# A Modified version of the update script originally written by
# Bill Landry
#
+# Modified by Dragan Dosen <ddosen@ffzg.hr>
+#
+# Modified by Ivan Rako <irako@srce.hr>
+#
# Modified by Rick Cooper: Contact sanescript@dwford.com
#
# Modified by Norbert Buchmuller <norbi@nix.hu>
# The file names and URLs of the scam and phish signature files from SaneSecurity
SCAM_SIGS="scam.ndb"
-SCAM_SIGS_URL="http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz"
+SCAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb"
PHISH_SIGS="phish.ndb"
-PHISH_SIGS_URL="http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz"
+PHISH_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb"
+JUNK_SIGS="junk.ndb"
+JUNK_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb"
+LOTT_SIGS="lott.ndb"
+LOTT_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb"
+ROGUE_SIGS="rogue.hdb"
+ROGUE_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb"
+SPAMIMG_SIGS="spamimg.hdb"
+SPAMIMG_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spamimg.hdb"
+SPAM_SIGS="spam.ldb"
+SPAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spam.ldb"
+SPEAR_SIGS="spear.ndb"
+SPEAR_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb"
# The URLs of the spam and image-spam signature files from MSRBL
MSRBL_SPAM_SIGS="MSRBL-SPAM.ndb"
MSRBL_IMAGE_SIGS="MSRBL-Images.hdb"
MSRBL_IMAGE_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb"
+# SecuriteInfo -ddosen
+SI_VX_SIGS="vx.hdb"
+SI_VX_SIGS_URL="http://clamav.securiteinfo.com/vx.hdb.gz"
+SI_HONEYNET_SIGS="honeynet.hdb"
+SI_HONEYNET_SIGS_URL="http://clamav.securiteinfo.com/honeynet.hdb.gz"
+SI_SECURITEINFO_SIGS="securiteinfo.hdb"
+SI_SECURITEINFO_SIGS_URL="http://clamav.securiteinfo.com/securiteinfo.hdb.gz"
+SI_ANTISPAM_SIGS="antispam.ndb"
+SI_ANTISPAM_SIGS_URL="http://clamav.securiteinfo.com/antispam.ndb.gz"
+
+# Malware Black List -ddosen
+MBL_SIGS="mbl.db"
+MBL_SIGS_URL="http://www.malware.com.br/cgi/submit?action=list_clamav"
+
# Log messages with this or greater severity to syslog
syslog_loglevel=error
#
print_usage()
{
- echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com and msrbl.com."
+ echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com, msrbl.com, securiteinfo.com and malware.com.br"
echo -e "Usage: $0 [options]"
echo -e "OPTIONS:"
echo -e " --syslog-loglevel=level\tSets the log level for syslog to 'level'."
#
log_startup_summary()
{
- log debug "PHISH_SIGS : $PHISH_SIGS_URL"
- log debug "SCAM_SIGS : $SCAM_SIGS_URL"
- log debug "SPAM_SIGS : $MSRBL_SPAM_SIGS_URL"
- log debug "IMAGE_SIGS : $MSRBL_IMAGE_SIGS_URL"
- log debug "ClamScan : $clamscan"
- log debug "CURL : $curl"
- log debug "GunZip : $gunzip"
- log debug "RSync : $rsync"
- log debug "ClamAV db dir : $clam_db_dir"
- log debug "temp dir : $tmp_dir"
+ log debug "PHISH_SIGS : $PHISH_SIGS_URL"
+ log debug "SCAM_SIGS : $SCAM_SIGS_URL"
+ log debug "JUNK_SIGS : $JUNK_SIGS_URL"
+ log debug "LOTT_SIGS : $LOTT_SIGS_URL"
+ log debug "ROGUE_SIGS : $ROGUE_SIGS_URL"
+ log debug "SPAMIMG_SIGS : $SPAMIMG_SIGS_URL"
+ log debug "SPAM_SIGS : $SPAM_SIGS_URL"
+ log debug "SPEAR_SIGS : $SPEAR_SIGS_URL"
+ log debug "MSRBL_SPAM_SIGS : $MSRBL_SPAM_SIGS_URL"
+ log debug "MSRBL_IMAGE_SIGS : $MSRBL_IMAGE_SIGS_URL"
+ log debug "SI_VX_SIGS : $SI_VX_SIGS_URL"
+ log debug "SI_HONEYNET_SIGS : $SI_HONEYNET_SIGS_URL"
+ log debug "SI_SECURITEINFO_SIGS : $SI_SECURITEINFO_SIGS_URL"
+ log debug "SI_ANTISPAM_SIGS : $SI_ANTISPAM_SIGS_URL"
+ log debug "MBL_SIGS : $MBL_SIGS_URL"
+ log debug "ClamScan : $clamscan"
+ log debug "CURL : $curl"
+ log debug "GunZip : $gunzip"
+ log debug "RSync : $rsync"
+ log debug "ClamAV db dir : $clam_db_dir"
+ log debug "temp dir : $tmp_dir"
}
# Sleep for a random time (determined by $min_sleep_time and $max_sleep_time global variables)
declare sigfile_updated=0
if [ "$unprivileged_child" -ne 0 -o $(id -u) -ne 0 ]; then
# Update/download the signature files
- update_sigfile_with_curl "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1
- update_sigfile_with_curl "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$JUNK_SIGS_URL" "$JUNK_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$LOTT_SIGS_URL" "$LOTT_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$ROGUE_SIGS_URL" "$ROGUE_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$SPAMIMG_SIGS_URL" "$SPAMIMG_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$SPAM_SIGS_URL" "$SPAM_SIGS" && sigfile_updated=1
+ update_sigfile_with_rsync "$SPEAR_SIGS_URL" "$SPEAR_SIGS" && sigfile_updated=1
update_sigfile_with_rsync "$MSRBL_SPAM_SIGS_URL" "$MSRBL_SPAM_SIGS" && sigfile_updated=1
update_sigfile_with_rsync "$MSRBL_IMAGE_SIGS_URL" "$MSRBL_IMAGE_SIGS" && sigfile_updated=1
+ #
+ update_sigfile_with_curl "$SI_VX_SIGS_URL" "$SI_VX_SIGS" && sigfile_updated=1
+ update_sigfile_with_curl "$SI_HONEYNET_SIGS_URL" "$SI_HONEYNET_SIGS" && sigfile_updated=1
+ update_sigfile_with_curl "$SI_SECURITEINFO_SIGS_URL" "$SI_SECURITEINFO_SIGS" && sigfile_updated=1
+ update_sigfile_with_curl "$SI_ANTISPAM_SIGS_URL" "$SI_ANTISPAM_SIGS" && sigfile_updated=1
+ update_sigfile_with_curl "$MBL_SIGS_URL" "$MBL_SIGS" && sigfile_updated=1
else
# Re-execute the script as the unprivileged user to do the download/check/install part.
# (It exits with 0 exit status only if at least on the signature file were updated.)
su -s $SHELL $unprivileged_user -c "'$program_invocation_absolute_name' --unprivileged-child --syslog-loglevel=$syslog_loglevel --stderr-loglevel=$stderr_loglevel" && sigfile_updated=1
# Change owner, group and security context.
- chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS"
+ chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$JUNK_SIGS" "$LOTT_SIGS" "$ROGUE_SIGS" "$SPAMIMG_SIGS" "$SPAM_SIGS" "$SPEAR_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS" "$SI_VX_SIGS" "$SI_HONEYNET_SIGS" "$SI_SECURITEINFO_SIGS" "$SI_ANTISPAM_SIGS" "$MBL_SIGS"
fi
# Reload database