From d3731b68af02edbf392cc415e9071c06e39b46a6 Mon Sep 17 00:00:00 2001 From: Ivan Rako Date: Tue, 5 Apr 2011 16:16:47 +0200 Subject: [PATCH] prvo izdanje za squeeze, ovisnost o clamav-unofficial-sigs --- clamav-sanesecurity | 887 --------------------------------------------------- debian/changelog | 7 + debian/conffiles | 1 - debian/control | 2 +- debian/dirs | 1 - debian/install | 1 - 6 files changed, 8 insertions(+), 891 deletions(-) delete mode 100755 clamav-sanesecurity delete mode 100644 debian/conffiles delete mode 100644 debian/dirs delete mode 100644 debian/install diff --git a/clamav-sanesecurity b/clamav-sanesecurity deleted file mode 100755 index 72f2683..0000000 --- a/clamav-sanesecurity +++ /dev/null @@ -1,887 +0,0 @@ -#!/bin/bash -# -# $Id: update_sanesecurity.sh 706 2008-09-15 20:27:11Z mendel $ -# -# A Modified version of the update script originally written by -# Bill Landry -# -# Modified by Dragan Dosen -# -# Modified by Ivan Rako -# -# Modified by Rick Cooper: Contact sanescript@dwford.com -# -# Modified by Norbert Buchmuller -# -# TODO: -# * split off changelog to a separate file -# * split off configuration to a separate file -# * support optional gzipping (if the downloaded file ends in .gz|.bz2, unzip it) -# * support for protocol (rsync://|http://|https://|ftp://) auto-detection (and call the appropriate download method) -# * support for more flexible download URLs (a list of them eg.) -# * support for external configuration file -# * support for additional DBs (securiteinfo.com, www.malware.com.br) -# -# Last updated Sep 15, 2008 -# FIX 09/15/2008 -# Looks for 'main.cld' in $clam_db_dir as new versions of ClamAV use -# '.cld' extension for virus definition files. -# -# FIX 04/26/2008 -# Changed '--debug' to mean '--syslog-loglevel=none --stderr-loglevel=debug'. -# Added diagnostic message when tty is detected (and so random sleep is disabled). -# -# FIX 12/21/2007 -# Fixed a grave bug: previously it failed to detect if the newly downloaded -# database was corrupt. -# Detects if the user runs the script from a terminal, and disables -# the random sleep if it is so. -# -# FIX 09/26/2007 -# Fixed a bug: now it passes the log levels to the unprivileged child. -# Fixed a bug: now the unprivileged child does not attempt to reload ClamAV db. -# Prints usage message if asked for. -# -# FIX 09/21/2007 -# Added SELinux support. -# Thanks Andrew Colin Kissa . -# Added support to run the script as root (the superuser privileges are only used -# when changing the owner:group and security context of the signature files, -# and when reloading clamd). -# -# FIX 09/20/2007 -# Fixed a bug introduced by the 08/28/2007 change: the "SPAM.ndb" file was saved -# (incorrectly) with the name "SPAM.hdb" and thus ClamAV refused to load it. -# Thanks Keith Brazington . -# -# FIX 08/28/2007 -# Refactored logging to avoid code/text duplication. -# Refactored downloading to avoid code duplication. -# Split up the main function into smaller ones. -# Should be started as the clamav user, not root to avoid -# security implications. -# Uses proper temporary dir creation method (mktemp(1)) to avoid -# security implications. -# It is assured that a non-zero exit status is used when exiting because of an error. -# Uses 'mail' syslog facility. -# Different syslog log priorities are used for messages with different severity. -# Diagnostic messages (incl. debug messages) go to stderr instead of stdout. -# More careful quoting to allow spaces or other unexpected chars in variables. -# Checking carefully for the exit status of all the important commands. -# Rsync downloads the new signature file to a temporary directory -# and only installs it after it is verified that ClamAV accepts -# the signature file. (Note: This requires a relatively new version of Rsync -# because versions older than cca. 2.6.9 unconditionally download the file, even -# if it did not change.) -# Uses '-p' option of 'cp' to preserve modification times. -# No separate log files for each command, instead their output is logged if -# they return a non-zero exit status. -# PATH is appended to, not overwritten. -# Use 'type -P' instead of 'which'. -# Fixed a few typos. -# -# FIX 08/13/2007 -# Using new SaneSecurity URLs -# -# FIX 06/30/2007 -# Removed the -h (human readable) option from the rsync command line -# as this was for the help option in older versions of rsync, and -# it's not worth maintaining two versions of the command based on -# rsync version. Thanks for the bug report Chris -# Changed the SCAM_SIGS_URL variable to point to the proper URL. The old one -# worked but this one is the correct/desired URL Thanks Steve Basford. -# -# FIX 06/27/2007 -# Fixed incorrect check on CURL return code in phish.db section -# causing it to consider a success as a failure. Thanks -# Leonardo Rodrigues Magalhães -# -# FIX 05/16/2007 -# Fixed a bug where downloading phish.ndb.gz for the first time results -# in an error and the downloaded file removed (Thanks Gary V) -# -# NEW 05/15/2007 -# Now have option to log to system logger (notify) -# If you do not wish to use this logging function look below for -# SYSLOG_ON=1 and set to SYSLOG_ON=0. This also will not function -# if logger is not installed on your system for some reason -# -# Now logs each download stats regardless of debug status, but only outputs -# to console if in debugging mode, or error and doesn't output -# to system logger. -# (as suggested by Gary V) -# Changed the clamdb grep to use extended pattern matching as suggested -# by Gary V -# Altered the rsync portions to use --stats instead of --progress and -# look for number of files transfered for confirmation of an update -# -# NEW 05/08/2007 -# Updated the MSRBL-* files to update vi rsync (tested version 2.6.9) -# the current db(s) will be saved before the update and if there is a -# problem with the download or clam db tests the old version is -# moved back into place, an error message is produced and the -# corrupt file is moved to filename.bad for the operator to look into -# Changed the detection of the clam db directory it's now very fast -# and will accommodate trailing slash (ie. /usr/local/share/clamav/) and -# will also check for main.cvd as well as the *.inc directories since -# apparently it's possible to have an install with only the main.cvd, -# at least temporarily -# -# NEW 05/05/2007 -# Fixed a potential problem with the downloaded file size being zero -# Now test a small txt file using the downloaded sig file, if clam doesn't -# like it we don't move it or use it. Throw an error to the operator -# Fixed a possible issue with the log size being very large if the site is -# busy, now only return the last line from the transmission progress -# Changed the operation to find the clam database dir to checking for -# the standard /usr/local/share/clamav location first, and if not there -# ask clamscan. (save a few seconds) -# -# - -# Make sure the path to your ClamAV binaries is in here, it should -# cover all normal installations -export PATH="$PATH":/bin:/usr/bin:/usr/local/bin - -# The file names and URLs of the scam and phish signature files from SaneSecurity -SCAM_SIGS="scam.ndb" -SCAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb" -PHISH_SIGS="phish.ndb" -PHISH_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb" -JUNK_SIGS="junk.ndb" -JUNK_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb" -LOTT_SIGS="lott.ndb" -LOTT_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb" -ROGUE_SIGS="rogue.hdb" -ROGUE_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb" -SPAMIMG_SIGS="spamimg.hdb" -SPAMIMG_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spamimg.hdb" -SPAM_SIGS="spam.ldb" -SPAM_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spam.ldb" -SPEAR_SIGS="spear.ndb" -SPEAR_SIGS_URL="rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb" - -# The URLs of the spam and image-spam signature files from MSRBL -MSRBL_SPAM_SIGS="MSRBL-SPAM.ndb" -MSRBL_SPAM_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb" -MSRBL_IMAGE_SIGS="MSRBL-Images.hdb" -MSRBL_IMAGE_SIGS_URL="rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb" - -# SecuriteInfo -ddosen -SI_VX_SIGS="vx.hdb" -SI_VX_SIGS_URL="http://clamav.securiteinfo.com/vx.hdb.gz" -SI_HONEYNET_SIGS="honeynet.hdb" -SI_HONEYNET_SIGS_URL="http://clamav.securiteinfo.com/honeynet.hdb.gz" -SI_SECURITEINFO_SIGS="securiteinfo.hdb" -SI_SECURITEINFO_SIGS_URL="http://clamav.securiteinfo.com/securiteinfo.hdb.gz" -SI_ANTISPAM_SIGS="antispam.ndb" -SI_ANTISPAM_SIGS_URL="http://clamav.securiteinfo.com/antispam.ndb.gz" - -# Malware Black List -ddosen -MBL_SIGS="mbl.db" -MBL_SIGS_URL="http://www.malware.com.br/cgi/submit?action=list_clamav" - -# Log messages with this or greater severity to syslog -syslog_loglevel=error - -# Log messages with this or greater severity to standard error -stderr_loglevel=none - -# Use this syslog facility -syslog_facility=mail - -# The script will sleep for a random amount of time before starting the -# actual update. This evens out the load on the update servers when people -# have a tendency to set cron jobs on the hour, half hour or quarter hour. -# The extra padding keeps the servers from being hammered all at once. -# These are the minimum and maximum sleep times in seconds. -min_sleep_time=30 -max_sleep_time=600 - -# Should the script reload the clamd service -# (Should not be necessary if you have "SelfCheck" enabled in clamd.conf -# and "NotifyClamd" enabled in freshclam.conf.) -reload_clamd=0 - -# If the script is run as root, change the owner and group of -# the signature files to this user and group. (The username -# and group name should be separated by a colon.) -sigfile_owner_and_group=clamav:clamav - -# If the script is run as root, perform downloading, checking and -# installation of the signature files as this user. (The SELinux -# security context fixing and the clamd reload need superuser -# privileges, so these will be performed as root.) -# Note: This user must be able to read and write signature files -# in ClamAV db dir. -unprivileged_user=${sigfile_owner_and_group%:*} - -# Whether to preserve the temporary directory (for debugging purposes) -# on exit instead of deleting it (the default) -keep_temp_dir=0 - -#################################################################### -# No user tunable variables below -#################################################################### - -#################################################################### -# Logging functions -# - -# Return the numeric constant associated with the given -# severity name. -# -# Usage: numeric_loglevel=`numeric_log_severity $loglevel_name` -# -numeric_log_severity() -{ - local name="$1" - - # The severity names (same as in syslog) - local -a severity_names=( - debug,deb,dbg - info,inf - notice - warning,warn,wrn - err,error - crit,critical - alert - emerg,emergency,panic - none,off - ) - - local i=0 - local numeric_level - while [ -n "${severity_names[i]}" ]; do - for levelname in ${severity_names[i]//,/ }; do - if [ "$name" == "$levelname" ]; then - numeric_level=$i - break 2 - fi - done - let i++ - done - if [ -z "$numeric_level" ]; then - numeric_level=`numeric_log_severity debug` - fi - - echo $numeric_level -} - -# Log the given message with the given priority. -# Logging includes printing to stderr and sending the message to -# syslog, depending on the debug level and syslog loglevel settings. -# -# Usage: log level message [message_continuation [...]] -# -log() -{ - local level="$1" - local -a message_parts='("${@:2}")' - - local message=`echo -e "${message_parts[@]}"` - - if [ $(numeric_log_severity $level) -ge $(numeric_log_severity $stderr_loglevel) ]; then - echo "$program_invocation_short_name: [$level] $message" >&2 - fi - if [ $(numeric_log_severity $level) -ge $(numeric_log_severity $syslog_loglevel) ]; then - if [ -n "$logger" ]; then - "$logger" -p ${syslog_facility}.${level} -i -t "$program_invocation_short_name" -- "${message//$'\n'/\\n}" - fi - fi -} - -#################################################################### -# Utility functions -# - -# Run the command silently. If the command exits with a -# non-zero exit status, log an error message including the command run, -# the exit status and and the collected output, otherwise swallow the output. -# -# Usage: run_cmd "$cmd" ["$arg1" [...]] -# -run_cmd() -{ - local -a cmd_and_args='("${@}")' - - local output # must be a separate command, as 'local' always returns 0 exit status - output=`"${cmd_and_args[@]}" 2>&1` - local exit_status=$? - if [ $exit_status -ne 0 ]; then - log err "Error executing command <<<${cmd_and_args[*]}>>>, exit status: $exit_status, output: <<<$output>>>" - fi - - return $exit_status -} - -# Push one or more elements to the end of the array. -# -# Usage: push array_name "$elem1" [...] -# -push() -{ - local -a array="$1" elems='("${@:2}")' - - local len=`eval echo \\\${#$array[@]}` - for elem in "${elems[@]}"; do - eval "$array[$len]=$elem" - let len++ - done -} - -#################################################################### -# Signature file download/test/installation functions -# - -# Check if ClamAV accepts the signature file, -# and moves it to the database dir if so. -# Exit status: -# 0 - sigfile was updated successfully -# 1 - sigfile was up-to-date or an error occurred -# -# Usage: check_and_install_sigfile "$file_basename" -# -check_and_install_sigfile() -{ - local filename="$1" - - local sigfile="$clam_db_dir/$filename" - local new_sigfile="$tmp_dir/$filename" - - local sigfile_updated=0 - - if [ -s "$new_sigfile" ]; then - # First we do a quick test of the downloaded file. If ClamAV doesn't - # like it we won't use it and issue an error to the operator - # renaming the file so they can inspect it themselves. - run_cmd "$clamscan" --quiet -d "$new_sigfile" "$test_file" - local exit_status=$? - if [ $exit_status -eq 0 ]; then - if [ -s "$sigfile" ]; then - run_cmd cp -pf "$sigfile" "${sigfile}.bak" - fi - run_cmd mv -f "$new_sigfile" "$sigfile" - exit_status=$? - if [ $exit_status -eq 0 ]; then - sigfile_updated=1 - else - log err "Cannot move '$new_sigfile' to '$sigfile', 'mv' exit status: $exit_status" - fi - else - log err "ClamAV had a problem using '$new_sigfile' (exit status: $exit_status)." - log err "We will NOT install '$new_sigfile' into the database directory." - run_cmd mv -f "$new_sigfile" "${sigfile}.bad" - exit_status=$? - if [ $exit_status -eq 0 ]; then - log err "Preserving the corrupt file as '${sigfile}.bad' for you to check." - else - log err "Cannot move the corrupt file from '$new_sigfile' to '${sigfile}.bad', 'mv' exit status: $exit_status." - fi - fi - elif [ -e "$new_sigfile" ]; then - log warning "'$new_sigfile' was zero bytes and will not be used!" - fi - - local ret_val=1 - if [ $sigfile_updated -ne 0 ]; then - log info "'$sigfile' was updated" - ret_val=0 - else - log info "'$sigfile' was NOT updated" - ret_val=1 - fi - - return $ret_val -} - -# Update/download a gzip-compressed signature file using CURL, -# uncompress it, check if ClamAV accepts it, and install it in -# the database directory. -# Exit status: -# 0 - sigfile was updated successfully -# 1 - sigfile was up-to-date or an error occurred -# -# Usage: update_sigfile_with_curl "$url" "$file_basename" -# -update_sigfile_with_curl() -{ - local url="$1" filename="$2" - - if [ -z "$url" ]; then - log info "Skipping '$filename' because no URL is configured for it" - return 1 - fi - - local sigfile_gz="$clam_db_dir/${filename}.gz" - local new_sigfile_gz="$tmp_dir/${filename}.gz" - local sigfile="$clam_db_dir/$filename" - local new_sigfile="$tmp_dir/$filename" - - local sigfile_gz_updated=0 - - declare -a curl_additional_flags - - # If something happend to the sig file, or this is the first time - # this script has been run then we can't do the date test on the - # current file so we just grab what ever is current on the site - if [ -s "$sigfile_gz" ]; then - log debug "Checking for newer version of '$sigfile_gz'" - push curl_additional_flags "-z" "$sigfile_gz" - else - log debug "'$sigfile_gz' does not exist, so doing initial download" - fi - - if [ $stderr_loglevel != debug ]; then - push curl_additional_flags "-s" - fi - - run_cmd "$curl" -R "${curl_additional_flags[@]}" -o "$new_sigfile_gz" \ - -f -v --referer ";auto" --location "$url" - local exit_status=$? - if [ $exit_status -eq 0 -o $exit_status -eq 22 ]; then - # If we don't have the download or it's zero bytes - # something went wrong and we did not get an update. - if [ ! -s "$new_sigfile_gz" ]; then - if [ -e "$new_sigfile_gz" ]; then - rm -f "$new_sigfile_gz" - log warning "'$new_sigfile_gz' was zero bytes and will not be used!" - fi - if [ $exit_status -eq 22 ]; then - log warning "CURL returned an error code 22 which results from a HTTP error 4xx" - log warning "This might be caused by the file not being updated (HTTP 412) but" - log warning "it could be something else." - fi - fi - else - log err "CURL had a problem getting '$new_sigfile_gz' from '$url', exit status: $exit_status" - rm -f "$new_sigfile_gz" - fi - - if [ -s "$new_sigfile_gz" ]; then - "$gunzip" -cdf "$new_sigfile_gz" > "$new_sigfile" - exit_status=$? - if [ $exit_status -eq 0 ]; then - run_cmd mv -f "$new_sigfile_gz" "$sigfile_gz" - exit_status=$? - if [ $exit_status -eq 0 ]; then - sigfile_gz_updated=1 - else - log err "Cannot move '$new_sigfile_gz' to '$sigfile_gz', 'mv' exit status: $exit_status" - fi - else - rm -f "$new_sigfile_gz" - log err "Cannot uncompress '$new_sigfile_gz', 'gunzip' exit status: $exit_status" - fi - fi - - if [ $sigfile_gz_updated -ne 0 ]; then - log info "'$sigfile_gz' was updated" - else - log info "'$sigfile_gz' was NOT updated" - fi - - check_and_install_sigfile "$filename" -} - -# Update/download the signature file using Rsync, -# check if ClamAV accepts it, and and installs it in -# the database directory. -# Exit status: -# 0 - sigfile was updated successfully -# 1 - sigfile was up-to-date or an error occurred -# -# Usage: update_sigfile_with_curl "$url" "$file_basename" -# -update_sigfile_with_rsync() -{ - local url="$1" filename="$2" - - if [ -z "$url" ]; then - log info "Skipping '$filename' because no URL is configured for it" - return 1 - fi - - local sigfile="$clam_db_dir/$filename" - local new_sigfile="$tmp_dir/$filename" - - if [ -s "$sigfile" ]; then - log debug "Checking for newer version of '$sigfile'" - else - log debug "'$sigfile' does not exist, so doing initial download" - fi - - # Rsync will download the file only if it is different from the one in - # $clam_db_dir. The downloaded file will be stored in $tmp_dir. - run_cmd "$rsync" --stats -t --compare-dest="$clam_db_dir/" \ - "$url" "$new_sigfile" - local exit_status=$? - if [ $exit_status -ne 0 ]; then - log err "Rsync had a problem getting '$new_sigfile' from '$url', exit status: $exit_status" - rm -f "$new_sigfile" - fi - - check_and_install_sigfile "$filename" -} - -#################################################################### -# Startup functions -# - -# Check for the external programs/tools and -# set the corresponding variables to the found paths -# -# Usage: check_for_external_programs -# -check_for_external_programs() -{ - # Look for the paths to the programs we are going to need - logger=`type -P logger` - clamscan=`type -P clamscan` - curl=`type -P curl` - gunzip=`type -P gunzip` - rsync=`type -P rsync` - - # Check if the 'logger' binary is missing - if [ -z "$logger" -o ! -x "$logger" ]; then - unset logger - log err "Could not find the 'logger' program, no syslog will be attempted" - fi - - # If we did not find any of our external programs - # give an error message and exit - local prg - for prg in clamscan curl gunzip rsync; do - if [ -z ${!prg} ]; then - log err "Cannot find '$prg'" - log err "Exiting." - exit 1 - fi - done -} - -# Print usage message. -# -# Usage: print_usage -# -print_usage() -{ - echo -e "Downloads unofficial ClamAV signature files from sanesecurity.com, msrbl.com, securiteinfo.com and malware.com.br" - echo -e "Usage: $0 [options]" - echo -e "OPTIONS:" - echo -e " --syslog-loglevel=level\tSets the log level for syslog to 'level'." - echo -e " --stderr-loglevel=level\tSets the log level for stderr to 'level'." - echo -e " --debug\t\t\tShorthand for '--syslog-loglevel=none" - echo -e " \t\t\t\t--stderr-loglevel=debug'." - echo -e " --sleep\t\t\tEnable the (random length) sleep before" - echo -e " \t\t\t\tstarting the download. (this is the default)" - echo -e " --no-sleep\t\t\tDisable the (random length) sleep before" - echo -e " \t\t\t\tstarting the download. (default if stdin is" - echo -e " \t\t\t\ta tty)" - echo -e "" - echo -e "Log level can be one of these:" - echo -e " debug, info, notice, warning, err, crit, alert, emerg" -} - -# Parse options/arguments -# -# Usage: parse_arguments -# -parse_arguments() -{ - local arg - - # Parse options/arguments - while [ $# -ge 1 ]; do - case "$1" in - --debug|-d|debug|Debug|DEBUG) - syslog_loglevel=none - stderr_loglevel=debug - log debug "Debug mode is ON" - ;; - --syslog-loglevel) - syslog_loglevel=$2 - shift - ;; - --syslog-loglevel=*) - syslog_loglevel=${1#--*=} - ;; - --stderr-loglevel) - stderr_loglevel=$2 - shift - ;; - --stderr-loglevel=*) - stderr_loglevel=${1#--*=} - ;; - --sleep) - no_sleep=0 - ;; - --no-sleep) - no_sleep=1 - ;; - --unprivileged-child) - unprivileged_child=1 - ;; - --help|-h|-\?) - print_usage - exit 0 - ;; - *) - log err "Got command line argument of '$1' and I don't understand it!" - log err "Exiting." - exit 1 - ;; - esac - shift - done -} - -# Create a temporary directory and arrange to remove it on exit, -# plus create an empty file to use for testing ClamScan -# -# Usage: create_temp_dir -# -create_temp_dir() -{ - tmp_dir=`mktemp -d -t ${program_invocation_short_name}.XXXXXXXX` || ( - log err "Cannot create temporary directory" - log err "Exiting." - exit 1 - ) - local exit_status=$? - if [ $exit_status -ne 0 ]; then - log err "Error running mktemp(1), exit status: $exit_status" - log err "Exiting." - exit 1 - fi - log debug "Created temporary directory: '$tmp_dir'" - if [ $keep_temp_dir -eq 0 ]; then - trap 'rm -rf "$tmp_dir"' EXIT - fi - - # We create a file for ClamScan to test in debug mode. - test_file="$tmp_dir/test.file" - touch "$test_file" -} - -# Log a couple of debug messages with a summary on some parameters -# -# Usage: log_startup_summary -# -log_startup_summary() -{ - log debug "PHISH_SIGS : $PHISH_SIGS_URL" - log debug "SCAM_SIGS : $SCAM_SIGS_URL" - log debug "JUNK_SIGS : $JUNK_SIGS_URL" - log debug "LOTT_SIGS : $LOTT_SIGS_URL" - log debug "ROGUE_SIGS : $ROGUE_SIGS_URL" - log debug "SPAMIMG_SIGS : $SPAMIMG_SIGS_URL" - log debug "SPAM_SIGS : $SPAM_SIGS_URL" - log debug "SPEAR_SIGS : $SPEAR_SIGS_URL" - log debug "MSRBL_SPAM_SIGS : $MSRBL_SPAM_SIGS_URL" - log debug "MSRBL_IMAGE_SIGS : $MSRBL_IMAGE_SIGS_URL" - log debug "SI_VX_SIGS : $SI_VX_SIGS_URL" - log debug "SI_HONEYNET_SIGS : $SI_HONEYNET_SIGS_URL" - log debug "SI_SECURITEINFO_SIGS : $SI_SECURITEINFO_SIGS_URL" - log debug "SI_ANTISPAM_SIGS : $SI_ANTISPAM_SIGS_URL" - log debug "MBL_SIGS : $MBL_SIGS_URL" - log debug "ClamScan : $clamscan" - log debug "CURL : $curl" - log debug "GunZip : $gunzip" - log debug "RSync : $rsync" - log debug "ClamAV db dir : $clam_db_dir" - log debug "temp dir : $tmp_dir" -} - -# Sleep for a random time (determined by $min_sleep_time and $max_sleep_time global variables) -# -# Usage: random_sleep -# -random_sleep() -{ - local sleep_time - - sleep_time=$(($RANDOM * $(($max_sleep_time-$min_sleep_time)) / 32767 + $min_sleep_time)) - log debug "Sleeping for $sleep_time seconds..." - sleep $sleep_time -} - -# Find the ClamAV db dir and set the $clam_db_dir global variable -# -# Usage: find_clam_db_dir -# -find_clam_db_dir() -{ - # Scan an empty test file with debug enabled to determine where ClamAV expects - # to find it's signature database - log debug "Checking for ClamAV database directory..." - clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ - sed -ne 's/\/$//; s/^.*loading databases from \(.*\)$/\1/ip' | head -1` - log debug "Found ClamAV database directory: $clam_db_dir" - - # Check for either the daily.inc, the main.inc dirs or the main.cvd one of which - # must exist for a functional clamav installation - if [ \ - ! -d "$clam_db_dir/daily.inc" -a \ - ! -d "$clam_db_dir/main.inc" -a \ - ! -f "$clam_db_dir/main.cvd" -a \ - ! -f "$clam_db_dir/main.cld" \ - ]; then - log err "None of '$clam_db_dir/daily.inc', '$clam_db_dir/main.inc'," - log err "'$clam_db_dir/main.cvd', '$clam_db_dir/main.cld' found" - log err "in your database directory. Either '$clam_db_dir' is NOT" - log err "the correct database path or there is something wrong with your" - log err "ClamAV installation. This path came from your '$clamscan' so I would guess" - log err "you need to check your clamd.conf file and/or '$clam_db_dir'" - log err "Exiting." - exit 1 - fi -} - -# -# Change owner, group and security context of the signature files. -# -# Usage: chown_chcon sigfiles ... -# -chown_chcon() -{ - local -a sigfiles='("$@")' - - for i in "${sigfiles[@]}"; do - [ -f "$i" ] || continue - - run_cmd chown $sigfile_owner_and_group "$i" - exit_status=$? - if [ $exit_status -ne 0 ]; then - log err "chown had a problem changing ownership of signature file '$i', exit status: $exit_status" - log err "Exiting." - exit 1 - fi - done - - # SELinux fix: change security context - if [ -n "$(type -P sestatus 2>/dev/null)" ] && [ "$(sestatus | head -n 1 | awk '{ print $3 }')" == "enabled" ]; then - for i in "${sigfiles[@]}"; do - [ -f "$i" ] || continue - - run_cmd chcon user_u:object_r:var_t "$i" - exit_status=$? - if [ $exit_status -ne 0 ]; then - log err "chcon had a problem changing security context of signature file '$i', exit status: $exit_status" - log err "Exiting." - exit 1 - fi - done - fi -} - -# Reload the ClamAV daemon -# -# Usage: reload_clamav_daemon -# -reload_clamav_daemon() -{ - local -a clamd_reload_cmd - if [ -n "`type -P service`" ]; then - clamd_reload_cmd=(service clamd reload) - else - for init_script in /etc/{init,rc}.d/{clamd,clamav-daemon}; do - if [ -x "$init_script" ]; then - clamd_reload_cmd=("$init_script" reload-database) - break - fi - done - fi - if [ -n "${clamd_reload_cmd[*]}" ]; then - log info "Reloading ClamAV daemon" - run_cmd "${clamd_reload_cmd[@]}" - else - log err "Cannot reload ClamAV daemon because no initscript found" - return 1 - fi -} - -#################################################################### - - -declare logger clamscan curl gunzip rsync -declare tmp_dir test_file -declare clam_db_dir -declare unprivileged_child=0 -declare no_sleep=0 - -# Skip sleeping if run interactively -if tty -s; then - log debug "Disabling random sleep feature because stdin is a terminal." - no_sleep=1 -fi - -# The short name of this script -readonly program_invocation_short_name=`basename "$0"` - -# The absolute name of this script -readonly program_invocation_absolute_name=$(readlink -f "$0" || type -P "$0") - -# Startup -parse_arguments "$@" -if [ "$unprivileged_child" -eq 0 ]; then - log debug "Starting." -fi -check_for_external_programs -create_temp_dir -find_clam_db_dir -if [ "$unprivileged_child" -eq 0 ]; then - log_startup_summary - if [ "$no_sleep" -eq 0 ]; then - random_sleep - fi -fi - -# Change current directory to ClamAV database directory -# but just for the sake of safety we will use -# absolute paths for copy/move operations -cd "$clam_db_dir" - -declare sigfile_updated=0 -if [ "$unprivileged_child" -ne 0 -o $(id -u) -ne 0 ]; then - # Update/download the signature files - update_sigfile_with_rsync "$SCAM_SIGS_URL" "$SCAM_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$PHISH_SIGS_URL" "$PHISH_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$JUNK_SIGS_URL" "$JUNK_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$LOTT_SIGS_URL" "$LOTT_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$ROGUE_SIGS_URL" "$ROGUE_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$SPAMIMG_SIGS_URL" "$SPAMIMG_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$SPAM_SIGS_URL" "$SPAM_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$SPEAR_SIGS_URL" "$SPEAR_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$MSRBL_SPAM_SIGS_URL" "$MSRBL_SPAM_SIGS" && sigfile_updated=1 - update_sigfile_with_rsync "$MSRBL_IMAGE_SIGS_URL" "$MSRBL_IMAGE_SIGS" && sigfile_updated=1 - # - update_sigfile_with_curl "$SI_VX_SIGS_URL" "$SI_VX_SIGS" && sigfile_updated=1 - update_sigfile_with_curl "$SI_HONEYNET_SIGS_URL" "$SI_HONEYNET_SIGS" && sigfile_updated=1 - update_sigfile_with_curl "$SI_SECURITEINFO_SIGS_URL" "$SI_SECURITEINFO_SIGS" && sigfile_updated=1 - update_sigfile_with_curl "$SI_ANTISPAM_SIGS_URL" "$SI_ANTISPAM_SIGS" && sigfile_updated=1 - update_sigfile_with_curl "$MBL_SIGS_URL" "$MBL_SIGS" && sigfile_updated=1 -else - # Re-execute the script as the unprivileged user to do the download/check/install part. - # (It exits with 0 exit status only if at least on the signature file were updated.) - su -s $SHELL $unprivileged_user -c "'$program_invocation_absolute_name' --unprivileged-child --syslog-loglevel=$syslog_loglevel --stderr-loglevel=$stderr_loglevel" && sigfile_updated=1 - - # Change owner, group and security context. - chown_chcon "$SCAM_SIGS" "$PHISH_SIGS" "$JUNK_SIGS" "$LOTT_SIGS" "$ROGUE_SIGS" "$SPAMIMG_SIGS" "$SPAM_SIGS" "$SPEAR_SIGS" "$MSRBL_SPAM_SIGS" "$MSRBL_IMAGE_SIGS" "$SI_VX_SIGS" "$SI_HONEYNET_SIGS" "$SI_SECURITEINFO_SIGS" "$SI_ANTISPAM_SIGS" "$MBL_SIGS" -fi - -# Reload database -if [ $reload_clamd -ne 0 -a $sigfile_updated -ne 0 -a "$unprivileged_child" -eq 0 ]; then - reload_clamav_daemon -fi - -if [ "$unprivileged_child" -eq 0 ]; then - log debug "Exiting." -fi -# izbacio ico, 2008-10-09 -#if [ $sigfile_updated -ne 0 ]; then -# final_exit_status=0 -#else -# final_exit_status=100 -#fi -exit $final_exit_status diff --git a/debian/changelog b/debian/changelog index 5f37bf1..43f8f67 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +clamav-cn (3:0.97+dfsg-2~squeeze1) stable; urgency=medium + + * Prvo izdanje za squeeze + * Ovisnost o clamav-unofficialy-sigs + + -- Ivan Rako Tue, 05 Apr 2011 16:04:25 +0200 + clamav-cn (3:0.95.3-1lenny1) stable; urgency=medium * nova verzija sa volatile.debian.org diff --git a/debian/conffiles b/debian/conffiles deleted file mode 100644 index f551f79..0000000 --- a/debian/conffiles +++ /dev/null @@ -1 +0,0 @@ -/etc/cron.hourly/clamav-sanesecurity diff --git a/debian/control b/debian/control index 082472b..f02b5aa 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,7 @@ Standards-Version: 3.6.1 Package: clamav-cn Architecture: all -Depends: carnet-tools-cn (>= 2.3), rsync, curl +Depends: carnet-tools-cn (>= 2.3), rsync, curl, clamav-unofficial-sigs Pre-Depends: clamav-daemon (>= 0.95.3+dfsg-1~volatile1), clamav-freshclam (>= 0.95.3+dfsg-1~volatile1), clamav (>= 0.95.3+dfsg-1~volatile1) Conflicts: amavisd-cn (<< 2:20030616p5-0), libclamav1, libclamav2, libclamav3, libclamav4, libclamav5 Description: antivirus scanner for Unix diff --git a/debian/dirs b/debian/dirs deleted file mode 100644 index 6066472..0000000 --- a/debian/dirs +++ /dev/null @@ -1 +0,0 @@ -etc/cron.hourly diff --git a/debian/install b/debian/install deleted file mode 100644 index f00a5d0..0000000 --- a/debian/install +++ /dev/null @@ -1 +0,0 @@ -clamav-sanesecurity etc/cron.hourly -- 1.7.10.4