and reload databases? (y/n): "
+ read reply
+ if [ "$reply" = "y" -o "$reply" = "Y" ]
+ then
+ if ! cmp -s "$path_file" "$clam_dbs/$db_file"
+ then
+ if rsync -cqt "$path_file" "$clam_dbs"
+ then
+ perms chown $clam_user:$clam_group "$clam_dbs/$db_file"
+ chmod 0644 "$clam_dbs/$db_file"
+ $reload_opt
+ echo ""
+ echo "Signature database '$db_file' was successfully implemented and ClamD databases reloaded."
+ else
+ echo ""
+ echo "Failed to add/update '$db_file', ClamD database not reloaded."
+ fi
+ else
+ echo ""
+ echo "Database '$db_file' has not changed - skipping"
+ fi
+ else
+ echo ""
+ echo "No action taken."
+ fi
+ else
+ echo ""
+ echo "Clamscan reports that '$db_file' signature database integrity tested bad."
+ fi
+ fi
+ echo ""
+ exit
+ ;;
r) no_default_config
if [ -n "$pkg_mgr" -a -n "$pkg_rm" ]
then
@@ -279,12 +422,12 @@ while getopts 'bc:defg:hirs:v' option ; do
rm -f -- "$file"
echo " Removed file: $file"
done
- cron_file=`find /etc/ -name clamav-unofficial-sigs.cron`
+ cron_file=`find /etc/ -name clamav-unofficial-sigs-cron`
if [ -s "$cron_file" ] ; then
rm -f "$cron_file"
echo " Removed file: $cron_file"
fi
- log_rotate_file=`find /etc/ -name clamav-unofficial-sigs.logrotate`
+ log_rotate_file=`find /etc/ -name clamav-unofficial-sigs-logrotate`
if [ -s "$log_rotate_file" ] ; then
rm -f "$log_rotate_file"
echo " Removed file: $log_rotate_file"
@@ -571,19 +714,21 @@ fi
# Create "purge.txt" file for package maintainers to support package uninstall.
purge="$config_dir/purge.txt"
cp -f "$current_dbs" "$purge"
-echo "$config_dir/current-dbs.txt" >> $purge
-echo "$config_dir/db-changes.txt" >> $purge
-echo "$config_dir/last-mbl-update.txt" >> $purge
-echo "$config_dir/last-si-update.txt" >> $purge
-echo "$config_dir/msrbl-include-dbs.txt" >> $purge
-echo "$config_dir/previous-dbs.txt" >> $purge
-echo "$config_dir/scan-test.txt" >> $purge
-echo "$config_dir/ss-include-dbs.txt" >> $purge
-echo "$gpg_dir/publickey.gpg" >> $purge
-echo "$gpg_dir/secring.gpg" >> $purge
-echo "$gpg_dir/ss-keyring.gpg*" >> $purge
-echo "$gpg_dir/trustdb.gpg" >> $purge
-echo "$log_file_path/$log_file_name*" >> $purge
+echo "$config_dir/current-dbs.txt" >> "$purge"
+echo "$config_dir/db-changes.txt" >> "$purge"
+echo "$config_dir/last-mbl-update.txt" >> "$purge"
+echo "$config_dir/last-si-update.txt" >> "$purge"
+echo "$config_dir/local.ign" >> "$purge"
+echo "$config_dir/monitor-ign.txt" >> "$purge"
+echo "$config_dir/msrbl-include-dbs.txt" >> "$purge"
+echo "$config_dir/previous-dbs.txt" >> "$purge"
+echo "$config_dir/scan-test.txt" >> "$purge"
+echo "$config_dir/ss-include-dbs.txt" >> "$purge"
+echo "$gpg_dir/publickey.gpg" >> "$purge"
+echo "$gpg_dir/secring.gpg" >> "$purge"
+echo "$gpg_dir/ss-keyring.gpg*" >> "$purge"
+echo "$gpg_dir/trustdb.gpg" >> "$purge"
+echo "$log_file_path/$log_file_name*" >> "$purge"
echo "$purge" >> "$purge"
# Silence rsync output and only report errors - useful if script is run via cron.
@@ -741,21 +886,6 @@ if [ -n "$si_dbs" -o -n "mbl_dbs" ]
mbl_dbs=""
fi
-# Check to see if local.ign file exists and if it's timestamp is 24 hours old, delete the file.
-if [ -e "$clam_dbs/local.ign" -a -n "$current_time" ] ; then
- if [ -e "$clam_dbs/local.ign" -a -n "$current_time" ] ; then
- file_time=`stat -c %Y "$clam_dbs/local.ign"`
- file_time_plus=$(($file_time + 86400))
- if [ "$current_time" -gt "$file_time_plus" ] ; then
- rm -f "$clam_dbs/local.ign"
- comment ""
- comment "File 'local.ign' timestamp is older than 24 hours - file deleted"
- log "INFO - File 'local.ign' timestamp is older than 24 hours - file deleted"
- do_clamd_reload=3
- fi
- fi
-fi
-
################################################################
# Check for Sanesecurity database & GPG signature file updates #
################################################################
@@ -835,8 +965,10 @@ if [ -n "$ss_dbs" ] ; then
done
if [ "$ss_rsync_success" != "1" ] ; then
echo ""
- echo "Access to all Sanesecurity mirror sites failed - Check for connectivity issues."
- log "WARNING - Access to all Sanesecurity mirror sites failed - Check for connectivity issues."
+ echo "Access to all Sanesecurity mirror sites failed - Check for connectivity issues"
+ echo "or signature database name(s) misspelled in the script's configuration file."
+ log "WARNING - Access to all Sanesecurity mirror sites failed - Check for connectivity issues"
+ log "WARNING - or signature database name(s) misspelled in the script's configuration file."
fi
fi
@@ -903,8 +1035,10 @@ if [ -n "$msrbl_dbs" ] ; then
done
if [ "$msrbl_rsync_success" != "1" ] ; then
echo ""
- echo "Access to all MSRBL mirror sites failed - Check for connectivity issues."
- log "WARNING - Access to all MSRBL mirror sites failed - Check for connectivity issues."
+ echo "Access to all MSRBL mirror sites failed - Check for connectivity issues or"
+ echo "signature database name(s) misspelled in the script's configuration file."
+ log "WARNING - Access to all MSRBL mirror sites failed - Check for connectivity issues or"
+ log "WARNING - signature database name(s) misspelled in the script's configuration file."
fi
fi
@@ -1152,6 +1286,64 @@ if [ -n "$add_dbs" ] ; then
fi
fi
+# Check to see if the local.ign file exists, and if it does, check to see if any of the script
+# added bypass entries can be removed due to offending signature modifications or removals.
+comment ""
+comment "======================================================================"
+if [ -s "$clam_dbs/local.ign" -a -s "$config_dir/monitor-ign.txt" ] ; then
+ ign_updated=0
+ cd "$clam_dbs"
+ cp -f local.ign "$config_dir/local.ign"
+ for entry in `cat "$config_dir/monitor-ign.txt" 2>/dev/null` ; do
+ sig_file=`echo "$entry" | tr -d "\r" | awk -F ":" '{print $1}'`
+ sig_hex=`echo "$entry" | awk -F ":" '{print $NF}'`
+ sig_name_old=`echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}'`
+ sig_ign_old=`grep "$sig_name_old" "$config_dir/local.ign"`
+ sig_old=`echo "$entry" | tr -d "\r" | cut -d ":" -f3-`
+ sig_new=`grep -h "$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null`
+ sig_mon_new=`grep -H -n "$sig_hex" "$sig_file"`
+ if [ -n "$sig_new" ]
+ then
+ if [ "$sig_old" != "$sig_new" -o "$entry" != "$sig_mon_new" ] ; then
+ sig_name_new=`echo "$sig_new" | tr -d "\r" | awk -F ":" '{print $1}'`
+ sig_ign_new=`echo "$sig_mon_new" | cut -d ":" -f1-3`
+ perl -i -ne "print unless /$sig_ign_old/" "$config_dir/monitor-ign.txt"
+ echo "$sig_mon_new" >> "$config_dir/monitor-ign.txt"
+ perl -p -i -e "s/$sig_ign_old/$sig_ign_new/" "$config_dir/local.ign"
+ comment ""
+ comment "$sig_name_old hexadecimal is signature unchanged, however signature name and/or line placement"
+ comment "in $sig_file has change to $sig_name_new - updated local.ign to reflect this change."
+ log "INFO - $sig_name_old hexadecimal is signature unchanged, however signature name and/or line placement"
+ log "INFO - in $sig_file has change to $sig_name_new - updated local.ign to reflect this change."
+ ign_updated=1
+ fi
+ else
+ perl -i -ne "print unless /$sig_ign_old/" "$config_dir/monitor-ign.txt" "$config_dir/local.ign"
+ comment ""
+ comment "$sig_name_old signature has been removed from $sig_file, entry removed from local.ign."
+ log "INFO - $sig_name_old signature has been removed from $sig_file, entry removed from local.ign."
+ ign_updated=1
+ fi
+ done
+ if [ "$ign_updated" = "1" ] ; then
+ if clamscan --quiet -d $config_dir/local.ign $config_dir/scan-test.txt
+ then
+ if rsync -cqt $config_dir/local.ign $clam_dbs
+ then
+ perms chown $clam_user:$clam_group "$clam_dbs/local.ign"
+ chmod 0644 "$clam_dbs/local.ign" "$config_dir/monitor-ign.txt"
+ do_clamd_reload=3
+ else
+ echo "Failed to successfully update local.ign file - SKIPPING"
+ log "WARNING - Failed to successfully update local.ign file - SKIPPING"
+ fi
+ else
+ echo "Clamscan reports local.ign database integrity is bad - SKIPPING"
+ log "WARNING - Clamscan reports local.ign database integrity is bad - SKIPPING"
+ fi
+ fi
+fi
+
# Set appropriate directory and file access permissions
perms chown -R $clam_user:$clam_group "$clam_dbs"
if ! find "$clam_dbs" "$work_dir" -type f -exec chmod 0644 {} + 2>/dev/null ; then
@@ -1173,34 +1365,36 @@ if [ "$reload_dbs" = "yes" -a -z "$reload_opt" ] ; then
log "WARNING - Check the script's configuration file, 'reload_dbs' enabled but no 'reload_opt' selected"
elif [ "$reload_dbs" = "yes" -a "$do_clamd_reload" = "1" -a -n "$reload_opt" ] ; then
comment ""
- comment "=================================================="
- comment "= Update(s) detected, reloading ClamAV databases ="
- comment "=================================================="
- log "INFO - Update(s) detected, reloading ClamAV databases"
+ comment "================================================="
+ comment "= Update(s) detected, reloaded ClamAV databases ="
+ comment "================================================="
+ log "INFO - Update(s) detected, reloaded ClamAV databases"
$reload_opt
elif [ "$reload_dbs" = "yes" -a "$do_clamd_reload" = "2" -a -n "$reload_opt" ] ; then
comment ""
- comment "============================================================"
- comment "= Database removal(s) detected, reloading ClamAV databases ="
- comment "============================================================"
- log "INFO - Database removal(s) detected, reloading ClamAV databases"
+ comment "==========================================================="
+ comment "= Database removal(s) detected, reloaded ClamAV databases ="
+ comment "==========================================================="
+ log "INFO - Database removal(s) detected, reloaded ClamAV databases"
$reload_opt
elif [ "$reload_dbs" = "yes" -a "$do_clamd_reload" = "3" -a -n "$reload_opt" ] ; then
comment ""
- comment "============================================================"
- comment "= File 'local.ign' was deleted, reloading ClamAV databases ="
- comment "============================================================"
- log "INFO - File 'local.ign' was deleted, reloading ClamAV databases"
+ comment "==========================================================="
+ comment "= File 'local.ign' has changed, reloaded ClamAV databases ="
+ comment "==========================================================="
+ log "INFO - File 'local.ign' has changed, reloaded ClamAV databases"
$reload_opt
elif [ "$reload_dbs" = "yes" -a -z "$do_clamd_reload" ] ; then
comment ""
- comment "========================================================="
- comment "= No update(s) detected, NOT reloading ClamAV databases ="
- comment "========================================================="
- log "INFO - No update(s) detected, NOT reloading ClamAV databases"
+ comment "============================================================="
+ comment "= No update(s) detected, ClamAV databases were not reloaded ="
+ comment "============================================================="
+ log "INFO - No update(s) detected, ClamAV databases were not reloaded"
else
comment ""
comment "======================================================================"
+ log "INFO - Database reloading has been disabled in the configuration file."
+ true
fi
exit $?
--
packaging for clamav-unoffical-sigs
More information about the Pkg-clamav-commits
mailing list