From c2fc16a2911b43e6018f25c30df50a99da6346ac Mon Sep 17 00:00:00 2001 From: Ivan Rako Date: Mon, 26 Jan 2009 13:17:28 +0100 Subject: [PATCH 1/1] novi clamav-sanesecurity --- clamav-sanesecurity | 85 +++++++++++++++++++++++++++++++++++++++++---------- debian/changelog | 8 +++++ 2 files changed, 77 insertions(+), 16 deletions(-) mode change 100755 => 100644 clamav-sanesecurity diff --git a/clamav-sanesecurity b/clamav-sanesecurity old mode 100755 new mode 100644 index f04cfb1..72f2683 --- a/clamav-sanesecurity +++ b/clamav-sanesecurity @@ -5,6 +5,10 @@ # A Modified version of the update script originally written by # Bill Landry # +# Modified by Dragan Dosen +# +# Modified by Ivan Rako +# # Modified by Rick Cooper: Contact sanescript@dwford.com # # Modified by Norbert Buchmuller @@ -141,9 +145,21 @@ export PATH="$PATH":/bin:/usr/bin:/usr/local/bin # The file names and URLs of the scam and phish signature files from SaneSecurity SCAM_SIGS="scam.ndb" -SCAM_SIGS_URL="http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz" +SCAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb" PHISH_SIGS="phish.ndb" -PHISH_SIGS_URL="http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz" +PHISH_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb" +JUNK_SIGS="junk.ndb" +JUNK_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb" +LOTT_SIGS="lott.ndb" +LOTT_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb" +ROGUE_SIGS="rogue.hdb" +ROGUE_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb" +SPAMIMG_SIGS="spamimg.hdb" +SPAMIMG_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spamimg.hdb" +SPAM_SIGS="spam.ldb" +SPAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spam.ldb" +SPEAR_SIGS="spear.ndb" +SPEAR_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb" # The URLs of the spam and image-spam signature files from MSRBL MSRBL_SPAM_SIGS="MSRBL-SPAM.ndb" @@ -151,6 +167,20 @@ MSRBL_SPAM_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb" MSRBL_IMAGE_SIGS="MSRBL-Images.hdb" MSRBL_IMAGE_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb" +# SecuriteInfo -ddosen +SI_VX_SIGS="vx.hdb" +SI_VX_SIGS_URL="http://clamav.securiteinfo.com/vx.hdb.gz" +SI_HONEYNET_SIGS="honeynet.hdb" +SI_HONEYNET_SIGS_URL="http://clamav.securiteinfo.com/honeynet.hdb.gz" +SI_SECURITEINFO_SIGS="securiteinfo.hdb" +SI_SECURITEINFO_SIGS_URL="http://clamav.securiteinfo.com/securiteinfo.hdb.gz" +SI_ANTISPAM_SIGS="antispam.ndb" +SI_ANTISPAM_SIGS_URL="http://clamav.securiteinfo.com/antispam.ndb.gz" + +# Malware Black List -ddosen +MBL_SIGS="mbl.db" +MBL_SIGS_URL="http://www.malware.com.br/cgi/submit?action=list_clamav" + # Log messages with this or greater severity to syslog syslog_loglevel=error @@ -536,7 +566,7 @@ check_for_external_programs() # print_usage() { - echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com and msrbl.com." + echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com, msrbl.com, securiteinfo.com and malware.com.br" echo -e "Usage: $0 [options]" echo -e "OPTIONS:" echo -e " --syslog-loglevel=level\tSets the log level for syslog to 'level'." @@ -640,16 +670,27 @@ create_temp_dir() # log_startup_summary() { - log debug "PHISH_SIGS : $PHISH_SIGS_URL" - log debug "SCAM_SIGS : $SCAM_SIGS_URL" - log debug "SPAM_SIGS : $MSRBL_SPAM_SIGS_URL" - log debug "IMAGE_SIGS : $MSRBL_IMAGE_SIGS_URL" - log debug "ClamScan : $clamscan" - log debug "CURL : $curl" - log debug "GunZip : $gunzip" - log debug "RSync : $rsync" - log debug "ClamAV db dir : $clam_db_dir" - log debug "temp dir : $tmp_dir" + log debug "PHISH_SIGS : $PHISH_SIGS_URL" + log debug "SCAM_SIGS : $SCAM_SIGS_URL" + log debug "JUNK_SIGS : $JUNK_SIGS_URL" + log debug "LOTT_SIGS : $LOTT_SIGS_URL" + log debug "ROGUE_SIGS : $ROGUE_SIGS_URL" + log debug "SPAMIMG_SIGS : $SPAMIMG_SIGS_URL" + log debug "SPAM_SIGS : $SPAM_SIGS_URL" + log debug "SPEAR_SIGS : $SPEAR_SIGS_URL" + log debug "MSRBL_SPAM_SIGS : $MSRBL_SPAM_SIGS_URL" + log debug "MSRBL_IMAGE_SIGS : $MSRBL_IMAGE_SIGS_URL" + log debug "SI_VX_SIGS : $SI_VX_SIGS_URL" + log debug "SI_HONEYNET_SIGS : $SI_HONEYNET_SIGS_URL" + log debug "SI_SECURITEINFO_SIGS : $SI_SECURITEINFO_SIGS_URL" + log debug "SI_ANTISPAM_SIGS : $SI_ANTISPAM_SIGS_URL" + log debug "MBL_SIGS : $MBL_SIGS_URL" + log debug "ClamScan : $clamscan" + log debug "CURL : $curl" + log debug "GunZip : $gunzip" + log debug "RSync : $rsync" + log debug "ClamAV db dir : $clam_db_dir" + log debug "temp dir : $tmp_dir" } # Sleep for a random time (determined by $min_sleep_time and $max_sleep_time global variables) @@ -804,17 +845,29 @@ cd "$clam_db_dir" declare sigfile_updated=0 if [ "$unprivileged_child" -ne 0 -o $(id -u) -ne 0 ]; then # Update/download the signature files - update_sigfile_with_curl "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1 - update_sigfile_with_curl "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$JUNK_SIGS_URL" "$JUNK_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$LOTT_SIGS_URL" "$LOTT_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$ROGUE_SIGS_URL" "$ROGUE_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$SPAMIMG_SIGS_URL" "$SPAMIMG_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$SPAM_SIGS_URL" "$SPAM_SIGS" && sigfile_updated=1 + update_sigfile_with_rsync "$SPEAR_SIGS_URL" "$SPEAR_SIGS" && sigfile_updated=1 update_sigfile_with_rsync "$MSRBL_SPAM_SIGS_URL" "$MSRBL_SPAM_SIGS" && sigfile_updated=1 update_sigfile_with_rsync "$MSRBL_IMAGE_SIGS_URL" "$MSRBL_IMAGE_SIGS" && sigfile_updated=1 + # + update_sigfile_with_curl "$SI_VX_SIGS_URL" "$SI_VX_SIGS" && sigfile_updated=1 + update_sigfile_with_curl "$SI_HONEYNET_SIGS_URL" "$SI_HONEYNET_SIGS" && sigfile_updated=1 + update_sigfile_with_curl "$SI_SECURITEINFO_SIGS_URL" "$SI_SECURITEINFO_SIGS" && sigfile_updated=1 + update_sigfile_with_curl "$SI_ANTISPAM_SIGS_URL" "$SI_ANTISPAM_SIGS" && sigfile_updated=1 + update_sigfile_with_curl "$MBL_SIGS_URL" "$MBL_SIGS" && sigfile_updated=1 else # Re-execute the script as the unprivileged user to do the download/check/install part. # (It exits with 0 exit status only if at least on the signature file were updated.) su -s $SHELL $unprivileged_user -c "'$program_invocation_absolute_name' --unprivileged-child --syslog-loglevel=$syslog_loglevel --stderr-loglevel=$stderr_loglevel" && sigfile_updated=1 # Change owner, group and security context. - chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS" + chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$JUNK_SIGS" "$LOTT_SIGS" "$ROGUE_SIGS" "$SPAMIMG_SIGS" "$SPAM_SIGS" "$SPEAR_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS" "$SI_VX_SIGS" "$SI_HONEYNET_SIGS" "$SI_SECURITEINFO_SIGS" "$SI_ANTISPAM_SIGS" "$MBL_SIGS" fi # Reload database diff --git a/debian/changelog b/debian/changelog index 8181709..f30cddc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +clamav-cn (3:0.94-5) stable; urgency=high + + * Nova skripta /etc/cron.hourly/clamav-sanesecurity + - dodani potpisi za SecuriteInfo + - SaneSecurity potpisi se skidaju sa rsync-om + + -- Ivan Rako Mon, 26 Jan 2009 13:15:53 +0100 + clamav-cn (3:0.94-4) stable; urgency=high * Ovisnost o najnovijoj verziji koja ispravlja sigurnosne ispravke -- 1.7.10.4