prva verzija za stretch, novi upstream release jessie
authorIvan Rako <ivan.rako@srce.hr>
Mon, 2 Jul 2018 22:41:59 +0000 (00:41 +0200)
committerIvan Rako <ivan.rako@srce.hr>
Mon, 2 Jul 2018 22:41:59 +0000 (00:41 +0200)
clamav-unofficial-sigs
clamav-unofficial-sigs.8
debian/changelog
debian/control
debian/cron.d
debian/logrotate
debian/postinst
master.conf
os.conf
user.conf

index f6b8e8b..326b80d 100755 (executable)
@@ -1,79 +1,79 @@
-#!/bin/bash
+#!/bin/bash -x
+# shellcheck disable=SC2154
+# shellcheck disable=SC2128
 ################################################################################
 # This is property of eXtremeSHOK.com
 # You are free to use, modify and distribute, however you may not remove this notice.
 # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+# License: BSD (Berkeley Software Distribution)
 ################################################################################
-# 
-# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
 #
-# Originially based on: 
-# Script provide by Bill Landry (unofficialsigs@gmail.com).
+# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
 #
-# License: BSD (Berkeley Software Distribution)
+# Originially based on Script provided by Bill Landry (unofficialsigs@gmail.com).
 #
 ################################################################################
 #
 #    THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT
-#   ALL CONFIGURATION OPTIONS ARE LOCATED IN THE INCLUDED CONFIGURATION FILE 
+#   ALL CONFIGURATION OPTIONS ARE LOCATED IN THE INCLUDED CONFIGURATION FILE
 #
 ################################################################################
 
-################################################################################
-
-    ######  #######    #     # ####### #######    ####### ######  ### ####### 
-    #     # #     #    ##    # #     #    #       #       #     #  #     #    
-    #     # #     #    # #   # #     #    #       #       #     #  #     #    
-    #     # #     #    #  #  # #     #    #       #####   #     #  #     #    
-    #     # #     #    #   # # #     #    #       #       #     #  #     #    
-    #     # #     #    #    ## #     #    #       #       #     #  #     #    
-    ######  #######    #     # #######    #       ####### ######  ###    #    
+######  #######    #     # ####### #######    ####### ######  ### #######
+#     # #     #    ##    # #     #    #       #       #     #  #     #
+#     # #     #    # #   # #     #    #       #       #     #  #     #
+#     # #     #    #  #  # #     #    #       #####   #     #  #     #
+#     # #     #    #   # # #     #    #       #       #     #  #     #
+#     # #     #    #    ## #     #    #       #       #     #  #     #
+######  #######    #     # #######    #       ####### ######  ###    #
 
 ################################################################################
 
+
 # Detect to make sure the entire script is avilable, fail if the script is missing contents
-if [ ! "$( tail -1 "$0" | head -1 | cut -c1-7 )" == "exit \$?" ] ; then
+if [ "$(tail -n 1 "$0" | head -n 1 | cut -c 1-7)" != "exit \$?" ] ; then
   echo "FATAL ERROR: Script is incomplete, please redownload"
   exit 1
 fi
 
-# trap the keyboard interrupt (ctrl+c)
+# Trap the keyboard interrupt (Ctrl + C)
 trap xshok_control_c SIGINT
 
 ################################################################################
 # HELPER FUNCTIONS
 ################################################################################
 
-# Function to support user config settings for applying file and directory access permissions.
+# Support user config settings for applying file and directory access permissions.
 function perms () {
   if [ -n "$clam_user" ] && [ -n "$clam_group" ] ; then
     "${@:-}"
   fi
 }
 
-# Function to prompt a user if they should complete an action with Y or N
-# usage: xshok_prompt_confirm
+# Prompt a user if they should complete an action with Y or N
+# Usage: xshok_prompt_confirm
 # if xshok_prompt_confirm; then
 # xshok_prompt_confirm && echo "accepted"
 # xshok_prompt_confirm && echo "yes" || echo "no"
-function xshok_prompt_confirm () { #optional_message
+# shellcheck disable=SC2120
+function xshok_prompt_confirm () { # optional_message
   message="${1:-Are you sure?}"
   while true; do
-    read -r -p "$message [y/N]" response  </dev/tty
-    case $response in
+    read -r -p "$message [y/N]" response < /dev/tty
+    case "$response" in
       [yY]) return 0 ;;
       [nN]) return 1 ;;
       *) printf " \033[31m %s \n\033[0m" "invalid input"
-    esac 
-  done  
+    esac
+  done
 }
 
-# Function to create a pid file
-function xshok_create_pid_file { #pid.file
+# Create a pid file
+function xshok_create_pid_file () { # pid.file
   if [ "$1" ] ; then
     pidfile="$1"
     echo $$ > "$pidfile"
-    if [ $? -ne 0 ] ;  then
+    if [ $? -ne 0 ] ; then
       xshok_pretty_echo_and_log "ERROR: Could not create PID file: $pidfile"
       exit 1
     fi
@@ -83,69 +83,69 @@ function xshok_create_pid_file { #pid.file
   fi
 }
 
-# Function to intercept ctrl+c and calls the cleanup function
+# Intercept ctrl+c and calls the cleanup function
 function xshok_control_c () {
-  echo -en "\n"
+  echo
   xshok_pretty_echo_and_log "--------------| Exiting ... Please wait |--------------" "-"
   xshok_cleanup
   exit $?
 }
 
-# cleanup function
+# Cleanup function
 function xshok_cleanup () {
-  #wait for all processes to end
+  # Wait for all processes to end
   wait
   xshok_pretty_echo_and_log "      Powered By https://eXtremeSHOK.com      " "#"
   return $?
-} 
+}
 
-# Function to check if the current running user is the root user, otherwise return false
+# Check if the current running user is the root user, otherwise return false
 function xshok_is_root () {
-  if [ "$(uname -s)" = "SunOS" ] ; then
+  if [ "$(uname -s)" == "SunOS" ] ; then
     id_bin="/usr/xpg4/bin/id"
   else
-    id_bin="$(which id)"
+    id_bin="$(which id 2> /dev/null)"
   fi
-  if [ "$($id_bin -u)" = 0 ] ; then
-    return 0 ;
+  if [ "$($id_bin -u)" == 0 ] ; then
+    return 0
   else
-    return 1 ;  #not root
+    return 1 # Not root
   fi
 }
 
-# Function to check if its a file, otherwise return false
-function xshok_is_file () { #"filepath"
+# Check if its a file, otherwise return false
+function xshok_is_file () { # filepath
   filepath="$1"
   if [ -f "${filepath}" ] ; then
     return 0 ;
   else
-    return 1 ;  #not a file
-  fi 
+    return 1 ; # Not a file
+  fi
 }
 
-# Function to check if filepath is a subdir, otherwise return false
+# Check if filepath is a subdir, otherwise return false
 # Usage: xshok_is_subdir "filepath"
 # xshok_is_subdir "/root/" - false
 # xshok_is_subdir "/usr/local/etc" && echo "yes" - yes
-function xshok_is_subdir () { #filepath
-  filepath=$(echo "$1" | sed 's:/*$::')
+function xshok_is_subdir () { # filepath
+  shopt -s extglob; filepath="${filepath%%+(/)}"
   if [ -d "$filepath" ] ; then
     res="${filepath//[^\/]}"
     if [ "${#res}" -gt 1 ] ; then
       return 0 ;
     else
-      return 1 ;  #not a subdir
+      return 1 ; # Not a subdir
     fi
   else
-    return 1 ;  #not a dir
+    return 1 ; # Not a dir
   fi
 }
 
-# Function to create a dir and set the ownership
-function xshok_mkdir_ownership () { #"path"
+# Create a dir and set the ownership
+function xshok_mkdir_ownership () { # path
   if [ "$1" ] ; then
     mkdir -p "$1" 2>/dev/null
-    if [ $? -ne 0 ] ;  then
+    if [ $? -ne 0 ] ; then
       xshok_pretty_echo_and_log "ERROR: Could not create directory: $1"
       exit 1
     fi
@@ -156,31 +156,43 @@ function xshok_mkdir_ownership () { #"path"
   fi
 }
 
-# Function to check if a user and group exists on the system otherwise return false
-# Usage: 
+# Check if a user and group exists on the system otherwise return false
+# Usage:
 # xshok_is_subdir "username" && echo "user found" || echo "no"
 # xshok_is_subdir "username" "groupname" && echo "user and group found" || echo "no"
-function xshok_user_group_exists () { #"username" "groupname"
-  if [ "$(uname -s)" = "SunOS" ] ; then
+function xshok_user_group_exists () { # username groupname
+  if [ "$(uname -s)" == "SunOS" ] ; then
     id_bin="/usr/xpg4/bin/id"
   else
-    id_bin="$(which id)"
+    id_bin="$(which id 2> /dev/null)"
+  fi
+
+  if [ "$2" ] ; then
+    if [ "$(uname -s)" == "Darwin" ] ; then
+      #use ruby, as this is the best way. Ruby is always avilable as brew uses ruby
+      ruby -e 'require "etc"; puts Etc::getgrnam("_clamav").gid' > /dev/null 2>&1
+      ret="$?"
+    else
+      getent_bin="$(which getent 2> /dev/null)"
+      $getent_bin group "$2" >/dev/null 2>&1
+      ret="$?"
+    fi
   fi
+
   if [ "$1" ] ; then
     $id_bin -u "$1" > /dev/null 2>&1
     if [ $? -eq 0 ]; then
       if [ "$2" ] ; then
-        $id_bin -g "$2" > /dev/null 2>&1
-        if [ $? -eq 0 ]; then
-          return 0 ; #user and group exists
+        if [ "$ret" -eq 0 ]; then
+          return 0 ; # User and group exists
         else
-          return 1 ;  #group does NOT exist
+          return 1 ; # Group does NOT exist
         fi
-       else
-          return 0 ; #user exists
-       fi
+      else
+        return 0 ; # User exists
+      fi
     else
-      return 1 ;  #user does NOT exist
+      return 1 ; # User does NOT exist
     fi
   else
     xshok_pretty_echo_and_log "ERROR: Missing value for option" "="
@@ -188,11 +200,11 @@ function xshok_user_group_exists () { #"username" "groupname"
   fi
 }
 
-# Function to handle comments with/out borders and logging.
+# Handle comments with/out borders and logging.
 # Usage:
-# pretty_echo_and_log "one" 
+# pretty_echo_and_log "one"
 # one
-# pretty_echo_and_log "two" "-" 
+# pretty_echo_and_log "two" "-"
 # ---
 # two
 # ---
@@ -202,11 +214,11 @@ function xshok_user_group_exists () { #"username" "groupname"
 # ========
 # pretty_echo_and_log "" "/\" "7"
 # /\/\/\/\/\/\
-#type: e = error, w= warning ""
-function xshok_pretty_echo_and_log () { #"string" "repeating" "count" "type"
-  # handle comments
-  if [ "$comment_silence" = "no" ] ; then
-    if [ "${#@}" = "1" ] ; then
+# type: e = error, w= warning ""
+function xshok_pretty_echo_and_log () { # "string" "repeating" "count" "type"
+  # Handle comments
+  if [ "$comment_silence" == "no" ] ; then
+    if [ "${#@}" -eq 1 ] ; then
       echo "$1"
     else
       myvar=""
@@ -215,36 +227,36 @@ function xshok_pretty_echo_and_log () { #"string" "repeating" "count" "type"
       else
         mycount="${#1}"
       fi
-      for (( n = 0; n < mycount; n++ )) ; do 
+      for (( n = 0; n < mycount; n++ )) ; do
         myvar="$myvar$2"
       done
-      if [ "$1" != "" ] ; then
+      if [ -n "$1" ] ; then
         echo -e "$myvar\n$1\n$myvar"
-      else  
+      else
         echo -e "$myvar"
       fi
     fi
   fi
 
-  # handle logging
+  # Handle logging
   if [ "$enable_log" == "yes" ] ; then
     if [ ! -e "$log_file_path/$log_file_name" ] ; then
-        #xshok_mkdir_ownership "$log_file_path"
-        mkdir -p "$log_file_path"
-        touch "$log_file_path/$log_file_name" 2>/dev/null
-        perms chown -f "$clam_user:$clam_group" "$log_file_path/$log_file_name"
+      # xshok_mkdir_ownership "$log_file_path"
+      mkdir -p "$log_file_path"
+      touch "$log_file_path/$log_file_name" 2>/dev/null
+      perms chown -f "$clam_user:$clam_group" "$log_file_path/$log_file_name"
     fi
     if [ ! -w "$log_file_path/$log_file_name" ] ; then
       echo "Warning: Logging Disabled, as file not writable: $log_file_path/$log_file_name"
       enable_log="no"
     else
       echo "$(date "+%b %d %T")" "$1" >> "$log_file_path/$log_file_name"
-    fi 
+    fi
   fi
 }
 
-# function to check if the $2 value is not null and does not start with -
-function xshok_check_s2 () { #value1 #value2
+# Check if the $2 value is not null and does not start with -
+function xshok_check_s2 () { # value1 value2
   if [ "$1" ] ; then
     if [[ "$1" =~ ^-.* ]] ; then
       xshok_pretty_echo_and_log "ERROR: Missing value for option or value begins with -" "="
@@ -256,41 +268,55 @@ function xshok_check_s2 () { #value1 #value2
   fi
 }
 
-# function to count array elements and output the total element count
-# required due to compound array assignment
-# Usage:
-# array=("one" "two" "three")
-# xshok_array_count $array
-# 3
-function xshok_array_count () { #array
-  k_array=( "$@" )
-  if [ -n "${k_array[*]}" ] ; then
-    i="0"
-    for k in "${k_array[@]}" ; do
-      let i=$i+1;
-    done
-    echo "$i"
+# Time remaining information function
+function xshok_draw_time_remaining () { #time_remaining #update_hours #name
+  if [ "$1" ] && [ "$2" ]; then
+    time_remaining="$1"
+    hours_left="$((time_remaining / 3600))"
+    minutes_left="$((time_remaining % 3600 / 60))"
+    xshok_pretty_echo_and_log "$2 hours have not yet elapsed since the last $3 update check"
+    xshok_pretty_echo_and_log "No update check was performed at this time" "-"
+    xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
+  fi
+}
+
+# Download function
+function xshok_file_download () { #outputfile #url
+ if [ "$1" ] && [ "$2" ]; then
+  if [ -n "$wget_bin" ] ; then
+    # shellcheck disable=SC2086
+    $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$1" "$2"
+    result=$?
   else
-    echo "0"
+    # shellcheck disable=SC2086
+    $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$1" "$2"
+    result=$?
   fi
+  return $result
+ fi
 }
-# function to auto update
-function xshok_auto_update() { #version
+
+# Auto update
+function xshok_auto_update () { # version
   xshok_pretty_echo_and_log "Performing automatic update..."
 
   # Download new version
   echo -n "Downloading latest version..."
-  if ! wget --quiet --output-document="$0.tmp" $UPDATE_BASE/$SELF ; then
-    echo "Failed: Error while trying to wget new version!"
+
+    xshok_file_download "$0.tmp" "$UPDATE_BASE/$SELF"
+    result=$?
+
+  if [ "$result" -ne 0 ]; then
+    echo "Failed: Error while trying to get new version!"
     echo "File requested: $UPDATE_BASE/$SELF"
     exit 1
   fi
   echo "Done."
 
   # Copy over modes from old version
-  OCTAL_MODE=$(stat -c '%a' $SELF)
-  if ! chmod $OCTAL_MODE "$0.tmp" ; then
-    echo "Failed: Error while trying to set mode on $0.tmp."
+  OCTAL_MODE="$(stat -c "%a" "$SELF")"
+  if ! chmod "$OCTAL_MODE" "${0}.tmp" ; then
+    echo "Failed: Error while trying to set mode on ${0}.tmp."
     exit 1
   fi
 
@@ -308,65 +334,63 @@ EOF
 
 
   echo -n "Inserting update process..."
-  
-  #replaced with $0, so code will update and then call itself with the same parameters it had
+
+  # Replaced with $0, so code will update and then call itself with the same parameters it had
   #exec /bin/bash xshok_update_script.sh
   exec "$0" "$@"
 }
 
-#function to handle list of database files
+# Handle list of database files
 function clamav_files () {
   echo "$clam_dbs/$db" >> "$current_tmp"
-  if [ "$keep_db_backup" = "yes" ] ; then
+  if [ "$keep_db_backup" == "yes" ] ; then
     echo "$clam_dbs/$db-bak" >> "$current_tmp"
   fi
 }
 
-# Function to manage the databases and allow multi-dimensions as well as global overrides
-# since the datbases are basically a multi-dimentional associative arrays in bash
+# Manage the databases and allow multi-dimensions as well as global overrides
+# Since the datbases are basically a multi-dimentional associative arrays in bash
 # ratings: LOW| MEDIUM| HIGH| REQUIRED| LOWONLY| MEDIUMONLY| LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY| DISABLED
-function xshok_database () { #database #rating
-
-  # assign
-  current_dbs="$1"
-  current_rating="$2"
-  # zero
-  new_dbs=""
-
-  if [ -n "$current_dbs" ] ; then
-    if [ "$(xshok_array_count "$current_dbs")" -ge "1" ] ; then
-      for db_name in $current_dbs ; do
-        #checks
-        if [ "$enable_yararules" == "no" ] ; then #yararules are disabled
-            if [[ "$db_name" = *".yar"* ]] ; then # if it's the value you want to delete
-              continue # skip to the next value
-            fi
+function xshok_database () { # rating database_array
+  # Assign
+  current_rating="$1"
+  declare -a current_dbs=( "${@:2}" )
+  # Zero
+  declare -a new_dbs=( )
+  if [ -n "${current_dbs[0]}" ] ; then
+    if [ ${#current_dbs} -ge 1 ] ; then
+      for db_name in "${current_dbs[@]}" ; do
+        # Checks
+        if [ "$enable_yararules" == "no" ] ; then # YARA rules are disabled
+          if [[ "$db_name" == *".yar"* ]] ; then # If it's the value you want to delete
+            continue # Skip to the next value
+          fi
         fi
-        if [ "$current_rating" == "" ] ; then #yararules are disabled
-          new_dbs="$new_dbs $db_name"
+        if [ -z "$current_rating" ] ; then # YARA rules are disabled
+          new_dbs+=( "$db_name" )
         else
-          if [[ ! "$db_name" = *"|"* ]] ; then # this old format
-            new_dbs="$new_dbs $db_name"
+          if [[ ! "$db_name" = *"|"* ]] ; then # This old format
+            new_dbs+=( "$db_name" )
           else
-            db_name_rating=$(echo "$db_name" | cut -d "|" -f2)
-            db_name=$(echo "$db_name" | cut -d "|" -f1)
+            db_name_rating="${db_name#*|}"
+            db_name="${db_name%|*}"
 
             if [ "$db_name_rating" != "DISABLED" ] ; then
               if [ "$db_name_rating" == "$current_rating" ] ; then
-                new_dbs="$new_dbs $db_name"
+                new_dbs+=( "$db_name" )
               elif [ "$db_name_rating" == "REQUIRED" ] ; then
-                new_dbs="$new_dbs $db_name"
+                new_dbs+=( "$db_name" )
               elif [ "$current_rating" == "LOW" ] ; then
-                if [ "$db_name_rating" == "LOWONLY" ] || [ "$db_name_rating" == "LOW" ]  || [ "$db_name_rating" == "LOWMEDIUM" ] ; then
-                  new_dbs="$new_dbs $db_name"   
+                if [ "$db_name_rating" == "LOWONLY" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUM" ] ; then
+                  new_dbs+=( "$db_name" )
                 fi
               elif [ "$current_rating" == "MEDIUM" ] ; then
                 if [ "$db_name_rating" == "MEDIUMONLY" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUM" ] ; then
-                  new_dbs="$new_dbs $db_name"
+                  new_dbs+=( "$db_name" )
                 fi
               elif [ "$current_rating" == "HIGH" ] ; then
                 if [ "$db_name_rating" == "HIGH" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "LOW" ] ; then
-                  new_dbs="$new_dbs $db_name"
+                  new_dbs+=( "$db_name" )
                 fi
               fi
             fi
@@ -375,8 +399,7 @@ function xshok_database () { #database #rating
       done
     fi
   fi
-  echo "$new_dbs" | xargs #remove extra whitespace
-
+  echo "${new_dbs[@]}" | xargs # Remove extra whitespace
 }
 
 ################################################################################
@@ -384,7 +407,7 @@ function xshok_database () { #database #rating
 ################################################################################
 
 
-#generates a man config and installs it
+# Generates a man config and installs it
 function install_man () {
 
   if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then
@@ -392,11 +415,10 @@ function install_man () {
     exit 1
   fi
 
-
   echo ""
   echo "Generating man file for install...."
-  
-  #Use defined varibles or attempt to use default varibles
+
+  # Use defined varibles or attempt to use default varibles
 
   if [ ! -e "$man_dir/$man_filename" ] ; then
     mkdir -p "$man_dir"
@@ -406,13 +428,13 @@ function install_man () {
     echo "ERROR: man install aborted, as file not writable: $man_dir/$man_filename"
   else
 
-BOLD="\fB"
-#REV=""
-NORM="\fR"
-manresult=$(help_and_usage "man")
+    BOLD="\fB"
+    #REV=""
+    NORM="\fR"
+    manresult="$(help_and_usage "man")"
 
-#Our template..
-  cat << EOF > "$man_dir/$man_filename"
+    # Our template..
+    cat << EOF > "$man_dir/$man_filename"
 
 .\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater
 .TH clamav-unofficial-sigs 8 "$script_version_date" "Version: $script_version" "SCRIPT COMMANDS"
@@ -447,12 +469,12 @@ Originially based on Script provide by Bill Landry
 
 EOF
 
-  fi 
+  fi
   echo "Completed: man installed, as file: $man_dir/$man_filename"
 }
 
 
-#generates a logrotate config and installs it
+# Generate a logrotate config and install it
 function install_logrotate () {
 
   if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then
@@ -462,16 +484,16 @@ function install_logrotate () {
 
   echo ""
   echo "Generating logrotate file for install...."
-  
-  #Use defined varibles or attempt to use default varibles
 
-  if [ ! -n "$logrotate_user" ] ; then
+  # Use defined varibles or attempt to use default varibles
+
+  if [ -z "$logrotate_user" ] ; then
     logrotate_user="$clam_user";
   fi
-  if [ ! -n "$logrotate_group" ] ; then
+  if [ -z "$logrotate_group" ] ; then
     logrotate_group="$clam_group";
   fi
-  if [ ! -n "$logrotate_log_file_full_path" ] ; then
+  if [ -z "$logrotate_log_file_full_path" ] ; then
     logrotate_log_file_full_path="$log_file_path/$log_file_name"
   fi
 
@@ -483,8 +505,8 @@ function install_logrotate () {
   if [ ! -w "$logrotate_dir/$logrotate_filename" ] ; then
     echo "ERROR: logrotate install aborted, as file not writable: $logrotate_dir/$logrotate_filename"
   else
-#Our template..
-  cat << EOF > "$logrotate_dir/$logrotate_filename"
+    # Our template..
+    cat << EOF > "$logrotate_dir/$logrotate_filename"
 # https://eXtremeSHOK.com ######################################################
 # This file contains the logrotate settings for clamav-unofficial-sigs.sh
 ###################
@@ -494,8 +516,8 @@ function install_logrotate () {
 ##################
 #
 # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
-# 
-# Originially based on: 
+#
+# Originially based on:
 # Script provide by Bill Landry (unofficialsigs@gmail.com).
 #
 # License: BSD (Berkeley Software Distribution)
@@ -515,16 +537,16 @@ $logrotate_log_file_full_path {
   missingok
   notifempty
   compress
-  create 0644 $logrotate_user $logrotate_group
+  create 0640 $logrotate_user $logrotate_group
 }
 
 EOF
 
-  fi 
+  fi
   echo "Completed: logrotate installed, as file: $logrotate_dir/$logrotate_filename"
 }
 
-#generates a cron config and installs it
+# Generate a cron config and install it
 function install_cron () {
 
   if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then
@@ -534,20 +556,20 @@ function install_cron () {
 
   echo ""
   echo "Generating cron file for install...."
-  
-  #Use defined varibles or attempt to use default varibles
-  if [ ! -n "$cron_minute" ] ; then
-    cron_minute=$(( ( RANDOM % 59 )  + 1 ));
+
+  # Use defined varibles or attempt to use default varibles
+  if [ -z "$cron_minute" ] ; then
+    cron_minute="$(( ( RANDOM % 59 ) + 1 ))"
   fi
-  if [ ! -n "$cron_user" ] ; then
+  if [ -z "$cron_user" ] ; then
     cron_user="$clam_user";
   fi
-  if [ ! -n "$cron_bash" ] ; then
-    cron_bash=$(which bash)
-  fi  
-  if [ ! -n "$cron_script_full_path" ] ; then
+  if [ -z "$cron_bash" ] ; then
+    cron_bash="$(which bash 2> /dev/null)"
+  fi
+  if [ -z "$cron_script_full_path" ] ; then
     cron_script_full_path="$this_script_full_path"
-  fi  
+  fi
 
   if [ ! -e "$cron_dir/$cron_filename" ] ; then
     mkdir -p "$cron_dir"
@@ -556,8 +578,8 @@ function install_cron () {
   if [ ! -w "$cron_dir/$cron_filename" ] ; then
     echo "ERROR: cron install aborted, as file not writable: $cron_dir/$cron_filename"
   else
-#Our template..
-  cat << EOF > "$cron_dir/$cron_filename"
+    # Our template..
+    cat << EOF > "$cron_dir/$cron_filename"
 # https://eXtremeSHOK.com ######################################################
 # This file contains the cron settings for clamav-unofficial-sigs.sh
 ###################
@@ -567,8 +589,8 @@ function install_cron () {
 ##################
 #
 # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
-# 
-# Originially based on: 
+#
+# Originially based on:
 # Script provide by Bill Landry (unofficialsigs@gmail.com).
 #
 # License: BSD (Berkeley Software Distribution)
@@ -581,7 +603,7 @@ function install_cron () {
 # currently supports updating third-party signature databases provided
 # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc.
 #
-# The script is set to run hourly, at a random minute past the hour, and the 
+# The script is set to run hourly, at a random minute past the hour, and the
 # script itself is set to randomize the actual execution time between
 # 60 - 600 seconds.  To Adjust the cron values, edit your configs and run
 # bash clamav-unofficial-sigs.sh --install-cron to generate a new file.
@@ -592,27 +614,27 @@ $cron_minute * * * * $cron_user [ -x $cron_script_full_path ] && $cron_bash $cro
 
 EOF
 
-  fi 
+  fi
   echo "Completed: cron installed, as file: $cron_dir/$cron_filename"
 }
 
 
-#decode a third-party signature either by signature name
+# Decode a third-party signature either by signature name
 function decode_third_party_signature_by_signature_name () {
   echo ""
   echo "Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or"
   echo "a hexadecimal encoded data string and press enter (do not include '.UNOFFICIAL'"
   echo "in the signature name nor add quote marks to any input string):"
   read -r input
-  input=$(echo "$input" | tr -d "'" | tr -d '"')
+  input="$(echo "$input" | tr -d "'" | tr -d '"')"
   if echo "$input" | $grep_bin "\." > /dev/null ; then
     cd "$clam_dbs" || exit
-    sig=$($grep_bin "$input:" ./*.ndb)
+    sig="$($grep_bin "$input:" ./*.ndb)"
     if [ -n "$sig" ] ; then
-      db_file=$(echo "$sig" | cut -d ':' -f1)
+      db_file="${sig%:*}"
       echo "$input found in: $db_file"
       echo "$input signature decodes to:"
-      echo "$sig" | cut -d ":" -f5 | perl -pe 's/([a-fA-F0-9]{2})|(\{[^}]*\}|\([^)]*\))/defined $2 ? $2 : chr(hex $1)/eg'
+      echo "$sig" | cut -d ":" -f 5 | perl -pe 's/([a-fA-F0-9]{2})|(\{[^}]*\}|\([^)]*\))/defined $2 ? $2 : chr(hex $1)/eg'
     else
       echo "Signature '$input' could not be found."
       echo "This script will only decode ClamAV 'UNOFFICIAL' third-Party,"
@@ -624,7 +646,7 @@ function decode_third_party_signature_by_signature_name () {
   fi
 }
 
-#Hexadecimal encode an entire input string
+# Hexadecimal encode an entire input string
 function hexadecimal_encode_entire_input_string () {
   echo ""
   echo "Input the data string that you want to hexadecimal encode and then press enter.  Do not include"
@@ -634,7 +656,7 @@ function hexadecimal_encode_entire_input_string () {
   echo "$input" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg'
 }
 
-#Hexadecimal encode a formatted input string
+# Hexadecimal encode a formatted input string
 function hexadecimal_encode_formatted_input_string () {
   echo ""
   echo "Input a formated data string containing spacing fields '{}, (), *' that you want to hexadecimal"
@@ -645,40 +667,45 @@ function hexadecimal_encode_formatted_input_string () {
   echo "$input" | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg'
 }
 
-#GPG verify a specific Sanesecurity database file
-function gpg_verify_specific_sanesecurity_database_file () { #databasefile
+# GPG verify a specific Sanesecurity database file
+function gpg_verify_specific_sanesecurity_database_file () { # databasefile
   echo ""
-  if [ "$1" ] ; then
-    db_file=$(echo "$1" | awk -F '/' '{print $NF}')
-    if [ -r "$work_dir_sanesecurity/$db_file" ] ; then
-      echo "GPG signature testing database file: $work_dir_sanesecurity/$db_file"
-      if [ -r "$work_dir_sanesecurity/$db_file".sig ] ; then
-        "$gpg_bin" -q --trust-model always --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file"
-        if [ "$?" != "0" ]; then
-          "$gpg_bin" -q --always-trust --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file"
-          if [ "$?" == "0" ]; then
-            exit 0
+  if [ "$enable_gpg" == "no" ] ; then
+    xshok_pretty_echo_and_log "Notice: GnuPG / signature verification disabled" "-"
+  else
+    if [ "$1" ] ; then
+      db_file="$(echo "$1" | awk -F "/" '{print $NF}')"
+      if [ -r "$work_dir_sanesecurity/$db_file" ] ; then
+        echo "GPG signature testing database file: $work_dir_sanesecurity/$db_file"
+        if [ -r "$work_dir_sanesecurity/$db_file".sig ] ; then
+          "$gpg_bin" -q --trust-model always --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file"
+          if [ $? -ne 0 ]; then
+            "$gpg_bin" -q --always-trust --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file"
+            if [ $? -eq 0 ]; then
+              exit 0
+            else
+              exit 1
+            fi
           else
-            exit 1
+            exit 0
           fi
         else
-          exit 0
+          echo "Signature '${db_file}.sig' cannot be found."
         fi
       else
-        echo "Signature '$db_file.sig' cannot be found."
+        echo "File '$db_file' cannot be found or is not a Sanesecurity database file."
+        echo "Only the following Sanesecurity and OITC databases can be GPG signature tested:"
+        ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_sanesecurity"
       fi
     else
-      echo "File '$db_file' cannot be found or is not a Sanesecurity database file."
-      echo "Only the following Sanesecurity and OITC databases can be GPG signature tested:"
-      ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_sanesecurity"
+      xshok_pretty_echo_and_log "ERROR: Missing value for option" "="
+      exit 1
     fi
-  else
-    xshok_pretty_echo_and_log "ERROR: Missing value for option" "="
     exit 1
   fi
 }
 
-#Output system and configuration information
+# Output system and configuration information
 function output_system_configuration_information () {
   echo ""
   echo "*** SCRIPT VERSION ***"
@@ -691,7 +718,7 @@ function output_system_configuration_information () {
   echo "*** RSYNC LOCATION & VERSION ***"
   echo "$rsync_bin"
   $rsync_bin --version | head -1
-  if [ "$wget_bin" != "" ] ; then
+  if [ -n "$wget_bin" ] ; then
     echo "*** WGET LOCATION & VERSION ***"
     echo "$wget_bin"
     $wget_bin --version | head -1
@@ -700,9 +727,11 @@ function output_system_configuration_information () {
     echo "$curl_bin"
     $curl_bin --version | head -1
   fi
-  echo "*** GPG LOCATION & VERSION ***"
-  echo "$gpg_bin"
-  $gpg_bin --version | head -1
+  if [ "$enable_gpg" == "yes" ] ; then
+    echo "*** GPG LOCATION & VERSION ***"
+    echo "$gpg_bin"
+    $gpg_bin --version | head -1
+  fi
   echo "*** SCRIPT WORKING DIRECTORY INFORMATION ***"
   echo "$work_dir"
   echo "*** CLAMAV DIRECTORY INFORMATION ***"
@@ -720,7 +749,7 @@ function output_system_configuration_information () {
   fi
 }
 
-#Make a signature database from an ascii file
+# Make a signature database from an ascii file
 function make_signature_database_from_ascii_file () {
   echo ""
   echo "
@@ -768,30 +797,30 @@ function make_signature_database_from_ascii_file () {
     echo -n "Enter the source file as /path/filename: "
     read -r source
     if [ -r "$source" ] ; then
-      source_file=$(basename "$source")
+      source_file="$(basename "$source")"
 
       echo "What signature prefix would you like to use?  For example: 'Phish.Domains'"
       echo "will create signatures that looks like: 'Phish.Domains.1:4:*:HexSigHere'"
 
       echo -n "Enter signature prefix: "
       read -r prefix
-      path_file=$(echo "$source" | cut -d "." -f-1 | command sed 's/$/.ndb/')
-      db_file=$(basename "$path_file")
+      path_file="$(echo "$source" | cut -d "." -f -1 | command sed 's/$/.ndb/')"
+      db_file="$(basename "$path_file")"
       rm -f "$path_file"
-      total=$(wc -l "$source" | cut -d " " -f1)
-      line_num=1
+      total="$(wc -l "$source" | cut -d " " -f 1)"
+      line_num="1"
 
       while read -r line ; do
-        line_prefix=$(echo "$line" | awk -F ':' '{print $1}')
-        if [ "$line_prefix" = "-" ] ; then
-          echo "$line" | cut -d ":" -f2- | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
-        elif [ "$line_prefix" = "=" ] ; then
-          echo "$line" | cut -d ":" -f2- | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
+        line_prefix="$(echo "$line" | awk -F ":" '{print $1}')"
+        if [ "$line_prefix" == "-" ] ; then
+          echo "$line" | cut -d ":" -f 2- | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
+        elif [ "$line_prefix" == "=" ] ; then
+          echo "$line" | cut -d ":" -f 2- | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
         else
           echo "$line" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
         fi
         echo "Hexadecimal encoding $source_file line: $line_num of $total"
-        line_num=$((line_num + 1))
+        line_num="$((line_num + 1))"
       done < "$source"
     else
       echo "Source file not found, exiting..."
@@ -835,7 +864,7 @@ function make_signature_database_from_ascii_file () {
   fi
 }
 
-#Remove the clamav-unofficial-sigs script
+# Remove the clamav-unofficial-sigs script
 function remove_script () {
   echo ""
   if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then
@@ -846,7 +875,7 @@ function remove_script () {
     cron_file_full_path="$cron_dir/$cron_filename"
     logrotate_file_full_path="$logrotate_dir/$logrotate_filename"
     man_file_full_path="$man_dir/$man_filename"
-    
+
     echo "This will remove the workdir ($work_dir), logrotate file ($logrotate_file_full_path), cron file ($cron_file_full_path), man file ($man_file_full_path)"
     echo "Are you sure you want to remove the clamav-unofficial-sigs script and all of its associated files, third-party databases, and work directory from the system?"
     if xshok_prompt_confirm ; then
@@ -870,11 +899,11 @@ function remove_script () {
             xshok_is_file "$man_file_full_path" && rm -f "$man_file_full_path"
             echo "     Removed file: $man_file_full_path"
           fi
-          
-          #rather keep the configs
+
+          # Rather keep the configs
           #rm -f -- "$default_config" && echo "     Removed file: $default_config"
           #rm -f -- "$0" && echo "     Removed file: $0"
-          xshok_is_subdir "$work_dir" && rm -rf -- "$work_dir" && echo "     Removed script working directories: $work_dir"
+          xshok_is_subdir "$work_dir" && rm -rf -- "${work_dir:?}" && echo "     Removed script working directories: $work_dir"
 
           echo "  The clamav-unofficial-sigs script and all of its associated files, third-party"
           echo "  databases, and work directories have been successfully removed from the system."
@@ -892,17 +921,17 @@ function remove_script () {
   fi
 }
 
-#Clamscan integrity test a specific database file
-function clamscan_integrity_test_specific_database_file () { #databasefile
+# Clamscan integrity test a specific database file
+function clamscan_integrity_test_specific_database_file () { # databasefile
   echo ""
   if [ "$1" ] ; then
-    input=$(echo "$1" | awk -F '/' '{print $NF}')
-    db_file=$(find "$work_dir" -name "$input")
+    input="$(echo "$1" | awk -F "/" '{print $NF}')"
+    db_file="$(find "$work_dir" -name "$input")"
     if [ -r "$db_file" ] ; then
       echo "Clamscan integrity testing: $db_file"
 
       $clamscan_bin --quiet -d "$db_file" "$work_dir_work_configs/scan-test.txt"
-      if [ "$?" -eq "0" ]; then
+      if [ $? -eq 0 ]; then
         echo "Clamscan reports that '$input' database integrity tested GOOD"
         exit 0
       else
@@ -915,10 +944,10 @@ function clamscan_integrity_test_specific_database_file () { #databasefile
 
       echo "=== Sanesecurity ==="
       ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_sanesecurity"
-      
+
       echo "=== SecuriteInfo ==="
       ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_securiteinfo"
-      
+
       echo "=== MalwarePatrol ==="
       ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_malwarepatrol"
 
@@ -932,21 +961,21 @@ function clamscan_integrity_test_specific_database_file () { #databasefile
       ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_add"
 
       echo "Check the file name and try again..."
-    fi 
+    fi
   else
     xshok_pretty_echo_and_log "ERROR: Missing value for option" "="
     exit 1
   fi
 }
 
-#output names of any third-party signatures that triggered during the HAM directory scan
+# Output names of any third-party signatures that triggered during the HAM directory scan
 function output_signatures_triggered_during_ham_directory_scan () {
   echo ""
   if [ -n "$ham_dir" ] ; then
     if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then
       echo "The following third-party signatures triggered hits during the HAM Directory scan:"
 
-      $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f1
+      $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f 1
     else
       echo "No third-party signatures have triggered hits during the HAM Directory scan."
     fi
@@ -955,7 +984,7 @@ function output_signatures_triggered_during_ham_directory_scan () {
   fi
 }
 
-#Adds a signature whitelist entry in the newer ClamAV IGN2 format
+# Adds a signature whitelist entry in the newer ClamAV IGN2 format
 function add_signature_whitelist_entry () {
   echo ""
   echo "Input a third-party signature name that you wish to whitelist due to false-positives"
@@ -965,9 +994,9 @@ function add_signature_whitelist_entry () {
   read -r input
   if [ -n "$input" ] ; then
     cd "$clam_dbs" || exit
-    input=$(echo "$input" | tr -d "'" | tr -d '"')
-    sig_full=$($grep_bin -H "$input" ./*.*db)
-    sig_name=$(echo "$sig_full" | cut -d ":" -f2)
+    input="$(echo "$input" | tr -d "'" | tr -d '"')"
+    sig_full="$($grep_bin -H "$input" ./*.*db)"
+    sig_name="$(echo "$sig_full" | cut -d ":" -f 2)"
     if [ -n "$sig_name" ] ; then
       if ! $grep_bin "$sig_name" my-whitelist.ign2 > /dev/null 2>&1 ; then
         cp -f my-whitelist.ign2 "$work_dir_work_configs" 2>/dev/null
@@ -977,7 +1006,7 @@ function add_signature_whitelist_entry () {
           if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs" ; then
             perms chown -f "$clam_user:$clam_group" my-whitelist.ign2
 
-            if [ ! -s "$work_dir_work_configs/monitor-ign.txt" ] ; then 
+            if [ ! -s "$work_dir_work_configs/monitor-ign.txt" ] ; then
               # Create "monitor-ign.txt" file for clamscan database integrity testing.
               echo "This is the monitor ignore file..." > "$work_dir_work_configs/monitor-ign.txt"
             fi
@@ -1016,56 +1045,64 @@ function add_signature_whitelist_entry () {
   fi
 }
 
-#Clamscan reload database
+# Clamscan reload database
 function clamscan_reload_dbs () {
   # Reload all clamd databases if updates detected and $reload_dbs" is set to "yes"
-  if [ "$reload_dbs" = "yes" ] ; then
+  if [ "$reload_dbs" == "yes" ] ; then
     if [ "$do_clamd_reload" != "0" ] ; then
-      if [ "$do_clamd_reload" = "1" ] ; then
+      if [ "$do_clamd_reload" == "1" ] ; then
         xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "="
-      elif [ "$do_clamd_reload" = "2" ] ; then
+      elif [ "$do_clamd_reload" == "2" ] ; then
         xshok_pretty_echo_and_log "Database removal(s) detected, reloading ClamAV databases" "="
-      elif [ "$do_clamd_reload" = "3" ] ; then      
+      elif [ "$do_clamd_reload" == "3" ] ; then
         xshok_pretty_echo_and_log "File 'local.ign' has changed, reloading ClamAV databases" "="
-      elif [ "$do_clamd_reload" = "4" ] ; then      
+      elif [ "$do_clamd_reload" == "4" ] ; then
         xshok_pretty_echo_and_log "File 'my-whitelist.ign2' has changed, reloading ClamAV databases" "="
       else
         xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "="
       fi
 
-      if [[ $($clamd_reload_opt 2>&1) = *"ERROR"* ]] ; then
+      if [[ "$($clamd_reload_opt 2>&1)" = *"ERROR"* ]] ; then
         xshok_pretty_echo_and_log "ERROR: Failed to reload, trying again" "-"
         if [ -r "$clamd_pid" ] ; then
-          mypid=$(cat "$clamd_pid")
+          mypid="$(cat "$clamd_pid")"
           kill -USR2 "$mypid"
-          if [ $? -eq  0 ] ; then
+          if [ $? -eq 0 ] ; then
             xshok_pretty_echo_and_log "ClamAV databases Reloaded" "="
           else
             xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" "-"
-            if [ -z "$clamd_restart_opt" ] ; then      
+            if [ -z "$clamd_restart_opt" ] ; then
               xshok_pretty_echo_and_log "WARNING: Check the script's configuration file, 'reload_dbs' enabled but no 'clamd_restart_opt'" "*"
             else
-              $clamd_restart_opt
-              xshok_pretty_echo_and_log "ClamAV Restarted" "="
+              $clamd_restart_opt > /dev/null
+              if [ $? -eq 0 ] ; then
+                xshok_pretty_echo_and_log "ClamAV Restarted" "="
+              else
+                xshok_pretty_echo_and_log "ClamAV NOT Restarted" "-"
+              fi
             fi
           fi
         else
-          xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" "="
-          if [ -z "$clamd_restart_opt" ] ; then      
+          xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" "-"
+          if [ -z "$clamd_restart_opt" ] ; then
             xshok_pretty_echo_and_log "WARNING: Check the script's configuration file, 'reload_dbs' enabled but no 'clamd_restart_opt'" "*"
           else
-            $clamd_restart_opt
-            xshok_pretty_echo_and_log "ClamAV Restarted" "="
+            $clamd_restart_opt > /dev/null
+            if [ $? -eq 0 ] ; then
+              xshok_pretty_echo_and_log "ClamAV Restarted" "="
+            else
+              xshok_pretty_echo_and_log "ClamAV NOT Restarted" "-"
+            fi
           fi
-        fi   
+        fi
       else
         xshok_pretty_echo_and_log "ClamAV databases Reloaded" "="
       fi
-    else   
+    else
       xshok_pretty_echo_and_log "No updates detected, ClamAV databases were not reloaded" "="
     fi
-  else      
-    xshok_pretty_echo_and_log "Database reload has been disabled in the configuration file" "="  
+  else
+    xshok_pretty_echo_and_log "Database reload has been disabled in the configuration file" "="
   fi
 
 }
@@ -1077,17 +1114,17 @@ function check_clamav () {
   if [ -n "$clamd_socket" ] ; then
     if [ -S "$clamd_socket" ] ; then
       if [ "$(perl -e 'use IO::Socket::UNIX; print $IO::Socket::UNIX::VERSION,"\n"' 2>/dev/null)" ] ; then
-        io_socket1=1
-        if [ "$(perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); print $s->getline; $s->close' "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then
-          io_socket2=1
+        io_socket1="1"
+        if [ "$(perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); print $s->getline; $s->close' "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then
+          io_socket2="1"
           xshok_pretty_echo_and_log "ClamD is running" "="
         fi
       else
         socat="$(which socat 2>/dev/null)"
         if [ -n "$socat" ] && [ -x "$socat" ] ; then
-          socket_cat1=1
-          if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then
-            socket_cat2=1
+          socket_cat1="1"
+          if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then
+            socket_cat2="1"
             xshok_pretty_echo_and_log "ClamD is running" "="
           fi
         fi
@@ -1111,7 +1148,7 @@ function check_clamav () {
             else
               if [ -n "$socket_cat1" ] ; then
                 $clamd_restart_opt > /dev/null && sleep 5
-                if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then
+                if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then
                   xshok_pretty_echo_and_log "ClamD was successfully started" "="
                 else
                   xshok_pretty_echo_and_log "ERROR: CLAMD FAILED TO START" "="
@@ -1130,97 +1167,114 @@ function check_clamav () {
   fi
 }
 
-#function to check for a new version
+# Check for a new version
 function check_new_version () {
-  if [ "$wget_bin" != "" ] ; then
-    latest_version="$($wget_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O - 2> /dev/null | $grep_bin  "script""_version=" | cut -d\" -f2)"
+  if [ -n "$wget_bin" ] ; then
+    # shellcheck disable=SC2086
+    latest_version="$($wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O - 2> /dev/null | $grep_bin "script""_version=" | cut -d '"' -f 2)"
   else
-    latest_version="$($curl_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh 2> /dev/null | $grep_bin  "script""_version=" | cut -d\" -f2)"
+    # shellcheck disable=SC2086
+    latest_version="$($curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh 2> /dev/null | $grep_bin "script""_version=" | cut -d '"' -f 2)"
   fi
   if [ "$latest_version" ] ; then
-    if [ ! "$latest_version" == "$script_version" ] ; then
+    if [ "$latest_version" != "$script_version" ] ; then
       xshok_pretty_echo_and_log "New version : v$latest_version @ https://github.com/extremeshok/clamav-unofficial-sigs" "-"
     fi
   fi
 }
 
-#function for help and usage
-##usage: 
+# Check for a new version
+function check_new_config_version () {
+  if [ -n "$wget_bin" ] ; then
+    # shellcheck disable=SC2086
+    latest_config_version="$($wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O - 2> /dev/null | $grep_bin "config_version=" | cut -d '"' -f 2)"
+  else
+    # shellcheck disable=SC2086
+    latest_config_version="$($curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf 2> /dev/null | $grep_bin "config_version=" | cut -d '"' -f 2)"
+  fi
+  if [ "$latest_config_version" ] ; then
+    if [ "$latest_config_version" != "$config_version" ] ; then
+      xshok_pretty_echo_and_log "New configversion : v${latest_config_version} @ https://github.com/extremeshok/clamav-unofficial-sigs" "-"
+    fi
+  fi
+}
+
+# Display help and usage
+# Usage:
 # help_and_usage "1" - enables the man output formatting
 # help_and_usage - normal help output formatting
 function help_and_usage () {
 
   if [ "$1" ] ; then
-    #option_format_start
+    # option_format_start
     ofs="\fB"
-    #option_format_end
+    # option_format_end
     ofe="\fR"
-    #option_format_blankline
+    # option_format_blankline
     ofb=".TP"
-    #option_format_tab_line
+    # option_format_tab_line
     oft=" "
   else
-    #option_format_start
+    # option_format_start
     ofs="${BOLD}"
-    #option_format_end
+    # option_format_end
     ofe="${NORM}\t"
-    #option_format_blankline
+    # option_format_blankline
     ofb="\n"
-    #option_format_tab_line
+    # option_format_tab_line
     oft="\n\t"
   fi
 
-helpcontents=$(cat << EOF
+  helpcontents="$(cat << EOF
 $ofs Usage: $(basename "$0") $ofe [OPTION] [PATH|FILE]
 $ofb
 $ofs -c, --config $ofe Use a specific configuration file or directory $oft eg: '-c /your/dir' or ' -c /your/file.name'  $oft Note: If a directory is specified the directory must contain atleast:  $oft master.conf, os.conf or user.conf $oft Default Directory: $config_dir
-$ofb 
+$ofb
 $ofs -F, --force $ofe Force all databases to be downloaded, could cause ip to be blocked
-$ofb 
+$ofb
 $ofs -h, --help $ofe Display this script's help and usage information
-$ofb 
+$ofb
 $ofs -V, --version $ofe Output script version and date information
-$ofb 
+$ofb
 $ofs -v, --verbose $ofe Be verbose, enabled when not run under cron
-$ofb 
+$ofb
 $ofs -s, --silence $ofe Only output error messages, enabled when run under cron
-$ofb 
+$ofb
 $ofs -d, --decode-sig $ofe Decode a third-party signature either by signature name $oft (eg: Sanesecurity.Junk.15248) or hexadecimal string. $oft This flag will 'NOT' decode image signatures
-$ofb 
+$ofb
 $ofs -e, --encode-string $ofe Hexadecimal encode an entire input string that can $oft be used in any '*.ndb' signature database file
-$ofb 
+$ofb
 $ofs -f, --encode-formatted $ofe Hexadecimal encode a formatted input string containing $oft signature spacing fields '{}, (), *', without encoding $oft the spacing fields, so that the encoded signature $oft can be used in any '*.ndb' signature database file
-$ofb 
+$ofb
 $ofs -g, --gpg-verify $ofe GPG verify a specific Sanesecurity database file $oft eg: '-g filename.ext' (do not include file path)
-$ofb 
+$ofb
 $ofs -i, --information $ofe Output system and configuration information for $oft viewing or possible debugging purposes
-$ofb 
+$ofb
 $ofs -m, --make-database $ofe Make a signature database from an ascii file containing $oft data strings, with one data string per line.  Additional $oft information is provided when using this flag
-$ofb 
+$ofb
 $ofs -t, --test-database $ofe Clamscan integrity test a specific database file $oft eg: '-t filename.ext' (do not include file path)
-$ofb 
+$ofb
 $ofs -o, --output-triggered $ofe If HAM directory scanning is enabled in the script's $oft configuration file, then output names of any third-party $oft signatures that triggered during the HAM directory scan
-$ofb 
+$ofb
 $ofs -w, --whitelist $ofe Adds a signature whitelist entry in the newer ClamAV IGN2 $oft format to 'my-whitelist.ign2' in order to temporarily resolve $oft a false-positive issue with a specific third-party signature. $oft Script added whitelist entries will automatically be removed $oft if the original signature is either modified or removed from $oft the third-party signature database
-$ofb 
+$ofb
 $ofs --check-clamav $ofe If ClamD status check is enabled and the socket path is correctly $oft specifiedthen test to see if clamd is running or not
-$ofb 
+$ofb
 $ofs --install-all $ofe Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files
 $ofb
 $ofs --install-cron $ofe Install and generate the cron file, autodetects the values $oft based on your config files
-$ofb 
+$ofb
 $ofs --install-logrotate $ofe Install and generate the logrotate file, autodetects the $oft values based on your config files
-$ofb 
+$ofb
 $ofs --install-man $ofe Install and generate the man file, autodetects the $oft values based on your config files
-$ofb 
+$ofb
 $ofs --remove-script $ofe Remove the clamav-unofficial-sigs script and all of $oft its associated files and databases from the system
-$ofb 
+$ofb
 EOF
-  ) #this is very important...
-
-  if [ "$1" ] ; then
-    echo "${helpcontents//-/\\-}"
-  else
+  )" # This is very important
+if [ "$1" ] ; then
+  echo "${helpcontents//-/\\-}"
+else
     echo -e "$helpcontents"
   fi
 }
@@ -1229,17 +1283,17 @@ EOF
 # MAIN PROGRAM
 ################################################################################
 
-#Script Info
-script_version="5.4.1"
-script_version_date="20 July 2016"
-minimum_required_config_version="65"
+# Script Info
+script_version="5.6.2"
+script_version_date="2017-03-19"
+minimum_required_config_version="72"
 minimum_yara_clamav_version="0.99"
 
-#default config files
+# Default config files
 config_dir="/etc/clamav-unofficial-sigs"
-config_files=("$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf")
+config_files=( "$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf" )
 
-#Initialise 
+# Initialise
 config_version="0"
 do_clamd_reload="0"
 comment_silence="no"
@@ -1249,59 +1303,67 @@ enable_log="no"
 custom_config="no"
 we_have_a_config="0"
 
-## Solaris which function returns garbage when the program is not found
-## only define the new which function if running under Solaris
-if [ "$(uname -s)" = "SunOS" ] ; then
+# Solaris which function returns garbage when the program is not found
+# only define the new which function if running under Solaris
+if [ "$(uname -s)" == "SunOS" ] ; then
   which () {
-    # use the switch -p to ignore ksh internal commands
+    # Use the switch -p to ignore ksh internal commands
     ksh whence -p "$@"
   }
 fi
 
-#Default Binaries & Commands
-clamd_reload_opt="clamdscan --reload"
-uname_bin=$(which uname)
-clamscan_bin=$(which clamscan)
-rsync_bin=$(which rsync)
-#detect support for wget
+# Default Binaries & Commands
+uname_bin="$(which uname 2> /dev/null)"
+clamscan_bin="$(which clamscan 2> /dev/null)"
+rsync_bin="$(which rsync 2> /dev/null)"
+# Detect support for wget
 if [ -x /usr/sfw/bin/wget ] ; then
   wget_bin="/usr/sfw/bin/wget"
 else
-  wget_bin=$(which wget)
+  wget_bin="$(which wget 2> /dev/null)"
 fi
-if [ "$wget_bin" == "" ] ; then
-  curl_bin=$(which curl)
+if [ -z "$wget_bin" ] ; then
+  curl_bin="$(which curl 2> /dev/null)"
+  if [ -z "$curl_bin" ] ; then
+    xshok_pretty_echo_and_log "ERROR: both wget and curl commands are missing, One of them is required" "="
+    exit 1
+  fi
 fi
-#detect supprot for gnu grep
+
+# Detect supprot for gnu grep
 if [ -x /usr/gnu/bin/grep ] ; then
   grep_bin="/usr/gnu/bin/grep"
 else
-  grep_bin=$(which grep)
-fi
-if [ -x /opt/csw/bin/gpg ] ; then
-  gpg_bin="/opt/csw/bin/gpg"
-else
-  gpg_bin=$(which gpg)
+  grep_bin="$(which grep 2> /dev/null)"
 fi
-if [ "$gpg_bin" == "" ] ; then
-  gpg_bin=$(which gpg2)
+
+dig_bin="$(which dig 2> /dev/null)"
+if [ -z "$dig_bin" ] ; then
+  host_bin="$(which host 2> /dev/null)"
+  if [ -z "$host_bin" ] ; then
+    xshok_pretty_echo_and_log "ERROR: both dig and host commands are missing, One of them is required" "="
+    exit 1
+  fi
 fi
 
-#Detect if terminal
+
+
+
+# Detect if terminal
 if [ -t 1 ] ; then
-  #Set fonts
-  ##Usage: echo "${BOLD}-a${NORM}"
-  BOLD=$(tput bold)
+  # Set fonts
+  # Usage: echo "${BOLD}-a${NORM}"
+  BOLD="$(tput bold)"
   #REV=$(tput smso)
-  NORM=$(tput sgr0)
-  #Verbose
+  NORM="$(tput sgr0)"
+  # Verbose
   force_verbose="yes"
 else
-  #Null Fonts
-  BOLD=''
-  #REV=''
-  NORM=''
-  #silence
+  # Null fonts
+  BOLD=""
+  #REV=""
+  NORM=""
+  # Silence
   force_verbose="no"
 fi
 
@@ -1309,23 +1371,23 @@ fi
 # Generic command line options
 while true ; do
   case "$1" in
-    -c | --config ) xshok_check_s2 "$2"; custom_config="$2"; shift 2; break ;;
-    -F | --force ) force_updates="yes"; shift 1; break ;;
-    -v | --verbose ) force_verbose="yes"; shift 1; break ;;
-    -s | --silence ) force_verbose="no"; shift 1; break ;;
-    * ) break ;;
+    -c|--config) xshok_check_s2 "$2"; custom_config="$2"; shift 2; break ;;
+    -F|--force) force_updates="yes"; shift 1; break ;;
+    -v|--verbose) force_verbose="yes"; shift 1; break ;;
+    -s|--silence) force_verbose="no"; shift 1; break ;;
+    *) break ;;
   esac
 done
 
-#Set the verbosity
+# Set the verbosity
 if [ "$force_verbose" == "yes" ] ; then
-  #verbose
+  # Verbose
   downloader_silence="no"
   rsync_silence="no"
   gpg_silence="no"
   comment_silence="no"
 else
-  #silence
+  # Silence
   downloader_silence="yes"
   rsync_silence="yes"
   gpg_silence="yes"
@@ -1342,65 +1404,83 @@ xshok_pretty_echo_and_log "" "#" "80"
 # Generic command line options
 while true ; do
   case "$1" in
-    -h | --help ) help_and_usage; exit; break ;;
-    -V | --version ) exit; break ;;
-    * ) break ;;
+    -h|--help) help_and_usage; exit ;;
+    -V|--version) exit ;;
+    *) break ;;
   esac
 done
 
-## CONFIG LOADING AND ERROR CHECKING ##############################################
+# CONFIG LOADING AND ERROR CHECKING ##############################################
 if [ "$custom_config" != "no" ] ; then
   if [ -d "$custom_config" ] ; then
     # Assign the custom config dir and remove trailing / (removes / and //)
-    config_dir=$(echo "$custom_config" | sed 's:/*$::')
-    config_files=("$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf")
+    shopt -s extglob; custom_config="${custom_config%%+(/)}"
+    config_files=( "$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf" )
   else
-    config_files=("$custom_config")
+    config_files=( "$custom_config" )
   fi
 fi
 
 for config_file in "${config_files[@]}" ; do
-  if [ -r "$config_file" ] ; then #exists and readable
+  if [ -r "$config_file" ] ; then # Exists and readable
     we_have_a_config="1"
-    #config stripping
+    # Config stripping
     xshok_pretty_echo_and_log "Loading config: $config_file" "="
 
-   
-
-    if [ "$(uname -s)" = "SunOS" ] ; then
-      #Solaris FIXES only, i had issues with running with a single command..
-      clean_config=$(command sed -e '/^#.*/d' "$config_file") # comment line
-      clean_config=$(echo "$clean_config" | sed -e 's/#[[:space:]].*//') # comment line (duplicated)
-      clean_config=$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//') #comments at end of line
-      clean_config=$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//') #trailing and leading whitespace
-      clean_config=$(echo "$clean_config" | sed -e '/^\s*$/d') #blank lines
-    else 
-      # delete lines beginning with #
-      # delete from ' #' to end of the line
-      # delete from '# ' to end of the line
-      # delete both trailing and leading whitespace
-      # delete all trailing whitespace
-      # delete all empty lines
-      clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file")
+
+
+    if [ "$(uname -s)" == "SunOS" ] ; then
+      # Solaris FIXES only, i had issues with running with a single command..
+      clean_config="$(command sed -e '/^#.*/d' "$config_file")" # Comment line
+      #clean_config="$(echo "$clean_config" | sed -e 's/#[[:space:]].*//')" # Comment line (duplicated)
+      clean_config=${clean_config//\#*/} # Comment line (duplicated)
+      clean_config="$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line
+      #clean_config="$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//')" # trailing and leading whitespace
+      clean_config="$(echo "$clean_config" | xargs)"
+      clean_config="$(echo "$clean_config" | sed -e '/^\s*$/d')" # Blank lines
+
+    elif [ "$(uname -s)" == "Darwin" ] ; then
+      # MacOS / OS X fixes, had issues with running with a single command and with SunOS work around..
+      clean_config="$(command sed -e '/^#.*/d' "$config_file")" # Comment line
+      clean_config="$(echo "$clean_config" | sed -e 's/#[[:space:]].*//')" # Comment line (duplicated)
+      clean_config="$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line
+      #clean_config="$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//')" # trailing and leading whitespace
+      #clean_config="$(echo "$clean_config" | xargs)"
+      clean_config="$(echo "$clean_config" | sed -e '/^\s*$/d')" # Blank lines
+
+    else
+      # Delete lines beginning with #
+      # Delete from " #" to end of the line
+      # Delete from "# " to end of the line
+      # Delete both trailing and leading whitespace
+      # Delete all trailing whitespace
+      # Delete all empty lines
+      clean_config="$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file")"
     fi
-    
-    ### config error checking
-    # check "" are an even number
+
+    #fix eval of |
+    clean_config="${clean_config//|/\\|}"
+
+    # Config error checking
+    # Check "" are an even number
     config_check="${clean_config//[^\"]}"
-    if [ $(( ${#config_check} % 2)) -eq 1 ] ; then 
-      xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every \" requires a closing \"" "="     
+    if [ "$(( ${#config_check} % 2 ))" -eq 1 ] ; then
+      xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every \" requires a closing \"" "="
       exit 1
     fi
 
-    # check there is an = for every set of "" #optional whitespace \s* between = and "
-    config_check_vars=$(echo "$clean_config" | $grep_bin -c '=\s*\"' )
+    # Check there is an = for every set of "" optional whitespace \s* between = and "
+    config_check_vars="$(echo "$clean_config" | $grep_bin -c '=\s*\"' )"
 
-    if [ $(( ${#config_check} / 2)) -ne "$config_check_vars" ] ; then 
-      xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" "="    
+    if [ $(( ${#config_check} / 2 )) -ne "$config_check_vars" ] ; then
+      xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" "="
       exit 1
     fi
 
-    #config loading
+    # backslash pipe
+    #clean_config="${clean_config//|/\|}"
+
+    # Config loading
     for i in "${clean_config[@]}" ; do
       eval "$(echo "${i}" | command sed -e 's/[[:space:]]*$//' 2> /dev/null)"
     done
@@ -1408,29 +1488,29 @@ for config_file in "${config_files[@]}" ; do
 done
 
 
-
 # Assign the log_file_path earlier and remove trailing / (removes / and //)
-log_file_path=$(echo "$log_file_path" | sed 's:/*$::')
-#Only start logging once all the configs have been loaded
+shopt -s extglob; log_file_path="${log_file_path%%+(/)}"
+# Only start logging once all the configs have been loaded
 if [ "$logging_enabled" == "yes" ] ; then
   enable_log="yes"
 fi
 
-## Make sure we have a readable config file
+# Make sure we have a readable config file
 if [ "$we_have_a_config" == "0" ] ; then
   xshok_pretty_echo_and_log "ERROR: Config file/s could NOT be read/loaded" "="
+  xshok_pretty_echo_and_log "Note: Possible fix would be to checkl the config dir $config_dir exists and contains config files"
   exit 1
 fi
 
-#prevent some issues with an incomplete or only a user.conf being loaded
-if [ $config_version  == "0" ] ; then
+# Prevent some issues with an incomplete or only a user.conf being loaded
+if [ "$config_version" == "0" ] ; then
   xshok_pretty_echo_and_log "ERROR: Config file/s are missing important contents" "="
   xshok_pretty_echo_and_log "Note: Possible fix would be to point the script to the dir with the configs"
   exit 1
 fi
 
-#config version validation
-if [ $config_version -lt $minimum_required_config_version ] ; then
+# Config version validation
+if [ "$config_version" -lt "$minimum_required_config_version" ] ; then
   xshok_pretty_echo_and_log "ERROR: Your config version $config_version is not compatible with the min required version $minimum_required_config_version" "="
   exit 1
 fi
 # Check to see if the script's "USER CONFIGURATION FILE" has been completed.
 if [ "$user_configuration_complete" != "yes" ] ; then
   xshok_pretty_echo_and_log "WARNING: SCRIPT CONFIGURATION HAS NOT BEEN COMPLETED" "*"
-  xshok_pretty_echo_and_log "Please review the script configuration files."
+  xshok_pretty_echo_and_log "Please review the script configuration files"
+  xshok_pretty_echo_and_log "and uncomment the following line in user.conf"
+  xshok_pretty_echo_and_log "#user_configuration_complete=\"yes\""
   exit 1
 fi
 
 # Assign the directories and remove trailing / (removes / and //)
-work_dir=$(echo "$work_dir" | sed 's:/*$::')
+shopt -s extglob; work_dir="${work_dir%%+(/)}"
 
-#Allow overriding of all the individual workdirs, this is mainly to aid package maintainers
-if [ ! -n "$work_dir_sanesecurity" ] ; then
-  work_dir_sanesecurity=$(echo "$work_dir/$sanesecurity_dir" | sed 's:/*$::')
+# Allow overriding of all the individual workdirs, this is mainly to aid package maintainers
+if [ -z "$work_dir_sanesecurity" ] ; then
+  work_dir_sanesecurity="$(echo "$work_dir/$sanesecurity_dir" | sed 's:/*$::')"
 else
-  work_dir_sanesecurity=$(echo "$work_dir_sanesecurity" | sed 's:/*$::')
+  shopt -s extglob; work_dir_sanesecurity="${work_dir_sanesecurity%%+(/)}"
 fi
-if [ ! -n "$work_dir_securiteinfo" ] ; then
-  work_dir_securiteinfo=$(echo "$work_dir/$securiteinfo_dir" | sed 's:/*$::')
+if [ -z "$work_dir_securiteinfo" ] ; then
+  work_dir_securiteinfo="$(echo "$work_dir/$securiteinfo_dir" | sed 's:/*$::')"
 else
-  work_dir_securiteinfo=$(echo "$work_dir_securiteinfo" | sed 's:/*$::')
+  shopt -s extglob; work_dir_securiteinfo="${work_dir_securiteinfo%%+(/)}"
 fi
-if [ ! -n "$work_dir_linuxmalwaredetect" ] ; then
-  work_dir_linuxmalwaredetect=$(echo "$work_dir/$linuxmalwaredetect_dir" | sed 's:/*$::')
+if [ -z "$work_dir_linuxmalwaredetect" ] ; then
+  work_dir_linuxmalwaredetect="$(echo "$work_dir/$linuxmalwaredetect_dir" | sed 's:/*$::')"
 else
-  work_dir_linuxmalwaredetect=$(echo "$work_dir_linuxmalwaredetect" | sed 's:/*$::')
+  shopt -s extglob; work_dir_malwarepatrol="${work_dir_malwarepatrol%%+(/)}"
 fi
-if [ ! -n "$work_dir_malwarepatrol" ] ; then
-  work_dir_malwarepatrol=$(echo "$work_dir/$malwarepatrol_dir" | sed 's:/*$::')
+if [ -z "$work_dir_malwarepatrol" ] ; then
+  work_dir_malwarepatrol="$(echo "$work_dir/$malwarepatrol_dir" | sed 's:/*$::')"
 else
-  work_dir_malwarepatrol=$(echo "$work_dir_malwarepatrol" | sed 's:/*$::')
+  shopt -s extglob; work_dir_malwarepatrol="${work_dir_malwarepatrol%%+(/)}"
 fi
-if [ ! -n "$work_dir_yararulesproject" ] ; then
-  work_dir_yararulesproject=$(echo "$work_dir/$yararulesproject_dir" | sed 's:/*$::')
+if [ -z "$work_dir_yararulesproject" ] ; then
+  work_dir_yararulesproject="$(echo "$work_dir/$yararulesproject_dir" | sed 's:/*$::')"
 else
-  work_dir_yararulesproject=$(echo "$work_dir_yararulesproject" | sed 's:/*$::')
+  shopt -s extglob; work_dir_yararulesproject="${work_dir_yararulesproject%%+(/)}"
 fi
-if [ ! -n "$work_dir_add" ] ; then
-  work_dir_add=$(echo "$work_dir/$add_dir" | sed 's:/*$::')
+if [ -z "$work_dir_add" ] ; then
+  work_dir_add="$(echo "$work_dir/$add_dir" | sed 's:/*$::')"
 else
-  work_dir_add=$(echo "$work_dir_add" | sed 's:/*$::')
+  shopt -s extglob; work_dir_add="${work_dir_add%%+(/)}"
 fi
-if [ ! -n "$work_dir_work_configs" ] ; then
-  work_dir_work_configs=$(echo "$work_dir/$work_dir_configs" | sed 's:/*$::')
+if [ -z "$work_dir_work_configs" ] ; then
+  work_dir_work_configs="$(echo "$work_dir/$work_dir_configs" | sed 's:/*$::')"
 else
-  work_dir_work_configs=$(echo "$work_dir_work_configs" | sed 's:/*$::')
+  shopt -s extglob; work_dir_work_configs="${work_dir_work_configs%%+(/)}"
 fi
-if [ ! -n "$work_dir_gpg" ] ; then
-  work_dir_gpg=$(echo "$work_dir/$gpg_dir" | sed 's:/*$::')
+if [ -z "$work_dir_gpg" ] ; then
+  work_dir_gpg="$(echo "$work_dir/$gpg_dir" | sed 's:/*$::')"
 else
-  work_dir_gpg=$(echo "$work_dir_gpg" | sed 's:/*$::')
+  shopt -s extglob; work_dir_gpg="${work_dir_gpg%%+(/)}"
 fi
 
-if [ ! -n "$work_dir_pid" ] ; then
-  work_dir_pid=$(echo "$work_dir/$pid_dir" | sed 's:/*$::')
+if [ -z "$work_dir_pid" ] ; then
+  work_dir_pid="$(echo "$work_dir/$pid_dir" | sed 's:/*$::')"
 else
-  work_dir_pid=$(echo "$work_dir_pid" | sed 's:/*$::')
+  shopt -s extglob; work_dir_pid="${work_dir_pid%%+(/)}"
 fi
 
 # Assign defaults if not defined
-if [ ! -n "$cron_dir" ] ; then
+if [ -z "$cron_dir" ] ; then
   cron_dir="/etc/cron.d"
 fi
-cron_dir=$(echo "$cron_dir" | sed 's:/*$::')
-if [ ! -n "$cron_filename" ] ; then
+shopt -s extglob; cron_dir="${cron_dir%%+(/)}"
+if [ -z "$cron_filename" ] ; then
   cron_filename="clamav-unofficial-sigs"
 fi
-if [ ! -n "$logrotate_dir" ] ; then
+if [ -z "$logrotate_dir" ] ; then
   logrotate_dir="/etc/logrotate.d"
 fi
-logrotate_dir=$(echo "$logrotate_dir" | sed 's:/*$::')
-if [ ! -n "$logrotate_filename" ] ; then
+shopt -s extglob; logrotate_dir="${logrotate_dir%%+(/)}"
+if [ -z "$logrotate_filename" ] ; then
   logrotate_filename="clamav-unofficial-sigs"
-fi  
-if [ ! -n "$man_dir" ] ; then
+fi
+if [ -z "$man_dir" ] ; then
   man_dir="/usr/share/man/man8"
 fi
-man_dir=$(echo "$man_dir" | sed 's:/*$::')
-if [ ! -n "$man_filename" ] ; then
+shopt -s extglob; man_dir="${man_dir%%+(/)}"
+if [ -z "$man_filename" ] ; then
   man_filename="clamav-unofficial-sigs.8"
-fi  
-if [ ! -n "$man_log_file_full_path" ] ; then
+fi
+if [ -z "$man_log_file_full_path" ] ; then
   man_log_file_full_path="$log_file_path/$log_file_name"
 fi
+# dont assign , but remove trailing /
+shopt -s extglob; clam_dbs="${clam_dbs%%+(/)}"
 
-### SANITY checks
-#Check default Binaries & Commands are defined
-if [ "$clamd_reload_opt" == "" ] ; then
-  xshok_pretty_echo_and_log "ERROR: Missing clamd_reload_opt" "="
-  exit 1
+# SANITY checks
+# Check default Binaries & Commands are defined
+if [ "$reload_dbs" == "yes" ] ; then
+  if [ -z "$clamd_reload_opt" ] ; then
+    xshok_pretty_echo_and_log "ERROR: Missing clamd_reload_opt" "="
+    exit 1
+  fi
 fi
-if [ "$uname_bin" == "" ] ; then
+if [ -z "$uname_bin" ] ; then
   xshok_pretty_echo_and_log "ERROR: uname (uname_bin) not found" "="
   exit 1
 fi
-if [ "$clamscan_bin" == "" ] ; then
+if [ -z "$clamscan_bin" ] ; then
   xshok_pretty_echo_and_log "ERROR: clamscan binary (clamscan_bin) not found" "="
   exit 1
 fi
-if [ "$rsync_bin" == "" ] ; then
+if [ -z "$rsync_bin" ] ; then
   xshok_pretty_echo_and_log "ERROR: rsync binary (rsync_bin) not found" "="
   exit 1
 fi
-if [ "$wget_bin" == "" ] ; then
-  if [ "$curl_bin" == "" ] ; then
+if [ -z "$wget_bin" ] ; then
+  if [ -z "$curl_bin" ] ; then
     xshok_pretty_echo_and_log "ERROR: wget and curl binaries not found, script requires either wget or curl" "="
     exit 1
   fi
 fi
-if [ "$gpg_bin" == "" ] ; then
-  xshok_pretty_echo_and_log "ERROR: gpg binary (gpg_bin) not found" "="
-  exit 1
+# Check if GPG is enabled and the binary is found
+if [ "$enable_gpg" == "yes" ] ; then
+  if [ -z "$gpg_bin" ] ; then
+    if [ -x /opt/csw/bin/gpg ] ; then
+      gpg_bin="/opt/csw/bin/gpg"
+    else
+      gpg_bin="$(which gpg 2> /dev/null)"
+    fi
+    if [ -z "$gpg_bin" ] ; then
+      gpg_bin="$(which gpg2 2> /dev/null)"
+    fi
+  fi
+  if [ -z "$gpg_bin" ] ; then
+    enable_gpg="no"
+  fi
+  if [ ! -x "$gpg_bin" ] ; then
+    enable_gpg="no"
+  fi
 fi
-#Check default directories are defined
-if [ "$work_dir" == "" ] ; then
+if [ "$enable_gpg" != "yes" ] ; then
+  xshok_pretty_echo_and_log "Notice: GnuPG / signature verification disabled" "-"
+fi
+# Check default directories are defined
+if [ -z "$work_dir" ] ; then
   xshok_pretty_echo_and_log "ERROR: working directory (work_dir) not defined" "="
   exit 1
 fi
+if [ -z "$clam_dbs" ] ; then
+  xshok_pretty_echo_and_log "ERROR: clam database directory (clam_dbs) not defined" "="
+  exit 1
+fi
+# Check default directories are writable
+if [ -e "$work_dir" ] ; then
+  if [ ! -w "$work_dir" ] ; then
+    xshok_pretty_echo_and_log "ERROR: working directory (work_dir) not writable $work_dir" "="
+    exit 1
+  fi
+fi
+if [ ! -w "$clam_dbs" ] ; then
+  xshok_pretty_echo_and_log "ERROR: clam database directory (clam_dbs) not writable $clam_dbs" "="
+  exit 1
+fi
 
 # Reset the update timers to force a full update.
 if [ "$force_updates" == "yes" ] ; then
-  xshok_pretty_echo_and_log "Force Updates: enabled" 
-  sanesecurity_update_hours="0"    
+  xshok_pretty_echo_and_log "Force Updates: enabled"
+  sanesecurity_update_hours="0"
   securiteinfo_update_hours="0"
   linuxmalwaredetect_update_hours="0"
   malwarepatrol_update_hours="0"
@@ -1570,18 +1689,18 @@ if [ "$enable_locking" == "yes" ] ; then
   xshok_mkdir_ownership "$work_dir_pid"
   pid_file_fullpath="$work_dir_pid/clamav-unofficial-sigs.pid"
   if [ -f "$pid_file_fullpath" ] ; then
-    pid_file_pid=$(cat "$pid_file_fullpath")
+    pid_file_pid="$(cat "$pid_file_fullpath")"
     ps -p "$pid_file_pid" > /dev/null 2>&1
-    if [ $? -eq 0 ] ; then 
+    if [ $? -eq 0 ] ; then
       xshok_pretty_echo_and_log "ERROR: Only one instance can run at the same time." "="
       exit 1
     else
       xshok_create_pid_file "$pid_file_fullpath"
     fi
   else
-      xshok_create_pid_file "$pid_file_fullpath"
+    xshok_create_pid_file "$pid_file_fullpath"
   fi
-  # run this wehen the script exits
+  # Run this wehen the script exits
   trap -- "rm -f $pid_file_fullpath" EXIT
 fi
 
@@ -1592,24 +1711,24 @@ if ! xshok_user_group_exists "$clam_user" "$clam_group" ; then
 fi
 
 # Silence rsync output and only report errors - useful if script is run via cron.
-if [ "$rsync_silence" = "yes" ] ; then
+if [ "$rsync_silence" == "yes" ] ; then
   rsync_output_level="--quiet"
 else
   rsync_output_level="--progress"
 fi
 
-# If the local rsync client supports the '--no-motd' flag, then enable it.
-if $rsync_bin --help | $grep_bin 'no-motd' > /dev/null ; then
+# If the local rsync client supports the "--no-motd" flag, then enable it.
+if $rsync_bin --help | $grep_bin -q "no-motd" > /dev/null ; then
   no_motd="--no-motd"
 fi
 
-# If the local rsync client supports the '--contimeout' flag, then enable it.
-if $rsync_bin --help | $grep_bin 'contimeout' > /dev/null ; then
+# If the local rsync client supports the "--contimeout" flag, then enable it.
+if $rsync_bin --help | $grep_bin -q "contimeout" > /dev/null ; then
   connect_timeout="--contimeout=$rsync_connect_timeout"
 fi
 
 # Silence wget output and only report errors - useful if script is run via cron.
-if [ "$downloader_silence" = "yes" ] ; then
+if [ "$downloader_silence" == "yes" ] ; then
   wget_output_level="--quiet" #--quiet
   curl_output_level="--silent --show-error"
 else
@@ -1617,8 +1736,8 @@ else
   curl_output_level=""
 fi
 
-#suppress ssl warnings
-if [ "$downloader_ignore_ssl" = "yes" ] ; then
+# Suppress ssl warnings
+if [ "$downloader_ignore_ssl" == "yes" ] ; then
   wget_insecure="--no-check-certificate"
   curl_insecure="--insecure"
 else
@@ -1628,10 +1747,10 @@ fi
 
 # This scripts name and path
 this_script_name="$(basename "$0")"
-this_script_path="$( cd "$(dirname "$0")" ; pwd -P )"
+this_script_path="$( cd "$(dirname "$0")" || exit ; pwd -P )"
 this_script_full_path="$this_script_path/$this_script_name"
 
-#set the script to 755 permissions
+# Set the script to 755 permissions
 if xshok_is_root ; then
   if [ "$setmode" == "yes" ] ; then
     if [ ! -x "$this_script_path/$this_script_name" ] ; then
@@ -1640,7 +1759,7 @@ if xshok_is_root ; then
     fi
   fi
 else
-  #disable setmode
+  # Disable setmode
   setmode="no"
 fi
 
@@ -1650,22 +1769,22 @@ fi
 
 while true; do
   case "$1" in
-    -d | --decode-sig ) decode_third_party_signature_by_signature_name; exit; break ;;
-    -e | --encode-string ) hexadecimal_encode_entire_input_string; exit; break ;;
-    -f | --encode-formatted ) hexadecimal_encode_formatted_input_string; exit; break ;;
-    -g | --gpg-verify ) xshok_check_s2 "$2"; gpg_verify_specific_sanesecurity_database_file "$2"; exit; break ;;
-    -i | --information ) output_system_configuration_information; exit; break ;;
-    -m | --make-database ) make_signature_database_from_ascii_file; exit; break ;;
-    -t | --test-database ) xshok_check_s2 "$2"; clamscan_integrity_test_specific_database_file "$2"; exit; break ;;
-    -o | --output-triggered ) output_signatures_triggered_during_ham_directory_scan; exit; break ;;
-    -w | --whitelist ) add_signature_whitelist_entry; exit; break ;;
-    --check-clamav ) check_clamav; exit; break ;;
-    --install-all ) install_cron; install_logrotate; install_man; exit; break ;;
-    --install-cron ) install_cron; exit; break ;;
-    --install-logrotate ) install_logrotate; exit; break ;;
-    --install-man ) install_man; exit; break ;;
-    --remove-script ) remove_script; exit; break ;;
-    * ) break ;;
+    -d|--decode-sig) decode_third_party_signature_by_signature_name; exit ;;
+    -e|--encode-string) hexadecimal_encode_entire_input_string; exit ;;
+    -f|--encode-formatted) hexadecimal_encode_formatted_input_string; exit ;;
+    -g|--gpg-verify) xshok_check_s2 "$2"; gpg_verify_specific_sanesecurity_database_file "$2"; exit ;;
+    -i|--information) output_system_configuration_information; exit ;;
+    -m|--make-database) make_signature_database_from_ascii_file; exit ;;
+    -t|--test-database) xshok_check_s2 "$2"; clamscan_integrity_test_specific_database_file "$2"; exit ;;
+    -o|--output-triggered) output_signatures_triggered_during_ham_directory_scan; exit ;;
+    -w|--whitelist) add_signature_whitelist_entry; exit ;;
+    --check-clamav) check_clamav; exit ;;
+    --install-all) install_cron; install_logrotate; install_man; exit ;;
+    --install-cron) install_cron; exit ;;
+    --install-logrotate) install_logrotate; exit ;;
+    --install-man) install_man; exit ;;
+    --remove-script) remove_script; exit ;;
+    *) break ;;
   esac
 done
 
@@ -1673,10 +1792,10 @@ xshok_pretty_echo_and_log "Preparing Databases" "="
 
 # Check yararule support is available
 if [ "$enable_yararules" == "yes" ] ; then
-  current_clamav_version=$($clamscan_bin -V | cut -d " " -f2 | cut -d "/" -f1 | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')
-  minimum_yara_clamav_version=$(echo "$minimum_yara_clamav_version" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')
-  #Check current clamav version against the minimum required version for yara support
-  if [ "$current_clamav_version" -lt "$minimum_yara_clamav_version" ] ; then #older
+  current_clamav_version="$($clamscan_bin -V | cut -d " " -f 2 | cut -d "/" -f 1 | awk -F "." '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')"
+  minimum_yara_clamav_version="$(echo "$minimum_yara_clamav_version" | awk -F "." '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')"
+  # Check current clamav version against the minimum required version for yara support
+  if [ "$current_clamav_version" -le "$minimum_yara_clamav_version" ] ; then # Older
     yararulesproject_enabled="no"
     enable_yararules="no"
     xshok_pretty_echo_and_log "Notice: Yararules Disabled due to clamav being older than the minimum required version"
@@ -1690,37 +1809,45 @@ fi
 if [ "$sanesecurity_enabled" == "yes" ] ; then
   if [ -n "$sanesecurity_dbs" ] ; then
     if [ -n "$sanesecurity_dbs_rating" ] ; then
-      sanesecurity_dbs="$(xshok_database "$sanesecurity_dbs" "$sanesecurity_dbs_rating")"
+      temp_db="$(xshok_database "$sanesecurity_dbs_rating" "${sanesecurity_dbs[@]}")"
     else
-      sanesecurity_dbs="$(xshok_database "$sanesecurity_dbs" "$default_dbs_rating")"
+      temp_db="$(xshok_database "$default_dbs_rating" "${sanesecurity_dbs[@]}")"
     fi
+    sanesecurity_dbs=( )
+    sanesecurity_dbs=( $temp_db )
   fi
 fi
 if [ "$securiteinfo_enabled" == "yes" ] ; then
   if [ -n "$securiteinfo_dbs" ] ; then
     if [ -n "$securiteinfo_dbs_rating" ] ; then
-      securiteinfo_dbs="$(xshok_database "$securiteinfo_dbs" "$securiteinfo_dbs_rating")"
+      temp_db="$(xshok_database "$securiteinfo_dbs_rating" "${securiteinfo_dbs[@]}")"
     else
-      securiteinfo_dbs="$(xshok_database "$securiteinfo_dbs" "$default_dbs_rating")"
+      temp_db="$(xshok_database "$default_dbs_rating" "${securiteinfo_dbs[@]}")"
     fi
+    securiteinfo_dbs=( )
+    securiteinfo_dbs=( $temp_db )
   fi
 fi
 if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then
   if [ -n "$linuxmalwaredetect_dbs" ] ; then
     if [ -n "$linuxmalwaredetect_dbs_rating" ] ; then
-      linuxmalwaredetect_dbs="$(xshok_database "$linuxmalwaredetect_dbs" "$linuxmalwaredetect_dbs_rating")"
+      temp_db="$(xshok_database "$linuxmalwaredetect_dbs_rating" "${linuxmalwaredetect_dbs[@]}")"
     else
-      linuxmalwaredetect_dbs="$(xshok_database "$linuxmalwaredetect_dbs" "$default_dbs_rating")"
+      temp_db="$(xshok_database "$default_dbs_rating" "${linuxmalwaredetect_dbs[@]}")"
     fi
+    linuxmalwaredetect_dbs=( )
+    linuxmalwaredetect_dbs=( $temp_db )
   fi
 fi
 if [ "$yararulesproject_enabled" == "yes" ] ; then
   if [ -n "$yararulesproject_dbs" ] ; then
     if [ -n "$yararulesproject_dbs_rating" ] ; then
-      yararulesproject_dbs="$(xshok_database "$yararulesproject_dbs" "$yararulesproject_dbs_rating")"
+      temp_db="$(xshok_database "$yararulesproject_dbs_rating" "${yararulesproject_dbs[@]}")"
     else
-      yararulesproject_dbs="$(xshok_database "$yararulesproject_dbs" "$default_dbs_rating")"
+      temp_db="$(xshok_database "$default_dbs_rating" "${yararulesproject_dbs[@]}")"
     fi
+    yararulesproject_dbs=( )
+    yararulesproject_dbs=( $temp_db )
   fi
 fi
 
@@ -1751,10 +1878,10 @@ if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then
     xshok_mkdir_ownership "$test_dir"
     cp -f "$work_dir"/*/*.ndb "$test_dir"
     $clamscan_bin --infected --no-summary -d "$test_dir" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' >> "$work_dir_work_configs/whitelist.txt"
-    $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir"/* | cut -d "*" -f2 | sort | uniq > "$work_dir_work_configs/whitelist.hex"
+    $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir"/* | cut -d "*" -f 2 | sort | uniq > "$work_dir_work_configs/whitelist.hex"
     cd "$test_dir" || exit
     for db_file in * ; do
-      [[ -e $db_file ]] || break # handle the case of no files
+      [[ -e $db_file ]] || break # Handle the case of no files
       $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$db_file" > "$db_file-tmp"
       mv -f "$db_file-tmp" "$db_file"
       if $clamscan_bin --quiet -d "$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
@@ -1774,7 +1901,7 @@ if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then
     fi
   else
     xshok_pretty_echo_and_log "WARNING: Cannot locate HAM directory: $ham_dir"
-    xshok_pretty_echo_and_log "Skipping initial whitelist file creation.  Fix 'ham_dir' path in config file"
+    xshok_pretty_echo_and_log "Skipping initial whitelist file creation. Fix 'ham_dir' path in config file"
   fi
 fi
 
@@ -1792,54 +1919,49 @@ xshok_mkdir_ownership "$work_dir_add"
 # Set secured access permissions to the GPG directory
 perms chmod -f 0700 "$work_dir_gpg"
 
-# If we haven't done so yet, download Sanesecurity public GPG key and import to custom keyring.
-if [ ! -s "$work_dir_gpg/publickey.gpg" ] ; then
-  if [ "$wget_bin" != "" ] ; then
-    #echo $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url"
-    $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url"
-    ret="$?"
-  else
-    #echo $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url"
-    $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url"
+if [ "$enable_gpg" == "yes" ] ; then
+  # If we haven't done so yet, download Sanesecurity public GPG key and import to custom keyring.
+  if [ ! -s "$work_dir_gpg/publickey.gpg" ] ; then
+    xshok_file_download "$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url"
     ret="$?"
-  fi    
-  if [ "$ret" != "0" ] ; then
-    xshok_pretty_echo_and_log "ALERT: Could not download Sanesecurity public GPG key" "*"
-    exit 1
-  else
-    xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully downloaded"
+    if [ "$ret" -ne 0 ] ; then
+      xshok_pretty_echo_and_log "ALERT: Could not download Sanesecurity public GPG key" "*"
+      exit 1
+    else
+      xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully downloaded"
+      rm -f -- "$work_dir_gpg/ss-keyring.gp*"
+      if ! $gpg_bin -q --no-options --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --import "$work_dir_gpg/publickey.gpg" 2>/dev/null ; then
+        xshok_pretty_echo_and_log "ALERT: could not import Sanesecurity public GPG key to custom keyring" "*"
+        exit 1
+      else
+        chmod -f 0644 "$work_dir_gpg/*.*"
+        xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully imported to custom keyring"
+      fi
+    fi
+  fi
+
+  # If custom keyring is missing, try to re-import Sanesecurity public GPG key.
+  if [ ! -s "$work_dir_gpg/ss-keyring.gpg" ] ; then
     rm -f -- "$work_dir_gpg/ss-keyring.gp*"
     if ! $gpg_bin -q --no-options --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --import "$work_dir_gpg/publickey.gpg" 2>/dev/null ; then
-      xshok_pretty_echo_and_log "ALERT: could not import Sanesecurity public GPG key to custom keyring" "*"
+      xshok_pretty_echo_and_log "ALERT: Custom keyring MISSING or CORRUPT!  Could not import Sanesecurity public GPG key to custom keyring" "*"
       exit 1
     else
       chmod -f 0644 "$work_dir_gpg/*.*"
-      xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully imported to custom keyring"
+      xshok_pretty_echo_and_log "Sanesecurity custom keyring MISSING!  GPG key successfully re-imported to custom keyring"
     fi
   fi
 fi
 
-# If custom keyring is missing, try to re-import Sanesecurity public GPG key.
-if [ ! -s "$work_dir_gpg/ss-keyring.gpg" ] ; then
-  rm -f -- "$work_dir_gpg/ss-keyring.gp*"
-  if ! $gpg_bin -q --no-options --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --import "$work_dir_gpg/publickey.gpg" 2>/dev/null ; then
-    xshok_pretty_echo_and_log "ALERT: Custom keyring MISSING or CORRUPT!  Could not import Sanesecurity public GPG key to custom keyring" "*"
-    exit 1
-  else
-    chmod -f 0644 "$work_dir_gpg/*.*"
-    xshok_pretty_echo_and_log "Sanesecurity custom keyring MISSING!  GPG key successfully re-imported to custom keyring"
-  fi
-fi
-
 # Database update check, time randomization section.  This script now
 # provides support for both bash and non-bash enabled system shells.
-if [ "$enable_random" = "yes" ] ; then
+if [ "$enable_random" == "yes" ] ; then
   if [ -n "$RANDOM" ] ; then
-    sleep_time=$((RANDOM * $((max_sleep_time - min_sleep_time)) / 32767 + min_sleep_time))
+    sleep_time="$((RANDOM * $((max_sleep_time - min_sleep_time)) / 32767 + min_sleep_time))"
   else
-    sleep_time=0
+    sleep_time="0"
     while [ "$sleep_time" -lt "$min_sleep_time" ] || [ "$sleep_time" -gt "$max_sleep_time" ] ; do
-      sleep_time=$(head -1 /dev/urandom | cksum | awk '{print $2}')
+      sleep_time="$(head -n 1 /dev/urandom | cksum | awk '{print $2}')"
     done
   fi
   if [ ! -t 0 ] ; then
@@ -1863,34 +1985,34 @@ fi
 # Create $current_dbsfiles containing lists of current and previously active 3rd-party databases
 # so that databases and/or backup files that are no longer being used can be removed.
 current_tmp="$work_dir_work_configs/current-dbs.tmp"
-current_dbs="$work_dir_work_configs/current-dbs.txt"
+
+current_dbs_file="$work_dir_work_configs/current-dbs.txt"
 
 if [ "$sanesecurity_enabled" == "yes" ] ; then
   # Create the Sanesecurity rsync "include" file (defines which files to download).
   sanesecurity_include_dbs="$work_dir_work_configs/ss-include-dbs.txt"
-  if [ -n "$sanesecurity_dbs" ] ; then
+  if [ -n "${sanesecurity_dbs[0]}" ] ; then
     rm -f -- "$sanesecurity_include_dbs" "$work_dir_sanesecurity/*.sha256"
-    for db in $sanesecurity_dbs ; do
-      echo "$db" >> "$sanesecurity_include_dbs"
-      echo "$db.sig" >> "$sanesecurity_include_dbs"
-      
-      echo "$work_dir_sanesecurity/$db" >> "$current_tmp"
-      echo "$work_dir_sanesecurity/$db.sig" >> "$current_tmp"
+    for db_file in "${sanesecurity_dbs[@]}" ; do
+      echo "$db_file" >> "$sanesecurity_include_dbs"
+      echo "$db_file.sig" >> "$sanesecurity_include_dbs"
+      echo "$work_dir_sanesecurity/$db_file" >> "$current_tmp"
+      echo "$work_dir_sanesecurity/$db_file.sig" >> "$current_tmp"
       clamav_files
     done
   fi
 fi
 if [ "$securiteinfo_enabled" == "yes" ] ; then
-  if [ -n "$securiteinfo_dbs" ] ; then
-    for db in $securiteinfo_dbs ; do
+  if [ -n "${securiteinfo_dbs[0]}" ] ; then
+    for db in "${securiteinfo_dbs[@]}" ; do
       echo "$work_dir_securiteinfo/$db" >> "$current_tmp"
       clamav_files
     done
   fi
 fi
 if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then
-  if [ -n "$linuxmalwaredetect_dbs" ] ; then
-    for db in $linuxmalwaredetect_dbs ; do
+  if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then
+    for db in "${linuxmalwaredetect_dbs[@]}" ; do
       echo "$work_dir_linuxmalwaredetect/$db" >> "$current_tmp"
       clamav_files
     done
@@ -1903,10 +2025,10 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then
   fi
 fi
 if [ "$yararulesproject_enabled" == "yes" ] ; then
-  if [ -n "$yararulesproject_dbs" ] ; then
-    for db in $yararulesproject_dbs ; do
+  if [ -n "${yararulesproject_dbs[0]}" ] ; then
+    for db in "${yararulesproject_dbs[@]}" ; do
       if echo "$db" | $grep_bin -q "/"; then
-        db=$(echo "$db" | cut -d"/" -f2)
+        db="$(echo "$db" | cut -d "/" -f 2)"
       fi
       echo "$work_dir_yararulesproject/$db" >> "$current_tmp"
       clamav_files
@@ -1915,30 +2037,30 @@ if [ "$yararulesproject_enabled" == "yes" ] ; then
 fi
 if [ "$additional_enabled" == "yes" ] ; then
   if [ -n "$additional_dbs" ] ; then
-    for db in $additional_dbs ; do
+    for db in "${additional_dbs[@]}" ; do
       echo "$work_dir_add/$db" >> "$current_tmp"
       clamav_files
     done
   fi
 fi
-sort "$current_tmp" > "$current_dbs" 2>/dev/null
+sort "$current_tmp" > "$current_dbs_file" 2>/dev/null
 rm -f "$current_tmp"
 
 # Remove 3rd-party databases and/or backup files that are no longer being used.
 if [ "$remove_disabled_databases" == "yes" ] ; then
   previous_dbs="$work_dir_work_configs/previous-dbs.txt"
-  sort "$current_dbs" > "$previous_dbs" 2>/dev/null
-  #do not remove the current_dbs
-  #rm -f "$current_dbs"
+  sort "$current_dbs_file" > "$previous_dbs" 2>/dev/null
+  # Do not remove the current_dbs_file
+  #rm -f "$current_dbs_file"
 
   db_changes="$work_dir_work_configs/db-changes.txt"
   if [ ! -s "$previous_dbs" ] ; then
-    cp -f "$current_dbs" "$previous_dbs" 2>/dev/null
+    cp -f "$current_dbs_file" "$previous_dbs" 2>/dev/null
   fi
-  diff "$current_dbs" "$previous_dbs" 2>/dev/null | $grep_bin '>' | awk '{print $2}' > "$db_changes"
+  diff "$current_dbs_file" "$previous_dbs" 2>/dev/null | $grep_bin ">" | awk '{print $2}' > "$db_changes"
   if [ -r "$db_changes" ] ; then
     if $grep_bin -vq "bak" "$db_changes" 2>/dev/null ; then
-      do_clamd_reload=2
+      do_clamd_reload="2"
     fi
     while read -r file ; do
       rm -f -- "$file"
 
 # Create "purge.txt" file for package maintainers to support package uninstall.
 purge="$work_dir_work_configs/purge.txt"
-cp -f "$current_dbs" "$purge"
-{ 
-echo "$work_dir_work_configs/current-dbs.txt"
-echo "$work_dir_work_configs/db-changes.txt"
-echo "$work_dir_work_configs/last-mbl-update.txt"
-echo "$work_dir_work_configs/last-si-update.txt"
-echo "$work_dir_work_configs/local.ign"
-echo "$work_dir_work_configs/monitor-ign.txt"
-echo "$work_dir_work_configs/my-whitelist.ign2"
-echo "$work_dir_work_configs/tracker.txt"
-echo "$work_dir_work_configs/previous-dbs.txt"
-echo "$work_dir_work_configs/scan-test.txt"
-echo "$work_dir_work_configs/ss-include-dbs.txt"
-echo "$work_dir_work_configs/whitelist.hex"
-echo "$work_dir_gpg/publickey.gpg"
-echo "$work_dir_gpg/secring.gpg"
-echo "$work_dir_gpg/ss-keyring.gpg*"
-echo "$work_dir_gpg/trustdb.gpg"
-echo "$log_file_path/$log_file_name*"
-echo "$work_dir_work_configs/purge.txt" 
+cp -f "$current_dbs_file" "$purge"
+{
+  echo "$work_dir_work_configs/current-dbs.txt"
+  echo "$work_dir_work_configs/db-changes.txt"
+  echo "$work_dir_work_configs/last-mbl-update.txt"
+  echo "$work_dir_work_configs/last-si-update.txt"
+  echo "$work_dir_work_configs/local.ign"
+  echo "$work_dir_work_configs/monitor-ign.txt"
+  echo "$work_dir_work_configs/my-whitelist.ign2"
+  echo "$work_dir_work_configs/tracker.txt"
+  echo "$work_dir_work_configs/previous-dbs.txt"
+  echo "$work_dir_work_configs/scan-test.txt"
+  echo "$work_dir_work_configs/ss-include-dbs.txt"
+  echo "$work_dir_work_configs/whitelist.hex"
+  echo "$work_dir_gpg/publickey.gpg"
+  echo "$work_dir_gpg/secring.gpg"
+  echo "$work_dir_gpg/ss-keyring.gpg*"
+  echo "$work_dir_gpg/trustdb.gpg"
+  echo "$log_file_path/$log_file_name*"
+  echo "$work_dir_work_configs/purge.txt"
 } >> "$purge"
 
 # Check and save current system time since epoch for time related database downloads.
 # However, if unsuccessful, issue a warning that we cannot calculate times since epoch.
-if [ -n "$securiteinfo_dbs" ] || [ -n "$malwarepatrol_db" ] ; then
-  current_time=$(date "+%s" 2> /dev/null)
+if [ -n "${securiteinfo_dbs[0]}" ] || [ -n "$malwarepatrol_db" ] ; then
+  current_time="$(date "+%s" 2> /dev/null)"
   current_time="${current_time//[^0-9]/}"
   current_time="$((current_time + 0))"
   if [ "$current_time" -le 0 ] ; then
-    current_time=$(perl -le print+time 2> /dev/null)
+    current_time="$(perl -le print+time 2> /dev/null)"
   fi
   if [ "$current_time" -le 0 ] ; then
     xshok_pretty_echo_and_log "WARNING: No support for 'date +%s' or 'perl' was not found , SecuriteInfo and MalwarePatrol updates bypassed" "="
-    securiteinfo_dbs=""
-    malwarepatrol_db=""
+    securiteinfo_dbs=()
+    malwarepatrol_db=()
   fi
 fi
 
 ################################################################
 # Check for Sanesecurity database & GPG signature file updates #
 ################################################################
+
 if [ "$sanesecurity_enabled" == "yes" ] ; then
-  if [ -n "$sanesecurity_dbs" ] ; then
-  ##if [ ${#sanesecurity_dbs[@]} -lt "1" ] ; then ##will not work due to compound array assignment
-    if [ "$(xshok_array_count "$sanesecurity_dbs")" -lt "1" ] ; then
+  if [ -n "${sanesecurity_dbs[0]}" ] ; then
+    if [ ${#sanesecurity_dbs} -lt 1 ] ; then
       xshok_pretty_echo_and_log "Failed sanesecurity_dbs config is invalid or not defined - SKIPPING"
     else
       if [ -r "$work_dir_work_configs/last-ss-update.txt" ] ; then
-        last_sanesecurity_update=$(cat "$work_dir_work_configs/last-ss-update.txt")
+        last_sanesecurity_update="$(cat "$work_dir_work_configs/last-ss-update.txt")"
       else
         last_sanesecurity_update="0"
       fi
       db_file=""
-      update_interval=$((sanesecurity_update_hours * 3600))
-      time_interval=$((current_time - last_sanesecurity_update))
+      update_interval="$((sanesecurity_update_hours * 3600))"
+      time_interval="$((current_time - last_sanesecurity_update))"
       if [ "$time_interval" -ge $((update_interval - 600)) ] ; then
         echo "$current_time" > "$work_dir_work_configs/last-ss-update.txt"
         xshok_pretty_echo_and_log "Sanesecurity Database & GPG Signature File Updates" "="
         xshok_pretty_echo_and_log "Checking for Sanesecurity updates..."
 
-        sanesecurity_mirror_ips=$(dig +ignore +short "$sanesecurity_url")
-        #add fallback to host if dig returns no records
-        if [ "$(xshok_array_count  "$sanesecurity_mirror_ips")" -lt 1 ] ; then
-          sanesecurity_mirror_ips=$(host -t A "$sanesecurity_url" | sed -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}')
+        sanesecurity_mirror_ips="$(dig +ignore +short "$sanesecurity_url")"
+        # Add fallback to host if dig returns no records
+        if [ ${#sanesecurity_mirror_ips} -lt 1 ] ; then
+          sanesecurity_mirror_ips="$(host -t A "$sanesecurity_url" | sed -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}')"
         fi
 
-        if [ "$(xshok_array_count  "$sanesecurity_mirror_ips")" -ge "1" ] ; then
+        if [ ${#sanesecurity_mirror_ips} -ge 1 ] ; then
           for sanesecurity_mirror_ip in $sanesecurity_mirror_ips ; do
             sanesecurity_mirror_name=""
-            sanesecurity_mirror_name=$(dig +short -x "$sanesecurity_mirror_ip" | command sed 's/\.$//')
-            #add fallback to host if dig returns no records
-            if [ "$sanesecurity_mirror_name" == "" ] ; then
-              sanesecurity_mirror_name=$(host "$sanesecurity_mirror_ip" | sed -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}')
+            sanesecurity_mirror_name="$(dig +short -x "$sanesecurity_mirror_ip" | command sed 's/\.$//')"
+            # Add fallback to host if dig returns no records
+            if [ -z "$sanesecurity_mirror_name" ] ; then
+              sanesecurity_mirror_name="$(host "$sanesecurity_mirror_ip" | sed -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}')"
             fi
             sanesecurity_mirror_site_info="$sanesecurity_mirror_name $sanesecurity_mirror_ip"
             xshok_pretty_echo_and_log "Sanesecurity mirror site used: $sanesecurity_mirror_site_info"
+            # shellcheck disable=SC2086
             $rsync_bin $rsync_output_level $no_motd --files-from="$sanesecurity_include_dbs" -ctuz $connect_timeout --timeout="$rsync_max_time" "rsync://$sanesecurity_mirror_ip/sanesecurity" "$work_dir_sanesecurity" 2>/dev/null
-            if [ "$?" -eq "0" ] ; then #the correct way
+            ret="$?"
+            if [ "$ret" -eq 0 ] || [ "$ret" -eq 23 ] ; then # The correct way, 23 is some files were not transfered, can be ignored and we can assume a success
               sanesecurity_rsync_success="1"
-              for db_file in $sanesecurity_dbs ; do
+              for db_file in "${sanesecurity_dbs[@]}" ; do
                 if ! cmp -s "$work_dir_sanesecurity/$db_file" "$clam_dbs/$db_file" ; then
                   xshok_pretty_echo_and_log "Testing updated Sanesecurity database file: $db_file"
-                  if ! $gpg_bin --trust-model always -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null ; then
-                    $gpg_bin --always-trust -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null
-                    ret="$?"
-                  else
-                    ret="0"  
-                  fi
-                  if [ "$ret" -eq "0" ] ; then
-                    test "$gpg_silence" = "no" && xshok_pretty_echo_and_log "Sanesecurity GPG Signature tested good on $db_file database"
-                    true
-                  else
-                    xshok_pretty_echo_and_log "Sanesecurity GPG Signature test FAILED on $db_file database - SKIPPING" 
-                    false
-                  fi
-                if [ "$?" -eq "0" ] ; then
-                  db_ext=$(echo "$db_file" | cut -d "." -f2)
-                  if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
-                    if $clamscan_bin --quiet -d "$work_dir_sanesecurity/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-                      xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good"
-                      true
-                    else
-                      xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD"
-                      if [ "$remove_bad_database" == "yes" ] ; then
-                        if rm -f "$work_dir_sanesecurity/$db_file" ; then
-                          xshok_pretty_echo_and_log "Removed invalid database: $work_dir_sanesecurity/$db_file"
-                        fi
-                      fi
-                      false
-                    fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_sanesecurity/$db_file" "$clam_dbs" 2>/dev/null ; then
-                      perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                      if [ "$selinux_fixes" == "yes" ] ; then
-                        restorecon "$clam_dbs/$db_file"
-                      fi
-                      xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file"
-                      sanesecurity_update=1
-                      do_clamd_reload=1
+
+                  if [ "$enable_gpg" == "yes" ] ; then
+                    if ! $gpg_bin --trust-model always -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null ; then
+                      $gpg_bin --always-trust -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null
+                      ret="$?"
                     else
-                      xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING"
-                      false
+                      ret="0"
                     fi
-                  else
-                    $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_sanesecurity/$db_file" > "$test_dir/$db_file"
-                    $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
-                    $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
-                    $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
-                    mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
-                    if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-                      xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good"
-                      true
+                    if [ "$ret" -eq 0 ] ; then
+                      test "$gpg_silence" = "no" && xshok_pretty_echo_and_log "Sanesecurity GPG Signature tested good on $db_file database"
                     else
-                      xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD"
-                      ##DO NOT KILL THIS DB
-                      false
-                    fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
-                      perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                      if [ "$selinux_fixes" == "yes" ] ; then
-                        restorecon "$clam_dbs/$db_file"
+                      xshok_pretty_echo_and_log "Sanesecurity GPG Signature test FAILED on $db_file database - SKIPPING"
+                    fi
+                  fi
+                  if [ "$ret" -eq 0 ] ; then
+                    db_ext="${db_file#*.}"
+                    if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
+                      if $clamscan_bin --quiet -d "$work_dir_sanesecurity/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+                        xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good"
+                        true
+                      else
+                        xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD"
+                        if [ "$remove_bad_database" == "yes" ] ; then
+                          if rm -f "$work_dir_sanesecurity/$db_file" ; then
+                            xshok_pretty_echo_and_log "Removed invalid database: $work_dir_sanesecurity/$db_file"
+                          fi
+                        fi
+                        false
+                        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_sanesecurity/$db_file" "$clam_dbs" 2>/dev/null ; then
+                        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                        if [ "$selinux_fixes" == "yes" ] ; then
+                          restorecon "$clam_dbs/$db_file"
+                        fi
+
+                        xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file"
+                        sanesecurity_update=1
+                        do_clamd_reload=1
+                      else
+                        xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING"
+                        false
                       fi
-                      xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file"
-                      sanesecurity_update=1
-                      do_clamd_reload=1
                     else
-                      xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING"
+                      $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_sanesecurity/$db_file" > "$test_dir/$db_file"
+                      $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
+                      $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
+                      $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
+                      mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
+                      if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+                        xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good"
+                        true
+                      else
+                        xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD"
+                        # DO NOT KILL THIS DB
+                        false
+                        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
+                        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                        if [ "$selinux_fixes" == "yes" ] ; then
+                          restorecon "$clam_dbs/$db_file"
+                        fi
+                        xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file"
+                        sanesecurity_update=1
+                        do_clamd_reload=1
+                      else
+                        xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING"
+                      fi
                     fi
                   fi
                 fi
-              fi
               done
-              if [ "$sanesecurity_update" != "1" ] ; then
+              if [ ! "$sanesecurity_update" == "1" ] ; then
                 xshok_pretty_echo_and_log "No Sanesecurity database file updates found" "-"
                 break
               else
@@ -2108,7 +2234,7 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then
               xshok_pretty_echo_and_log "Connection to $sanesecurity_mirror_site_info failed - Trying next mirror site..."
             fi
           done
-          if [ "$sanesecurity_rsync_success" != "1" ] ; then
+          if [ ! "$sanesecurity_rsync_success" == "1" ] ; then
             xshok_pretty_echo_and_log "Access to all Sanesecurity mirror sites failed - Check for connectivity issues"
             xshok_pretty_echo_and_log "or signature database name(s) misspelled in the script's configuration file."
           fi
@@ -2117,26 +2243,25 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then
         fi
       else
         xshok_pretty_echo_and_log "Sanesecurity Database File Updates" "="
-
-        time_remaining=$((update_interval - time_interval))
-        hours_left=$((time_remaining / 3600))
-        minutes_left=$((time_remaining % 3600 / 60))
-        xshok_pretty_echo_and_log "$sanesecurity_update_hours hours have not yet elapsed since the last sanesecurity update check"
-        xshok_pretty_echo_and_log "No update check was performed at this time" "-"
-        xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
+        xshok_draw_time_remaining "$((update_interval - time_interval))" "$sanesecurity_update_hours" "sanesecurity"
       fi
     fi
   fi
 else
-  if [ -n "$sanesecurity_dbs" ] ; then
+  if [ -n "${sanesecurity_dbs[0]}" ] ; then
     if [ "$remove_disabled_databases" == "yes" ] ; then
       xshok_pretty_echo_and_log "Removing disabled Sanesecurity Database files"
-      for db_file in $sanesecurity_dbs ; do
+      for db_file in "${sanesecurity_dbs[@]}" ; do
+        if echo "$db_file" | $grep_bin -q "|"; then
+          db_file="${db_file%|*}"
+        fi
         if [ -r "$work_dir_sanesecurity/$db_file" ] ; then
-          rm -f "$work_dir_sanesecurity/$db_file"*
+          xshok_pretty_echo_and_log "Removing $work_dir_sanesecurity/$db_file"
+          rm -f "$work_dir_sanesecurity/$db_file"
           do_clamd_reload=1
         fi
         if [ -r "$clam_dbs/$db_file" ] ; then
+          xshok_pretty_echo_and_log "Removing $clam_dbs/$db_file"
           rm -f "$clam_dbs/$db_file"
           do_clamd_reload=1
         fi
@@ -2146,143 +2271,136 @@ else
 fi
 
 ##############################################################################################################################################
-# Check for updated SecuriteInfo database files every set number of  hours as defined in the "USER CONFIGURATION" section of this script #
+# Check for updated SecuriteInfo database files every set number of hours as defined in the "USER CONFIGURATION" section of this script      #
 ##############################################################################################################################################
 if [ "$securiteinfo_enabled" == "yes" ] ; then
   if [ "$securiteinfo_authorisation_signature" != "YOUR-SIGNATURE-NUMBER" ] ; then
     if [ -n "$securiteinfo_dbs" ] ; then
-      if [ "$(xshok_array_count "$securiteinfo_dbs")" -lt "1" ] ; then
+      if [ ${#securiteinfo_dbs} -lt 1 ] ; then
         xshok_pretty_echo_and_log "Failed securiteinfo_dbs config is invalid or not defined - SKIPPING"
       else
-      rm -f "$work_dir_securiteinfo/*.gz"
-      if [ -r "$work_dir_work_configs/last-si-update.txt" ] ; then
-        last_securiteinfo_update=$(cat "$work_dir_work_configs/last-si-update.txt")
-      else
-        last_securiteinfo_update="0"
-      fi
-      db_file=""
-      loop=""
-      update_interval=$((securiteinfo_update_hours * 3600))
-      time_interval=$((current_time - last_securiteinfo_update))
-      if [ "$time_interval" -ge $((update_interval - 600)) ] ; then
-        echo "$current_time" > "$work_dir_work_configs/last-si-update.txt"
-        xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "="
-        xshok_pretty_echo_and_log "Checking for SecuriteInfo updates..."
-        securiteinfo_updates="0" 
-        for db_file in $securiteinfo_dbs ; do
-          if [ "$loop" = "1" ] ; then
-            xshok_pretty_echo_and_log "---"      
-          fi
-          xshok_pretty_echo_and_log "Checking for updated SecuriteInfo database file: $db_file"
-          securiteinfo_db_update="0"
-          if [ "$wget_bin" != "" ] ; then
-            $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_securiteinfo/$db_file" "$securiteinfo_url/$securiteinfo_authorisation_signature/$db_file"
-            ret="$?"
-          else
-            $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_securiteinfo/$db_file" "$securiteinfo_url/$securiteinfo_authorisation_signature/$db_file"
+        rm -f "$work_dir_securiteinfo/*.gz"
+        if [ -r "$work_dir_work_configs/last-si-update.txt" ] ; then
+          last_securiteinfo_update="$(cat "$work_dir_work_configs/last-si-update.txt")"
+        else
+          last_securiteinfo_update="0"
+        fi
+        db_file=""
+        loop=""
+        update_interval="$((securiteinfo_update_hours * 3600))"
+        time_interval="$((current_time - last_securiteinfo_update))"
+        if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then
+          echo "$current_time" > "$work_dir_work_configs/last-si-update.txt"
+          xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "="
+          xshok_pretty_echo_and_log "Checking for SecuriteInfo updates..."
+          securiteinfo_updates="0"
+          for db_file in "${securiteinfo_dbs[@]}" ; do
+            if [ "$loop" == "1" ] ; then
+              xshok_pretty_echo_and_log "---"
+            fi
+            xshok_pretty_echo_and_log "Checking for updated SecuriteInfo database file: $db_file"
+            securiteinfo_db_update="0"
+            xshok_file_download "$work_dir_securiteinfo/$db_file" "$securiteinfo_url/$securiteinfo_authorisation_signature/$db_file"
             ret="$?"
-          fi
-          if [ "$ret" -eq "0" ] ; then
-            loop="1"
-            if ! cmp -s "$work_dir_securiteinfo/$db_file" "$clam_dbs/$db_file" ; then
-              if [ "$?" -eq "0" ] ; then
-                db_ext=$(echo "$db_file" | cut -d "." -f2)
-
-
-                xshok_pretty_echo_and_log "Testing updated SecuriteInfo database file: $db_file"
-                if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ]
+            if [ "$ret" -eq 0 ] ; then
+              loop="1"
+              if ! cmp -s "$work_dir_securiteinfo/$db_file" "$clam_dbs/$db_file" ; then
+                if [ $? -eq 0 ] ; then
+                  db_ext="${db_file#*.}"
+
+                  xshok_pretty_echo_and_log "Testing updated SecuriteInfo database file: $db_file"
+                  if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ]
                   then
-                  if $clamscan_bin --quiet -d "$work_dir_securiteinfo/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
+                    if $clamscan_bin --quiet -d "$work_dir_securiteinfo/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
                     then
-                    xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good"
-                    true
-                  else
-                    xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD"
-                    if [ "$remove_bad_database" == "yes" ] ; then
-                      if rm -f "$work_dir_securiteinfo/$db_file" ; then
-                        xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file"
+                      xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good"
+                      true
+                    else
+                      xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD"
+                      if [ "$remove_bad_database" == "yes" ] ; then
+                        if rm -f "$work_dir_securiteinfo/$db_file" ; then
+                          xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file"
+                        fi
                       fi
+                      false
+                      fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_securiteinfo/$db_file" "$clam_dbs" 2>/dev/null ; then
+                      perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                      if [ "$selinux_fixes" == "yes" ] ; then
+                        restorecon "$clam_dbs/$db_file"
+                      fi
+                      xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file"
+                      securiteinfo_updates=1
+                      securiteinfo_db_update=1
+                      do_clamd_reload=1
+                    else
+                      xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING"
                     fi
-                    false
-                  fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_securiteinfo/$db_file" "$clam_dbs" 2>/dev/null ; then
-                  perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                  if [ "$selinux_fixes" == "yes" ] ; then
-                    restorecon "$clam_dbs/$db_file"
-                  fi
-                  xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file"
-                  securiteinfo_updates=1
-                  securiteinfo_db_update=1
-                  do_clamd_reload=1
-                else
-                  xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING"
-                fi
-              else
-                $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_securiteinfo/$db_file" > "$test_dir/$db_file"
-                $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
-                $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
-                $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
-                mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
-                if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
-                  then
-                  xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good"
-                  true
-                else
-                  xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD"
-                  rm -f "$work_dir_securiteinfo/$db_file"
-                  if [ "$remove_bad_database" == "yes" ] ; then
-                    if rm -f "$work_dir_securiteinfo/$db_file" ; then
-                      xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file"
-                    fi
-                  fi
-                  false
-                fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
-                perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                if [ "$selinux_fixes" == "yes" ] ; then
-                  restorecon "$clam_dbs/$db_file"
+                  else
+                    $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_securiteinfo/$db_file" > "$test_dir/$db_file"
+                    $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
+                    $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
+                    $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
+                    mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
+                    if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
+                    then
+                      xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good"
+                      true
+                    else
+                      xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD"
+                      rm -f "$work_dir_securiteinfo/$db_file"
+                      if [ "$remove_bad_database" == "yes" ] ; then
+                        if rm -f "$work_dir_securiteinfo/$db_file" ; then
+                          xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file"
+                        fi
+                      fi
+                      false
+                      fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
+                      perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                      if [ "$selinux_fixes" == "yes" ] ; then
+                        restorecon "$clam_dbs/$db_file"
+                      fi
+                      xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file"
+                      securiteinfo_updates=1
+                      securiteinfo_db_update=1
+                      do_clamd_reload=1
+                    else
+                      xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING"
+                    fi
+                  fi
                 fi
-                xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file"
-                securiteinfo_updates=1
-                securiteinfo_db_update=1
-                do_clamd_reload=1
-              else
-                xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING"
               fi
+            else
+              xshok_pretty_echo_and_log "Failed connection to $securiteinfo_url - SKIPPED SecuriteInfo $db_file update"
             fi
+            if [ "$securiteinfo_db_update" != "1" ] ; then
+              xshok_pretty_echo_and_log "No updated SecuriteInfo $db_file database file found" "-"
+            fi
+          done
+          if [ "$securiteinfo_updates" != "1" ] ; then
+            xshok_pretty_echo_and_log "No SecuriteInfo database file updates found" "-"
           fi
+        else
+          xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "="
+          xshok_draw_time_remaining "$((update_interval - time_interval))" "$securiteinfo_update_hours" "SecuriteInfo"
         fi
-      else
-        xshok_pretty_echo_and_log "Failed connection to $securiteinfo_url - SKIPPED SecuriteInfo $db_file update"
-      fi
-      if [ "$securiteinfo_db_update" != "1" ] ; then          
-        xshok_pretty_echo_and_log "No updated SecuriteInfo $db_file database file found" "-"
       fi
-    done
-    if [ "$securiteinfo_updates" != "1" ] ; then
-      xshok_pretty_echo_and_log "No SecuriteInfo database file updates found" "-"
     fi
-  else
-    xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "="
-
-    time_remaining=$((update_interval - time_interval))
-    hours_left=$((time_remaining / 3600))
-    minutes_left=$((time_remaining % 3600 / 60))
-    xshok_pretty_echo_and_log "$securiteinfo_update_hours hours have not yet elapsed since the last SecuriteInfo update check"
-    xshok_pretty_echo_and_log "No update check was performed at this time" "-"
-    xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
-  fi
-  fi
-  fi
   fi
 else
   if [ -n "$securiteinfo_dbs" ] ; then
     if [ "$remove_disabled_databases" == "yes" ] ; then
       xshok_pretty_echo_and_log "Removing disabled SecuriteInfo Database files"
-      for db_file in $securiteinfo_dbs ; do
+      for db_file in "${securiteinfo_dbs[@]}" ; do
+        if echo "$db_file" | $grep_bin -q "|"; then
+          db_file="${db_file%|*}"
+        fi
         if [ -r "$work_dir_securiteinfo/$db_file" ] ; then
+          xshok_pretty_echo_and_log "Removing $work_dir_securiteinfo/$db_file"
           rm -f "$work_dir_securiteinfo/$db_file"
           do_clamd_reload=1
         fi
         if [ -r "$clam_dbs/$db_file" ] ; then
+          xshok_pretty_echo_and_log "Removing $clam_dbs/$db_file"
           rm -f "$clam_dbs/$db_file"
           do_clamd_reload=1
         fi
 
 
 ##############################################################################################################################################
-# Check for updated linuxmalwaredetect database files every set number of hours as defined in the "USER CONFIGURATION" section of this script 
+# Check for updated linuxmalwaredetect database files every set number of hours as defined in the "USER CONFIGURATION" section of this script
 ##############################################################################################################################################
 if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then
-  if [ -n "$linuxmalwaredetect_dbs" ] ; then
-    if [ "$(xshok_array_count "$linuxmalwaredetect_dbs")" -lt "1" ] ; then
+  if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then
+    if [ ${#linuxmalwaredetect_dbs} -lt 1 ] ; then
       xshok_pretty_echo_and_log "Failed linuxmalwaredetect_dbs config is invalid or not defined - SKIPPING"
     else
-    rm -f "$work_dir_linuxmalwaredetect/*.gz"
-    if [ -r "$work_dir_work_configs/last-linuxmalwaredetect-update.txt" ] ; then
-      last_linuxmalwaredetect_update=$(cat "$work_dir_work_configs/last-linuxmalwaredetect-update.txt")
-    else
-      last_linuxmalwaredetect_update="0"
-    fi
-    db_file=""
-    loop=""
-    update_interval=$((linuxmalwaredetect_update_hours * 3600))
-    time_interval=$((current_time - last_linuxmalwaredetect_update))
-    if [ "$time_interval" -ge $((update_interval - 600)) ] ; then
-      echo "$current_time" > "$work_dir_work_configs/last-linuxmalwaredetect-update.txt"
-
-      xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "="
-      xshok_pretty_echo_and_log "Checking for linuxmalwaredetect updates..."
-      linuxmalwaredetect_updates="0"
-      for db_file in $linuxmalwaredetect_dbs ; do
-        if [ "$loop" = "1" ] ; then
-          xshok_pretty_echo_and_log "---"      
-        fi
-        xshok_pretty_echo_and_log "Checking for updated linuxmalwaredetect database file: $db_file"
-
-        linuxmalwaredetect_db_update="0"
-        if [ "$wget_bin" != "" ] ; then
-          $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_linuxmalwaredetect/$db_file" "$linuxmalwaredetect_url/$db_file"
-          ret="$?"
-        else
-          $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_linuxmalwaredetect/$db_file" "$linuxmalwaredetect_url/$db_file"
+      rm -f "$work_dir_linuxmalwaredetect/*.gz"
+      if [ -r "$work_dir_work_configs/last-linuxmalwaredetect-update.txt" ] ; then
+        last_linuxmalwaredetect_update="$(cat "$work_dir_work_configs/last-linuxmalwaredetect-update.txt")"
+      else
+        last_linuxmalwaredetect_update="0"
+      fi
+      db_file=""
+      loop=""
+      update_interval="$((linuxmalwaredetect_update_hours * 3600))"
+      time_interval="$((current_time - last_linuxmalwaredetect_update))"
+      if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then
+        echo "$current_time" > "$work_dir_work_configs/last-linuxmalwaredetect-update.txt"
+
+        xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "="
+        xshok_pretty_echo_and_log "Checking for linuxmalwaredetect updates..."
+        linuxmalwaredetect_updates="0"
+        for db_file in "${linuxmalwaredetect_dbs[@]}" ; do
+          if [ "$loop" == "1" ] ; then
+            xshok_pretty_echo_and_log "---"
+          fi
+          xshok_pretty_echo_and_log "Checking for updated linuxmalwaredetect database file: $db_file"
+          linuxmalwaredetect_db_update="0"
+          xshok_file_download "$work_dir_linuxmalwaredetect/$db_file" "$linuxmalwaredetect_url/$db_file"
           ret="$?"
-        fi
-        if [ "$ret" -eq "0" ] ; then
-          loop="1"
-          if ! cmp -s "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs/$db_file" ; then
-            if [ "$?" -eq "0" ] ; then
-              db_ext=$(echo "$db_file" | cut -d "." -f2)
-
-              xshok_pretty_echo_and_log "Testing updated linuxmalwaredetect database file: $db_file"
-              if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
-                if $clamscan_bin --quiet -d "$work_dir_linuxmalwaredetect/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
+          if [ "$ret" -eq 0 ] ; then
+            loop="1"
+            if ! cmp -s "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs/$db_file" ; then
+              if [ $? -eq 0 ] ; then
+                db_ext="${db_file#*.}"
+
+                xshok_pretty_echo_and_log "Testing updated linuxmalwaredetect database file: $db_file"
+                if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
+                  if $clamscan_bin --quiet -d "$work_dir_linuxmalwaredetect/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
                   then
-                  xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good"
-                  true
-                else
-                  xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD"
-                  if [ "$remove_bad_database" == "yes" ] ; then
-                    if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then
-                      xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file"
+                    xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good"
+                    true
+                  else
+                    xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD"
+                    if [ "$remove_bad_database" == "yes" ] ; then
+                      if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then
+                        xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file"
+                      fi
+                    fi
+                    false
+                    fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs" 2>/dev/null ; then
+                    perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                    if [ "$selinux_fixes" == "yes" ] ; then
+                      restorecon "$clam_dbs/local.ign"
                     fi
+                    xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file"
+                    linuxmalwaredetect_updates=1
+                    linuxmalwaredetect_db_update=1
+                    do_clamd_reload=1
+                  else
+                    xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING"
                   fi
-                  false
-                fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs" 2>/dev/null ; then
-                perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                if [ "$selinux_fixes" == "yes" ] ; then
-                  restorecon "$clam_dbs/local.ign"
-                fi
-                xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file"
-                linuxmalwaredetect_updates=1
-                linuxmalwaredetect_db_update=1
-                do_clamd_reload=1
-              else
-                xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING"
-              fi
-            else
-              $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_linuxmalwaredetect/$db_file" > "$test_dir/$db_file"
-              $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
-              $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
-              $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
-              mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
-              if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-                xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good"
-                true
-              else
-                xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD"
-                if [ "$remove_bad_database" == "yes" ] ; then
-                  if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then
-                    xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file"
+                else
+                  $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_linuxmalwaredetect/$db_file" > "$test_dir/$db_file"
+                  $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
+                  $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
+                  $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
+                  mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
+                  if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+                    xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good"
+                    true
+                  else
+                    xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD"
+                    if [ "$remove_bad_database" == "yes" ] ; then
+                      if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then
+                        xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file"
+                      fi
+                    fi
+                    false
+                    fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
+                    perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                    if [ "$selinux_fixes" == "yes" ] ; then
+                      restorecon "$clam_dbs/$db_file"
+                    fi
+                    xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file"
+                    linuxmalwaredetect_updates=1
+                    linuxmalwaredetect_db_update=1
+                    do_clamd_reload=1
+                  else
+                    xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING"
                   fi
                 fi
-                false
-              fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ;  then
-              perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-              if [ "$selinux_fixes" == "yes" ] ; then
-                restorecon "$clam_dbs/$db_file"
               fi
-              xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file"
-              linuxmalwaredetect_updates=1
-              linuxmalwaredetect_db_update=1
-              do_clamd_reload=1
-            else
-              xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING"
             fi
+          else
+            xshok_pretty_echo_and_log "WARNING: Failed connection to $linuxmalwaredetect_url - SKIPPED linuxmalwaredetect $db_file update"
           fi
+          if [ "$linuxmalwaredetect_db_update" != "1" ] ; then
+
+            xshok_pretty_echo_and_log "No updated linuxmalwaredetect $db_file database file found"
+          fi
+        done
+        if [ "$linuxmalwaredetect_updates" != "1" ] ; then
+          xshok_pretty_echo_and_log "No linuxmalwaredetect database file updates found" "-"
         fi
+      else
+        xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "="
+        xshok_draw_time_remaining "$((update_interval - time_interval))" "$linuxmalwaredetect_update_hours" "linuxmalwaredetect"
       fi
-    else
-      xshok_pretty_echo_and_log "WARNING: Failed connection to $linuxmalwaredetect_url - SKIPPED linuxmalwaredetect $db_file update"
-    fi
-    if [ "$linuxmalwaredetect_db_update" != "1" ] ; then
-
-      xshok_pretty_echo_and_log "No updated linuxmalwaredetect $db_file database file found"
     fi
-  done
-  if [ "$linuxmalwaredetect_updates" != "1" ] ; then
-    xshok_pretty_echo_and_log "No linuxmalwaredetect database file updates found" "-"
   fi
 else
-
-  xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "="
-
-  time_remaining=$((update_interval - time_interval))
-  hours_left=$((time_remaining / 3600))
-  minutes_left=$((time_remaining % 3600 / 60))
-  xshok_pretty_echo_and_log "$linuxmalwaredetect_update_hours hours have not yet elapsed since the last linux malware detect update check"
-  xshok_pretty_echo_and_log "No update check was performed at this time" "-"
-  xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
-fi
-fi
-fi
-else
-  if [ -n "$linuxmalwaredetect_dbs" ] ; then
+  if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then
     if [ "$remove_disabled_databases" == "yes" ] ; then
       xshok_pretty_echo_and_log "Removing disabled linuxmalwaredetect Database files"
-      for db_file in $linuxmalwaredetect_dbs ; do
+      for db_file in "${linuxmalwaredetect_dbs[@]}" ; do
+        if echo "$db_file" | $grep_bin -q "|"; then
+          db_file="${db_file%|*}"
+        fi
         if [ -r "$work_dir_linuxmalwaredetect/$db_file" ] ; then
+          xshok_pretty_echo_and_log "Removing $work_dir_linuxmalwaredetect/$db_file"
           rm -f "$work_dir_linuxmalwaredetect/$db_file"
           do_clamd_reload=1
         fi
         if [ -r "$clam_dbs/$db_file" ] ; then
+          xshok_pretty_echo_and_log "Removing $clam_dbs/$db_file"
           rm -f "$clam_dbs/$db_file"
           do_clamd_reload=1
         fi
@@ -2438,27 +2548,27 @@ fi
 
 
 ##########################################################################################################################################
-# Download MalwarePatrol database file every set number of hours as defined in the "USER CONFIGURATION" section of this script.    #
+# Download MalwarePatrol database file every set number of hours as defined in the "USER CONFIGURATION" section of this script.          #
 ##########################################################################################################################################
 if [ "$malwarepatrol_enabled" == "yes" ] ; then
   if [ "$malwarepatrol_receipt_code" != "YOUR-RECEIPT-NUMBER" ] ; then
     if [ -n "$malwarepatrol_db" ] ; then
       if [ -r "$work_dir_work_configs/last-mbl-update.txt" ] ; then
-        last_malwarepatrol_update=$(cat "$work_dir_work_configs/last-mbl-update.txt")
+        last_malwarepatrol_update="$(cat "$work_dir_work_configs/last-mbl-update.txt")"
       else
         last_malwarepatrol_update="0"
       fi
       db_file=""
-      update_interval=$((malwarepatrol_update_hours * 3600))
-      time_interval=$((current_time - last_malwarepatrol_update))
-      if [ "$time_interval" -ge $((update_interval - 600)) ] ; then
+      update_interval="$((malwarepatrol_update_hours * 3600))"
+      time_interval="$((current_time - last_malwarepatrol_update))"
+      if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then
         echo "$current_time" > "$work_dir_work_configs"/last-mbl-update.txt
         xshok_pretty_echo_and_log "Checking for MalwarePatrol updates..."
         # Delete the old MBL (mbl.db) database file if it exists and start using the newer
         # format (mbl.ndb) database file instead.
         # test -e $clam_dbs/$malwarepatrol_db -o -e $clam_dbs/$malwarepatrol_db-bak && rm -f -- "$clam_dbs/mbl.d*"
 
-        # remove the .db is th new format if ndb and
+        # Remove the .db is the new format if ndb and
         # symetrically
         if [ "$malwarepatrol_db" == "malwarepatrol.db" ] && [ -f "$clam_dbs/malwarepatrol.ndb" ] ; then
           rm "$clam_dbs/malwarepatrol.ndb";
@@ -2472,618 +2582,588 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then
 
         malwarepatrol_reloaded=0
         if [ "$malwarepatrol_free" == "yes" ] ; then
-          if [ "$wget_bin" != "" ] ; then
-            $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code"
-            ret="$?"
-          else
-            $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code"
-            ret="$?"
-          fi
-          if [ "$ret" -eq "0" ] ; then
+          xshok_file_download "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code"
+          ret="$?"
+          if [ "$ret" -eq 0 ] ; then
             if ! cmp -s "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db" ; then
-              if [ "$?" -eq "0" ] ; then
+              if [ $? -eq 0 ] ; then
                 malwarepatrol_reloaded=1
               else
                 malwarepatrol_reloaded=2
               fi
             fi
-          else # wget failed
+          else # Wget failed
             malwarepatrol_reloaded=-1
           fi
-
         else # The not free branch
-          if [ "$wget_bin" != "" ] ; then
-            $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_malwarepatrol/$malwarepatrol_db.md5" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code&hash=1"
-            ret="$?"
-          else
-            $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_malwarepatrol/$malwarepatrol_db.md5" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code&hash=1"
-            ret="$?"
-          fi
-          if [ "$ret" -eq "0" ] ; then
+          xshok_file_download "$work_dir_malwarepatrol/$malwarepatrol_db.md5" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code&hash=1"
+          ret="$?"
+          if [ "$ret" -eq 0 ] ; then
             if [ -f "$clam_dbs/$malwarepatrol_db" ] ; then
-              malwarepatrol_md5=$(openssl md5 -r "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d" " -f1)
+              malwarepatrol_md5="$(openssl md5 -r "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d " " -f 1)"
               if [ ! "$malwarepatrol_md5" ] ; then
-                #fallback for missing -r option
-                malwarepatrol_md5=$(openssl md5 "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d" " -f2)
+                # Fallback for missing -r option
+                malwarepatrol_md5="$(openssl md5 "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d " " -f 2)"
               fi
             fi
-            malwarepatrol_md5_new=$(cat "$work_dir_malwarepatrol/$malwarepatrol_db.md5")
+            malwarepatrol_md5_new="$(cat "$work_dir_malwarepatrol/$malwarepatrol_db.md5")"
             if [ -n "$malwarepatrol_md5_new" ] && [ "$malwarepatrol_md5" != "$malwarepatrol_md5_new" ] ; then
-              if [ "$wget_bin" != "" ] ; then
-                $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code"
-                ret="$?"
-              else
-                $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code"
-                ret="$?"
-              fi
-              if [ "$ret" -eq "0" ] ; then
-                malwarepatrol_reloaded=1
-              else # wget DB fail
-                malwarepatrol_reloaded=-1
-              fi # wget DB
+              xshok_file_download "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code"
+              ret="$?"
+              if [ "$ret" -eq 0 ] ; then
+                malwarepatrol_reloaded="1"
+              else # Wget DB fail
+                malwarepatrol_reloaded="-1"
+              fi # Wget DB
             fi # MD5 not equal
-          else # wget MD5 fail
-            malwarepatrol_reloaded=-1
-          fi # wget md5
+          else # Wget MD5 fail
+            malwarepatrol_reloaded="-1"
+          fi # Wget MD5
         fi
 
-        case "$malwarepatrol_reloaded" in 
-          1) # database was updated, need test and reload 
-          xshok_pretty_echo_and_log "Testing updated MalwarePatrol database file: $malwarepatrol_db"
-          if $clamscan_bin --quiet -d "$work_dir_malwarepatrol/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-            xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good"
-            true
-          else
-            xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD"
-            if [ "$remove_bad_database" == "yes" ] ; then
-              if rm -f "$work_dir_malwarepatrol/$malwarepatrol_db" ; then
-                xshok_pretty_echo_and_log "Removed invalid database: $work_dir_malwarepatrol/$malwarepatrol_db"
+        case "$malwarepatrol_reloaded" in
+          1) # Database was updated, need test and reload
+            xshok_pretty_echo_and_log "Testing updated MalwarePatrol database file: $malwarepatrol_db"
+            if $clamscan_bin --quiet -d "$work_dir_malwarepatrol/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+              xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good"
+              true
+            else
+              xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD"
+              if [ "$remove_bad_database" == "yes" ] ; then
+                if rm -f "$work_dir_malwarepatrol/$malwarepatrol_db" ; then
+                  xshok_pretty_echo_and_log "Removed invalid database: $work_dir_malwarepatrol/$malwarepatrol_db"
+                fi
               fi
-            fi
-            false
-          fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then
-          perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db"
-          if [ "$selinux_fixes" == "yes" ] ; then
-            restorecon "$clam_dbs/$malwarepatrol_db"
+              false
+            fi \
+              && (
+              test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null
+              true
+              ) \
+              && if $rsync_bin -pcqt "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then
+                  perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db"
+                  if [ "$selinux_fixes" == "yes" ] ; then
+                    restorecon "$clam_dbs/$malwarepatrol_db"
+                  fi
+                  xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db"
+                  do_clamd_reload=1
+                else
+                  xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING"
+                fi
+                ;; # The strange case when $? != 0 in the original
+              2)
+                $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_malwarepatrol/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db"
+                $clamscan_bin --infected --no-summary -d "$test_dir/$malwarepatrol_db" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
+                $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$malwarepatrol_db" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
+                $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db-tmp"
+                mv -f "$test_dir/$malwarepatrol_db-tmp" "$test_dir/$malwarepatrol_db"
+                if $clamscan_bin --quiet -d "$test_dir/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+                  xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good"
+                  true
+                else
+                  xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD"
+                  if [ "$remove_bad_database" == "yes" ] ; then
+                    if rm -f "$test_dir/$malwarepatrol_db" ; then
+                      xshok_pretty_echo_and_log "Removed invalid database: $test_dir/$malwarepatrol_db"
+                    fi
+                  fi
+                  false
+                fi \
+              && (
+                  test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null
+                  true
+                  ) \
+              && if $rsync_bin -pcqt "$test_dir/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then
+                      perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db"
+                      if [ "$selinux_fixes" == "yes" ] ; then
+                        restorecon "$clam_dbs/$malwarepatrol_db"
+                      fi
+                      xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db"
+                      do_clamd_reload=1
+                    else
+                      xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING"
+                    fi
+                    ;;
+                  0) # The database did not update
+                    xshok_pretty_echo_and_log "MalwarePatrol signature database ($malwarepatrol_db) did not change - skipping"
+                    ;;
+                  -1) # Wget failed
+                    xshok_pretty_echo_and_log "WARNING - Failed connection to $malwarepatrol_url - SKIPPED MalwarePatrol $malwarepatrol_db update"
+                    ;;
+            esac
+
+          else
+            xshok_pretty_echo_and_log "MalwarePatrol Database File Update" "="
+            xshok_draw_time_remaining "$((update_interval - time_interval))" "$malwarepatrol_update_hours" "MalwarePatrol"
           fi
-          xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db"
-          do_clamd_reload=1
-        else
-          xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING"
         fi
-        ;; # The strange case when $? != 0 in the original
-        2)
-        $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_malwarepatrol/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db"
-        $clamscan_bin --infected --no-summary -d "$test_dir/$malwarepatrol_db" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
-        $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$malwarepatrol_db" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
-        $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db-tmp"
-        mv -f "$test_dir/$malwarepatrol_db-tmp" "$test_dir/$malwarepatrol_db"
-        if $clamscan_bin --quiet -d "$test_dir/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-          xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good"
-          true
-        else
-          xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD"
-          if [ "$remove_bad_database" == "yes" ] ; then
-            if rm -f "$test_dir/$malwarepatrol_db" ; then
-              xshok_pretty_echo_and_log "Removed invalid database: $test_dir/$malwarepatrol_db"
-            fi
+      fi
+    else
+      if [ -n "$malwarepatrol_db" ] ; then
+        if [ "$remove_disabled_databases" == "yes" ] ; then
+          xshok_pretty_echo_and_log "Removing disabled MalwarePatrol Database file"
+          if [ -r "$work_dir_malwarepatrol/$malwarepatrol_db" ] ; then
+            rm -f "$work_dir_malwarepatrol/$malwarepatrol_db"
+            do_clamd_reload=1
+          fi
+          if [ -r "$clam_dbs/$malwarepatrol_db" ] ; then
+            rm -f "$clam_dbs/$malwarepatrol_db"
+            do_clamd_reload=1
           fi
-          false
-        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then
-        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db"
-        if [ "$selinux_fixes" == "yes" ] ; then
-          restorecon "$clam_dbs/$malwarepatrol_db"
         fi
-        xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db"
-        do_clamd_reload=1
-      else
-        xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING"
-      fi
-      ;;
-      0) # The database did not update
-      xshok_pretty_echo_and_log "MalwarePatrol signature database ($malwarepatrol_db) did not change - skipping"
-      ;;
-      -1) # wget failed
-      xshok_pretty_echo_and_log "WARNING - Failed connection to $malwarepatrol_url - SKIPPED MalwarePatrol $malwarepatrol_db update"
-      ;;
-    esac
-
-  else
-
-    xshok_pretty_echo_and_log "MalwarePatrol Database File Update" "="
-
-    time_remaining=$((update_interval - time_interval))
-    hours_left=$((time_remaining / 3600))
-    minutes_left=$((time_remaining % 3600 / 60))
-    xshok_pretty_echo_and_log "$malwarepatrol_update_hours hours have not yet elapsed since the last MalwarePatrol download"
-    xshok_pretty_echo_and_log "No database download was performed at this time" "-"
-    xshok_pretty_echo_and_log "Next download will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
-  fi
-fi
-fi
-else
-  if [ -n "$malwarepatrol_db" ] ; then
-    if [ "$remove_disabled_databases" == "yes" ] ; then
-      xshok_pretty_echo_and_log "Removing disabled MalwarePatrol Database file"
-      if [ -r "$work_dir_malwarepatrol/$malwarepatrol_db" ] ; then
-        rm -f "$work_dir_malwarepatrol/$malwarepatrol_db"
-        do_clamd_reload=1
-      fi
-      if [ -r "$clam_dbs/$malwarepatrol_db" ] ; then
-        rm -f "$clam_dbs/$malwarepatrol_db"
-        do_clamd_reload=1
       fi
     fi
-  fi
-fi
 
-##############################################################################################################################################
-# Check for updated yararulesproject database files every set number of hours as defined in the "USER CONFIGURATION" section of this script 
-##############################################################################################################################################
-if [ "$yararulesproject_enabled" == "yes" ] ; then
-  if [ -n "$yararulesproject_dbs" ] ; then
-    if [ "$(xshok_array_count "$yararulesproject_dbs")" -lt "1" ] ; then
-      xshok_pretty_echo_and_log "Failed yararulesproject_dbs config is invalid or not defined - SKIPPING"
-    else
-    rm -f "$work_dir_yararulesproject/*.gz"
-    if [ -r "$work_dir_work_configs/last-yararulesproject-update.txt" ] ; then
-      last_yararulesproject_update=$(cat "$work_dir_work_configs/last-yararulesproject-update.txt")
-    else
-      last_yararulesproject_update="0"
-    fi
-    db_file=""
-    loop=""
-    update_interval=$((yararulesproject_update_hours * 3600))
-    time_interval=$((current_time - last_yararulesproject_update))
-    if [ "$time_interval" -ge $((update_interval - 600)) ] ; then
-      echo "$current_time" > "$work_dir_work_configs/last-yararulesproject-update.txt"
-
-      xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "="
-      xshok_pretty_echo_and_log "Checking for yararulesproject updates..."
-      yararulesproject_updates="0"
-      for db_file in $yararulesproject_dbs ; do
-        if echo "$db_file" | $grep_bin -q "/"; then
-          yr_dir="/"$(echo "$db_file" | cut -d"/" -f1)
-          db_file=$(echo "$db_file" | cut -d"/" -f2)
-        else yr_dir=""
-        fi
-        if [ "$loop" = "1" ] ; then
-          xshok_pretty_echo_and_log "---"      
-        fi
-        xshok_pretty_echo_and_log "Checking for updated yararulesproject database file: $db_file"
-
-        yararulesproject_db_update="0"
-          if [ "$wget_bin" != "" ] ; then
-            $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_yararulesproject/$db_file" "$yararulesproject_url/$yr_dir/$db_file"
-            ret="$?"
+    ##############################################################################################################################################
+    # Check for updated yararulesproject database files every set number of hours as defined in the "USER CONFIGURATION" section of this script
+    ##############################################################################################################################################
+    if [ "$yararulesproject_enabled" == "yes" ] ; then
+      if [ -n "${yararulesproject_dbs[0]}" ] ; then
+        if [ ${#yararulesproject_dbs} -lt 1 ] ; then
+          xshok_pretty_echo_and_log "Failed yararulesproject_dbs config is invalid or not defined - SKIPPING"
+        else
+          rm -f "$work_dir_yararulesproject/*.gz"
+          if [ -r "$work_dir_work_configs/last-yararulesproject-update.txt" ] ; then
+            last_yararulesproject_update="$(cat "$work_dir_work_configs/last-yararulesproject-update.txt")"
           else
-            $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_yararulesproject/$db_file" "$yararulesproject_url/$yr_dir/$db_file"
-            ret="$?"
+            last_yararulesproject_update="0"
           fi
-          if [ "$ret" -eq "0" ] ; then
-          loop="1"
-          if ! cmp -s "$work_dir_yararulesproject/$db_file" "$clam_dbs/$db_file" ; then
-            if [ "$?" -eq "0" ] ; then
-              db_ext=$(echo "$db_file" | cut -d "." -f2)
-
-              xshok_pretty_echo_and_log "Testing updated yararulesproject database file: $db_file"
-              if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
-                if $clamscan_bin --quiet -d "$work_dir_yararulesproject/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
-                  then
-                  xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good"
-                  true
-                else
-                  xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD"
-                  if [ "$remove_bad_database" == "yes" ] ; then
-                    if rm -f "$work_dir_yararulesproject/$db_file" ; then
-                      xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file"
+          db_file=""
+          loop=""
+          update_interval="$((yararulesproject_update_hours * 3600))"
+          time_interval="$((current_time - last_yararulesproject_update))"
+          if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then
+            echo "$current_time" > "$work_dir_work_configs/last-yararulesproject-update.txt"
+
+            xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "="
+            xshok_pretty_echo_and_log "Checking for yararulesproject updates..."
+            yararulesproject_updates="0"
+            for db_file in "${yararulesproject_dbs[@]}" ; do
+              if echo "$db_file" | $grep_bin -q "/"; then
+                yr_dir="/$(echo "$db_file" | cut -d "/" -f 1)"
+                db_file="$(echo "$db_file" | cut -d "/" -f 2)"
+              else yr_dir=""
+              fi
+              if [ "$loop" == "1" ] ; then
+                xshok_pretty_echo_and_log "---"
+              fi
+              xshok_pretty_echo_and_log "Checking for updated yararulesproject database file: $db_file"
+              yararulesproject_db_update="0"
+              xshok_file_download "$work_dir_yararulesproject/$db_file" "$yararulesproject_url/$yr_dir/$db_file"
+              ret="$?"
+              if [ "$ret" -eq 0 ] ; then
+                loop="1"
+                if ! cmp -s "$work_dir_yararulesproject/$db_file" "$clam_dbs/$db_file" ; then
+                  if [ $? -eq 0 ] ; then
+                    db_ext="${db_file#*.}"
+
+                    xshok_pretty_echo_and_log "Testing updated yararulesproject database file: $db_file"
+                    if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
+                      if $clamscan_bin --quiet -d "$work_dir_yararulesproject/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
+                      then
+                        xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good"
+                        true
+                      else
+                        xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD"
+                        if [ "$remove_bad_database" == "yes" ] ; then
+                          if rm -f "$work_dir_yararulesproject/$db_file" ; then
+                            xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file"
+                          fi
+                        fi
+                        false
+                        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_yararulesproject/$db_file" "$clam_dbs" 2>/dev/null ; then
+                        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                        if [ "$selinux_fixes" == "yes" ] ; then
+                          restorecon "$clam_dbs/$db_file"
+                        fi
+                        xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file"
+                        yararulesproject_updates=1
+                        yararulesproject_db_update=1
+                        do_clamd_reload=1
+                      else
+                        xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING"
+                      fi
+                    else
+                      $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_yararulesproject/$db_file" > "$test_dir/$db_file"
+                      $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
+                      $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
+                      $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
+                      mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
+                      if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+                        xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good"
+                        true
+                      else
+                        xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD"
+                        if [ "$remove_bad_database" == "yes" ] ; then
+                          if rm -f "$work_dir_yararulesproject/$db_file" ; then
+                            xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file"
+                          fi
+                        fi
+                        false
+                        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
+                        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                        if [ "$selinux_fixes" == "yes" ] ; then
+                          restorecon "$clam_dbs/$db_file"
+                        fi
+                        xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file"
+                        yararulesproject_updates=1
+                        yararulesproject_db_update=1
+                        do_clamd_reload=1
+                      else
+                        xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING"
+                      fi
                     fi
                   fi
-                  false
-                fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_yararulesproject/$db_file" "$clam_dbs" 2>/dev/null ; then
-                perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                if [ "$selinux_fixes" == "yes" ] ; then
-                  restorecon "$clam_dbs/$db_file"
                 fi
-                xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file"
-                yararulesproject_updates=1
-                yararulesproject_db_update=1
-                do_clamd_reload=1
               else
-                xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING"
+                xshok_pretty_echo_and_log "WARNING: Failed connection to $yararulesproject_url - SKIPPED yararulesproject $db_file update"
               fi
-            else
-              $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_yararulesproject/$db_file" > "$test_dir/$db_file"
-              $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
-              $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
-              $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
-              mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
-              if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-                xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good"
-                true
-              else
-                xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD"
-                if [ "$remove_bad_database" == "yes" ] ; then
-                  if rm -f "$work_dir_yararulesproject/$db_file" ; then
-                    xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file"
-                  fi
-                fi
-                false
-              fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
-              perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-              if [ "$selinux_fixes" == "yes" ] ; then
-                restorecon "$clam_dbs/$db_file"
+              if [ "$yararulesproject_db_update" != "1" ] ; then
+                xshok_pretty_echo_and_log "No updated yararulesproject $db_file database file found"
               fi
-              xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file"
-              yararulesproject_updates=1
-              yararulesproject_db_update=1
-              do_clamd_reload=1
-            else
-              xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING"
+            done
+            if [ "$yararulesproject_updates" != "1" ] ; then
+              xshok_pretty_echo_and_log "No yararulesproject database file updates found" "-"
             fi
+          else
+
+            xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "="
+            xshok_draw_time_remaining "$((update_interval - time_interval))" "$yararulesproject_update_hours" "yararulesproject"
           fi
         fi
       fi
     else
-      xshok_pretty_echo_and_log "WARNING: Failed connection to $yararulesproject_url - SKIPPED yararulesproject $db_file update"
-    fi
-    if [ "$yararulesproject_db_update" != "1" ] ; then
-      xshok_pretty_echo_and_log "No updated yararulesproject $db_file database file found"
-    fi
-  done
-  if [ "$yararulesproject_updates" != "1" ] ; then
-    xshok_pretty_echo_and_log "No yararulesproject database file updates found" "-"
-  fi
-else
-
-  xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "="
-
-  time_remaining=$((update_interval - time_interval))
-  hours_left=$((time_remaining / 3600))
-  minutes_left=$((time_remaining % 3600 / 60))
-  xshok_pretty_echo_and_log "$yararulesproject_update_hours hours have not yet elapsed since the last yararulesproject database update check"
-  xshok_pretty_echo_and_log "No update check was performed at this time" "-"
-  xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
-fi
-fi
-fi
-else
-  if [ -n "$yararulesproject_dbs" ] ; then
-    if [ "$remove_disabled_databases" == "yes" ] ; then
-      xshok_pretty_echo_and_log "Removing disabled yararulesproject Database files"
-      for db_file in $yararulesproject_dbs ; do
-        if echo "$db_file" | $grep_bin -q "/"; then
-          db_file=$(echo "$db_file" | cut -d"/" -f2)
-        fi
-        if [ -r "$work_dir_yararulesproject/$db_file" ] ; then
-          rm -f "$work_dir_yararulesproject/$db_file"
-          do_clamd_reload=1
-        fi
-        if [ -r "$clam_dbs/$db_file" ] ; then
-          rm -f "$clam_dbs/$db_file"
-          do_clamd_reload=1
+      if [ -n "${yararulesproject_dbs[0]}" ] ; then
+        if [ "$remove_disabled_databases" == "yes" ] ; then
+          xshok_pretty_echo_and_log "Removing disabled yararulesproject Database files"
+          for db_file in "${yararulesproject_dbs[@]}" ; do
+            if echo "$db_file" | $grep_bin -q "/"; then
+              db_file="$(echo "$db_file" | cut -d "/" -f 2)"
+            fi
+            if echo "$db_file" | $grep_bin -q "|"; then
+              db_file="${db_file%|*}"
+            fi
+            if [ -r "$work_dir_yararulesproject/$db_file" ] ; then
+              rm -f "$work_dir_yararulesproject/$db_file"
+              do_clamd_reload="1"
+            fi
+            if [ -r "$clam_dbs/$db_file" ] ; then
+              rm -f "$clam_dbs/$db_file"
+              do_clamd_reload=1
+            fi
+          done
         fi
-      done
-    fi
-  fi
-fi
-
-##############################################################################################################################################
-# Check for updated additional database files every set number of hours as defined in the "USER CONFIGURATION" section of this script 
-##############################################################################################################################################
-if [ "$additional_enabled" == "yes" ] ; then
-  if [ -n "$additional_dbs" ] ; then
-    if [ "$(xshok_array_count "$additional_dbs")" -lt "1" ] ; then
-      xshok_pretty_echo_and_log "Failed additional_dbs config is invalid or not defined - SKIPPING"
-    else
-    rm -f "$work_dir_add/*.gz"
-    if [ -r "$work_dir_work_configs/last-additional-update.txt" ] ; then
-      last_additional_update=$(cat "$work_dir_work_configs/last-additional-update.txt")
-    else
-      last_additional_update="0"
+      fi
     fi
-    db_file=""
-    loop=""
-    update_interval=$((additional_update_hours * 3600))
-    time_interval=$((current_time - last_additional_update))
-    if [ "$time_interval" -ge $((update_interval - 600)) ] ; then
-      echo "$current_time" > "$work_dir_work_configs/last-additional-update.txt"
-
-      xshok_pretty_echo_and_log "Additional Database File Updates" "="
-      xshok_pretty_echo_and_log "Checking for additional updates..."
-      additional_updates="0"
-      for db_url in $additional_dbs ; do
-        # left for future dir manipulation       
-        # if echo "$db_file" | $grep_bin -q "/"; then
-        #   add_dir="/"$(echo "$db_file" | cut -d"/" -f1)
-        #   db_file=$(echo "$db_file" | cut -d"/" -f2)
-        # else 
-        #   add_dir=""
-        # fi
-       db_file=$(basename "$db_url")
-
-        if [ "$loop" = "1" ] ; then
-          xshok_pretty_echo_and_log "---"      
-        fi
-        xshok_pretty_echo_and_log "Checking for updated additional database file: $db_file"
-
-        additional_db_update="0"
 
-        if [ "$(echo "$db_url" | cut -d ":" -f1)" = "rsync" ] ; then
-          $rsync_bin $rsync_output_level $no_motd -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>/dev/null
-          ret="$?"
+    ##############################################################################################################################################
+    # Check for updated additional database files every set number of hours as defined in the "USER CONFIGURATION" section of this script
+    ##############################################################################################################################################
+    if [ "$additional_enabled" == "yes" ] ; then
+      if [ -n "$additional_dbs" ] ; then
+        if [ ${#additional_dbs} -lt 1 ] ; then
+          xshok_pretty_echo_and_log "Failed additional_dbs config is invalid or not defined - SKIPPING"
         else
-          if [ "$wget_bin" != "" ] ; then
-            $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_add/$db_file" "$db_url"
-            ret="$?"
+          rm -f "$work_dir_add/*.gz"
+          if [ -r "$work_dir_work_configs/last-additional-update.txt" ] ; then
+            last_additional_update="$(cat "$work_dir_work_configs/last-additional-update.txt")"
           else
-            $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_add/$db_file" "$db_url"
-            ret="$?"
+            last_additional_update="0"
           fi
-        fi
+          db_file=""
+          loop=""
+          update_interval="$((additional_update_hours * 3600))"
+          time_interval="$((current_time - last_additional_update))"
+          if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then
+            echo "$current_time" > "$work_dir_work_configs/last-additional-update.txt"
+
+            xshok_pretty_echo_and_log "Additional Database File Updates" "="
+            xshok_pretty_echo_and_log "Checking for additional updates..."
+            additional_updates="0"
+            for db_url in "${additional_dbs[@]}" ; do
+              # Left for future dir manipulation
+              # if echo "$db_file" | $grep_bin -q "/"; then
+              #   add_dir="/$(echo "$db_file" | cut -d "/" -f 1)"
+              #   db_file="$(echo "$db_file" | cut -d "/" -f 2)"
+              # else
+              #   add_dir=""
+              # fi
+
+              #cleanup any leading and trailing whitespace.
+              db_url="$(echo -e "$db_url" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+
+              db_file="$(basename "$db_url")"
+
+              if [ "$loop" == "1" ] ; then
+                xshok_pretty_echo_and_log "---"
+              fi
+              xshok_pretty_echo_and_log "Checking for updated additional database file: $db_file"
 
-        ##this needs enhancement for rsync, as it will only work with single files... maybe better to process each file inside work_dir_add in its own for loop.
-        if [ "$ret" -eq "0" ] ; then
-          loop="1"
-          if ! cmp -s "$work_dir_add/$db_file" "$clam_dbs/$db_file" ; then
-            if [ "$?" -eq "0" ] ; then
-              db_ext=$(echo "$db_file" | cut -d "." -f2)
+              additional_db_update="0"
 
-              xshok_pretty_echo_and_log "Testing updated additional database file: $db_file"
-              if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
-                if $clamscan_bin --quiet -d "$work_dir_add/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
-                  then
-                  xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good"
-                  true
-                else
-                  xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD"
-                  if [ "$remove_bad_database" == "yes" ] ; then
-                    if rm -f "$work_dir_add/$db_file" ; then
-                      xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file"
+              if [ "${db_url%:*}" == "rsync" ] ; then
+                # shellcheck disable=SC2086
+                $rsync_bin $rsync_output_level $no_motd -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>/dev/null
+                ret="$?"
+              else
+                xshok_file_download "$work_dir_add/$db_file" "$db_url"
+                ret="$?"
+              fi
+
+              # This needs enhancement for rsync, as it will only work with single files...
+              # Maybe better to process each file inside work_dir_add in its own for loop.
+              if [ "$ret" -eq 0 ] ; then
+                loop="1"
+                if ! cmp -s "$work_dir_add/$db_file" "$clam_dbs/$db_file" ; then
+                  if [ $? -eq 0 ] ; then
+                    db_ext="${db_file#*.}"
+
+                    xshok_pretty_echo_and_log "Testing updated additional database file: $db_file"
+                    if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then
+                      if $clamscan_bin --quiet -d "$work_dir_add/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null
+                      then
+                        xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good"
+                        true
+                      else
+                        xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD"
+                        if [ "$remove_bad_database" == "yes" ] ; then
+                          if rm -f "$work_dir_add/$db_file" ; then
+                            xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file"
+                          fi
+                        fi
+                        false
+                        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_add/$db_file" "$clam_dbs" 2>/dev/null ; then
+                        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                        if [ "$selinux_fixes" == "yes" ] ; then
+                          restorecon "$clam_dbs/$db_file"
+                        fi
+                        xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file"
+                        additional_updates=1
+                        additional_db_update=1
+                        do_clamd_reload=1
+                      else
+                        xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING"
+                      fi
+                    else
+                      $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_add/$db_file" > "$test_dir/$db_file"
+                      $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
+                      $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
+                      $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
+                      mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
+                      if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
+                        xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good"
+                        true
+                      else
+                        xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD"
+                        if [ "$remove_bad_database" == "yes" ] ; then
+                          if rm -f "$work_dir_add/$db_file" ; then
+                            xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file"
+                          fi
+                        fi
+                        false
+                        fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
+                        perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
+                        if [ "$selinux_fixes" == "yes" ] ; then
+                          restorecon "$clam_dbs/$db_file"
+                        fi
+                        xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file"
+                        additional_updates=1
+                        additional_db_update=1
+                        do_clamd_reload=1
+                      else
+                        xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING"
+                      fi
                     fi
                   fi
-                  false
-                fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_add/$db_file" "$clam_dbs" 2>/dev/null ; then
-                perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-                if [ "$selinux_fixes" == "yes" ] ; then
-                  restorecon "$clam_dbs/$db_file"
                 fi
-                xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file"
-                additional_updates=1
-                additional_db_update=1
-                do_clamd_reload=1
               else
-                xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING"
+                xshok_pretty_echo_and_log "WARNING: Failed connection to $db_url - SKIPPED additional $db_file update"
               fi
-            else
-              $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_add/$db_file" > "$test_dir/$db_file"
-              $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt"
-              $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex"
-              $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
-              mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
-              if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then
-                xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good"
-                true
-              else
-                xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD"
-                if [ "$remove_bad_database" == "yes" ] ; then
-                  if rm -f "$work_dir_add/$db_file" ; then
-                    xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file"
-                  fi
-                fi
-                false
-              fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then
-              perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file"
-              if [ "$selinux_fixes" == "yes" ] ; then
-                restorecon "$clam_dbs/$db_file"
+              if [ "$additional_db_update" != "1" ] ; then
+                xshok_pretty_echo_and_log "No updated additional $db_file database file found"
               fi
-              xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file"
-              additional_updates=1
-              additional_db_update=1
-              do_clamd_reload=1
-            else
-              xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING"
+            done
+            if [ "$additional_updates" != "1" ] ; then
+              xshok_pretty_echo_and_log "No additional database file updates found" "-"
             fi
+          else
+            xshok_pretty_echo_and_log "Additional Database File Updates" "="
+            xshok_draw_time_remaining "$((update_interval - time_interval))" "$additional_update_hours" "additionaldatabaseupdate"
           fi
         fi
       fi
     else
-      xshok_pretty_echo_and_log "WARNING: Failed connection to $additional_url - SKIPPED additional $db_file update"
-    fi
-    if [ "$additional_db_update" != "1" ] ; then
-      xshok_pretty_echo_and_log "No updated additional $db_file database file found"
-    fi
-  done
-  if [ "$additional_updates" != "1" ] ; then
-    xshok_pretty_echo_and_log "No additional database file updates found" "-"
-  fi
-else
-
-  xshok_pretty_echo_and_log "Additional Database File Updates" "="
-
-  time_remaining=$((update_interval - time_interval))
-  hours_left=$((time_remaining / 3600))
-  minutes_left=$((time_remaining % 3600 / 60))
-  xshok_pretty_echo_and_log "$additional_update_hours hours have not yet elapsed since the last additional database update check"
-  xshok_pretty_echo_and_log "No update check was performed at this time" "-"
-  xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
-fi
-fi
-fi
-else
-  if [ -n "$additional_dbs" ] ; then
-    if [ "$remove_disabled_databases" == "yes" ] ; then
-      xshok_pretty_echo_and_log "Removing disabled additional Database files"
-      for db_file in $additional_dbs ; do
-        if echo "$db_file" | $grep_bin -q "/"; then
-          db_file=$(echo "$db_file" | cut -d"/" -f2)
-        fi
-        if [ -r "$work_dir_add/$db_file" ] ; then
-          rm -f "$work_dir_add/$db_file"
-          do_clamd_reload=1
-        fi
-        if [ -r "$clam_dbs/$db_file" ] ; then
-          rm -f "$clam_dbs/$db_file"
-          do_clamd_reload=1
+      if [ -n "$additional_dbs" ] ; then
+        if [ "$remove_disabled_databases" == "yes" ] ; then
+          xshok_pretty_echo_and_log "Removing disabled additional Database files"
+          for db_file in "${additional_dbs[@]}" ; do
+            if echo "$db_file" | $grep_bin -q "/"; then
+              db_file="$(echo "$db_file" | cut -d "/" -f 2)"
+            fi
+            if [ -r "$work_dir_add/$db_file" ] ; then
+              rm -f "$work_dir_add/$db_file"
+              do_clamd_reload=1
+            fi
+            if [ -r "$clam_dbs/$db_file" ] ; then
+              rm -f "$clam_dbs/$db_file"
+              do_clamd_reload=1
+            fi
+          done
         fi
-      done
+      fi
     fi
-  fi
-fi
 
-###################################################
-# Generate whitelists
-###################################################
-# Check to see if the local.ign file exists, and if it does, check to see if any of the script
-# added bypass entries can be removed due to offending signature modifications or removals.
-if [ -r "$clam_dbs/local.ign" ] && [ -s "$work_dir_work_configs/monitor-ign.txt" ] ; then
-  ign_updated=0
-  cd "$clam_dbs" || exit
-  cp -f local.ign "$work_dir_work_configs/local.ign"
-  cp -f "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/monitor-ign-old.txt"
-
-  xshok_pretty_echo_and_log "" "=" "80"
-  while read -r entry ; do
-    sig_file=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $1}')
-    sig_hex=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $NF}')
-    sig_name_old=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}')
-    sig_ign_old=$($grep_bin ":$sig_name_old" "$work_dir_work_configs/local.ign")
-    sig_old=$(echo "$entry" | tr -d "\r" | cut -d ":" -f3-)
-    sig_new=$($grep_bin -hwF ":$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null)
-    sig_mon_new=$($grep_bin -HwF -n ":$sig_hex" "$sig_file" | tr -d "\r")
-    if [ -n "$sig_new" ] ; then
-      if [ "$sig_old" != "$sig_new" ] || [ "$entry" != "$sig_mon_new" ] ; then
-        sig_name_new=$(echo "$sig_new" | tr -d "\r" | awk -F ":" '{print $1}')
-        sig_ign_new=$(echo "$sig_mon_new" | cut -d ":" -f1-3)
-        perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt"
-        echo "$sig_mon_new" >> "$work_dir_work_configs/monitor-ign.txt"
-        perl -p -i -e "s/$sig_ign_old/$sig_ign_new/" "$work_dir_work_configs/local.ign"
-        xshok_pretty_echo_and_log "$sig_name_old hexadecimal signature is unchanged, however signature name and/or line placement"
-        xshok_pretty_echo_and_log "in $sig_file has changed to $sig_name_new - updated local.ign to reflect this change."
-        ign_updated=1
-      fi
-    else
-      perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/local.ign"
+    ###################################################
+    # Generate whitelists
+    ###################################################
+    # Check to see if the local.ign file exists, and if it does, check to see if any of the script
+    # added bypass entries can be removed due to offending signature modifications or removals.
+    if [ -r "$clam_dbs/local.ign" ] && [ -s "$work_dir_work_configs/monitor-ign.txt" ] ; then
+      ign_updated=0
+      cd "$clam_dbs" || exit
+      cp -f local.ign "$work_dir_work_configs/local.ign"
+      cp -f "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/monitor-ign-old.txt"
+
+      xshok_pretty_echo_and_log "" "=" "80"
+      while read -r entry ; do
+        sig_file="$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $1}')"
+        sig_hex="$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $NF}')"
+        sig_name_old="$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}')"
+        sig_ign_old="$($grep_bin ":$sig_name_old" "$work_dir_work_configs/local.ign")"
+        sig_old="$(echo "$entry" | tr -d "\r" | cut -d ":" -f 3-)"
+        sig_new="$($grep_bin -hwF ":$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null)"
+        sig_mon_new="$($grep_bin -HwF -n ":$sig_hex" "$sig_file" | tr -d "\r")"
+        if [ -n "$sig_new" ] ; then
+          if [ "$sig_old" != "$sig_new" ] || [ "$entry" != "$sig_mon_new" ] ; then
+            sig_name_new="$(echo "$sig_new" | tr -d "\r" | awk -F ":" '{print $1}')"
+            sig_ign_new="$(echo "$sig_mon_new" | cut -d ":" -f 1-3)"
+            perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt"
+            echo "$sig_mon_new" >> "$work_dir_work_configs/monitor-ign.txt"
+            perl -p -i -e "s/$sig_ign_old/$sig_ign_new/" "$work_dir_work_configs/local.ign"
+            xshok_pretty_echo_and_log "$sig_name_old hexadecimal signature is unchanged, however signature name and/or line placement"
+            xshok_pretty_echo_and_log "in $sig_file has changed to $sig_name_new - updated local.ign to reflect this change."
+            ign_updated=1
+          fi
+        else
+          perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/local.ign"
 
-      xshok_pretty_echo_and_log "$sig_name_old signature has been removed from $sig_file, entry removed from local.ign."
-      ign_updated=1
-    fi
-  done < "$work_dir_work_configs/monitor-ign-old.txt"
-  if [ "$ign_updated" = "1" ] ; then
-    if $clamscan_bin --quiet -d "$work_dir_work_configs/local.ign" "$work_dir_work_configs/scan-test.txt"
-      then
-      if $rsync_bin -pcqt "$work_dir_work_configs/local.ign" "$clam_dbs"
+          xshok_pretty_echo_and_log "$sig_name_old signature has been removed from $sig_file, entry removed from local.ign."
+          ign_updated=1
+        fi
+      done < "$work_dir_work_configs/monitor-ign-old.txt"
+      if [ "$ign_updated" == "1" ] ; then
+        if $clamscan_bin --quiet -d "$work_dir_work_configs/local.ign" "$work_dir_work_configs/scan-test.txt"
         then
-        perms chown -f "$clam_user:$clam_group" "$clam_dbs/local.ign"
-        perms chmod -f 0644 "$clam_dbs/local.ign" "$work_dir_work_configs/monitor-ign.txt"
-        if [ "$selinux_fixes" == "yes" ] ; then
-          restorecon "$clam_dbs/local.ign"
+          if $rsync_bin -pcqt "$work_dir_work_configs/local.ign" "$clam_dbs"
+          then
+            perms chown -f "$clam_user:$clam_group" "$clam_dbs/local.ign"
+            perms chmod -f 0644 "$clam_dbs/local.ign" "$work_dir_work_configs/monitor-ign.txt"
+            if [ "$selinux_fixes" == "yes" ] ; then
+              restorecon "$clam_dbs/local.ign"
+            fi
+            do_clamd_reload=3
+          else
+            xshok_pretty_echo_and_log "Failed to successfully update local.ign file - SKIPPING"
+          fi
+        else
+          xshok_pretty_echo_and_log "Clamscan reports local.ign database integrity is bad - SKIPPING"
         fi
-        do_clamd_reload=3
       else
-        xshok_pretty_echo_and_log "Failed to successfully update local.ign file - SKIPPING"
+        xshok_pretty_echo_and_log "No whitelist signature changes found in local.ign" "="
       fi
-    else
-      xshok_pretty_echo_and_log "Clamscan reports local.ign database integrity is bad - SKIPPING"
     fi
-  else
-    xshok_pretty_echo_and_log "No whitelist signature changes found in local.ign" "="
-  fi
-fi
-
-# Check to see if my-whitelist.ign2 file exists, and if it does, check to see if any of the script
-# added whitelist entries can be removed due to offending signature modifications or removals.
-if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker.txt" ] ; then
-  ign2_updated=0
-  cd "$clam_dbs" || exit
-  cp -f my-whitelist.ign2 "$work_dir_work_configs/my-whitelist.ign2"
-
-  xshok_pretty_echo_and_log "" "=" "80"
 
-  while read -r entry ; do
-    sig_file=$(echo "$entry" | cut -d ":" -f1)
-    sig_full=$(echo "$entry" | cut -d ":" -f2-)
-    sig_name=$(echo "$entry" | cut -d ":" -f2)
-    if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then
-      perl -i -ne "print unless /$sig_name$/" "$work_dir_work_configs/my-whitelist.ign2"
-      perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker-tmp.txt"
-
-      xshok_pretty_echo_and_log "$sig_name signature no longer exists in $sig_file, whitelist entry removed from my-whitelist.ign2"
-      ign2_updated=1
-    fi
-  done < "$work_dir_work_configs/tracker.txt"
-  mv -f "$work_dir_work_configs/tracker-tmp.txt" "$work_dir_work_configs/tracker.txt"
+    # Check to see if my-whitelist.ign2 file exists, and if it does, check to see if any of the script
+    # added whitelist entries can be removed due to offending signature modifications or removals.
+    if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker.txt" ] ; then
+      ign2_updated=0
+      cd "$clam_dbs" || exit
+      cp -f my-whitelist.ign2 "$work_dir_work_configs/my-whitelist.ign2"
+
+      xshok_pretty_echo_and_log "" "=" "80"
+
+      while read -r entry ; do
+        sig_file="$(echo "$entry" | cut -d ":" -f 1)"
+        sig_full="$(echo "$entry" | cut -d ":" -f 2-)"
+        sig_name="$(echo "$entry" | cut -d ":" -f 2)"
+        if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then
+          perl -i -ne "print unless /$sig_name$/" "$work_dir_work_configs/my-whitelist.ign2"
+          perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker-tmp.txt"
+
+          xshok_pretty_echo_and_log "$sig_name signature no longer exists in $sig_file, whitelist entry removed from my-whitelist.ign2"
+          ign2_updated="1"
+        fi
+      done < "$work_dir_work_configs/tracker.txt"
+      mv -f "$work_dir_work_configs/tracker-tmp.txt" "$work_dir_work_configs/tracker.txt"
 
-  xshok_pretty_echo_and_log "" "=" "80"
-  if [ "$ign2_updated" = "1" ]
-    then
-    if $clamscan_bin --quiet -d "$work_dir_work_configs/my-whitelist.ign2" "$work_dir_work_configs/scan-test.txt"
+      xshok_pretty_echo_and_log "" "=" "80"
+      if [ "$ign2_updated" == "1" ]
       then
-      if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs"
+        if $clamscan_bin --quiet -d "$work_dir_work_configs/my-whitelist.ign2" "$work_dir_work_configs/scan-test.txt"
         then
-        perms chown -f "$clam_user:$clam_group" "$clam_dbs/my-whitelist.ign2"
-        perms chmod -f 0644 "$clam_dbs/my-whitelist.ign2" "$work_dir_work_configs/tracker.txt"
-        if [ "$selinux_fixes" == "yes" ] ; then
-          restorecon "$clam_dbs/my-whitelist.ign2"
-          restorecon "$work_dir_work_configs/tracker.txt"
+          if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs"
+          then
+            perms chown -f "$clam_user:$clam_group" "$clam_dbs/my-whitelist.ign2"
+            perms chmod -f 0644 "$clam_dbs/my-whitelist.ign2" "$work_dir_work_configs/tracker.txt"
+            if [ "$selinux_fixes" == "yes" ] ; then
+              restorecon "$clam_dbs/my-whitelist.ign2"
+              restorecon "$work_dir_work_configs/tracker.txt"
+            fi
+            do_clamd_reload=4
+          else
+            xshok_pretty_echo_and_log "Failed to successfully update my-whitelist.ign2 file - SKIPPING"
+          fi
+        else
+          xshok_pretty_echo_and_log "Clamscan reports my-whitelist.ign2 database integrity is bad - SKIPPING"
         fi
-        do_clamd_reload=4
       else
-        xshok_pretty_echo_and_log "Failed to successfully update my-whitelist.ign2 file - SKIPPING"
+        xshok_pretty_echo_and_log "No whitelist signature changes found in my-whitelist.ign2"
       fi
-    else
-      xshok_pretty_echo_and_log "Clamscan reports my-whitelist.ign2 database integrity is bad - SKIPPING"
     fi
-  else
-    xshok_pretty_echo_and_log "No whitelist signature changes found in my-whitelist.ign2"
-  fi
-fi
 
-# Check for non-matching whitelist.hex signatures and remove them from the whitelist file (signature modified or removed).
-if [ -n "$ham_dir" ] ; then
-  if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then
-    $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f2 | tr -d "\r" | sort | uniq > "$work_dir_work_configs/whitelist.tmp"
-    mv -f "$work_dir_work_configs/whitelist.tmp" "$work_dir_work_configs/whitelist.hex"
-    rm -f "$work_dir_work_configs/whitelist.txt"
-    rm -f "$test_dir"/*.*
-    xshok_pretty_echo_and_log "WARNING: Signature(s) triggered on HAM directory scan - signature(s) removed" "*"
-  else
-    xshok_pretty_echo_and_log "No signatures triggered on HAM directory scan" "="
-  fi
-fi
+    # Check for non-matching whitelist.hex signatures and remove them from the whitelist file (signature modified or removed).
+    if [ -n "$ham_dir" ] ; then
+      if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then
+        $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f 2 | tr -d "\r" | sort | uniq > "$work_dir_work_configs/whitelist.tmp"
+        mv -f "$work_dir_work_configs/whitelist.tmp" "$work_dir_work_configs/whitelist.hex"
+        rm -f "$work_dir_work_configs/whitelist.txt"
+        rm -f "$test_dir"/*.*
+        xshok_pretty_echo_and_log "WARNING: Signature(s) triggered on HAM directory scan - signature(s) removed" "*"
+      else
+        xshok_pretty_echo_and_log "No signatures triggered on HAM directory scan" "="
+      fi
+    fi
 
-# Set appropriate directory and file permissions to all production signature files
-# and set file access mode to 0644 on all working directory files.
+    # Set appropriate directory and file permissions to all production signature files
+    # and set file access mode to 0644 on all working directory files.
 
-if [ "$setmode" = "yes" ] ; then
-  xshok_pretty_echo_and_log "Setting permissions and ownership" "="
-  perms chown -f -R "$clam_user:$clam_group" "$work_dir"
-  if ! find "$work_dir" -type f -exec chmod -f 0644 {} + 2>/dev/null ; then
-    if ! find "$work_dir" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then
-      if ! find "$work_dir" -type f -print0 | xargs chmod -f 0644 2>/dev/null ; then
-        find "$work_dir" -type f -exec chmod -f 0644 {} \;
+    if [ "$setmode" == "yes" ] ; then
+      xshok_pretty_echo_and_log "Setting permissions and ownership" "="
+      perms chown -f -R "$clam_user:$clam_group" "$work_dir"
+      if ! find "$work_dir" -type f -exec chmod -f 0644 "{}" "+" 2>/dev/null ; then
+        if ! find "$work_dir" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then
+          find "$work_dir" -type f -exec chmod -f 0644 "{}" ";"
+        fi
       fi
-    fi
-  fi
 
-# If enabled, set file access mode for all production signature database files to 0644.
-  perms chown -f -R "$clam_user:$clam_group" "$clam_dbs"
-  if ! find "$clam_dbs" -type f -exec chmod -f 0644 {} + 2>/dev/null ; then
-    if ! find "$clam_dbs" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then
-      if ! find "$clam_dbs" -type f -print0 | xargs chmod -f 0644 2>/dev/null ; then
-        find "$clam_dbs" -type f -exec chmod -f 0644 {} \;
+      # If enabled, set file access mode for all production signature database files to 0644.
+      perms chown -f -R "$clam_user:$clam_group" "$clam_dbs"
+      if ! find "$clam_dbs" -type f -exec chmod -f 0644 "{}" "+" 2>/dev/null ; then
+        if ! find "$clam_dbs" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then
+          find "$clam_dbs" -type f -exec chmod -f 0644 "{}" ";"
+        fi
       fi
     fi
-  fi
-fi
 
-# Reload all clamd databases  
+# Reload all clamd databases
 clamscan_reload_dbs
 
 xshok_pretty_echo_and_log "Issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues" "-"
 
 check_new_version
 
+check_new_config_version
+
 xshok_cleanup
 
 # And lastly we exit, Note: the exit is always on the 2nd last line
index bdc1d60..e22468c 100644 (file)
@@ -1,6 +1,6 @@
 
 .\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater
-.TH clamav-unofficial-sigs 8 "20 July 2016" "Version: 5.4.1" "SCRIPT COMMANDS"
+.TH clamav-unofficial-sigs 8 "2017-03-19" "Version: 5.6.2" "SCRIPT COMMANDS"
 .SH NAME
 clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases.
 .SH SYNOPSIS
@@ -13,50 +13,50 @@ Script updates can be found at: \fBhttps://github.com/extremeshok/clamav-unoffic
 .SH OPTIONS
 This script follows the standard GNU command line syntax.
 .LP
-\fB Usage: clamav\-unofficial\-sigs.sh \fR [OPTION] [PATH|FILE]
+\fB Usage: clamav\-unofficial\-sigs \fR [OPTION] [PATH|FILE]
 .TP
 \fB \-c, \-\-config \fR Use a specific configuration file or directory   eg: '\-c /your/dir' or ' \-c /your/file.name'    Note: If a directory is specified the directory must contain atleast:    master.conf, os.conf or user.conf   Default Directory: /etc/clamav\-unofficial\-sigs
-.TP 
+.TP
 \fB \-F, \-\-force \fR Force all databases to be downloaded, could cause ip to be blocked
-.TP 
+.TP
 \fB \-h, \-\-help \fR Display this script's help and usage information
-.TP 
+.TP
 \fB \-V, \-\-version \fR Output script version and date information
-.TP 
+.TP
 \fB \-v, \-\-verbose \fR Be verbose, enabled when not run under cron
-.TP 
+.TP
 \fB \-s, \-\-silence \fR Only output error messages, enabled when run under cron
-.TP 
+.TP
 \fB \-d, \-\-decode\-sig \fR Decode a third\-party signature either by signature name   (eg: Sanesecurity.Junk.15248) or hexadecimal string.   This flag will 'NOT' decode image signatures
-.TP 
+.TP
 \fB \-e, \-\-encode\-string \fR Hexadecimal encode an entire input string that can   be used in any '*.ndb' signature database file
-.TP 
+.TP
 \fB \-f, \-\-encode\-formatted \fR Hexadecimal encode a formatted input string containing   signature spacing fields '{}, (), *', without encoding   the spacing fields, so that the encoded signature   can be used in any '*.ndb' signature database file
-.TP 
+.TP
 \fB \-g, \-\-gpg\-verify \fR GPG verify a specific Sanesecurity database file   eg: '\-g filename.ext' (do not include file path)
-.TP 
+.TP
 \fB \-i, \-\-information \fR Output system and configuration information for   viewing or possible debugging purposes
-.TP 
+.TP
 \fB \-m, \-\-make\-database \fR Make a signature database from an ascii file containing   data strings, with one data string per line.  Additional   information is provided when using this flag
-.TP 
+.TP
 \fB \-t, \-\-test\-database \fR Clamscan integrity test a specific database file   eg: '\-t filename.ext' (do not include file path)
-.TP 
+.TP
 \fB \-o, \-\-output\-triggered \fR If HAM directory scanning is enabled in the script's   configuration file, then output names of any third\-party   signatures that triggered during the HAM directory scan
-.TP 
+.TP
 \fB \-w, \-\-whitelist \fR Adds a signature whitelist entry in the newer ClamAV IGN2   format to 'my\-whitelist.ign2' in order to temporarily resolve   a false\-positive issue with a specific third\-party signature.   Script added whitelist entries will automatically be removed   if the original signature is either modified or removed from   the third\-party signature database
-.TP 
+.TP
 \fB \-\-check\-clamav \fR If ClamD status check is enabled and the socket path is correctly   specifiedthen test to see if clamd is running or not
-.TP 
+.TP
 \fB \-\-install\-all \fR Install and generate the cron, logroate and man files, autodetects the values   based on your config files
 .TP
 \fB \-\-install\-cron \fR Install and generate the cron file, autodetects the values   based on your config files
-.TP 
+.TP
 \fB \-\-install\-logrotate \fR Install and generate the logrotate file, autodetects the   values based on your config files
-.TP 
+.TP
 \fB \-\-install\-man \fR Install and generate the man file, autodetects the   values based on your config files
-.TP 
+.TP
 \fB \-\-remove\-script \fR Remove the clamav\-unofficial\-sigs script and all of   its associated files and databases from the system
-.TP 
+.TP
 .SH SEE ALSO
 .BR clamd (8),
 .BR clamscan (1)
index 7221236..7f66d00 100644 (file)
@@ -1,3 +1,9 @@
+clamav-unofficial-sigs (5.6-1) unstable; urgency=medium
+
+  * Prva verzija za Debian stretch
+
+ -- Ivan Rako <Ivan.Rako@CARNet.hr>  Tue, 03 Jul 2018 00:29:50 +0200
+
 clamav-unofficial-sigs (5.4.1-2) unstable; urgency=medium
 
   * Ispravak greske u cron.d
index a265065..7c57ce2 100644 (file)
@@ -3,13 +3,13 @@ Section: utils
 Priority: optional
 Maintainer: Ivan Rako <Ivan.Rako@CARNet.hr>
 Build-Depends: debhelper (>= 9)
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: https://github.com/extremeshok/clamav-unofficial-sigs
 
 Package: clamav-unofficial-sigs
 Architecture: all
 Depends: clamav, curl, wget, rsync, dnsutils, gnupg, ${misc:Depends}
-Suggests: clamav-daemon (>= 0.99.2)
+Suggests: clamav-daemon (>= 0.99.4)
 Description: update script for 3rd-party clamav signatures
  This package provides a script for updating the following sources of
  3rd-party clamav signatures until freshclamav gains support for such
index 4901626..037cf3c 100644 (file)
@@ -1,6 +1,32 @@
-# This cron file will execute the clamav-unofficial-sigs script that
+# https://eXtremeSHOK.com ######################################################
+# This file contains the cron settings for clamav-unofficial-sigs.sh
+###################
+# This is property of eXtremeSHOK.com
+# You are free to use, modify and distribute, however you may not remove this notice.
+# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+##################
+#
+# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
+#
+# Originially based on:
+# Script provide by Bill Landry (unofficialsigs@gmail.com).
+#
+# License: BSD (Berkeley Software Distribution)
+#
+##################
+# Automatically Generated: Tue Jul  3 00:38:36 CEST 2018
+##################
+#
+# This cron file will execute the clamav-unofficial-sigs.sh script that
 # currently supports updating third-party signature databases provided
 # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc.
+#
+# The script is set to run hourly, at a random minute past the hour, and the
+# script itself is set to randomize the actual execution time between
+# 60 - 600 seconds.  To Adjust the cron values, edit your configs and run
+# bash clamav-unofficial-sigs.sh --install-cron to generate a new file.
 
-54 * * * * clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && /usr/sbin/clamav-unofficial-sigs > /dev/null
+15 * * * * clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && /bin/bash /usr/sbin/clamav-unofficial-sigs > /dev/null
+
+# https://eXtremeSHOK.com ######################################################
 
index b60a2cd..71f12d4 100644 (file)
@@ -1,4 +1,26 @@
+# https://eXtremeSHOK.com ######################################################
+# This file contains the logrotate settings for clamav-unofficial-sigs.sh
+###################
+# This is property of eXtremeSHOK.com
+# You are free to use, modify and distribute, however you may not remove this notice.
+# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+##################
+#
+# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
+#
+# Originially based on:
+# Script provide by Bill Landry (unofficialsigs@gmail.com).
+#
+# License: BSD (Berkeley Software Distribution)
+#
+##################
+# Automatically Generated: Tue Jul  3 00:38:22 CEST 2018
+##################
+#
 # This logrotate file will rotate the logs generated by the clamav-unofficial-sigs.sh
+#
+# To Adjust the logrotate values, edit your configs and run
+# bash clamav-unofficial-sigs.sh --install-logrotate to generate a new file.
 
 /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log {
   weekly
@@ -6,6 +28,6 @@
   missingok
   notifempty
   compress
-  create 0644 clamav clamav
+  create 0640 clamav adm
 }
 
index d792e4e..86676ef 100644 (file)
@@ -5,7 +5,7 @@ set -e
 [ "$1" = "configure" ] || exit 0
 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
 
-if [ -x /usr/sbin/clamav-unofficial-sigs.sh ]; then
+if [ -x /usr/sbin/clamav-unofficial-sigs ]; then
   clamav-unofficial-sigs --silence || true
 fi
 
index b761631..96cd82c 100644 (file)
@@ -3,18 +3,20 @@
 # This is property of eXtremeSHOK.com
 # You are free to use, modify and distribute, however you may not remove this notice.
 # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+# License: BSD (Berkeley Software Distribution)
 ##################
 #
 # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
-# 
-# Originially based on: 
-# Script provide by Bill Landry (unofficialsigs@gmail.com).
-#
-# License: BSD (Berkeley Software Distribution)
 #
 ##################
 #
-# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG  
+# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
+#
+################################################################################
+#
+# IT IS BETTER TO SET YOUR OPTIONS IN THE user.conf AS THIS MAKES UPDATES EASIER
+#
+# os.conf AND user.conf OVERRIDES THE OPTIONS IN THIS FILE
 #
 ################################################################################
 
@@ -54,6 +56,9 @@ clamd_pid="/var/run/clamav/clamd.pid"
 # change the following variable to "yes".
 reload_dbs="yes"
 
+# Custom Command to do a full clamd reload, this is only used when reload_dbs is enabled
+clamd_reload_opt="clamdscan --reload"
+
 # Top level working directory, script will attempt to create them.
 work_dir="/var/lib/clamav-unofficial-sigs"   #Top level working directory
 
@@ -89,7 +94,7 @@ malwarepatrol_free="yes"
 # - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account
 # - 4. Click on the Setup tab
 # - 5. You will need to get your unique identifier from one of the download links, they are individual for every user
-# - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/ 
+# - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/
 # - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb
 #   Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters
 # - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
@@ -113,7 +118,7 @@ additional_update_hours="4"   # Default is 4 hours (6 downloads daily).
 # ========================
 # Set to no to disable an entire database, if the database is empty it will also be disabled.
 sanesecurity_enabled="yes"   # Sanesecurity
-securiteinfo_enabled="yes"   # SecuriteInfo 
+securiteinfo_enabled="yes"   # SecuriteInfo
 linuxmalwaredetect_enabled="yes"   # Linux Malware Detect
 malwarepatrol_enabled="yes"   # Malware Patrol
 yararulesproject_enabled="yes"   # Yara-Rule Project, automatically disabled if clamav is older than 0.99
@@ -128,12 +133,12 @@ enable_yararules="yes"   #Enables yararules in the various databases, automatica
 # The new and old database formats are supported for backwards compatibility
 #
 # New Format Usage:
-# new_example_dbs="
+# declare -a new_example_dbs=(
 #      file.name|RATING  #description
-# "
-# 
+# )
+#
 # Rating (False Positive Rating)
-# valid ratings: 
+# valid ratings:
 # REQUIRED : always used
 # LOW : used when the rating is low, medium and high
 # MEDIUM : used when the rating is medium and high
@@ -148,11 +153,11 @@ enable_yararules="yes"   #Enables yararules in the various databases, automatica
 #      file.name #LOW  description
 # "
 
-# Default dbs rating 
+# Default dbs rating
 # valid rating: LOW, MEDIUM, HIGH
 default_dbs_rating="LOW"
 
-# Per Database 
+# Per Database
 # These ratings will override the global rating for the specific database
 # valid rating: LOW, MEDIUM, HIGH, DISABLED
 #sanesecurity_dbs_rating=""
@@ -166,8 +171,8 @@ default_dbs_rating="LOW"
 # Add or remove database file names between quote marks as needed.  To
 # disable usage of any of the Sanesecurity distributed database files
 # shown, remove the database file name from the quoted section below.
-# Only databases defined as "low" risk have been enabled by default 
-# for additional information about the database ratings, see: 
+# Only databases defined as "low" risk have been enabled by default
+# for additional information about the database ratings, see:
 # http://www.sanesecurity.com/clamav/databases.htm
 # Only add signature databases here that are "distributed" by Sanesecuirty
 # as defined at the URL shown above.  Database distributed by others sources
@@ -176,56 +181,74 @@ default_dbs_rating="LOW"
 # spelled correctly or you will experience issues when the script runs
 # (hint: all rsync servers will fail to download signature updates).
 
-sanesecurity_dbs=" # BEGIN SANESECURITY DATABASE
+declare -a sanesecurity_dbs=( # BEGIN SANESECURITY DATABASE
 ### SANESECURITY http://sanesecurity.com/usage/signatures/
 ## REQUIRED, Do NOT disable
 sanesecurity.ftm|REQUIRED  # Message file types, for best performance
 sigwhitelist.ign2|REQUIRED  # Fast update file to whitelist any problem signatures
-## LOW
-junk.ndb|LOW  #  General high hitting junk, containing spam/phishing/lottery/jobs/419s etc 
+# LOW
+junk.ndb|LOW  #  General high hitting junk, containing spam/phishing/lottery/jobs/419s etc
 jurlbl.ndb|LOW  # Junk Url based
-phish.ndb|LOW  # Phishing
-rogue.hdb|LOW  # Malware, Rogue anti-virus software and Fake codecs etc.  Updated hourly to cover the latest malware threats  
-scam.ndb|LOW  # Spam/scams  
-spamimg.hdb|LOW  # Spam images 
-spamattach.hdb|LOW  # Spam Spammed attachments such as pdf/doc/rtf/zip 
-blurl.ndb|LOW  # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"  
+phish.ndb|LOW  # Phishing and Malware
+rogue.hdb|LOW  # Malware, Rogue anti-virus software and Fake codecs etc.  Updated hourly to cover the latest malware threats
+scam.ndb|LOW  # Spam/scams
+spamimg.hdb|LOW  # Spam images
+spamattach.hdb|LOW  # Spam Spammed attachments such as pdf/doc/rtf/zips
+blurl.ndb|LOW  # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"
 malwarehash.hsb|LOW  # Malware hashes without known Size
-## MEDIUM
+# MEDIUM
 jurlbla.ndb|MEDIUM  # Junk Url based autogenerated from various feeds
-lott.ndb|MEDIUM  # Lottery  
+lott.ndb|MEDIUM  # Lottery
 spam.ldb|MEDIUM  # Spam detected using the new Logical Signature type
 spear.ndb|MEDIUM  # Spear phishing email addresses (autogenerated from data here)
-spearl.ndb|MEDIUM  # Spear phishing urls (autogenerated from data here)   
-badmacro.ndb|MEDIUM  # Detect dangerous macros
+spearl.ndb|MEDIUM  # Spear phishing urls (autogenerated from data here)
+badmacro.ndb|MEDIUM  # Blocks dangerous macros embedded in Word/Excel/Xml/RTF/JS documents
+shelter.ldb|MEDIUM # Phishing and Malware
+
+### MALWARE.EXPERT https://malware.expert/
+# LOW
+malware.expert.hdb|MEDIUM      # statics MD5 pattern for files
+# MEDIUM
+malware.expert.fp|MEDIUM  # found to be false positive malware
+malware.expert.ldb|MEDIUM  # which use multi-words search for malware in files
+malware.expert.ndb|MEDIUM  # Generic Hex pattern PHP malware, which can cause false positive alarms
 
 ### FOXHOLE http://sanesecurity.com/foxhole-databases/
-## LOW
+# LOW
 foxhole_generic.cdb|LOW  # See Foxhole page for more details
 foxhole_filename.cdb|LOW  # See Foxhole page for more details
-## MEDIUM
+# MEDIUM
 foxhole_js.cdb|MEDIUM  # See Foxhole page for more details
-## HIGH
-foxhole_all.cdb|HIGH  # See Foxhole page for more details  
+foxhole_js.ndb|MEDIUM  # See Foxhole page for more details
+# HIGH
+foxhole_all.cdb|HIGH  # See Foxhole page for more details
+foxhole_all.ndb|HIGH  # See Foxhole page for more details
+foxhole_mail.cdb|HIGH # block any mail that contains a possible dangerous attachments such as: js, jse, exe, bat, com, scr, uue, ace, pif, jar, gz, lnk, lzh.
 
 ### OITC http://www.oitc.com/winnow/clamsigs/index.html
-### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together.  
+### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together.
 # LOW
 winnow_malware.hdb|LOW  # Current virus, trojan and other malware not yet detected by ClamAV.
 winnow_malware_links.ndb|LOW  # Links to malware
-winnow_extended_malware.hdb|LOW  # contain hand generated signatures for malware 
+winnow_extended_malware.hdb|LOW  # contain hand generated signatures for malware
 winnow.attachments.hdb|LOW  # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs
 winnow_bad_cw.hdb|LOW  # md5 hashes of malware attachments acquired directly from a group of botnets
-winnow_phish_complete_url.ndb|LOWMEDIUMONLY  # Similar to winnow_phish_complete.ndb except that entire urls are used  
+winnow_phish_complete_url.ndb|LOWMEDIUMONLY  # Similar to winnow_phish_complete.ndb except that entire urls are used
 # MEDIUM
 winnow_spam_complete.ndb|MEDIUM  # Signatures to detect fraud and other malicious spam
-winnow.complex.patterns.ldb|MEDIUM  # contain hand generated signatures for malware and some egregious fraud  
-winnow_extended_malware_links.ndb|MEDIUM  # contain hand generated signatures for malware links 
+winnow.complex.patterns.ldb|MEDIUM  # contain hand generated signatures for malware and some egregious fraud
+winnow_extended_malware_links.ndb|MEDIUM  # contain hand generated signatures for malware links
 # HIGH
 winnow_phish_complete.ndb|HIGH  # Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url**
 ### OITC YARA Format rules
 ### Note: Yara signatures require ClamAV 0.99 or newer to work
-winnow_malware.yara|LOW  # detect spam 
+winnow_malware.yara|LOW  # detect spam
+
+### MiscreantPunch http://malwarefor.me/about/
+## MEDIUM
+MiscreantPunch099-Low.ldb|MEDIUM # ruleset contains comprehensive rules for detecting malicious or abnormal Macros, JS, HTA, HTML, XAP, JAR, SWF, and more.
+## HIGH
+MiscreantPunch099-INFO-Low.ldb|HIGH # ruleset provides context to various files. Info and Suspicious level signatures may inform analysts of potentially interesting conditions that exist within a document.
 
 ### SCAMNAILER http://www.scamnailer.info/
 # MEDIUM
@@ -233,31 +256,27 @@ scamnailer.ndb|MEDIUM  # Spear phishing and other phishing emails
 
 ### BOFHLAND http://clamav.bofhland.org/
 # LOW
-bofhland_cracked_URL.ndb|LOW  # Spam URLs  
-bofhland_malware_URL.ndb|LOW  # Malware URLs 
+bofhland_cracked_URL.ndb|LOW  # Spam URLs
+bofhland_malware_URL.ndb|LOW  # Malware URLs
 bofhland_phishing_URL.ndb|LOW  # Phishing URLs
 bofhland_malware_attach.hdb|LOW  # Malware Hashes
 
 ###  RockSecurity http://rooksecurity.com/
-#LOW
-hackingteam.hsb|LOW  # Hacking Team hashes
-
-### CRDF https://threatcenter.crdf.fr/
 # LOW
-#crdfam.clamav.hdb|LOW  # List of new threats detected by CRDF Anti Malware  
+hackingteam.hsb|LOW  # Hacking Team hashes based on work by rooksecurity.com
 
 ### Porcupine
 # LOW
-porcupine.ndb|LOW  # Brazilian e-mail phishing and malware signatures 
-phishtank.ndb|LOW  # Online and valid phishing urls from phishtank.com data feed 
+porcupine.ndb|LOW  # Brazilian e-mail phishing and malware signatures
+phishtank.ndb|LOW  # Online and valid phishing urls from phishtank.com data feed
 porcupine.hsb|LOW  # Sha256 Hashes of VBS and JSE malware, kept for 7 days
 
 ### Sanesecurity YARA Format rules
 ### Note: Yara signatures require ClamAV 0.99 or newer to work
-Sanesecurity_sigtest.yara|LOW  # Sanesecurity test signatures 
-Sanesecurity_spam.yara|LOW  # detect spam 
+Sanesecurity_sigtest.yara|LOW  # Sanesecurity test signatures
+Sanesecurity_spam.yara|LOW  # Detects Spam emails
 
-" # END SANESECURITY DATABASES
+) # END SANESECURITY DATABASES
 
 # ========================
 # SecuriteInfo Database(s)
@@ -266,20 +285,20 @@ Sanesecurity_spam.yara|LOW  # detect spam
 # Add or remove database file names between quote marks as needed.  To
 # disable any SecuriteInfo database downloads, remove the appropriate
 # lines below.
-securiteinfo_dbs=" #START SECURITEINFO DATABASES
+declare -a securiteinfo_dbs=( #START SECURITEINFO DATABASES
 ### Securiteinfo https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
 ## REQUIRED, Do NOT disable
-securiteinfo.ign2|REQUIRED
+securiteinfo.ign2|REQUIRED # Signature Whitelist
 # LOW
 securiteinfo.hdb|LOW # Malwares in the Wild
-javascript.ndb|LOW # Malwares Javascript 
-securiteinfohtml.hdb|LOW # Malwares HTML 
+javascript.ndb|LOW # Malwares Javascript
+securiteinfohtml.hdb|LOW # Malwares HTML
 securiteinfoascii.hdb|LOW # Text file malwares (Perl or shell scripts, bat files, exploits, ...)
-securiteinfopdf.hdb|LOW # Malwares PDF 
+securiteinfopdf.hdb|LOW # Malwares PDF
 securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik
 # HIGH
 spam_marketing.ndb|HIGH # Spam Marketing /  spammer blacklist
-" #END SECURITEINFO DATABASES
+) #END SECURITEINFO DATABASES
 
 # ========================
 # Linux Malware Detect Database(s)
@@ -287,12 +306,12 @@ spam_marketing.ndb|HIGH # Spam Marketing /  spammer blacklist
 # Add or remove database file names between quote marks as needed.  To
 # disable any SecuriteInfo database downloads, remove the appropriate
 # lines below.
-linuxmalwaredetect_dbs="
+declare -a linuxmalwaredetect_dbs=(
 ### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/
 # LOW
 rfxn.ndb|LOW # HEX Malware detection signatures
 rfxn.hdb|LOW # MD5 malware detection signatures
-" #END LINUXMALWAREDETECT DATABASES
+) #END LINUXMALWAREDETECT DATABASES
 
 # ========================
 # Yara Rules Project Database(s)
@@ -300,14 +319,13 @@ rfxn.hdb|LOW # MD5 malware detection signatures
 # Add or remove database file names between quote marks as needed.  To
 # disable any Yara Rule database downloads, remove the appropriate
 # lines below.
-yararulesproject_dbs="
+declare -a yararulesproject_dbs=(
 ### Yara Rules https://github.com/Yara-Rules/rules
 #
 # Some rules are now in sub-directories. To reference a file in a sub-directory
 # use subdir/file
 # LOW
-email/EMAIL_Cryptowall.yar|LOW # CryptoWall Resume phish
-Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware 
+Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware
 Exploit-Kits/EK_Angler.yar|LOW # Angler Exploit Kit Redirector
 Exploit-Kits/EK_Blackhole.yar|LOW # BlackHole2 Exploit Kit Detection
 Exploit-Kits/EK_BleedingLife.yar|LOW # BleedingLife2 Exploit Kit Detection
@@ -322,7 +340,6 @@ Exploit-Kits/EK_Zeus.yar|LOW # Zeus Exploit Kit Detection
 # MEDIUM
 Malicious_Documents/maldoc_somerules.yar|MEDIUM # documents with malicious code
 Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated)
-Packers/Javascript_exploit_and_obfuscation.yar|MEDIUM # JavaScript Obfuscation Detection
 Packers/packer.yar|MEDIUM # well-known sofware packers
 CVE_Rules/CVE-2010-0805.yar|MEDIUM # CVE 2010 0805
 CVE_Rules/CVE-2010-0887.yar|MEDIUM # CVE 2010 0887
@@ -331,8 +348,9 @@ CVE_Rules/CVE-2013-0074.yar|MEDIUM # CVE 2013 0074
 CVE_Rules/CVE-2013-0422.yar|MEDIUM # CVE 2013 0422
 CVE_Rules/CVE-2015-5119.yar|MEDIUM # CVE 2015 5119
 # HIGH
+Packers/Javascript_exploit_and_obfuscation.yar|HIGH # JavaScript Obfuscation Detection
 Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms
-" #END yararulesproject DATABASES
+) #END yararulesproject DATABASES
 
 # =========================
 # Additional signature databases
@@ -341,19 +359,19 @@ Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms
 # format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
 # place of the "FILE-NAME" to download all files from specified location,
 # but this *ONLY* works for files downloaded via rsync).  For non-rsync
-# downloads, wget and curl is used.  For download protocols supported by 
+# downloads, wget and curl is used.  For download protocols supported by
 # wget and curl, see "man wget" and "man curl".
 # This also works well for locations that have many ClamAV
 # servers that use 3rd party signature databases, as only one server need
 # download the remote databases, and all others can update from the local
 # mirrors copy.  See format examples below.  To use, remove the comments
 # and examples shown and add your own sites between the quote marks.
-#additional_dbs="
+#declare -a additional_dbs=(
 #   rsync://192.168.1.50/new-db/sigs.hdb
 #   rsync://rsync.example.com/all-dbs/
 #   ftp://ftp.example.net/pub/sigs.ndb
 #   http://www.example.org/sigs.ldb
-#" #END ADDITIONAL DATABASES
+#) #END ADDITIONAL DATABASES
 
 
 # ==================================================
@@ -381,9 +399,6 @@ max_sleep_time="600"   # Default maximum is 600 seconds (10 minutes).
 # Command to do a full clamd service stop/start
 #clamd_restart_opt="service clamd restart"
 
-# Custom Command to fo a full clamd reload, this defaults to "clamdscan --reload" when not set
-#clamd_reload_opt="clamdscan --reload"
-
 # Custom Command Paths, these are detected with the which command when not set
 #uname_bin="/usr/bin/uname"
 #clamscan_bin="/usr/bin/clamscan"
@@ -392,6 +407,11 @@ max_sleep_time="600"   # Default maximum is 600 seconds (10 minutes).
 #curl_bin="/usr/bin/curl"
 #gpg_bin="/usr/bin/gpg"
 
+# GnuPG / Signature verification
+# To disable usage of gpg, set the following variable to "no".
+# If gpg_bin cannot be found, enable_gpg will automatically disable
+enable_gpg="yes"
+
 # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
 # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
 # are installed on the system, and you want to report whether clamd
@@ -425,10 +445,10 @@ downloader_tries="3"
 # Always located inside the work_dir, do not add /
 # Sub-directory names:
 sanesecurity_dir="dbs-ss"        # Sanesecurity sub-directory
-securiteinfo_dir="dbs-si"        # SecuriteInfo sub-directory 
-linuxmalwaredetect_dir="dbs-lmd"      # Linux Malware Detect sub-directory 
-malwarepatrol_dir="dbs-mbl"      # MalwarePatrol sub-directory 
-yararulesproject_dir="dbs-yara"      # Yara-Rules sub-directory 
+securiteinfo_dir="dbs-si"        # SecuriteInfo sub-directory
+linuxmalwaredetect_dir="dbs-lmd"      # Linux Malware Detect sub-directory
+malwarepatrol_dir="dbs-mbl"      # MalwarePatrol sub-directory
+yararulesproject_dir="dbs-yara"      # Yara-Rules sub-directory
 work_dir_configs="configs"   # Script configs sub-directory
 gpg_dir="gpg-key"      # Sanesecurity GPG Key sub-directory
 pid_dir="pid"      # User defined pid sub-directory
@@ -441,7 +461,7 @@ add_dir="dbs-add"      # User defined databases sub-directory
 keep_db_backup="no"
 
 # When a database integrity has tested BAD, the failed database will be removed.
-remove_bad_database="yes" 
+remove_bad_database="yes"
 
 # When a database is disabled we will remove the associated database files.
 remove_disabled_databases="no" # Default is "no" since we are not a database managament tool by default.
@@ -458,8 +478,8 @@ selinux_fixes="no" # Default is "no" ignore ssl errors and warnings
 # format of "hostname:port".  For wget, also note the https and http
 #rsync_proxy=""
 #curl_proxy=""
-#wget_proxy_http="http://username:password@proxy_host:proxy_port"
-#wget_proxy_https="https://username:password@proxy_host:proxy_port"
+#wget_proxy_http="-e http_proxy=http://username:password@proxy_host:proxy_port"
+#wget_proxy_https="-e https_proxy=https://username:password@proxy_host:proxy_port"
 
 
 # Custom Cron install settings, these are detected and only used if you want to override
@@ -484,9 +504,9 @@ selinux_fixes="no" # Default is "no" ignore ssl errors and warnings
 #man_dir="" #default: /usr/share/man/man8
 #man_filename="" #default: clamav-unofficial-sigs.8
 
-# Provided two variables that package and port maintainers can use in order to 
+# Provided two variables that package and port maintainers can use in order to
 # prevent the script from removing itself with the '-r' flag
-# If the script was installed via a package manager like yum, apt, pkg, etc. 
+# If the script was installed via a package manager like yum, apt, pkg, etc.
 # The script will instead provide feedback to the user about how to uninstall the package.
 #pkg_mgr="" #the package manager name
 #pkg_rm="" #the package manager command to remove the script
@@ -519,6 +539,6 @@ yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master"
 
 # ========================
 # DO NOT EDIT !
-config_version="69"
+config_version="73"
 
 # https://eXtremeSHOK.com ######################################################
diff --git a/os.conf b/os.conf
index 3982773..df451d9 100644 (file)
--- a/os.conf
+++ b/os.conf
@@ -3,18 +3,14 @@
 # This is property of eXtremeSHOK.com
 # You are free to use, modify and distribute, however you may not remove this notice.
 # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+# License: BSD (Berkeley Software Distribution)
 ##################
 #
 # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
-# 
-# Originially based on: 
-# Script provide by Bill Landry (unofficialsigs@gmail.com).
-#
-# License: BSD (Berkeley Software Distribution)
 #
 ##################
 #
-# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG 
+# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
 #
 ################################################################################
 # SEE MASTER.CONF FOR CONFIG EXPLAINATIONS
 # Rename to os.conf to enable this file
 ################################################################################
 
-# Debian 8 (Jessie)
+# Debian 9 (Stretch)
 
 clam_user="clamav"
 clam_group="clamav"
 
+logrotate_group="adm"
+
 clam_dbs="/var/lib/clamav"
 
-clamd_pid="/var/run/clamd.pid"
+clamd_pid="/run/clamav/clamd.pid"
 
-clamd_restart_opt="service clamav-daemon restart"
+#systemd.
+clamd_restart_opt="systemctl restart clamav-daemon.service"
 
-#clamd_socket="/var/run/clamav/clamd.ctl"
+#clamd_socket="/run/clamav/clamd.ctl"
 
 # https://eXtremeSHOK.com ######################################################
index dede3a2..dda1fa0 100644 (file)
--- a/user.conf
+++ b/user.conf
@@ -3,18 +3,14 @@
 # This is property of eXtremeSHOK.com
 # You are free to use, modify and distribute, however you may not remove this notice.
 # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
+# License: BSD (Berkeley Software Distribution)
 ##################
 #
 # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
-# 
-# Originially based on: 
-# Script provide by Bill Landry (unofficialsigs@gmail.com).
-#
-# License: BSD (Berkeley Software Distribution)
 #
 ##################
 #
-# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG 
+# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
 #
 ################################################################################
 # SEE MASTER.CONF FOR CONFIG EXPLAINATIONS
 
 #securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
 
-# Default dbs rating 
+# Default dbs rating
 # valid rating: LOW, MEDIUM, HIGH
-#default_dbs_rating="LOW"
+#default_dbs_rating="MEDIUM"
 
-# Per Database 
+# Per Database
 # These ratings will override the global rating for the specific database
 # valid rating: LOW, MEDIUM, HIGH, DISABLE
 #sanesecurity_dbs_rating=""
 #linuxmalwaredetect_dbs_rating=""
 #yararulesproject_dbs_rating=""
 
+# =========================
+# Additional signature databases
+# =========================
+#declare -a additional_dbs=(
+#   ftp://ftp.example.net/pub/sigs.ndb
+#   http://www.example.org/sigs.ldb
+#) #END ADDITIONAL DATABASES
+
+# Uncomment the following line to enable the script
 user_configuration_complete="yes"
 
 # https://eXtremeSHOK.com ######################################################