novi clamav-sanesecurity
authorIvan Rako <irako@bagan.srce.hr>
Mon, 26 Jan 2009 12:17:28 +0000 (13:17 +0100)
committerIvan Rako <irako@bagan.srce.hr>
Mon, 26 Jan 2009 12:17:28 +0000 (13:17 +0100)
clamav-sanesecurity [changed mode: 0755->0644]
debian/changelog

old mode 100755 (executable)
new mode 100644 (file)
index f04cfb1..72f2683
@@ -5,6 +5,10 @@
 # A Modified version of the update script originally written by
 # Bill Landry
 #
+# Modified by Dragan Dosen <ddosen@ffzg.hr>
+#
+# Modified by Ivan Rako <irako@srce.hr>
+#
 # Modified by Rick Cooper: Contact sanescript@dwford.com
 #
 # Modified by Norbert Buchmuller <norbi@nix.hu>
@@ -141,9 +145,21 @@ export PATH="$PATH":/bin:/usr/bin:/usr/local/bin
 
 # The file names and URLs of the scam and phish signature files from SaneSecurity
 SCAM_SIGS="scam.ndb"
-SCAM_SIGS_URL="http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz"
+SCAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb"
 PHISH_SIGS="phish.ndb"
-PHISH_SIGS_URL="http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz"
+PHISH_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb"
+JUNK_SIGS="junk.ndb"
+JUNK_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb"
+LOTT_SIGS="lott.ndb"
+LOTT_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb"
+ROGUE_SIGS="rogue.hdb"
+ROGUE_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb"
+SPAMIMG_SIGS="spamimg.hdb"
+SPAMIMG_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spamimg.hdb"
+SPAM_SIGS="spam.ldb"
+SPAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spam.ldb"
+SPEAR_SIGS="spear.ndb"
+SPEAR_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb"
 
 # The URLs of the spam and image-spam signature files from MSRBL
 MSRBL_SPAM_SIGS="MSRBL-SPAM.ndb"
@@ -151,6 +167,20 @@ MSRBL_SPAM_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb"
 MSRBL_IMAGE_SIGS="MSRBL-Images.hdb"
 MSRBL_IMAGE_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb"
 
+# SecuriteInfo  -ddosen
+SI_VX_SIGS="vx.hdb"
+SI_VX_SIGS_URL="http://clamav.securiteinfo.com/vx.hdb.gz"
+SI_HONEYNET_SIGS="honeynet.hdb"
+SI_HONEYNET_SIGS_URL="http://clamav.securiteinfo.com/honeynet.hdb.gz"
+SI_SECURITEINFO_SIGS="securiteinfo.hdb"
+SI_SECURITEINFO_SIGS_URL="http://clamav.securiteinfo.com/securiteinfo.hdb.gz"
+SI_ANTISPAM_SIGS="antispam.ndb"
+SI_ANTISPAM_SIGS_URL="http://clamav.securiteinfo.com/antispam.ndb.gz"
+
+# Malware Black List  -ddosen
+MBL_SIGS="mbl.db"
+MBL_SIGS_URL="http://www.malware.com.br/cgi/submit?action=list_clamav"
+
 # Log messages with this or greater severity to syslog
 syslog_loglevel=error
 
@@ -536,7 +566,7 @@ check_for_external_programs()
 #
 print_usage()
 {
-       echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com and msrbl.com."
+       echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com, msrbl.com, securiteinfo.com and malware.com.br"
        echo -e "Usage: $0 [options]"
        echo -e "OPTIONS:"
        echo -e "  --syslog-loglevel=level\tSets the log level for syslog to 'level'."
@@ -640,16 +670,27 @@ create_temp_dir()
 #
 log_startup_summary()
 {
-       log debug "PHISH_SIGS    : $PHISH_SIGS_URL"
-       log debug "SCAM_SIGS     : $SCAM_SIGS_URL"
-       log debug "SPAM_SIGS     : $MSRBL_SPAM_SIGS_URL"
-       log debug "IMAGE_SIGS    : $MSRBL_IMAGE_SIGS_URL"
-       log debug "ClamScan      : $clamscan"
-       log debug "CURL          : $curl"
-       log debug "GunZip        : $gunzip"
-       log debug "RSync         : $rsync"
-       log debug "ClamAV db dir : $clam_db_dir"
-       log debug "temp dir      : $tmp_dir"
+       log debug "PHISH_SIGS           : $PHISH_SIGS_URL"
+       log debug "SCAM_SIGS            : $SCAM_SIGS_URL"
+       log debug "JUNK_SIGS            : $JUNK_SIGS_URL"
+       log debug "LOTT_SIGS            : $LOTT_SIGS_URL"
+       log debug "ROGUE_SIGS           : $ROGUE_SIGS_URL"
+       log debug "SPAMIMG_SIGS         : $SPAMIMG_SIGS_URL"
+       log debug "SPAM_SIGS            : $SPAM_SIGS_URL"
+       log debug "SPEAR_SIGS           : $SPEAR_SIGS_URL"
+       log debug "MSRBL_SPAM_SIGS      : $MSRBL_SPAM_SIGS_URL"
+       log debug "MSRBL_IMAGE_SIGS     : $MSRBL_IMAGE_SIGS_URL"
+       log debug "SI_VX_SIGS           : $SI_VX_SIGS_URL"
+       log debug "SI_HONEYNET_SIGS     : $SI_HONEYNET_SIGS_URL"
+       log debug "SI_SECURITEINFO_SIGS : $SI_SECURITEINFO_SIGS_URL"
+       log debug "SI_ANTISPAM_SIGS     : $SI_ANTISPAM_SIGS_URL"
+       log debug "MBL_SIGS             : $MBL_SIGS_URL"
+       log debug "ClamScan             : $clamscan"
+       log debug "CURL                 : $curl"
+       log debug "GunZip               : $gunzip"
+       log debug "RSync                : $rsync"
+       log debug "ClamAV db dir        : $clam_db_dir"
+       log debug "temp dir             : $tmp_dir"
 }
 
 # Sleep for a random time (determined by $min_sleep_time and $max_sleep_time global variables)
@@ -804,17 +845,29 @@ cd "$clam_db_dir"
 declare sigfile_updated=0
 if [ "$unprivileged_child" -ne 0 -o $(id -u) -ne 0 ]; then
        # Update/download the signature files
-       update_sigfile_with_curl "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1
-       update_sigfile_with_curl "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$JUNK_SIGS_URL" "$JUNK_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$LOTT_SIGS_URL" "$LOTT_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$ROGUE_SIGS_URL" "$ROGUE_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$SPAMIMG_SIGS_URL" "$SPAMIMG_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$SPAM_SIGS_URL" "$SPAM_SIGS" && sigfile_updated=1
+       update_sigfile_with_rsync "$SPEAR_SIGS_URL" "$SPEAR_SIGS" && sigfile_updated=1
        update_sigfile_with_rsync "$MSRBL_SPAM_SIGS_URL" "$MSRBL_SPAM_SIGS" && sigfile_updated=1
        update_sigfile_with_rsync "$MSRBL_IMAGE_SIGS_URL" "$MSRBL_IMAGE_SIGS" && sigfile_updated=1
+       #
+       update_sigfile_with_curl "$SI_VX_SIGS_URL" "$SI_VX_SIGS" && sigfile_updated=1
+       update_sigfile_with_curl "$SI_HONEYNET_SIGS_URL" "$SI_HONEYNET_SIGS" && sigfile_updated=1
+       update_sigfile_with_curl "$SI_SECURITEINFO_SIGS_URL" "$SI_SECURITEINFO_SIGS" && sigfile_updated=1
+       update_sigfile_with_curl "$SI_ANTISPAM_SIGS_URL" "$SI_ANTISPAM_SIGS" && sigfile_updated=1
+       update_sigfile_with_curl "$MBL_SIGS_URL" "$MBL_SIGS" && sigfile_updated=1
 else
        # Re-execute the script as the unprivileged user to do the download/check/install part.
        # (It exits with 0 exit status only if at least on the signature file were updated.)
        su -s $SHELL $unprivileged_user -c "'$program_invocation_absolute_name' --unprivileged-child --syslog-loglevel=$syslog_loglevel --stderr-loglevel=$stderr_loglevel" && sigfile_updated=1
 
        # Change owner, group and security context.
-       chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS"
+       chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$JUNK_SIGS" "$LOTT_SIGS" "$ROGUE_SIGS" "$SPAMIMG_SIGS" "$SPAM_SIGS" "$SPEAR_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS" "$SI_VX_SIGS" "$SI_HONEYNET_SIGS" "$SI_SECURITEINFO_SIGS" "$SI_ANTISPAM_SIGS" "$MBL_SIGS"
 fi
 
 # Reload database
index 8181709..f30cddc 100644 (file)
@@ -1,3 +1,11 @@
+clamav-cn (3:0.94-5) stable; urgency=high
+
+  * Nova skripta /etc/cron.hourly/clamav-sanesecurity
+    - dodani potpisi za SecuriteInfo
+    - SaneSecurity potpisi se skidaju sa rsync-om
+
+ -- Ivan Rako <Ivan.Rako@CARNet.hr>  Mon, 26 Jan 2009 13:15:53 +0100
+
 clamav-cn (3:0.94-4) stable; urgency=high
 
   * Ovisnost o najnovijoj verziji koja ispravlja sigurnosne ispravke