From 3e3d14786094ce1193b2a6062a9d13226c68d4d4 Mon Sep 17 00:00:00 2001 From: Ivan Rako Date: Tue, 3 Jul 2018 00:41:59 +0200 Subject: [PATCH] prva verzija za stretch, novi upstream release --- clamav-unofficial-sigs | 2936 ++++++++++++++++++++++++---------------------- clamav-unofficial-sigs.8 | 44 +- debian/changelog | 6 + debian/control | 4 +- debian/cron.d | 30 +- debian/logrotate | 24 +- debian/postinst | 2 +- master.conf | 180 +-- os.conf | 19 +- user.conf | 23 +- 10 files changed, 1713 insertions(+), 1555 deletions(-) diff --git a/clamav-unofficial-sigs b/clamav-unofficial-sigs index f6b8e8b..326b80d 100755 --- a/clamav-unofficial-sigs +++ b/clamav-unofficial-sigs @@ -1,79 +1,79 @@ -#!/bin/bash +#!/bin/bash -x +# shellcheck disable=SC2154 +# shellcheck disable=SC2128 ################################################################################ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +# License: BSD (Berkeley Software Distribution) ################################################################################ -# -# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # -# Originially based on: -# Script provide by Bill Landry (unofficialsigs@gmail.com). +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs # -# License: BSD (Berkeley Software Distribution) +# Originially based on Script provided by Bill Landry (unofficialsigs@gmail.com). # ################################################################################ # # THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT -# ALL CONFIGURATION OPTIONS ARE LOCATED IN THE INCLUDED CONFIGURATION FILE +# ALL CONFIGURATION OPTIONS ARE LOCATED IN THE INCLUDED CONFIGURATION FILE # ################################################################################ -################################################################################ - - ###### ####### # # ####### ####### ####### ###### ### ####### - # # # # ## # # # # # # # # # - # # # # # # # # # # # # # # # - # # # # # # # # # # ##### # # # # - # # # # # # # # # # # # # # # - # # # # # ## # # # # # # # # - ###### ####### # # ####### # ####### ###### ### # +###### ####### # # ####### ####### ####### ###### ### ####### +# # # # ## # # # # # # # # # +# # # # # # # # # # # # # # # +# # # # # # # # # # ##### # # # # +# # # # # # # # # # # # # # # +# # # # # ## # # # # # # # # +###### ####### # # ####### # ####### ###### ### # ################################################################################ + # Detect to make sure the entire script is avilable, fail if the script is missing contents -if [ ! "$( tail -1 "$0" | head -1 | cut -c1-7 )" == "exit \$?" ] ; then +if [ "$(tail -n 1 "$0" | head -n 1 | cut -c 1-7)" != "exit \$?" ] ; then echo "FATAL ERROR: Script is incomplete, please redownload" exit 1 fi -# trap the keyboard interrupt (ctrl+c) +# Trap the keyboard interrupt (Ctrl + C) trap xshok_control_c SIGINT ################################################################################ # HELPER FUNCTIONS ################################################################################ -# Function to support user config settings for applying file and directory access permissions. +# Support user config settings for applying file and directory access permissions. function perms () { if [ -n "$clam_user" ] && [ -n "$clam_group" ] ; then "${@:-}" fi } -# Function to prompt a user if they should complete an action with Y or N -# usage: xshok_prompt_confirm +# Prompt a user if they should complete an action with Y or N +# Usage: xshok_prompt_confirm # if xshok_prompt_confirm; then # xshok_prompt_confirm && echo "accepted" # xshok_prompt_confirm && echo "yes" || echo "no" -function xshok_prompt_confirm () { #optional_message +# shellcheck disable=SC2120 +function xshok_prompt_confirm () { # optional_message message="${1:-Are you sure?}" while true; do - read -r -p "$message [y/N]" response "$pidfile" - if [ $? -ne 0 ] ; then + if [ $? -ne 0 ] ; then xshok_pretty_echo_and_log "ERROR: Could not create PID file: $pidfile" exit 1 fi @@ -83,69 +83,69 @@ function xshok_create_pid_file { #pid.file fi } -# Function to intercept ctrl+c and calls the cleanup function +# Intercept ctrl+c and calls the cleanup function function xshok_control_c () { - echo -en "\n" + echo xshok_pretty_echo_and_log "--------------| Exiting ... Please wait |--------------" "-" xshok_cleanup exit $? } -# cleanup function +# Cleanup function function xshok_cleanup () { - #wait for all processes to end + # Wait for all processes to end wait xshok_pretty_echo_and_log " Powered By https://eXtremeSHOK.com " "#" return $? -} +} -# Function to check if the current running user is the root user, otherwise return false +# Check if the current running user is the root user, otherwise return false function xshok_is_root () { - if [ "$(uname -s)" = "SunOS" ] ; then + if [ "$(uname -s)" == "SunOS" ] ; then id_bin="/usr/xpg4/bin/id" else - id_bin="$(which id)" + id_bin="$(which id 2> /dev/null)" fi - if [ "$($id_bin -u)" = 0 ] ; then - return 0 ; + if [ "$($id_bin -u)" == 0 ] ; then + return 0 else - return 1 ; #not root + return 1 # Not root fi } -# Function to check if its a file, otherwise return false -function xshok_is_file () { #"filepath" +# Check if its a file, otherwise return false +function xshok_is_file () { # filepath filepath="$1" if [ -f "${filepath}" ] ; then return 0 ; else - return 1 ; #not a file - fi + return 1 ; # Not a file + fi } -# Function to check if filepath is a subdir, otherwise return false +# Check if filepath is a subdir, otherwise return false # Usage: xshok_is_subdir "filepath" # xshok_is_subdir "/root/" - false # xshok_is_subdir "/usr/local/etc" && echo "yes" - yes -function xshok_is_subdir () { #filepath - filepath=$(echo "$1" | sed 's:/*$::') +function xshok_is_subdir () { # filepath + shopt -s extglob; filepath="${filepath%%+(/)}" if [ -d "$filepath" ] ; then res="${filepath//[^\/]}" if [ "${#res}" -gt 1 ] ; then return 0 ; else - return 1 ; #not a subdir + return 1 ; # Not a subdir fi else - return 1 ; #not a dir + return 1 ; # Not a dir fi } -# Function to create a dir and set the ownership -function xshok_mkdir_ownership () { #"path" +# Create a dir and set the ownership +function xshok_mkdir_ownership () { # path if [ "$1" ] ; then mkdir -p "$1" 2>/dev/null - if [ $? -ne 0 ] ; then + if [ $? -ne 0 ] ; then xshok_pretty_echo_and_log "ERROR: Could not create directory: $1" exit 1 fi @@ -156,31 +156,43 @@ function xshok_mkdir_ownership () { #"path" fi } -# Function to check if a user and group exists on the system otherwise return false -# Usage: +# Check if a user and group exists on the system otherwise return false +# Usage: # xshok_is_subdir "username" && echo "user found" || echo "no" # xshok_is_subdir "username" "groupname" && echo "user and group found" || echo "no" -function xshok_user_group_exists () { #"username" "groupname" - if [ "$(uname -s)" = "SunOS" ] ; then +function xshok_user_group_exists () { # username groupname + if [ "$(uname -s)" == "SunOS" ] ; then id_bin="/usr/xpg4/bin/id" else - id_bin="$(which id)" + id_bin="$(which id 2> /dev/null)" + fi + + if [ "$2" ] ; then + if [ "$(uname -s)" == "Darwin" ] ; then + #use ruby, as this is the best way. Ruby is always avilable as brew uses ruby + ruby -e 'require "etc"; puts Etc::getgrnam("_clamav").gid' > /dev/null 2>&1 + ret="$?" + else + getent_bin="$(which getent 2> /dev/null)" + $getent_bin group "$2" >/dev/null 2>&1 + ret="$?" + fi fi + if [ "$1" ] ; then $id_bin -u "$1" > /dev/null 2>&1 if [ $? -eq 0 ]; then if [ "$2" ] ; then - $id_bin -g "$2" > /dev/null 2>&1 - if [ $? -eq 0 ]; then - return 0 ; #user and group exists + if [ "$ret" -eq 0 ]; then + return 0 ; # User and group exists else - return 1 ; #group does NOT exist + return 1 ; # Group does NOT exist fi - else - return 0 ; #user exists - fi + else + return 0 ; # User exists + fi else - return 1 ; #user does NOT exist + return 1 ; # User does NOT exist fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" "=" @@ -188,11 +200,11 @@ function xshok_user_group_exists () { #"username" "groupname" fi } -# Function to handle comments with/out borders and logging. +# Handle comments with/out borders and logging. # Usage: -# pretty_echo_and_log "one" +# pretty_echo_and_log "one" # one -# pretty_echo_and_log "two" "-" +# pretty_echo_and_log "two" "-" # --- # two # --- @@ -202,11 +214,11 @@ function xshok_user_group_exists () { #"username" "groupname" # ======== # pretty_echo_and_log "" "/\" "7" # /\/\/\/\/\/\ -#type: e = error, w= warning "" -function xshok_pretty_echo_and_log () { #"string" "repeating" "count" "type" - # handle comments - if [ "$comment_silence" = "no" ] ; then - if [ "${#@}" = "1" ] ; then +# type: e = error, w= warning "" +function xshok_pretty_echo_and_log () { # "string" "repeating" "count" "type" + # Handle comments + if [ "$comment_silence" == "no" ] ; then + if [ "${#@}" -eq 1 ] ; then echo "$1" else myvar="" @@ -215,36 +227,36 @@ function xshok_pretty_echo_and_log () { #"string" "repeating" "count" "type" else mycount="${#1}" fi - for (( n = 0; n < mycount; n++ )) ; do + for (( n = 0; n < mycount; n++ )) ; do myvar="$myvar$2" done - if [ "$1" != "" ] ; then + if [ -n "$1" ] ; then echo -e "$myvar\n$1\n$myvar" - else + else echo -e "$myvar" fi fi fi - # handle logging + # Handle logging if [ "$enable_log" == "yes" ] ; then if [ ! -e "$log_file_path/$log_file_name" ] ; then - #xshok_mkdir_ownership "$log_file_path" - mkdir -p "$log_file_path" - touch "$log_file_path/$log_file_name" 2>/dev/null - perms chown -f "$clam_user:$clam_group" "$log_file_path/$log_file_name" + # xshok_mkdir_ownership "$log_file_path" + mkdir -p "$log_file_path" + touch "$log_file_path/$log_file_name" 2>/dev/null + perms chown -f "$clam_user:$clam_group" "$log_file_path/$log_file_name" fi if [ ! -w "$log_file_path/$log_file_name" ] ; then echo "Warning: Logging Disabled, as file not writable: $log_file_path/$log_file_name" enable_log="no" else echo "$(date "+%b %d %T")" "$1" >> "$log_file_path/$log_file_name" - fi + fi fi } -# function to check if the $2 value is not null and does not start with - -function xshok_check_s2 () { #value1 #value2 +# Check if the $2 value is not null and does not start with - +function xshok_check_s2 () { # value1 value2 if [ "$1" ] ; then if [[ "$1" =~ ^-.* ]] ; then xshok_pretty_echo_and_log "ERROR: Missing value for option or value begins with -" "=" @@ -256,41 +268,55 @@ function xshok_check_s2 () { #value1 #value2 fi } -# function to count array elements and output the total element count -# required due to compound array assignment -# Usage: -# array=("one" "two" "three") -# xshok_array_count $array -# 3 -function xshok_array_count () { #array - k_array=( "$@" ) - if [ -n "${k_array[*]}" ] ; then - i="0" - for k in "${k_array[@]}" ; do - let i=$i+1; - done - echo "$i" +# Time remaining information function +function xshok_draw_time_remaining () { #time_remaining #update_hours #name + if [ "$1" ] && [ "$2" ]; then + time_remaining="$1" + hours_left="$((time_remaining / 3600))" + minutes_left="$((time_remaining % 3600 / 60))" + xshok_pretty_echo_and_log "$2 hours have not yet elapsed since the last $3 update check" + xshok_pretty_echo_and_log "No update check was performed at this time" "-" + xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" + fi +} + +# Download function +function xshok_file_download () { #outputfile #url + if [ "$1" ] && [ "$2" ]; then + if [ -n "$wget_bin" ] ; then + # shellcheck disable=SC2086 + $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$1" "$2" + result=$? else - echo "0" + # shellcheck disable=SC2086 + $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$1" "$2" + result=$? fi + return $result + fi } -# function to auto update -function xshok_auto_update() { #version + +# Auto update +function xshok_auto_update () { # version xshok_pretty_echo_and_log "Performing automatic update..." # Download new version echo -n "Downloading latest version..." - if ! wget --quiet --output-document="$0.tmp" $UPDATE_BASE/$SELF ; then - echo "Failed: Error while trying to wget new version!" + + xshok_file_download "$0.tmp" "$UPDATE_BASE/$SELF" + result=$? + + if [ "$result" -ne 0 ]; then + echo "Failed: Error while trying to get new version!" echo "File requested: $UPDATE_BASE/$SELF" exit 1 fi echo "Done." # Copy over modes from old version - OCTAL_MODE=$(stat -c '%a' $SELF) - if ! chmod $OCTAL_MODE "$0.tmp" ; then - echo "Failed: Error while trying to set mode on $0.tmp." + OCTAL_MODE="$(stat -c "%a" "$SELF")" + if ! chmod "$OCTAL_MODE" "${0}.tmp" ; then + echo "Failed: Error while trying to set mode on ${0}.tmp." exit 1 fi @@ -308,65 +334,63 @@ EOF echo -n "Inserting update process..." - - #replaced with $0, so code will update and then call itself with the same parameters it had + + # Replaced with $0, so code will update and then call itself with the same parameters it had #exec /bin/bash xshok_update_script.sh exec "$0" "$@" } -#function to handle list of database files +# Handle list of database files function clamav_files () { echo "$clam_dbs/$db" >> "$current_tmp" - if [ "$keep_db_backup" = "yes" ] ; then + if [ "$keep_db_backup" == "yes" ] ; then echo "$clam_dbs/$db-bak" >> "$current_tmp" fi } -# Function to manage the databases and allow multi-dimensions as well as global overrides -# since the datbases are basically a multi-dimentional associative arrays in bash +# Manage the databases and allow multi-dimensions as well as global overrides +# Since the datbases are basically a multi-dimentional associative arrays in bash # ratings: LOW| MEDIUM| HIGH| REQUIRED| LOWONLY| MEDIUMONLY| LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY| DISABLED -function xshok_database () { #database #rating - - # assign - current_dbs="$1" - current_rating="$2" - # zero - new_dbs="" - - if [ -n "$current_dbs" ] ; then - if [ "$(xshok_array_count "$current_dbs")" -ge "1" ] ; then - for db_name in $current_dbs ; do - #checks - if [ "$enable_yararules" == "no" ] ; then #yararules are disabled - if [[ "$db_name" = *".yar"* ]] ; then # if it's the value you want to delete - continue # skip to the next value - fi +function xshok_database () { # rating database_array + # Assign + current_rating="$1" + declare -a current_dbs=( "${@:2}" ) + # Zero + declare -a new_dbs=( ) + if [ -n "${current_dbs[0]}" ] ; then + if [ ${#current_dbs} -ge 1 ] ; then + for db_name in "${current_dbs[@]}" ; do + # Checks + if [ "$enable_yararules" == "no" ] ; then # YARA rules are disabled + if [[ "$db_name" == *".yar"* ]] ; then # If it's the value you want to delete + continue # Skip to the next value + fi fi - if [ "$current_rating" == "" ] ; then #yararules are disabled - new_dbs="$new_dbs $db_name" + if [ -z "$current_rating" ] ; then # YARA rules are disabled + new_dbs+=( "$db_name" ) else - if [[ ! "$db_name" = *"|"* ]] ; then # this old format - new_dbs="$new_dbs $db_name" + if [[ ! "$db_name" = *"|"* ]] ; then # This old format + new_dbs+=( "$db_name" ) else - db_name_rating=$(echo "$db_name" | cut -d "|" -f2) - db_name=$(echo "$db_name" | cut -d "|" -f1) + db_name_rating="${db_name#*|}" + db_name="${db_name%|*}" if [ "$db_name_rating" != "DISABLED" ] ; then if [ "$db_name_rating" == "$current_rating" ] ; then - new_dbs="$new_dbs $db_name" + new_dbs+=( "$db_name" ) elif [ "$db_name_rating" == "REQUIRED" ] ; then - new_dbs="$new_dbs $db_name" + new_dbs+=( "$db_name" ) elif [ "$current_rating" == "LOW" ] ; then - if [ "$db_name_rating" == "LOWONLY" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUM" ] ; then - new_dbs="$new_dbs $db_name" + if [ "$db_name_rating" == "LOWONLY" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUM" ] ; then + new_dbs+=( "$db_name" ) fi elif [ "$current_rating" == "MEDIUM" ] ; then if [ "$db_name_rating" == "MEDIUMONLY" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "LOW" ] || [ "$db_name_rating" == "LOWMEDIUM" ] ; then - new_dbs="$new_dbs $db_name" + new_dbs+=( "$db_name" ) fi elif [ "$current_rating" == "HIGH" ] ; then if [ "$db_name_rating" == "HIGH" ] || [ "$db_name_rating" == "MEDIUM" ] || [ "$db_name_rating" == "LOW" ] ; then - new_dbs="$new_dbs $db_name" + new_dbs+=( "$db_name" ) fi fi fi @@ -375,8 +399,7 @@ function xshok_database () { #database #rating done fi fi - echo "$new_dbs" | xargs #remove extra whitespace - + echo "${new_dbs[@]}" | xargs # Remove extra whitespace } ################################################################################ @@ -384,7 +407,7 @@ function xshok_database () { #database #rating ################################################################################ -#generates a man config and installs it +# Generates a man config and installs it function install_man () { if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then @@ -392,11 +415,10 @@ function install_man () { exit 1 fi - echo "" echo "Generating man file for install...." - - #Use defined varibles or attempt to use default varibles + + # Use defined varibles or attempt to use default varibles if [ ! -e "$man_dir/$man_filename" ] ; then mkdir -p "$man_dir" @@ -406,13 +428,13 @@ function install_man () { echo "ERROR: man install aborted, as file not writable: $man_dir/$man_filename" else -BOLD="\fB" -#REV="" -NORM="\fR" -manresult=$(help_and_usage "man") + BOLD="\fB" + #REV="" + NORM="\fR" + manresult="$(help_and_usage "man")" -#Our template.. - cat << EOF > "$man_dir/$man_filename" + # Our template.. + cat << EOF > "$man_dir/$man_filename" .\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater .TH clamav-unofficial-sigs 8 "$script_version_date" "Version: $script_version" "SCRIPT COMMANDS" @@ -447,12 +469,12 @@ Originially based on Script provide by Bill Landry EOF - fi + fi echo "Completed: man installed, as file: $man_dir/$man_filename" } -#generates a logrotate config and installs it +# Generate a logrotate config and install it function install_logrotate () { if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then @@ -462,16 +484,16 @@ function install_logrotate () { echo "" echo "Generating logrotate file for install...." - - #Use defined varibles or attempt to use default varibles - if [ ! -n "$logrotate_user" ] ; then + # Use defined varibles or attempt to use default varibles + + if [ -z "$logrotate_user" ] ; then logrotate_user="$clam_user"; fi - if [ ! -n "$logrotate_group" ] ; then + if [ -z "$logrotate_group" ] ; then logrotate_group="$clam_group"; fi - if [ ! -n "$logrotate_log_file_full_path" ] ; then + if [ -z "$logrotate_log_file_full_path" ] ; then logrotate_log_file_full_path="$log_file_path/$log_file_name" fi @@ -483,8 +505,8 @@ function install_logrotate () { if [ ! -w "$logrotate_dir/$logrotate_filename" ] ; then echo "ERROR: logrotate install aborted, as file not writable: $logrotate_dir/$logrotate_filename" else -#Our template.. - cat << EOF > "$logrotate_dir/$logrotate_filename" + # Our template.. + cat << EOF > "$logrotate_dir/$logrotate_filename" # https://eXtremeSHOK.com ###################################################### # This file contains the logrotate settings for clamav-unofficial-sigs.sh ################### @@ -494,8 +516,8 @@ function install_logrotate () { ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs -# -# Originially based on: +# +# Originially based on: # Script provide by Bill Landry (unofficialsigs@gmail.com). # # License: BSD (Berkeley Software Distribution) @@ -515,16 +537,16 @@ $logrotate_log_file_full_path { missingok notifempty compress - create 0644 $logrotate_user $logrotate_group + create 0640 $logrotate_user $logrotate_group } EOF - fi + fi echo "Completed: logrotate installed, as file: $logrotate_dir/$logrotate_filename" } -#generates a cron config and installs it +# Generate a cron config and install it function install_cron () { if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then @@ -534,20 +556,20 @@ function install_cron () { echo "" echo "Generating cron file for install...." - - #Use defined varibles or attempt to use default varibles - if [ ! -n "$cron_minute" ] ; then - cron_minute=$(( ( RANDOM % 59 ) + 1 )); + + # Use defined varibles or attempt to use default varibles + if [ -z "$cron_minute" ] ; then + cron_minute="$(( ( RANDOM % 59 ) + 1 ))" fi - if [ ! -n "$cron_user" ] ; then + if [ -z "$cron_user" ] ; then cron_user="$clam_user"; fi - if [ ! -n "$cron_bash" ] ; then - cron_bash=$(which bash) - fi - if [ ! -n "$cron_script_full_path" ] ; then + if [ -z "$cron_bash" ] ; then + cron_bash="$(which bash 2> /dev/null)" + fi + if [ -z "$cron_script_full_path" ] ; then cron_script_full_path="$this_script_full_path" - fi + fi if [ ! -e "$cron_dir/$cron_filename" ] ; then mkdir -p "$cron_dir" @@ -556,8 +578,8 @@ function install_cron () { if [ ! -w "$cron_dir/$cron_filename" ] ; then echo "ERROR: cron install aborted, as file not writable: $cron_dir/$cron_filename" else -#Our template.. - cat << EOF > "$cron_dir/$cron_filename" + # Our template.. + cat << EOF > "$cron_dir/$cron_filename" # https://eXtremeSHOK.com ###################################################### # This file contains the cron settings for clamav-unofficial-sigs.sh ################### @@ -567,8 +589,8 @@ function install_cron () { ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs -# -# Originially based on: +# +# Originially based on: # Script provide by Bill Landry (unofficialsigs@gmail.com). # # License: BSD (Berkeley Software Distribution) @@ -581,7 +603,7 @@ function install_cron () { # currently supports updating third-party signature databases provided # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. # -# The script is set to run hourly, at a random minute past the hour, and the +# The script is set to run hourly, at a random minute past the hour, and the # script itself is set to randomize the actual execution time between # 60 - 600 seconds. To Adjust the cron values, edit your configs and run # bash clamav-unofficial-sigs.sh --install-cron to generate a new file. @@ -592,27 +614,27 @@ $cron_minute * * * * $cron_user [ -x $cron_script_full_path ] && $cron_bash $cro EOF - fi + fi echo "Completed: cron installed, as file: $cron_dir/$cron_filename" } -#decode a third-party signature either by signature name +# Decode a third-party signature either by signature name function decode_third_party_signature_by_signature_name () { echo "" echo "Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or" echo "a hexadecimal encoded data string and press enter (do not include '.UNOFFICIAL'" echo "in the signature name nor add quote marks to any input string):" read -r input - input=$(echo "$input" | tr -d "'" | tr -d '"') + input="$(echo "$input" | tr -d "'" | tr -d '"')" if echo "$input" | $grep_bin "\." > /dev/null ; then cd "$clam_dbs" || exit - sig=$($grep_bin "$input:" ./*.ndb) + sig="$($grep_bin "$input:" ./*.ndb)" if [ -n "$sig" ] ; then - db_file=$(echo "$sig" | cut -d ':' -f1) + db_file="${sig%:*}" echo "$input found in: $db_file" echo "$input signature decodes to:" - echo "$sig" | cut -d ":" -f5 | perl -pe 's/([a-fA-F0-9]{2})|(\{[^}]*\}|\([^)]*\))/defined $2 ? $2 : chr(hex $1)/eg' + echo "$sig" | cut -d ":" -f 5 | perl -pe 's/([a-fA-F0-9]{2})|(\{[^}]*\}|\([^)]*\))/defined $2 ? $2 : chr(hex $1)/eg' else echo "Signature '$input' could not be found." echo "This script will only decode ClamAV 'UNOFFICIAL' third-Party," @@ -624,7 +646,7 @@ function decode_third_party_signature_by_signature_name () { fi } -#Hexadecimal encode an entire input string +# Hexadecimal encode an entire input string function hexadecimal_encode_entire_input_string () { echo "" echo "Input the data string that you want to hexadecimal encode and then press enter. Do not include" @@ -634,7 +656,7 @@ function hexadecimal_encode_entire_input_string () { echo "$input" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' } -#Hexadecimal encode a formatted input string +# Hexadecimal encode a formatted input string function hexadecimal_encode_formatted_input_string () { echo "" echo "Input a formated data string containing spacing fields '{}, (), *' that you want to hexadecimal" @@ -645,40 +667,45 @@ function hexadecimal_encode_formatted_input_string () { echo "$input" | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' } -#GPG verify a specific Sanesecurity database file -function gpg_verify_specific_sanesecurity_database_file () { #databasefile +# GPG verify a specific Sanesecurity database file +function gpg_verify_specific_sanesecurity_database_file () { # databasefile echo "" - if [ "$1" ] ; then - db_file=$(echo "$1" | awk -F '/' '{print $NF}') - if [ -r "$work_dir_sanesecurity/$db_file" ] ; then - echo "GPG signature testing database file: $work_dir_sanesecurity/$db_file" - if [ -r "$work_dir_sanesecurity/$db_file".sig ] ; then - "$gpg_bin" -q --trust-model always --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file" - if [ "$?" != "0" ]; then - "$gpg_bin" -q --always-trust --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file" - if [ "$?" == "0" ]; then - exit 0 + if [ "$enable_gpg" == "no" ] ; then + xshok_pretty_echo_and_log "Notice: GnuPG / signature verification disabled" "-" + else + if [ "$1" ] ; then + db_file="$(echo "$1" | awk -F "/" '{print $NF}')" + if [ -r "$work_dir_sanesecurity/$db_file" ] ; then + echo "GPG signature testing database file: $work_dir_sanesecurity/$db_file" + if [ -r "$work_dir_sanesecurity/$db_file".sig ] ; then + "$gpg_bin" -q --trust-model always --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file" + if [ $? -ne 0 ]; then + "$gpg_bin" -q --always-trust --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg"/ss-keyring.gpg --verify "$work_dir_sanesecurity"/"$db_file".sig "$work_dir_sanesecurity"/"$db_file" + if [ $? -eq 0 ]; then + exit 0 + else + exit 1 + fi else - exit 1 + exit 0 fi else - exit 0 + echo "Signature '${db_file}.sig' cannot be found." fi else - echo "Signature '$db_file.sig' cannot be found." + echo "File '$db_file' cannot be found or is not a Sanesecurity database file." + echo "Only the following Sanesecurity and OITC databases can be GPG signature tested:" + ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_sanesecurity" fi else - echo "File '$db_file' cannot be found or is not a Sanesecurity database file." - echo "Only the following Sanesecurity and OITC databases can be GPG signature tested:" - ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_sanesecurity" + xshok_pretty_echo_and_log "ERROR: Missing value for option" "=" + exit 1 fi - else - xshok_pretty_echo_and_log "ERROR: Missing value for option" "=" exit 1 fi } -#Output system and configuration information +# Output system and configuration information function output_system_configuration_information () { echo "" echo "*** SCRIPT VERSION ***" @@ -691,7 +718,7 @@ function output_system_configuration_information () { echo "*** RSYNC LOCATION & VERSION ***" echo "$rsync_bin" $rsync_bin --version | head -1 - if [ "$wget_bin" != "" ] ; then + if [ -n "$wget_bin" ] ; then echo "*** WGET LOCATION & VERSION ***" echo "$wget_bin" $wget_bin --version | head -1 @@ -700,9 +727,11 @@ function output_system_configuration_information () { echo "$curl_bin" $curl_bin --version | head -1 fi - echo "*** GPG LOCATION & VERSION ***" - echo "$gpg_bin" - $gpg_bin --version | head -1 + if [ "$enable_gpg" == "yes" ] ; then + echo "*** GPG LOCATION & VERSION ***" + echo "$gpg_bin" + $gpg_bin --version | head -1 + fi echo "*** SCRIPT WORKING DIRECTORY INFORMATION ***" echo "$work_dir" echo "*** CLAMAV DIRECTORY INFORMATION ***" @@ -720,7 +749,7 @@ function output_system_configuration_information () { fi } -#Make a signature database from an ascii file +# Make a signature database from an ascii file function make_signature_database_from_ascii_file () { echo "" echo " @@ -768,30 +797,30 @@ function make_signature_database_from_ascii_file () { echo -n "Enter the source file as /path/filename: " read -r source if [ -r "$source" ] ; then - source_file=$(basename "$source") + source_file="$(basename "$source")" echo "What signature prefix would you like to use? For example: 'Phish.Domains'" echo "will create signatures that looks like: 'Phish.Domains.1:4:*:HexSigHere'" echo -n "Enter signature prefix: " read -r prefix - path_file=$(echo "$source" | cut -d "." -f-1 | command sed 's/$/.ndb/') - db_file=$(basename "$path_file") + path_file="$(echo "$source" | cut -d "." -f -1 | command sed 's/$/.ndb/')" + db_file="$(basename "$path_file")" rm -f "$path_file" - total=$(wc -l "$source" | cut -d " " -f1) - line_num=1 + total="$(wc -l "$source" | cut -d " " -f 1)" + line_num="1" while read -r line ; do - line_prefix=$(echo "$line" | awk -F ':' '{print $1}') - if [ "$line_prefix" = "-" ] ; then - echo "$line" | cut -d ":" -f2- | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file" - elif [ "$line_prefix" = "=" ] ; then - echo "$line" | cut -d ":" -f2- | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file" + line_prefix="$(echo "$line" | awk -F ":" '{print $1}')" + if [ "$line_prefix" == "-" ] ; then + echo "$line" | cut -d ":" -f 2- | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file" + elif [ "$line_prefix" == "=" ] ; then + echo "$line" | cut -d ":" -f 2- | perl -pe 's/(\{[^}]*\}|\([^)]*\)|\*)|(.)/defined $1 ? $1 : sprintf("%02lx", ord $2)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file" else echo "$line" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | command sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file" fi echo "Hexadecimal encoding $source_file line: $line_num of $total" - line_num=$((line_num + 1)) + line_num="$((line_num + 1))" done < "$source" else echo "Source file not found, exiting..." @@ -835,7 +864,7 @@ function make_signature_database_from_ascii_file () { fi } -#Remove the clamav-unofficial-sigs script +# Remove the clamav-unofficial-sigs script function remove_script () { echo "" if [ -n "$pkg_mgr" ] || [ -n "$pkg_rm" ] ; then @@ -846,7 +875,7 @@ function remove_script () { cron_file_full_path="$cron_dir/$cron_filename" logrotate_file_full_path="$logrotate_dir/$logrotate_filename" man_file_full_path="$man_dir/$man_filename" - + echo "This will remove the workdir ($work_dir), logrotate file ($logrotate_file_full_path), cron file ($cron_file_full_path), man file ($man_file_full_path)" echo "Are you sure you want to remove the clamav-unofficial-sigs script and all of its associated files, third-party databases, and work directory from the system?" if xshok_prompt_confirm ; then @@ -870,11 +899,11 @@ function remove_script () { xshok_is_file "$man_file_full_path" && rm -f "$man_file_full_path" echo " Removed file: $man_file_full_path" fi - - #rather keep the configs + + # Rather keep the configs #rm -f -- "$default_config" && echo " Removed file: $default_config" #rm -f -- "$0" && echo " Removed file: $0" - xshok_is_subdir "$work_dir" && rm -rf -- "$work_dir" && echo " Removed script working directories: $work_dir" + xshok_is_subdir "$work_dir" && rm -rf -- "${work_dir:?}" && echo " Removed script working directories: $work_dir" echo " The clamav-unofficial-sigs script and all of its associated files, third-party" echo " databases, and work directories have been successfully removed from the system." @@ -892,17 +921,17 @@ function remove_script () { fi } -#Clamscan integrity test a specific database file -function clamscan_integrity_test_specific_database_file () { #databasefile +# Clamscan integrity test a specific database file +function clamscan_integrity_test_specific_database_file () { # databasefile echo "" if [ "$1" ] ; then - input=$(echo "$1" | awk -F '/' '{print $NF}') - db_file=$(find "$work_dir" -name "$input") + input="$(echo "$1" | awk -F "/" '{print $NF}')" + db_file="$(find "$work_dir" -name "$input")" if [ -r "$db_file" ] ; then echo "Clamscan integrity testing: $db_file" $clamscan_bin --quiet -d "$db_file" "$work_dir_work_configs/scan-test.txt" - if [ "$?" -eq "0" ]; then + if [ $? -eq 0 ]; then echo "Clamscan reports that '$input' database integrity tested GOOD" exit 0 else @@ -915,10 +944,10 @@ function clamscan_integrity_test_specific_database_file () { #databasefile echo "=== Sanesecurity ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_sanesecurity" - + echo "=== SecuriteInfo ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_securiteinfo" - + echo "=== MalwarePatrol ===" ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_malwarepatrol" @@ -932,21 +961,21 @@ function clamscan_integrity_test_specific_database_file () { #databasefile ls --ignore "*.sig" --ignore "*.md5" --ignore "*.ign2" "$work_dir_add" echo "Check the file name and try again..." - fi + fi else xshok_pretty_echo_and_log "ERROR: Missing value for option" "=" exit 1 fi } -#output names of any third-party signatures that triggered during the HAM directory scan +# Output names of any third-party signatures that triggered during the HAM directory scan function output_signatures_triggered_during_ham_directory_scan () { echo "" if [ -n "$ham_dir" ] ; then if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then echo "The following third-party signatures triggered hits during the HAM Directory scan:" - $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f1 + $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f 1 else echo "No third-party signatures have triggered hits during the HAM Directory scan." fi @@ -955,7 +984,7 @@ function output_signatures_triggered_during_ham_directory_scan () { fi } -#Adds a signature whitelist entry in the newer ClamAV IGN2 format +# Adds a signature whitelist entry in the newer ClamAV IGN2 format function add_signature_whitelist_entry () { echo "" echo "Input a third-party signature name that you wish to whitelist due to false-positives" @@ -965,9 +994,9 @@ function add_signature_whitelist_entry () { read -r input if [ -n "$input" ] ; then cd "$clam_dbs" || exit - input=$(echo "$input" | tr -d "'" | tr -d '"') - sig_full=$($grep_bin -H "$input" ./*.*db) - sig_name=$(echo "$sig_full" | cut -d ":" -f2) + input="$(echo "$input" | tr -d "'" | tr -d '"')" + sig_full="$($grep_bin -H "$input" ./*.*db)" + sig_name="$(echo "$sig_full" | cut -d ":" -f 2)" if [ -n "$sig_name" ] ; then if ! $grep_bin "$sig_name" my-whitelist.ign2 > /dev/null 2>&1 ; then cp -f my-whitelist.ign2 "$work_dir_work_configs" 2>/dev/null @@ -977,7 +1006,7 @@ function add_signature_whitelist_entry () { if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs" ; then perms chown -f "$clam_user:$clam_group" my-whitelist.ign2 - if [ ! -s "$work_dir_work_configs/monitor-ign.txt" ] ; then + if [ ! -s "$work_dir_work_configs/monitor-ign.txt" ] ; then # Create "monitor-ign.txt" file for clamscan database integrity testing. echo "This is the monitor ignore file..." > "$work_dir_work_configs/monitor-ign.txt" fi @@ -1016,56 +1045,64 @@ function add_signature_whitelist_entry () { fi } -#Clamscan reload database +# Clamscan reload database function clamscan_reload_dbs () { # Reload all clamd databases if updates detected and $reload_dbs" is set to "yes" - if [ "$reload_dbs" = "yes" ] ; then + if [ "$reload_dbs" == "yes" ] ; then if [ "$do_clamd_reload" != "0" ] ; then - if [ "$do_clamd_reload" = "1" ] ; then + if [ "$do_clamd_reload" == "1" ] ; then xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "=" - elif [ "$do_clamd_reload" = "2" ] ; then + elif [ "$do_clamd_reload" == "2" ] ; then xshok_pretty_echo_and_log "Database removal(s) detected, reloading ClamAV databases" "=" - elif [ "$do_clamd_reload" = "3" ] ; then + elif [ "$do_clamd_reload" == "3" ] ; then xshok_pretty_echo_and_log "File 'local.ign' has changed, reloading ClamAV databases" "=" - elif [ "$do_clamd_reload" = "4" ] ; then + elif [ "$do_clamd_reload" == "4" ] ; then xshok_pretty_echo_and_log "File 'my-whitelist.ign2' has changed, reloading ClamAV databases" "=" else xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "=" fi - if [[ $($clamd_reload_opt 2>&1) = *"ERROR"* ]] ; then + if [[ "$($clamd_reload_opt 2>&1)" = *"ERROR"* ]] ; then xshok_pretty_echo_and_log "ERROR: Failed to reload, trying again" "-" if [ -r "$clamd_pid" ] ; then - mypid=$(cat "$clamd_pid") + mypid="$(cat "$clamd_pid")" kill -USR2 "$mypid" - if [ $? -eq 0 ] ; then + if [ $? -eq 0 ] ; then xshok_pretty_echo_and_log "ClamAV databases Reloaded" "=" else xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" "-" - if [ -z "$clamd_restart_opt" ] ; then + if [ -z "$clamd_restart_opt" ] ; then xshok_pretty_echo_and_log "WARNING: Check the script's configuration file, 'reload_dbs' enabled but no 'clamd_restart_opt'" "*" else - $clamd_restart_opt - xshok_pretty_echo_and_log "ClamAV Restarted" "=" + $clamd_restart_opt > /dev/null + if [ $? -eq 0 ] ; then + xshok_pretty_echo_and_log "ClamAV Restarted" "=" + else + xshok_pretty_echo_and_log "ClamAV NOT Restarted" "-" + fi fi fi else - xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" "=" - if [ -z "$clamd_restart_opt" ] ; then + xshok_pretty_echo_and_log "ERROR: Failed to reload, forcing clamd to restart" "-" + if [ -z "$clamd_restart_opt" ] ; then xshok_pretty_echo_and_log "WARNING: Check the script's configuration file, 'reload_dbs' enabled but no 'clamd_restart_opt'" "*" else - $clamd_restart_opt - xshok_pretty_echo_and_log "ClamAV Restarted" "=" + $clamd_restart_opt > /dev/null + if [ $? -eq 0 ] ; then + xshok_pretty_echo_and_log "ClamAV Restarted" "=" + else + xshok_pretty_echo_and_log "ClamAV NOT Restarted" "-" + fi fi - fi + fi else xshok_pretty_echo_and_log "ClamAV databases Reloaded" "=" fi - else + else xshok_pretty_echo_and_log "No updates detected, ClamAV databases were not reloaded" "=" fi - else - xshok_pretty_echo_and_log "Database reload has been disabled in the configuration file" "=" + else + xshok_pretty_echo_and_log "Database reload has been disabled in the configuration file" "=" fi } @@ -1077,17 +1114,17 @@ function check_clamav () { if [ -n "$clamd_socket" ] ; then if [ -S "$clamd_socket" ] ; then if [ "$(perl -e 'use IO::Socket::UNIX; print $IO::Socket::UNIX::VERSION,"\n"' 2>/dev/null)" ] ; then - io_socket1=1 - if [ "$(perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); print $s->getline; $s->close' "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then - io_socket2=1 + io_socket1="1" + if [ "$(perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); print $s->getline; $s->close' "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then + io_socket2="1" xshok_pretty_echo_and_log "ClamD is running" "=" fi else socat="$(which socat 2>/dev/null)" if [ -n "$socat" ] && [ -x "$socat" ] ; then - socket_cat1=1 - if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then - socket_cat2=1 + socket_cat1="1" + if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then + socket_cat2="1" xshok_pretty_echo_and_log "ClamD is running" "=" fi fi @@ -1111,7 +1148,7 @@ function check_clamav () { else if [ -n "$socket_cat1" ] ; then $clamd_restart_opt > /dev/null && sleep 5 - if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" = "PONG" ] ; then + if [ "$( (echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null)" == "PONG" ] ; then xshok_pretty_echo_and_log "ClamD was successfully started" "=" else xshok_pretty_echo_and_log "ERROR: CLAMD FAILED TO START" "=" @@ -1130,97 +1167,114 @@ function check_clamav () { fi } -#function to check for a new version +# Check for a new version function check_new_version () { - if [ "$wget_bin" != "" ] ; then - latest_version="$($wget_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O - 2> /dev/null | $grep_bin "script""_version=" | cut -d\" -f2)" + if [ -n "$wget_bin" ] ; then + # shellcheck disable=SC2086 + latest_version="$($wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O - 2> /dev/null | $grep_bin "script""_version=" | cut -d '"' -f 2)" else - latest_version="$($curl_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh 2> /dev/null | $grep_bin "script""_version=" | cut -d\" -f2)" + # shellcheck disable=SC2086 + latest_version="$($curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh 2> /dev/null | $grep_bin "script""_version=" | cut -d '"' -f 2)" fi if [ "$latest_version" ] ; then - if [ ! "$latest_version" == "$script_version" ] ; then + if [ "$latest_version" != "$script_version" ] ; then xshok_pretty_echo_and_log "New version : v$latest_version @ https://github.com/extremeshok/clamav-unofficial-sigs" "-" fi fi } -#function for help and usage -##usage: +# Check for a new version +function check_new_config_version () { + if [ -n "$wget_bin" ] ; then + # shellcheck disable=SC2086 + latest_config_version="$($wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O - 2> /dev/null | $grep_bin "config_version=" | cut -d '"' -f 2)" + else + # shellcheck disable=SC2086 + latest_config_version="$($curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf 2> /dev/null | $grep_bin "config_version=" | cut -d '"' -f 2)" + fi + if [ "$latest_config_version" ] ; then + if [ "$latest_config_version" != "$config_version" ] ; then + xshok_pretty_echo_and_log "New configversion : v${latest_config_version} @ https://github.com/extremeshok/clamav-unofficial-sigs" "-" + fi + fi +} + +# Display help and usage +# Usage: # help_and_usage "1" - enables the man output formatting # help_and_usage - normal help output formatting function help_and_usage () { if [ "$1" ] ; then - #option_format_start + # option_format_start ofs="\fB" - #option_format_end + # option_format_end ofe="\fR" - #option_format_blankline + # option_format_blankline ofb=".TP" - #option_format_tab_line + # option_format_tab_line oft=" " else - #option_format_start + # option_format_start ofs="${BOLD}" - #option_format_end + # option_format_end ofe="${NORM}\t" - #option_format_blankline + # option_format_blankline ofb="\n" - #option_format_tab_line + # option_format_tab_line oft="\n\t" fi -helpcontents=$(cat << EOF + helpcontents="$(cat << EOF $ofs Usage: $(basename "$0") $ofe [OPTION] [PATH|FILE] $ofb $ofs -c, --config $ofe Use a specific configuration file or directory $oft eg: '-c /your/dir' or ' -c /your/file.name' $oft Note: If a directory is specified the directory must contain atleast: $oft master.conf, os.conf or user.conf $oft Default Directory: $config_dir -$ofb +$ofb $ofs -F, --force $ofe Force all databases to be downloaded, could cause ip to be blocked -$ofb +$ofb $ofs -h, --help $ofe Display this script's help and usage information -$ofb +$ofb $ofs -V, --version $ofe Output script version and date information -$ofb +$ofb $ofs -v, --verbose $ofe Be verbose, enabled when not run under cron -$ofb +$ofb $ofs -s, --silence $ofe Only output error messages, enabled when run under cron -$ofb +$ofb $ofs -d, --decode-sig $ofe Decode a third-party signature either by signature name $oft (eg: Sanesecurity.Junk.15248) or hexadecimal string. $oft This flag will 'NOT' decode image signatures -$ofb +$ofb $ofs -e, --encode-string $ofe Hexadecimal encode an entire input string that can $oft be used in any '*.ndb' signature database file -$ofb +$ofb $ofs -f, --encode-formatted $ofe Hexadecimal encode a formatted input string containing $oft signature spacing fields '{}, (), *', without encoding $oft the spacing fields, so that the encoded signature $oft can be used in any '*.ndb' signature database file -$ofb +$ofb $ofs -g, --gpg-verify $ofe GPG verify a specific Sanesecurity database file $oft eg: '-g filename.ext' (do not include file path) -$ofb +$ofb $ofs -i, --information $ofe Output system and configuration information for $oft viewing or possible debugging purposes -$ofb +$ofb $ofs -m, --make-database $ofe Make a signature database from an ascii file containing $oft data strings, with one data string per line. Additional $oft information is provided when using this flag -$ofb +$ofb $ofs -t, --test-database $ofe Clamscan integrity test a specific database file $oft eg: '-t filename.ext' (do not include file path) -$ofb +$ofb $ofs -o, --output-triggered $ofe If HAM directory scanning is enabled in the script's $oft configuration file, then output names of any third-party $oft signatures that triggered during the HAM directory scan -$ofb +$ofb $ofs -w, --whitelist $ofe Adds a signature whitelist entry in the newer ClamAV IGN2 $oft format to 'my-whitelist.ign2' in order to temporarily resolve $oft a false-positive issue with a specific third-party signature. $oft Script added whitelist entries will automatically be removed $oft if the original signature is either modified or removed from $oft the third-party signature database -$ofb +$ofb $ofs --check-clamav $ofe If ClamD status check is enabled and the socket path is correctly $oft specifiedthen test to see if clamd is running or not -$ofb +$ofb $ofs --install-all $ofe Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files $ofb $ofs --install-cron $ofe Install and generate the cron file, autodetects the values $oft based on your config files -$ofb +$ofb $ofs --install-logrotate $ofe Install and generate the logrotate file, autodetects the $oft values based on your config files -$ofb +$ofb $ofs --install-man $ofe Install and generate the man file, autodetects the $oft values based on your config files -$ofb +$ofb $ofs --remove-script $ofe Remove the clamav-unofficial-sigs script and all of $oft its associated files and databases from the system -$ofb +$ofb EOF - ) #this is very important... - - if [ "$1" ] ; then - echo "${helpcontents//-/\\-}" - else + )" # This is very important +if [ "$1" ] ; then + echo "${helpcontents//-/\\-}" +else echo -e "$helpcontents" fi } @@ -1229,17 +1283,17 @@ EOF # MAIN PROGRAM ################################################################################ -#Script Info -script_version="5.4.1" -script_version_date="20 July 2016" -minimum_required_config_version="65" +# Script Info +script_version="5.6.2" +script_version_date="2017-03-19" +minimum_required_config_version="72" minimum_yara_clamav_version="0.99" -#default config files +# Default config files config_dir="/etc/clamav-unofficial-sigs" -config_files=("$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf") +config_files=( "$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf" ) -#Initialise +# Initialise config_version="0" do_clamd_reload="0" comment_silence="no" @@ -1249,59 +1303,67 @@ enable_log="no" custom_config="no" we_have_a_config="0" -## Solaris which function returns garbage when the program is not found -## only define the new which function if running under Solaris -if [ "$(uname -s)" = "SunOS" ] ; then +# Solaris which function returns garbage when the program is not found +# only define the new which function if running under Solaris +if [ "$(uname -s)" == "SunOS" ] ; then which () { - # use the switch -p to ignore ksh internal commands + # Use the switch -p to ignore ksh internal commands ksh whence -p "$@" } fi -#Default Binaries & Commands -clamd_reload_opt="clamdscan --reload" -uname_bin=$(which uname) -clamscan_bin=$(which clamscan) -rsync_bin=$(which rsync) -#detect support for wget +# Default Binaries & Commands +uname_bin="$(which uname 2> /dev/null)" +clamscan_bin="$(which clamscan 2> /dev/null)" +rsync_bin="$(which rsync 2> /dev/null)" +# Detect support for wget if [ -x /usr/sfw/bin/wget ] ; then wget_bin="/usr/sfw/bin/wget" else - wget_bin=$(which wget) + wget_bin="$(which wget 2> /dev/null)" fi -if [ "$wget_bin" == "" ] ; then - curl_bin=$(which curl) +if [ -z "$wget_bin" ] ; then + curl_bin="$(which curl 2> /dev/null)" + if [ -z "$curl_bin" ] ; then + xshok_pretty_echo_and_log "ERROR: both wget and curl commands are missing, One of them is required" "=" + exit 1 + fi fi -#detect supprot for gnu grep + +# Detect supprot for gnu grep if [ -x /usr/gnu/bin/grep ] ; then grep_bin="/usr/gnu/bin/grep" else - grep_bin=$(which grep) -fi -if [ -x /opt/csw/bin/gpg ] ; then - gpg_bin="/opt/csw/bin/gpg" -else - gpg_bin=$(which gpg) + grep_bin="$(which grep 2> /dev/null)" fi -if [ "$gpg_bin" == "" ] ; then - gpg_bin=$(which gpg2) + +dig_bin="$(which dig 2> /dev/null)" +if [ -z "$dig_bin" ] ; then + host_bin="$(which host 2> /dev/null)" + if [ -z "$host_bin" ] ; then + xshok_pretty_echo_and_log "ERROR: both dig and host commands are missing, One of them is required" "=" + exit 1 + fi fi -#Detect if terminal + + + +# Detect if terminal if [ -t 1 ] ; then - #Set fonts - ##Usage: echo "${BOLD}-a${NORM}" - BOLD=$(tput bold) + # Set fonts + # Usage: echo "${BOLD}-a${NORM}" + BOLD="$(tput bold)" #REV=$(tput smso) - NORM=$(tput sgr0) - #Verbose + NORM="$(tput sgr0)" + # Verbose force_verbose="yes" else - #Null Fonts - BOLD='' - #REV='' - NORM='' - #silence + # Null fonts + BOLD="" + #REV="" + NORM="" + # Silence force_verbose="no" fi @@ -1309,23 +1371,23 @@ fi # Generic command line options while true ; do case "$1" in - -c | --config ) xshok_check_s2 "$2"; custom_config="$2"; shift 2; break ;; - -F | --force ) force_updates="yes"; shift 1; break ;; - -v | --verbose ) force_verbose="yes"; shift 1; break ;; - -s | --silence ) force_verbose="no"; shift 1; break ;; - * ) break ;; + -c|--config) xshok_check_s2 "$2"; custom_config="$2"; shift 2; break ;; + -F|--force) force_updates="yes"; shift 1; break ;; + -v|--verbose) force_verbose="yes"; shift 1; break ;; + -s|--silence) force_verbose="no"; shift 1; break ;; + *) break ;; esac done -#Set the verbosity +# Set the verbosity if [ "$force_verbose" == "yes" ] ; then - #verbose + # Verbose downloader_silence="no" rsync_silence="no" gpg_silence="no" comment_silence="no" else - #silence + # Silence downloader_silence="yes" rsync_silence="yes" gpg_silence="yes" @@ -1342,65 +1404,83 @@ xshok_pretty_echo_and_log "" "#" "80" # Generic command line options while true ; do case "$1" in - -h | --help ) help_and_usage; exit; break ;; - -V | --version ) exit; break ;; - * ) break ;; + -h|--help) help_and_usage; exit ;; + -V|--version) exit ;; + *) break ;; esac done -## CONFIG LOADING AND ERROR CHECKING ############################################## +# CONFIG LOADING AND ERROR CHECKING ############################################## if [ "$custom_config" != "no" ] ; then if [ -d "$custom_config" ] ; then # Assign the custom config dir and remove trailing / (removes / and //) - config_dir=$(echo "$custom_config" | sed 's:/*$::') - config_files=("$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf") + shopt -s extglob; custom_config="${custom_config%%+(/)}" + config_files=( "$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf" ) else - config_files=("$custom_config") + config_files=( "$custom_config" ) fi fi for config_file in "${config_files[@]}" ; do - if [ -r "$config_file" ] ; then #exists and readable + if [ -r "$config_file" ] ; then # Exists and readable we_have_a_config="1" - #config stripping + # Config stripping xshok_pretty_echo_and_log "Loading config: $config_file" "=" - - - if [ "$(uname -s)" = "SunOS" ] ; then - #Solaris FIXES only, i had issues with running with a single command.. - clean_config=$(command sed -e '/^#.*/d' "$config_file") # comment line - clean_config=$(echo "$clean_config" | sed -e 's/#[[:space:]].*//') # comment line (duplicated) - clean_config=$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//') #comments at end of line - clean_config=$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//') #trailing and leading whitespace - clean_config=$(echo "$clean_config" | sed -e '/^\s*$/d') #blank lines - else - # delete lines beginning with # - # delete from ' #' to end of the line - # delete from '# ' to end of the line - # delete both trailing and leading whitespace - # delete all trailing whitespace - # delete all empty lines - clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file") + + + if [ "$(uname -s)" == "SunOS" ] ; then + # Solaris FIXES only, i had issues with running with a single command.. + clean_config="$(command sed -e '/^#.*/d' "$config_file")" # Comment line + #clean_config="$(echo "$clean_config" | sed -e 's/#[[:space:]].*//')" # Comment line (duplicated) + clean_config=${clean_config//\#*/} # Comment line (duplicated) + clean_config="$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line + #clean_config="$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//')" # trailing and leading whitespace + clean_config="$(echo "$clean_config" | xargs)" + clean_config="$(echo "$clean_config" | sed -e '/^\s*$/d')" # Blank lines + + elif [ "$(uname -s)" == "Darwin" ] ; then + # MacOS / OS X fixes, had issues with running with a single command and with SunOS work around.. + clean_config="$(command sed -e '/^#.*/d' "$config_file")" # Comment line + clean_config="$(echo "$clean_config" | sed -e 's/#[[:space:]].*//')" # Comment line (duplicated) + clean_config="$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line + #clean_config="$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//')" # trailing and leading whitespace + #clean_config="$(echo "$clean_config" | xargs)" + clean_config="$(echo "$clean_config" | sed -e '/^\s*$/d')" # Blank lines + + else + # Delete lines beginning with # + # Delete from " #" to end of the line + # Delete from "# " to end of the line + # Delete both trailing and leading whitespace + # Delete all trailing whitespace + # Delete all empty lines + clean_config="$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file")" fi - - ### config error checking - # check "" are an even number + + #fix eval of | + clean_config="${clean_config//|/\\|}" + + # Config error checking + # Check "" are an even number config_check="${clean_config//[^\"]}" - if [ $(( ${#config_check} % 2)) -eq 1 ] ; then - xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every \" requires a closing \"" "=" + if [ "$(( ${#config_check} % 2 ))" -eq 1 ] ; then + xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every \" requires a closing \"" "=" exit 1 fi - # check there is an = for every set of "" #optional whitespace \s* between = and " - config_check_vars=$(echo "$clean_config" | $grep_bin -c '=\s*\"' ) + # Check there is an = for every set of "" optional whitespace \s* between = and " + config_check_vars="$(echo "$clean_config" | $grep_bin -c '=\s*\"' )" - if [ $(( ${#config_check} / 2)) -ne "$config_check_vars" ] ; then - xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" "=" + if [ $(( ${#config_check} / 2 )) -ne "$config_check_vars" ] ; then + xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" "=" exit 1 fi - #config loading + # backslash pipe + #clean_config="${clean_config//|/\|}" + + # Config loading for i in "${clean_config[@]}" ; do eval "$(echo "${i}" | command sed -e 's/[[:space:]]*$//' 2> /dev/null)" done @@ -1408,29 +1488,29 @@ for config_file in "${config_files[@]}" ; do done - # Assign the log_file_path earlier and remove trailing / (removes / and //) -log_file_path=$(echo "$log_file_path" | sed 's:/*$::') -#Only start logging once all the configs have been loaded +shopt -s extglob; log_file_path="${log_file_path%%+(/)}" +# Only start logging once all the configs have been loaded if [ "$logging_enabled" == "yes" ] ; then enable_log="yes" fi -## Make sure we have a readable config file +# Make sure we have a readable config file if [ "$we_have_a_config" == "0" ] ; then xshok_pretty_echo_and_log "ERROR: Config file/s could NOT be read/loaded" "=" + xshok_pretty_echo_and_log "Note: Possible fix would be to checkl the config dir $config_dir exists and contains config files" exit 1 fi -#prevent some issues with an incomplete or only a user.conf being loaded -if [ $config_version == "0" ] ; then +# Prevent some issues with an incomplete or only a user.conf being loaded +if [ "$config_version" == "0" ] ; then xshok_pretty_echo_and_log "ERROR: Config file/s are missing important contents" "=" xshok_pretty_echo_and_log "Note: Possible fix would be to point the script to the dir with the configs" exit 1 fi -#config version validation -if [ $config_version -lt $minimum_required_config_version ] ; then +# Config version validation +if [ "$config_version" -lt "$minimum_required_config_version" ] ; then xshok_pretty_echo_and_log "ERROR: Your config version $config_version is not compatible with the min required version $minimum_required_config_version" "=" exit 1 fi @@ -1438,125 +1518,164 @@ fi # Check to see if the script's "USER CONFIGURATION FILE" has been completed. if [ "$user_configuration_complete" != "yes" ] ; then xshok_pretty_echo_and_log "WARNING: SCRIPT CONFIGURATION HAS NOT BEEN COMPLETED" "*" - xshok_pretty_echo_and_log "Please review the script configuration files." + xshok_pretty_echo_and_log "Please review the script configuration files" + xshok_pretty_echo_and_log "and uncomment the following line in user.conf" + xshok_pretty_echo_and_log "#user_configuration_complete=\"yes\"" exit 1 fi # Assign the directories and remove trailing / (removes / and //) -work_dir=$(echo "$work_dir" | sed 's:/*$::') +shopt -s extglob; work_dir="${work_dir%%+(/)}" -#Allow overriding of all the individual workdirs, this is mainly to aid package maintainers -if [ ! -n "$work_dir_sanesecurity" ] ; then - work_dir_sanesecurity=$(echo "$work_dir/$sanesecurity_dir" | sed 's:/*$::') +# Allow overriding of all the individual workdirs, this is mainly to aid package maintainers +if [ -z "$work_dir_sanesecurity" ] ; then + work_dir_sanesecurity="$(echo "$work_dir/$sanesecurity_dir" | sed 's:/*$::')" else - work_dir_sanesecurity=$(echo "$work_dir_sanesecurity" | sed 's:/*$::') + shopt -s extglob; work_dir_sanesecurity="${work_dir_sanesecurity%%+(/)}" fi -if [ ! -n "$work_dir_securiteinfo" ] ; then - work_dir_securiteinfo=$(echo "$work_dir/$securiteinfo_dir" | sed 's:/*$::') +if [ -z "$work_dir_securiteinfo" ] ; then + work_dir_securiteinfo="$(echo "$work_dir/$securiteinfo_dir" | sed 's:/*$::')" else - work_dir_securiteinfo=$(echo "$work_dir_securiteinfo" | sed 's:/*$::') + shopt -s extglob; work_dir_securiteinfo="${work_dir_securiteinfo%%+(/)}" fi -if [ ! -n "$work_dir_linuxmalwaredetect" ] ; then - work_dir_linuxmalwaredetect=$(echo "$work_dir/$linuxmalwaredetect_dir" | sed 's:/*$::') +if [ -z "$work_dir_linuxmalwaredetect" ] ; then + work_dir_linuxmalwaredetect="$(echo "$work_dir/$linuxmalwaredetect_dir" | sed 's:/*$::')" else - work_dir_linuxmalwaredetect=$(echo "$work_dir_linuxmalwaredetect" | sed 's:/*$::') + shopt -s extglob; work_dir_malwarepatrol="${work_dir_malwarepatrol%%+(/)}" fi -if [ ! -n "$work_dir_malwarepatrol" ] ; then - work_dir_malwarepatrol=$(echo "$work_dir/$malwarepatrol_dir" | sed 's:/*$::') +if [ -z "$work_dir_malwarepatrol" ] ; then + work_dir_malwarepatrol="$(echo "$work_dir/$malwarepatrol_dir" | sed 's:/*$::')" else - work_dir_malwarepatrol=$(echo "$work_dir_malwarepatrol" | sed 's:/*$::') + shopt -s extglob; work_dir_malwarepatrol="${work_dir_malwarepatrol%%+(/)}" fi -if [ ! -n "$work_dir_yararulesproject" ] ; then - work_dir_yararulesproject=$(echo "$work_dir/$yararulesproject_dir" | sed 's:/*$::') +if [ -z "$work_dir_yararulesproject" ] ; then + work_dir_yararulesproject="$(echo "$work_dir/$yararulesproject_dir" | sed 's:/*$::')" else - work_dir_yararulesproject=$(echo "$work_dir_yararulesproject" | sed 's:/*$::') + shopt -s extglob; work_dir_yararulesproject="${work_dir_yararulesproject%%+(/)}" fi -if [ ! -n "$work_dir_add" ] ; then - work_dir_add=$(echo "$work_dir/$add_dir" | sed 's:/*$::') +if [ -z "$work_dir_add" ] ; then + work_dir_add="$(echo "$work_dir/$add_dir" | sed 's:/*$::')" else - work_dir_add=$(echo "$work_dir_add" | sed 's:/*$::') + shopt -s extglob; work_dir_add="${work_dir_add%%+(/)}" fi -if [ ! -n "$work_dir_work_configs" ] ; then - work_dir_work_configs=$(echo "$work_dir/$work_dir_configs" | sed 's:/*$::') +if [ -z "$work_dir_work_configs" ] ; then + work_dir_work_configs="$(echo "$work_dir/$work_dir_configs" | sed 's:/*$::')" else - work_dir_work_configs=$(echo "$work_dir_work_configs" | sed 's:/*$::') + shopt -s extglob; work_dir_work_configs="${work_dir_work_configs%%+(/)}" fi -if [ ! -n "$work_dir_gpg" ] ; then - work_dir_gpg=$(echo "$work_dir/$gpg_dir" | sed 's:/*$::') +if [ -z "$work_dir_gpg" ] ; then + work_dir_gpg="$(echo "$work_dir/$gpg_dir" | sed 's:/*$::')" else - work_dir_gpg=$(echo "$work_dir_gpg" | sed 's:/*$::') + shopt -s extglob; work_dir_gpg="${work_dir_gpg%%+(/)}" fi -if [ ! -n "$work_dir_pid" ] ; then - work_dir_pid=$(echo "$work_dir/$pid_dir" | sed 's:/*$::') +if [ -z "$work_dir_pid" ] ; then + work_dir_pid="$(echo "$work_dir/$pid_dir" | sed 's:/*$::')" else - work_dir_pid=$(echo "$work_dir_pid" | sed 's:/*$::') + shopt -s extglob; work_dir_pid="${work_dir_pid%%+(/)}" fi # Assign defaults if not defined -if [ ! -n "$cron_dir" ] ; then +if [ -z "$cron_dir" ] ; then cron_dir="/etc/cron.d" fi -cron_dir=$(echo "$cron_dir" | sed 's:/*$::') -if [ ! -n "$cron_filename" ] ; then +shopt -s extglob; cron_dir="${cron_dir%%+(/)}" +if [ -z "$cron_filename" ] ; then cron_filename="clamav-unofficial-sigs" fi -if [ ! -n "$logrotate_dir" ] ; then +if [ -z "$logrotate_dir" ] ; then logrotate_dir="/etc/logrotate.d" fi -logrotate_dir=$(echo "$logrotate_dir" | sed 's:/*$::') -if [ ! -n "$logrotate_filename" ] ; then +shopt -s extglob; logrotate_dir="${logrotate_dir%%+(/)}" +if [ -z "$logrotate_filename" ] ; then logrotate_filename="clamav-unofficial-sigs" -fi -if [ ! -n "$man_dir" ] ; then +fi +if [ -z "$man_dir" ] ; then man_dir="/usr/share/man/man8" fi -man_dir=$(echo "$man_dir" | sed 's:/*$::') -if [ ! -n "$man_filename" ] ; then +shopt -s extglob; man_dir="${man_dir%%+(/)}" +if [ -z "$man_filename" ] ; then man_filename="clamav-unofficial-sigs.8" -fi -if [ ! -n "$man_log_file_full_path" ] ; then +fi +if [ -z "$man_log_file_full_path" ] ; then man_log_file_full_path="$log_file_path/$log_file_name" fi +# dont assign , but remove trailing / +shopt -s extglob; clam_dbs="${clam_dbs%%+(/)}" -### SANITY checks -#Check default Binaries & Commands are defined -if [ "$clamd_reload_opt" == "" ] ; then - xshok_pretty_echo_and_log "ERROR: Missing clamd_reload_opt" "=" - exit 1 +# SANITY checks +# Check default Binaries & Commands are defined +if [ "$reload_dbs" == "yes" ] ; then + if [ -z "$clamd_reload_opt" ] ; then + xshok_pretty_echo_and_log "ERROR: Missing clamd_reload_opt" "=" + exit 1 + fi fi -if [ "$uname_bin" == "" ] ; then +if [ -z "$uname_bin" ] ; then xshok_pretty_echo_and_log "ERROR: uname (uname_bin) not found" "=" exit 1 fi -if [ "$clamscan_bin" == "" ] ; then +if [ -z "$clamscan_bin" ] ; then xshok_pretty_echo_and_log "ERROR: clamscan binary (clamscan_bin) not found" "=" exit 1 fi -if [ "$rsync_bin" == "" ] ; then +if [ -z "$rsync_bin" ] ; then xshok_pretty_echo_and_log "ERROR: rsync binary (rsync_bin) not found" "=" exit 1 fi -if [ "$wget_bin" == "" ] ; then - if [ "$curl_bin" == "" ] ; then +if [ -z "$wget_bin" ] ; then + if [ -z "$curl_bin" ] ; then xshok_pretty_echo_and_log "ERROR: wget and curl binaries not found, script requires either wget or curl" "=" exit 1 fi fi -if [ "$gpg_bin" == "" ] ; then - xshok_pretty_echo_and_log "ERROR: gpg binary (gpg_bin) not found" "=" - exit 1 +# Check if GPG is enabled and the binary is found +if [ "$enable_gpg" == "yes" ] ; then + if [ -z "$gpg_bin" ] ; then + if [ -x /opt/csw/bin/gpg ] ; then + gpg_bin="/opt/csw/bin/gpg" + else + gpg_bin="$(which gpg 2> /dev/null)" + fi + if [ -z "$gpg_bin" ] ; then + gpg_bin="$(which gpg2 2> /dev/null)" + fi + fi + if [ -z "$gpg_bin" ] ; then + enable_gpg="no" + fi + if [ ! -x "$gpg_bin" ] ; then + enable_gpg="no" + fi fi -#Check default directories are defined -if [ "$work_dir" == "" ] ; then +if [ "$enable_gpg" != "yes" ] ; then + xshok_pretty_echo_and_log "Notice: GnuPG / signature verification disabled" "-" +fi +# Check default directories are defined +if [ -z "$work_dir" ] ; then xshok_pretty_echo_and_log "ERROR: working directory (work_dir) not defined" "=" exit 1 fi +if [ -z "$clam_dbs" ] ; then + xshok_pretty_echo_and_log "ERROR: clam database directory (clam_dbs) not defined" "=" + exit 1 +fi +# Check default directories are writable +if [ -e "$work_dir" ] ; then + if [ ! -w "$work_dir" ] ; then + xshok_pretty_echo_and_log "ERROR: working directory (work_dir) not writable $work_dir" "=" + exit 1 + fi +fi +if [ ! -w "$clam_dbs" ] ; then + xshok_pretty_echo_and_log "ERROR: clam database directory (clam_dbs) not writable $clam_dbs" "=" + exit 1 +fi # Reset the update timers to force a full update. if [ "$force_updates" == "yes" ] ; then - xshok_pretty_echo_and_log "Force Updates: enabled" - sanesecurity_update_hours="0" + xshok_pretty_echo_and_log "Force Updates: enabled" + sanesecurity_update_hours="0" securiteinfo_update_hours="0" linuxmalwaredetect_update_hours="0" malwarepatrol_update_hours="0" @@ -1570,18 +1689,18 @@ if [ "$enable_locking" == "yes" ] ; then xshok_mkdir_ownership "$work_dir_pid" pid_file_fullpath="$work_dir_pid/clamav-unofficial-sigs.pid" if [ -f "$pid_file_fullpath" ] ; then - pid_file_pid=$(cat "$pid_file_fullpath") + pid_file_pid="$(cat "$pid_file_fullpath")" ps -p "$pid_file_pid" > /dev/null 2>&1 - if [ $? -eq 0 ] ; then + if [ $? -eq 0 ] ; then xshok_pretty_echo_and_log "ERROR: Only one instance can run at the same time." "=" exit 1 else xshok_create_pid_file "$pid_file_fullpath" fi else - xshok_create_pid_file "$pid_file_fullpath" + xshok_create_pid_file "$pid_file_fullpath" fi - # run this wehen the script exits + # Run this wehen the script exits trap -- "rm -f $pid_file_fullpath" EXIT fi @@ -1592,24 +1711,24 @@ if ! xshok_user_group_exists "$clam_user" "$clam_group" ; then fi # Silence rsync output and only report errors - useful if script is run via cron. -if [ "$rsync_silence" = "yes" ] ; then +if [ "$rsync_silence" == "yes" ] ; then rsync_output_level="--quiet" else rsync_output_level="--progress" fi -# If the local rsync client supports the '--no-motd' flag, then enable it. -if $rsync_bin --help | $grep_bin 'no-motd' > /dev/null ; then +# If the local rsync client supports the "--no-motd" flag, then enable it. +if $rsync_bin --help | $grep_bin -q "no-motd" > /dev/null ; then no_motd="--no-motd" fi -# If the local rsync client supports the '--contimeout' flag, then enable it. -if $rsync_bin --help | $grep_bin 'contimeout' > /dev/null ; then +# If the local rsync client supports the "--contimeout" flag, then enable it. +if $rsync_bin --help | $grep_bin -q "contimeout" > /dev/null ; then connect_timeout="--contimeout=$rsync_connect_timeout" fi # Silence wget output and only report errors - useful if script is run via cron. -if [ "$downloader_silence" = "yes" ] ; then +if [ "$downloader_silence" == "yes" ] ; then wget_output_level="--quiet" #--quiet curl_output_level="--silent --show-error" else @@ -1617,8 +1736,8 @@ else curl_output_level="" fi -#suppress ssl warnings -if [ "$downloader_ignore_ssl" = "yes" ] ; then +# Suppress ssl warnings +if [ "$downloader_ignore_ssl" == "yes" ] ; then wget_insecure="--no-check-certificate" curl_insecure="--insecure" else @@ -1628,10 +1747,10 @@ fi # This scripts name and path this_script_name="$(basename "$0")" -this_script_path="$( cd "$(dirname "$0")" ; pwd -P )" +this_script_path="$( cd "$(dirname "$0")" || exit ; pwd -P )" this_script_full_path="$this_script_path/$this_script_name" -#set the script to 755 permissions +# Set the script to 755 permissions if xshok_is_root ; then if [ "$setmode" == "yes" ] ; then if [ ! -x "$this_script_path/$this_script_name" ] ; then @@ -1640,7 +1759,7 @@ if xshok_is_root ; then fi fi else - #disable setmode + # Disable setmode setmode="no" fi @@ -1650,22 +1769,22 @@ fi while true; do case "$1" in - -d | --decode-sig ) decode_third_party_signature_by_signature_name; exit; break ;; - -e | --encode-string ) hexadecimal_encode_entire_input_string; exit; break ;; - -f | --encode-formatted ) hexadecimal_encode_formatted_input_string; exit; break ;; - -g | --gpg-verify ) xshok_check_s2 "$2"; gpg_verify_specific_sanesecurity_database_file "$2"; exit; break ;; - -i | --information ) output_system_configuration_information; exit; break ;; - -m | --make-database ) make_signature_database_from_ascii_file; exit; break ;; - -t | --test-database ) xshok_check_s2 "$2"; clamscan_integrity_test_specific_database_file "$2"; exit; break ;; - -o | --output-triggered ) output_signatures_triggered_during_ham_directory_scan; exit; break ;; - -w | --whitelist ) add_signature_whitelist_entry; exit; break ;; - --check-clamav ) check_clamav; exit; break ;; - --install-all ) install_cron; install_logrotate; install_man; exit; break ;; - --install-cron ) install_cron; exit; break ;; - --install-logrotate ) install_logrotate; exit; break ;; - --install-man ) install_man; exit; break ;; - --remove-script ) remove_script; exit; break ;; - * ) break ;; + -d|--decode-sig) decode_third_party_signature_by_signature_name; exit ;; + -e|--encode-string) hexadecimal_encode_entire_input_string; exit ;; + -f|--encode-formatted) hexadecimal_encode_formatted_input_string; exit ;; + -g|--gpg-verify) xshok_check_s2 "$2"; gpg_verify_specific_sanesecurity_database_file "$2"; exit ;; + -i|--information) output_system_configuration_information; exit ;; + -m|--make-database) make_signature_database_from_ascii_file; exit ;; + -t|--test-database) xshok_check_s2 "$2"; clamscan_integrity_test_specific_database_file "$2"; exit ;; + -o|--output-triggered) output_signatures_triggered_during_ham_directory_scan; exit ;; + -w|--whitelist) add_signature_whitelist_entry; exit ;; + --check-clamav) check_clamav; exit ;; + --install-all) install_cron; install_logrotate; install_man; exit ;; + --install-cron) install_cron; exit ;; + --install-logrotate) install_logrotate; exit ;; + --install-man) install_man; exit ;; + --remove-script) remove_script; exit ;; + *) break ;; esac done @@ -1673,10 +1792,10 @@ xshok_pretty_echo_and_log "Preparing Databases" "=" # Check yararule support is available if [ "$enable_yararules" == "yes" ] ; then - current_clamav_version=$($clamscan_bin -V | cut -d " " -f2 | cut -d "/" -f1 | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }') - minimum_yara_clamav_version=$(echo "$minimum_yara_clamav_version" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }') - #Check current clamav version against the minimum required version for yara support - if [ "$current_clamav_version" -lt "$minimum_yara_clamav_version" ] ; then #older + current_clamav_version="$($clamscan_bin -V | cut -d " " -f 2 | cut -d "/" -f 1 | awk -F "." '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')" + minimum_yara_clamav_version="$(echo "$minimum_yara_clamav_version" | awk -F "." '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')" + # Check current clamav version against the minimum required version for yara support + if [ "$current_clamav_version" -le "$minimum_yara_clamav_version" ] ; then # Older yararulesproject_enabled="no" enable_yararules="no" xshok_pretty_echo_and_log "Notice: Yararules Disabled due to clamav being older than the minimum required version" @@ -1690,37 +1809,45 @@ fi if [ "$sanesecurity_enabled" == "yes" ] ; then if [ -n "$sanesecurity_dbs" ] ; then if [ -n "$sanesecurity_dbs_rating" ] ; then - sanesecurity_dbs="$(xshok_database "$sanesecurity_dbs" "$sanesecurity_dbs_rating")" + temp_db="$(xshok_database "$sanesecurity_dbs_rating" "${sanesecurity_dbs[@]}")" else - sanesecurity_dbs="$(xshok_database "$sanesecurity_dbs" "$default_dbs_rating")" + temp_db="$(xshok_database "$default_dbs_rating" "${sanesecurity_dbs[@]}")" fi + sanesecurity_dbs=( ) + sanesecurity_dbs=( $temp_db ) fi fi if [ "$securiteinfo_enabled" == "yes" ] ; then if [ -n "$securiteinfo_dbs" ] ; then if [ -n "$securiteinfo_dbs_rating" ] ; then - securiteinfo_dbs="$(xshok_database "$securiteinfo_dbs" "$securiteinfo_dbs_rating")" + temp_db="$(xshok_database "$securiteinfo_dbs_rating" "${securiteinfo_dbs[@]}")" else - securiteinfo_dbs="$(xshok_database "$securiteinfo_dbs" "$default_dbs_rating")" + temp_db="$(xshok_database "$default_dbs_rating" "${securiteinfo_dbs[@]}")" fi + securiteinfo_dbs=( ) + securiteinfo_dbs=( $temp_db ) fi fi if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then if [ -n "$linuxmalwaredetect_dbs" ] ; then if [ -n "$linuxmalwaredetect_dbs_rating" ] ; then - linuxmalwaredetect_dbs="$(xshok_database "$linuxmalwaredetect_dbs" "$linuxmalwaredetect_dbs_rating")" + temp_db="$(xshok_database "$linuxmalwaredetect_dbs_rating" "${linuxmalwaredetect_dbs[@]}")" else - linuxmalwaredetect_dbs="$(xshok_database "$linuxmalwaredetect_dbs" "$default_dbs_rating")" + temp_db="$(xshok_database "$default_dbs_rating" "${linuxmalwaredetect_dbs[@]}")" fi + linuxmalwaredetect_dbs=( ) + linuxmalwaredetect_dbs=( $temp_db ) fi fi if [ "$yararulesproject_enabled" == "yes" ] ; then if [ -n "$yararulesproject_dbs" ] ; then if [ -n "$yararulesproject_dbs_rating" ] ; then - yararulesproject_dbs="$(xshok_database "$yararulesproject_dbs" "$yararulesproject_dbs_rating")" + temp_db="$(xshok_database "$yararulesproject_dbs_rating" "${yararulesproject_dbs[@]}")" else - yararulesproject_dbs="$(xshok_database "$yararulesproject_dbs" "$default_dbs_rating")" + temp_db="$(xshok_database "$default_dbs_rating" "${yararulesproject_dbs[@]}")" fi + yararulesproject_dbs=( ) + yararulesproject_dbs=( $temp_db ) fi fi @@ -1751,10 +1878,10 @@ if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then xshok_mkdir_ownership "$test_dir" cp -f "$work_dir"/*/*.ndb "$test_dir" $clamscan_bin --infected --no-summary -d "$test_dir" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' >> "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir"/* | cut -d "*" -f2 | sort | uniq > "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir"/* | cut -d "*" -f 2 | sort | uniq > "$work_dir_work_configs/whitelist.hex" cd "$test_dir" || exit for db_file in * ; do - [[ -e $db_file ]] || break # handle the case of no files + [[ -e $db_file ]] || break # Handle the case of no files $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$db_file" > "$db_file-tmp" mv -f "$db_file-tmp" "$db_file" if $clamscan_bin --quiet -d "$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then @@ -1774,7 +1901,7 @@ if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then fi else xshok_pretty_echo_and_log "WARNING: Cannot locate HAM directory: $ham_dir" - xshok_pretty_echo_and_log "Skipping initial whitelist file creation. Fix 'ham_dir' path in config file" + xshok_pretty_echo_and_log "Skipping initial whitelist file creation. Fix 'ham_dir' path in config file" fi fi @@ -1792,54 +1919,49 @@ xshok_mkdir_ownership "$work_dir_add" # Set secured access permissions to the GPG directory perms chmod -f 0700 "$work_dir_gpg" -# If we haven't done so yet, download Sanesecurity public GPG key and import to custom keyring. -if [ ! -s "$work_dir_gpg/publickey.gpg" ] ; then - if [ "$wget_bin" != "" ] ; then - #echo $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url" - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url" - ret="$?" - else - #echo $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url" - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url" +if [ "$enable_gpg" == "yes" ] ; then + # If we haven't done so yet, download Sanesecurity public GPG key and import to custom keyring. + if [ ! -s "$work_dir_gpg/publickey.gpg" ] ; then + xshok_file_download "$work_dir_gpg/publickey.gpg" "$sanesecurity_gpg_url" ret="$?" - fi - if [ "$ret" != "0" ] ; then - xshok_pretty_echo_and_log "ALERT: Could not download Sanesecurity public GPG key" "*" - exit 1 - else - xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully downloaded" + if [ "$ret" -ne 0 ] ; then + xshok_pretty_echo_and_log "ALERT: Could not download Sanesecurity public GPG key" "*" + exit 1 + else + xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully downloaded" + rm -f -- "$work_dir_gpg/ss-keyring.gp*" + if ! $gpg_bin -q --no-options --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --import "$work_dir_gpg/publickey.gpg" 2>/dev/null ; then + xshok_pretty_echo_and_log "ALERT: could not import Sanesecurity public GPG key to custom keyring" "*" + exit 1 + else + chmod -f 0644 "$work_dir_gpg/*.*" + xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully imported to custom keyring" + fi + fi + fi + + # If custom keyring is missing, try to re-import Sanesecurity public GPG key. + if [ ! -s "$work_dir_gpg/ss-keyring.gpg" ] ; then rm -f -- "$work_dir_gpg/ss-keyring.gp*" if ! $gpg_bin -q --no-options --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --import "$work_dir_gpg/publickey.gpg" 2>/dev/null ; then - xshok_pretty_echo_and_log "ALERT: could not import Sanesecurity public GPG key to custom keyring" "*" + xshok_pretty_echo_and_log "ALERT: Custom keyring MISSING or CORRUPT! Could not import Sanesecurity public GPG key to custom keyring" "*" exit 1 else chmod -f 0644 "$work_dir_gpg/*.*" - xshok_pretty_echo_and_log "Sanesecurity public GPG key successfully imported to custom keyring" + xshok_pretty_echo_and_log "Sanesecurity custom keyring MISSING! GPG key successfully re-imported to custom keyring" fi fi fi -# If custom keyring is missing, try to re-import Sanesecurity public GPG key. -if [ ! -s "$work_dir_gpg/ss-keyring.gpg" ] ; then - rm -f -- "$work_dir_gpg/ss-keyring.gp*" - if ! $gpg_bin -q --no-options --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --import "$work_dir_gpg/publickey.gpg" 2>/dev/null ; then - xshok_pretty_echo_and_log "ALERT: Custom keyring MISSING or CORRUPT! Could not import Sanesecurity public GPG key to custom keyring" "*" - exit 1 - else - chmod -f 0644 "$work_dir_gpg/*.*" - xshok_pretty_echo_and_log "Sanesecurity custom keyring MISSING! GPG key successfully re-imported to custom keyring" - fi -fi - # Database update check, time randomization section. This script now # provides support for both bash and non-bash enabled system shells. -if [ "$enable_random" = "yes" ] ; then +if [ "$enable_random" == "yes" ] ; then if [ -n "$RANDOM" ] ; then - sleep_time=$((RANDOM * $((max_sleep_time - min_sleep_time)) / 32767 + min_sleep_time)) + sleep_time="$((RANDOM * $((max_sleep_time - min_sleep_time)) / 32767 + min_sleep_time))" else - sleep_time=0 + sleep_time="0" while [ "$sleep_time" -lt "$min_sleep_time" ] || [ "$sleep_time" -gt "$max_sleep_time" ] ; do - sleep_time=$(head -1 /dev/urandom | cksum | awk '{print $2}') + sleep_time="$(head -n 1 /dev/urandom | cksum | awk '{print $2}')" done fi if [ ! -t 0 ] ; then @@ -1863,34 +1985,34 @@ fi # Create $current_dbsfiles containing lists of current and previously active 3rd-party databases # so that databases and/or backup files that are no longer being used can be removed. current_tmp="$work_dir_work_configs/current-dbs.tmp" -current_dbs="$work_dir_work_configs/current-dbs.txt" + +current_dbs_file="$work_dir_work_configs/current-dbs.txt" if [ "$sanesecurity_enabled" == "yes" ] ; then # Create the Sanesecurity rsync "include" file (defines which files to download). sanesecurity_include_dbs="$work_dir_work_configs/ss-include-dbs.txt" - if [ -n "$sanesecurity_dbs" ] ; then + if [ -n "${sanesecurity_dbs[0]}" ] ; then rm -f -- "$sanesecurity_include_dbs" "$work_dir_sanesecurity/*.sha256" - for db in $sanesecurity_dbs ; do - echo "$db" >> "$sanesecurity_include_dbs" - echo "$db.sig" >> "$sanesecurity_include_dbs" - - echo "$work_dir_sanesecurity/$db" >> "$current_tmp" - echo "$work_dir_sanesecurity/$db.sig" >> "$current_tmp" + for db_file in "${sanesecurity_dbs[@]}" ; do + echo "$db_file" >> "$sanesecurity_include_dbs" + echo "$db_file.sig" >> "$sanesecurity_include_dbs" + echo "$work_dir_sanesecurity/$db_file" >> "$current_tmp" + echo "$work_dir_sanesecurity/$db_file.sig" >> "$current_tmp" clamav_files done fi fi if [ "$securiteinfo_enabled" == "yes" ] ; then - if [ -n "$securiteinfo_dbs" ] ; then - for db in $securiteinfo_dbs ; do + if [ -n "${securiteinfo_dbs[0]}" ] ; then + for db in "${securiteinfo_dbs[@]}" ; do echo "$work_dir_securiteinfo/$db" >> "$current_tmp" clamav_files done fi fi if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then - if [ -n "$linuxmalwaredetect_dbs" ] ; then - for db in $linuxmalwaredetect_dbs ; do + if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then + for db in "${linuxmalwaredetect_dbs[@]}" ; do echo "$work_dir_linuxmalwaredetect/$db" >> "$current_tmp" clamav_files done @@ -1903,10 +2025,10 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then fi fi if [ "$yararulesproject_enabled" == "yes" ] ; then - if [ -n "$yararulesproject_dbs" ] ; then - for db in $yararulesproject_dbs ; do + if [ -n "${yararulesproject_dbs[0]}" ] ; then + for db in "${yararulesproject_dbs[@]}" ; do if echo "$db" | $grep_bin -q "/"; then - db=$(echo "$db" | cut -d"/" -f2) + db="$(echo "$db" | cut -d "/" -f 2)" fi echo "$work_dir_yararulesproject/$db" >> "$current_tmp" clamav_files @@ -1915,30 +2037,30 @@ if [ "$yararulesproject_enabled" == "yes" ] ; then fi if [ "$additional_enabled" == "yes" ] ; then if [ -n "$additional_dbs" ] ; then - for db in $additional_dbs ; do + for db in "${additional_dbs[@]}" ; do echo "$work_dir_add/$db" >> "$current_tmp" clamav_files done fi fi -sort "$current_tmp" > "$current_dbs" 2>/dev/null +sort "$current_tmp" > "$current_dbs_file" 2>/dev/null rm -f "$current_tmp" # Remove 3rd-party databases and/or backup files that are no longer being used. if [ "$remove_disabled_databases" == "yes" ] ; then previous_dbs="$work_dir_work_configs/previous-dbs.txt" - sort "$current_dbs" > "$previous_dbs" 2>/dev/null - #do not remove the current_dbs - #rm -f "$current_dbs" + sort "$current_dbs_file" > "$previous_dbs" 2>/dev/null + # Do not remove the current_dbs_file + #rm -f "$current_dbs_file" db_changes="$work_dir_work_configs/db-changes.txt" if [ ! -s "$previous_dbs" ] ; then - cp -f "$current_dbs" "$previous_dbs" 2>/dev/null + cp -f "$current_dbs_file" "$previous_dbs" 2>/dev/null fi - diff "$current_dbs" "$previous_dbs" 2>/dev/null | $grep_bin '>' | awk '{print $2}' > "$db_changes" + diff "$current_dbs_file" "$previous_dbs" 2>/dev/null | $grep_bin ">" | awk '{print $2}' > "$db_changes" if [ -r "$db_changes" ] ; then if $grep_bin -vq "bak" "$db_changes" 2>/dev/null ; then - do_clamd_reload=2 + do_clamd_reload="2" fi while read -r file ; do rm -f -- "$file" @@ -1949,156 +2071,160 @@ fi # Create "purge.txt" file for package maintainers to support package uninstall. purge="$work_dir_work_configs/purge.txt" -cp -f "$current_dbs" "$purge" -{ -echo "$work_dir_work_configs/current-dbs.txt" -echo "$work_dir_work_configs/db-changes.txt" -echo "$work_dir_work_configs/last-mbl-update.txt" -echo "$work_dir_work_configs/last-si-update.txt" -echo "$work_dir_work_configs/local.ign" -echo "$work_dir_work_configs/monitor-ign.txt" -echo "$work_dir_work_configs/my-whitelist.ign2" -echo "$work_dir_work_configs/tracker.txt" -echo "$work_dir_work_configs/previous-dbs.txt" -echo "$work_dir_work_configs/scan-test.txt" -echo "$work_dir_work_configs/ss-include-dbs.txt" -echo "$work_dir_work_configs/whitelist.hex" -echo "$work_dir_gpg/publickey.gpg" -echo "$work_dir_gpg/secring.gpg" -echo "$work_dir_gpg/ss-keyring.gpg*" -echo "$work_dir_gpg/trustdb.gpg" -echo "$log_file_path/$log_file_name*" -echo "$work_dir_work_configs/purge.txt" +cp -f "$current_dbs_file" "$purge" +{ + echo "$work_dir_work_configs/current-dbs.txt" + echo "$work_dir_work_configs/db-changes.txt" + echo "$work_dir_work_configs/last-mbl-update.txt" + echo "$work_dir_work_configs/last-si-update.txt" + echo "$work_dir_work_configs/local.ign" + echo "$work_dir_work_configs/monitor-ign.txt" + echo "$work_dir_work_configs/my-whitelist.ign2" + echo "$work_dir_work_configs/tracker.txt" + echo "$work_dir_work_configs/previous-dbs.txt" + echo "$work_dir_work_configs/scan-test.txt" + echo "$work_dir_work_configs/ss-include-dbs.txt" + echo "$work_dir_work_configs/whitelist.hex" + echo "$work_dir_gpg/publickey.gpg" + echo "$work_dir_gpg/secring.gpg" + echo "$work_dir_gpg/ss-keyring.gpg*" + echo "$work_dir_gpg/trustdb.gpg" + echo "$log_file_path/$log_file_name*" + echo "$work_dir_work_configs/purge.txt" } >> "$purge" # Check and save current system time since epoch for time related database downloads. # However, if unsuccessful, issue a warning that we cannot calculate times since epoch. -if [ -n "$securiteinfo_dbs" ] || [ -n "$malwarepatrol_db" ] ; then - current_time=$(date "+%s" 2> /dev/null) +if [ -n "${securiteinfo_dbs[0]}" ] || [ -n "$malwarepatrol_db" ] ; then + current_time="$(date "+%s" 2> /dev/null)" current_time="${current_time//[^0-9]/}" current_time="$((current_time + 0))" if [ "$current_time" -le 0 ] ; then - current_time=$(perl -le print+time 2> /dev/null) + current_time="$(perl -le print+time 2> /dev/null)" fi if [ "$current_time" -le 0 ] ; then xshok_pretty_echo_and_log "WARNING: No support for 'date +%s' or 'perl' was not found , SecuriteInfo and MalwarePatrol updates bypassed" "=" - securiteinfo_dbs="" - malwarepatrol_db="" + securiteinfo_dbs=() + malwarepatrol_db=() fi fi ################################################################ # Check for Sanesecurity database & GPG signature file updates # ################################################################ + if [ "$sanesecurity_enabled" == "yes" ] ; then - if [ -n "$sanesecurity_dbs" ] ; then - ##if [ ${#sanesecurity_dbs[@]} -lt "1" ] ; then ##will not work due to compound array assignment - if [ "$(xshok_array_count "$sanesecurity_dbs")" -lt "1" ] ; then + if [ -n "${sanesecurity_dbs[0]}" ] ; then + if [ ${#sanesecurity_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed sanesecurity_dbs config is invalid or not defined - SKIPPING" else if [ -r "$work_dir_work_configs/last-ss-update.txt" ] ; then - last_sanesecurity_update=$(cat "$work_dir_work_configs/last-ss-update.txt") + last_sanesecurity_update="$(cat "$work_dir_work_configs/last-ss-update.txt")" else last_sanesecurity_update="0" fi db_file="" - update_interval=$((sanesecurity_update_hours * 3600)) - time_interval=$((current_time - last_sanesecurity_update)) + update_interval="$((sanesecurity_update_hours * 3600))" + time_interval="$((current_time - last_sanesecurity_update))" if [ "$time_interval" -ge $((update_interval - 600)) ] ; then echo "$current_time" > "$work_dir_work_configs/last-ss-update.txt" xshok_pretty_echo_and_log "Sanesecurity Database & GPG Signature File Updates" "=" xshok_pretty_echo_and_log "Checking for Sanesecurity updates..." - sanesecurity_mirror_ips=$(dig +ignore +short "$sanesecurity_url") - #add fallback to host if dig returns no records - if [ "$(xshok_array_count "$sanesecurity_mirror_ips")" -lt 1 ] ; then - sanesecurity_mirror_ips=$(host -t A "$sanesecurity_url" | sed -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}') + sanesecurity_mirror_ips="$(dig +ignore +short "$sanesecurity_url")" + # Add fallback to host if dig returns no records + if [ ${#sanesecurity_mirror_ips} -lt 1 ] ; then + sanesecurity_mirror_ips="$(host -t A "$sanesecurity_url" | sed -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}')" fi - if [ "$(xshok_array_count "$sanesecurity_mirror_ips")" -ge "1" ] ; then + if [ ${#sanesecurity_mirror_ips} -ge 1 ] ; then for sanesecurity_mirror_ip in $sanesecurity_mirror_ips ; do sanesecurity_mirror_name="" - sanesecurity_mirror_name=$(dig +short -x "$sanesecurity_mirror_ip" | command sed 's/\.$//') - #add fallback to host if dig returns no records - if [ "$sanesecurity_mirror_name" == "" ] ; then - sanesecurity_mirror_name=$(host "$sanesecurity_mirror_ip" | sed -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}') + sanesecurity_mirror_name="$(dig +short -x "$sanesecurity_mirror_ip" | command sed 's/\.$//')" + # Add fallback to host if dig returns no records + if [ -z "$sanesecurity_mirror_name" ] ; then + sanesecurity_mirror_name="$(host "$sanesecurity_mirror_ip" | sed -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}')" fi sanesecurity_mirror_site_info="$sanesecurity_mirror_name $sanesecurity_mirror_ip" xshok_pretty_echo_and_log "Sanesecurity mirror site used: $sanesecurity_mirror_site_info" + # shellcheck disable=SC2086 $rsync_bin $rsync_output_level $no_motd --files-from="$sanesecurity_include_dbs" -ctuz $connect_timeout --timeout="$rsync_max_time" "rsync://$sanesecurity_mirror_ip/sanesecurity" "$work_dir_sanesecurity" 2>/dev/null - if [ "$?" -eq "0" ] ; then #the correct way + ret="$?" + if [ "$ret" -eq 0 ] || [ "$ret" -eq 23 ] ; then # The correct way, 23 is some files were not transfered, can be ignored and we can assume a success sanesecurity_rsync_success="1" - for db_file in $sanesecurity_dbs ; do + for db_file in "${sanesecurity_dbs[@]}" ; do if ! cmp -s "$work_dir_sanesecurity/$db_file" "$clam_dbs/$db_file" ; then xshok_pretty_echo_and_log "Testing updated Sanesecurity database file: $db_file" - if ! $gpg_bin --trust-model always -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null ; then - $gpg_bin --always-trust -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null - ret="$?" - else - ret="0" - fi - if [ "$ret" -eq "0" ] ; then - test "$gpg_silence" = "no" && xshok_pretty_echo_and_log "Sanesecurity GPG Signature tested good on $db_file database" - true - else - xshok_pretty_echo_and_log "Sanesecurity GPG Signature test FAILED on $db_file database - SKIPPING" - false - fi - if [ "$?" -eq "0" ] ; then - db_ext=$(echo "$db_file" | cut -d "." -f2) - if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then - if $clamscan_bin --quiet -d "$work_dir_sanesecurity/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_sanesecurity/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_sanesecurity/$db_file" - fi - fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_sanesecurity/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" - fi - xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file" - sanesecurity_update=1 - do_clamd_reload=1 + + if [ "$enable_gpg" == "yes" ] ; then + if ! $gpg_bin --trust-model always -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null ; then + $gpg_bin --always-trust -q --no-default-keyring --homedir "$work_dir_gpg" --keyring "$work_dir_gpg/ss-keyring.gpg" --verify "$work_dir_sanesecurity/$db_file.sig" "$work_dir_sanesecurity/$db_file" 2>/dev/null + ret="$?" else - xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING" - false + ret="0" fi - else - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_sanesecurity/$db_file" > "$test_dir/$db_file" - $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" - mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" - if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good" - true + if [ "$ret" -eq 0 ] ; then + test "$gpg_silence" = "no" && xshok_pretty_echo_and_log "Sanesecurity GPG Signature tested good on $db_file database" else - xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD" - ##DO NOT KILL THIS DB - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" + xshok_pretty_echo_and_log "Sanesecurity GPG Signature test FAILED on $db_file database - SKIPPING" + fi + fi + if [ "$ret" -eq 0 ] ; then + db_ext="${db_file#*.}" + if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then + if $clamscan_bin --quiet -d "$work_dir_sanesecurity/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_sanesecurity/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_sanesecurity/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_sanesecurity/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + + xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file" + sanesecurity_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING" + false fi - xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file" - sanesecurity_update=1 - do_clamd_reload=1 else - xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_sanesecurity/$db_file" > "$test_dir/$db_file" + $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" + if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested BAD" + # DO NOT KILL THIS DB + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated Sanesecurity production database file: $db_file" + sanesecurity_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING" + fi fi fi fi - fi done - if [ "$sanesecurity_update" != "1" ] ; then + if [ ! "$sanesecurity_update" == "1" ] ; then xshok_pretty_echo_and_log "No Sanesecurity database file updates found" "-" break else @@ -2108,7 +2234,7 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then xshok_pretty_echo_and_log "Connection to $sanesecurity_mirror_site_info failed - Trying next mirror site..." fi done - if [ "$sanesecurity_rsync_success" != "1" ] ; then + if [ ! "$sanesecurity_rsync_success" == "1" ] ; then xshok_pretty_echo_and_log "Access to all Sanesecurity mirror sites failed - Check for connectivity issues" xshok_pretty_echo_and_log "or signature database name(s) misspelled in the script's configuration file." fi @@ -2117,26 +2243,25 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then fi else xshok_pretty_echo_and_log "Sanesecurity Database File Updates" "=" - - time_remaining=$((update_interval - time_interval)) - hours_left=$((time_remaining / 3600)) - minutes_left=$((time_remaining % 3600 / 60)) - xshok_pretty_echo_and_log "$sanesecurity_update_hours hours have not yet elapsed since the last sanesecurity update check" - xshok_pretty_echo_and_log "No update check was performed at this time" "-" - xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" + xshok_draw_time_remaining "$((update_interval - time_interval))" "$sanesecurity_update_hours" "sanesecurity" fi fi fi else - if [ -n "$sanesecurity_dbs" ] ; then + if [ -n "${sanesecurity_dbs[0]}" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled Sanesecurity Database files" - for db_file in $sanesecurity_dbs ; do + for db_file in "${sanesecurity_dbs[@]}" ; do + if echo "$db_file" | $grep_bin -q "|"; then + db_file="${db_file%|*}" + fi if [ -r "$work_dir_sanesecurity/$db_file" ] ; then - rm -f "$work_dir_sanesecurity/$db_file"* + xshok_pretty_echo_and_log "Removing $work_dir_sanesecurity/$db_file" + rm -f "$work_dir_sanesecurity/$db_file" do_clamd_reload=1 fi if [ -r "$clam_dbs/$db_file" ] ; then + xshok_pretty_echo_and_log "Removing $clam_dbs/$db_file" rm -f "$clam_dbs/$db_file" do_clamd_reload=1 fi @@ -2146,143 +2271,136 @@ else fi ############################################################################################################################################## -# Check for updated SecuriteInfo database files every set number of hours as defined in the "USER CONFIGURATION" section of this script # +# Check for updated SecuriteInfo database files every set number of hours as defined in the "USER CONFIGURATION" section of this script # ############################################################################################################################################## if [ "$securiteinfo_enabled" == "yes" ] ; then if [ "$securiteinfo_authorisation_signature" != "YOUR-SIGNATURE-NUMBER" ] ; then if [ -n "$securiteinfo_dbs" ] ; then - if [ "$(xshok_array_count "$securiteinfo_dbs")" -lt "1" ] ; then + if [ ${#securiteinfo_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed securiteinfo_dbs config is invalid or not defined - SKIPPING" else - rm -f "$work_dir_securiteinfo/*.gz" - if [ -r "$work_dir_work_configs/last-si-update.txt" ] ; then - last_securiteinfo_update=$(cat "$work_dir_work_configs/last-si-update.txt") - else - last_securiteinfo_update="0" - fi - db_file="" - loop="" - update_interval=$((securiteinfo_update_hours * 3600)) - time_interval=$((current_time - last_securiteinfo_update)) - if [ "$time_interval" -ge $((update_interval - 600)) ] ; then - echo "$current_time" > "$work_dir_work_configs/last-si-update.txt" - xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "=" - xshok_pretty_echo_and_log "Checking for SecuriteInfo updates..." - securiteinfo_updates="0" - for db_file in $securiteinfo_dbs ; do - if [ "$loop" = "1" ] ; then - xshok_pretty_echo_and_log "---" - fi - xshok_pretty_echo_and_log "Checking for updated SecuriteInfo database file: $db_file" - securiteinfo_db_update="0" - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_securiteinfo/$db_file" "$securiteinfo_url/$securiteinfo_authorisation_signature/$db_file" - ret="$?" - else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_securiteinfo/$db_file" "$securiteinfo_url/$securiteinfo_authorisation_signature/$db_file" + rm -f "$work_dir_securiteinfo/*.gz" + if [ -r "$work_dir_work_configs/last-si-update.txt" ] ; then + last_securiteinfo_update="$(cat "$work_dir_work_configs/last-si-update.txt")" + else + last_securiteinfo_update="0" + fi + db_file="" + loop="" + update_interval="$((securiteinfo_update_hours * 3600))" + time_interval="$((current_time - last_securiteinfo_update))" + if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then + echo "$current_time" > "$work_dir_work_configs/last-si-update.txt" + xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "=" + xshok_pretty_echo_and_log "Checking for SecuriteInfo updates..." + securiteinfo_updates="0" + for db_file in "${securiteinfo_dbs[@]}" ; do + if [ "$loop" == "1" ] ; then + xshok_pretty_echo_and_log "---" + fi + xshok_pretty_echo_and_log "Checking for updated SecuriteInfo database file: $db_file" + securiteinfo_db_update="0" + xshok_file_download "$work_dir_securiteinfo/$db_file" "$securiteinfo_url/$securiteinfo_authorisation_signature/$db_file" ret="$?" - fi - if [ "$ret" -eq "0" ] ; then - loop="1" - if ! cmp -s "$work_dir_securiteinfo/$db_file" "$clam_dbs/$db_file" ; then - if [ "$?" -eq "0" ] ; then - db_ext=$(echo "$db_file" | cut -d "." -f2) - - - xshok_pretty_echo_and_log "Testing updated SecuriteInfo database file: $db_file" - if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] + if [ "$ret" -eq 0 ] ; then + loop="1" + if ! cmp -s "$work_dir_securiteinfo/$db_file" "$clam_dbs/$db_file" ; then + if [ $? -eq 0 ] ; then + db_ext="${db_file#*.}" + + xshok_pretty_echo_and_log "Testing updated SecuriteInfo database file: $db_file" + if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] then - if $clamscan_bin --quiet -d "$work_dir_securiteinfo/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null + if $clamscan_bin --quiet -d "$work_dir_securiteinfo/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null then - xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_securiteinfo/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file" + xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_securiteinfo/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file" + fi fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_securiteinfo/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file" + securiteinfo_updates=1 + securiteinfo_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING" fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_securiteinfo/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" - fi - xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file" - securiteinfo_updates=1 - securiteinfo_db_update=1 - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING" - fi - else - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_securiteinfo/$db_file" > "$test_dir/$db_file" - $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" - mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" - if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null - then - xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD" - rm -f "$work_dir_securiteinfo/$db_file" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_securiteinfo/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file" - fi - fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" + else + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_securiteinfo/$db_file" > "$test_dir/$db_file" + $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" + if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null + then + xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports SecuriteInfo $db_file database integrity tested BAD" + rm -f "$work_dir_securiteinfo/$db_file" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_securiteinfo/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_securiteinfo/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file" + securiteinfo_updates=1 + securiteinfo_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING" + fi + fi fi - xshok_pretty_echo_and_log "Successfully updated SecuriteInfo production database file: $db_file" - securiteinfo_updates=1 - securiteinfo_db_update=1 - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING" fi + else + xshok_pretty_echo_and_log "Failed connection to $securiteinfo_url - SKIPPED SecuriteInfo $db_file update" fi + if [ "$securiteinfo_db_update" != "1" ] ; then + xshok_pretty_echo_and_log "No updated SecuriteInfo $db_file database file found" "-" + fi + done + if [ "$securiteinfo_updates" != "1" ] ; then + xshok_pretty_echo_and_log "No SecuriteInfo database file updates found" "-" fi + else + xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "=" + xshok_draw_time_remaining "$((update_interval - time_interval))" "$securiteinfo_update_hours" "SecuriteInfo" fi - else - xshok_pretty_echo_and_log "Failed connection to $securiteinfo_url - SKIPPED SecuriteInfo $db_file update" - fi - if [ "$securiteinfo_db_update" != "1" ] ; then - xshok_pretty_echo_and_log "No updated SecuriteInfo $db_file database file found" "-" fi - done - if [ "$securiteinfo_updates" != "1" ] ; then - xshok_pretty_echo_and_log "No SecuriteInfo database file updates found" "-" fi - else - xshok_pretty_echo_and_log "SecuriteInfo Database File Updates" "=" - - time_remaining=$((update_interval - time_interval)) - hours_left=$((time_remaining / 3600)) - minutes_left=$((time_remaining % 3600 / 60)) - xshok_pretty_echo_and_log "$securiteinfo_update_hours hours have not yet elapsed since the last SecuriteInfo update check" - xshok_pretty_echo_and_log "No update check was performed at this time" "-" - xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" - fi - fi - fi fi else if [ -n "$securiteinfo_dbs" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled SecuriteInfo Database files" - for db_file in $securiteinfo_dbs ; do + for db_file in "${securiteinfo_dbs[@]}" ; do + if echo "$db_file" | $grep_bin -q "|"; then + db_file="${db_file%|*}" + fi if [ -r "$work_dir_securiteinfo/$db_file" ] ; then + xshok_pretty_echo_and_log "Removing $work_dir_securiteinfo/$db_file" rm -f "$work_dir_securiteinfo/$db_file" do_clamd_reload=1 fi if [ -r "$clam_dbs/$db_file" ] ; then + xshok_pretty_echo_and_log "Removing $clam_dbs/$db_file" rm -f "$clam_dbs/$db_file" do_clamd_reload=1 fi @@ -2293,141 +2411,133 @@ fi ############################################################################################################################################## -# Check for updated linuxmalwaredetect database files every set number of hours as defined in the "USER CONFIGURATION" section of this script +# Check for updated linuxmalwaredetect database files every set number of hours as defined in the "USER CONFIGURATION" section of this script ############################################################################################################################################## if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then - if [ -n "$linuxmalwaredetect_dbs" ] ; then - if [ "$(xshok_array_count "$linuxmalwaredetect_dbs")" -lt "1" ] ; then + if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then + if [ ${#linuxmalwaredetect_dbs} -lt 1 ] ; then xshok_pretty_echo_and_log "Failed linuxmalwaredetect_dbs config is invalid or not defined - SKIPPING" else - rm -f "$work_dir_linuxmalwaredetect/*.gz" - if [ -r "$work_dir_work_configs/last-linuxmalwaredetect-update.txt" ] ; then - last_linuxmalwaredetect_update=$(cat "$work_dir_work_configs/last-linuxmalwaredetect-update.txt") - else - last_linuxmalwaredetect_update="0" - fi - db_file="" - loop="" - update_interval=$((linuxmalwaredetect_update_hours * 3600)) - time_interval=$((current_time - last_linuxmalwaredetect_update)) - if [ "$time_interval" -ge $((update_interval - 600)) ] ; then - echo "$current_time" > "$work_dir_work_configs/last-linuxmalwaredetect-update.txt" - - xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "=" - xshok_pretty_echo_and_log "Checking for linuxmalwaredetect updates..." - linuxmalwaredetect_updates="0" - for db_file in $linuxmalwaredetect_dbs ; do - if [ "$loop" = "1" ] ; then - xshok_pretty_echo_and_log "---" - fi - xshok_pretty_echo_and_log "Checking for updated linuxmalwaredetect database file: $db_file" - - linuxmalwaredetect_db_update="0" - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_linuxmalwaredetect/$db_file" "$linuxmalwaredetect_url/$db_file" - ret="$?" - else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_linuxmalwaredetect/$db_file" "$linuxmalwaredetect_url/$db_file" + rm -f "$work_dir_linuxmalwaredetect/*.gz" + if [ -r "$work_dir_work_configs/last-linuxmalwaredetect-update.txt" ] ; then + last_linuxmalwaredetect_update="$(cat "$work_dir_work_configs/last-linuxmalwaredetect-update.txt")" + else + last_linuxmalwaredetect_update="0" + fi + db_file="" + loop="" + update_interval="$((linuxmalwaredetect_update_hours * 3600))" + time_interval="$((current_time - last_linuxmalwaredetect_update))" + if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then + echo "$current_time" > "$work_dir_work_configs/last-linuxmalwaredetect-update.txt" + + xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "=" + xshok_pretty_echo_and_log "Checking for linuxmalwaredetect updates..." + linuxmalwaredetect_updates="0" + for db_file in "${linuxmalwaredetect_dbs[@]}" ; do + if [ "$loop" == "1" ] ; then + xshok_pretty_echo_and_log "---" + fi + xshok_pretty_echo_and_log "Checking for updated linuxmalwaredetect database file: $db_file" + linuxmalwaredetect_db_update="0" + xshok_file_download "$work_dir_linuxmalwaredetect/$db_file" "$linuxmalwaredetect_url/$db_file" ret="$?" - fi - if [ "$ret" -eq "0" ] ; then - loop="1" - if ! cmp -s "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs/$db_file" ; then - if [ "$?" -eq "0" ] ; then - db_ext=$(echo "$db_file" | cut -d "." -f2) - - xshok_pretty_echo_and_log "Testing updated linuxmalwaredetect database file: $db_file" - if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then - if $clamscan_bin --quiet -d "$work_dir_linuxmalwaredetect/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null + if [ "$ret" -eq 0 ] ; then + loop="1" + if ! cmp -s "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs/$db_file" ; then + if [ $? -eq 0 ] ; then + db_ext="${db_file#*.}" + + xshok_pretty_echo_and_log "Testing updated linuxmalwaredetect database file: $db_file" + if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then + if $clamscan_bin --quiet -d "$work_dir_linuxmalwaredetect/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null then - xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file" + xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/local.ign" fi + xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file" + linuxmalwaredetect_updates=1 + linuxmalwaredetect_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING" fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/local.ign" - fi - xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file" - linuxmalwaredetect_updates=1 - linuxmalwaredetect_db_update=1 - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING" - fi - else - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_linuxmalwaredetect/$db_file" > "$test_dir/$db_file" - $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" - mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" - if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file" + else + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_linuxmalwaredetect/$db_file" > "$test_dir/$db_file" + $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" + if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_linuxmalwaredetect/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_linuxmalwaredetect/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file" + linuxmalwaredetect_updates=1 + linuxmalwaredetect_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING" fi fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" fi - xshok_pretty_echo_and_log "Successfully updated linuxmalwaredetect production database file: $db_file" - linuxmalwaredetect_updates=1 - linuxmalwaredetect_db_update=1 - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING" fi + else + xshok_pretty_echo_and_log "WARNING: Failed connection to $linuxmalwaredetect_url - SKIPPED linuxmalwaredetect $db_file update" fi + if [ "$linuxmalwaredetect_db_update" != "1" ] ; then + + xshok_pretty_echo_and_log "No updated linuxmalwaredetect $db_file database file found" + fi + done + if [ "$linuxmalwaredetect_updates" != "1" ] ; then + xshok_pretty_echo_and_log "No linuxmalwaredetect database file updates found" "-" fi + else + xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "=" + xshok_draw_time_remaining "$((update_interval - time_interval))" "$linuxmalwaredetect_update_hours" "linuxmalwaredetect" fi - else - xshok_pretty_echo_and_log "WARNING: Failed connection to $linuxmalwaredetect_url - SKIPPED linuxmalwaredetect $db_file update" - fi - if [ "$linuxmalwaredetect_db_update" != "1" ] ; then - - xshok_pretty_echo_and_log "No updated linuxmalwaredetect $db_file database file found" fi - done - if [ "$linuxmalwaredetect_updates" != "1" ] ; then - xshok_pretty_echo_and_log "No linuxmalwaredetect database file updates found" "-" fi else - - xshok_pretty_echo_and_log "linuxmalwaredetect Database File Updates" "=" - - time_remaining=$((update_interval - time_interval)) - hours_left=$((time_remaining / 3600)) - minutes_left=$((time_remaining % 3600 / 60)) - xshok_pretty_echo_and_log "$linuxmalwaredetect_update_hours hours have not yet elapsed since the last linux malware detect update check" - xshok_pretty_echo_and_log "No update check was performed at this time" "-" - xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" -fi -fi -fi -else - if [ -n "$linuxmalwaredetect_dbs" ] ; then + if [ -n "${linuxmalwaredetect_dbs[0]}" ] ; then if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled linuxmalwaredetect Database files" - for db_file in $linuxmalwaredetect_dbs ; do + for db_file in "${linuxmalwaredetect_dbs[@]}" ; do + if echo "$db_file" | $grep_bin -q "|"; then + db_file="${db_file%|*}" + fi if [ -r "$work_dir_linuxmalwaredetect/$db_file" ] ; then + xshok_pretty_echo_and_log "Removing $work_dir_linuxmalwaredetect/$db_file" rm -f "$work_dir_linuxmalwaredetect/$db_file" do_clamd_reload=1 fi if [ -r "$clam_dbs/$db_file" ] ; then + xshok_pretty_echo_and_log "Removing $clam_dbs/$db_file" rm -f "$clam_dbs/$db_file" do_clamd_reload=1 fi @@ -2438,27 +2548,27 @@ fi ########################################################################################################################################## -# Download MalwarePatrol database file every set number of hours as defined in the "USER CONFIGURATION" section of this script. # +# Download MalwarePatrol database file every set number of hours as defined in the "USER CONFIGURATION" section of this script. # ########################################################################################################################################## if [ "$malwarepatrol_enabled" == "yes" ] ; then if [ "$malwarepatrol_receipt_code" != "YOUR-RECEIPT-NUMBER" ] ; then if [ -n "$malwarepatrol_db" ] ; then if [ -r "$work_dir_work_configs/last-mbl-update.txt" ] ; then - last_malwarepatrol_update=$(cat "$work_dir_work_configs/last-mbl-update.txt") + last_malwarepatrol_update="$(cat "$work_dir_work_configs/last-mbl-update.txt")" else last_malwarepatrol_update="0" fi db_file="" - update_interval=$((malwarepatrol_update_hours * 3600)) - time_interval=$((current_time - last_malwarepatrol_update)) - if [ "$time_interval" -ge $((update_interval - 600)) ] ; then + update_interval="$((malwarepatrol_update_hours * 3600))" + time_interval="$((current_time - last_malwarepatrol_update))" + if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then echo "$current_time" > "$work_dir_work_configs"/last-mbl-update.txt xshok_pretty_echo_and_log "Checking for MalwarePatrol updates..." # Delete the old MBL (mbl.db) database file if it exists and start using the newer # format (mbl.ndb) database file instead. # test -e $clam_dbs/$malwarepatrol_db -o -e $clam_dbs/$malwarepatrol_db-bak && rm -f -- "$clam_dbs/mbl.d*" - # remove the .db is th new format if ndb and + # Remove the .db is the new format if ndb and # symetrically if [ "$malwarepatrol_db" == "malwarepatrol.db" ] && [ -f "$clam_dbs/malwarepatrol.ndb" ] ; then rm "$clam_dbs/malwarepatrol.ndb"; @@ -2472,618 +2582,588 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then malwarepatrol_reloaded=0 if [ "$malwarepatrol_free" == "yes" ] ; then - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code" - ret="$?" - else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code" - ret="$?" - fi - if [ "$ret" -eq "0" ] ; then + xshok_file_download "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code" + ret="$?" + if [ "$ret" -eq 0 ] ; then if ! cmp -s "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db" ; then - if [ "$?" -eq "0" ] ; then + if [ $? -eq 0 ] ; then malwarepatrol_reloaded=1 else malwarepatrol_reloaded=2 fi fi - else # wget failed + else # Wget failed malwarepatrol_reloaded=-1 fi - else # The not free branch - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_malwarepatrol/$malwarepatrol_db.md5" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code&hash=1" - ret="$?" - else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_malwarepatrol/$malwarepatrol_db.md5" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code&hash=1" - ret="$?" - fi - if [ "$ret" -eq "0" ] ; then + xshok_file_download "$work_dir_malwarepatrol/$malwarepatrol_db.md5" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code&hash=1" + ret="$?" + if [ "$ret" -eq 0 ] ; then if [ -f "$clam_dbs/$malwarepatrol_db" ] ; then - malwarepatrol_md5=$(openssl md5 -r "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d" " -f1) + malwarepatrol_md5="$(openssl md5 -r "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d " " -f 1)" if [ ! "$malwarepatrol_md5" ] ; then - #fallback for missing -r option - malwarepatrol_md5=$(openssl md5 "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d" " -f2) + # Fallback for missing -r option + malwarepatrol_md5="$(openssl md5 "$clam_dbs/$malwarepatrol_db" 2>/dev/null | cut -d " " -f 2)" fi fi - malwarepatrol_md5_new=$(cat "$work_dir_malwarepatrol/$malwarepatrol_db.md5") + malwarepatrol_md5_new="$(cat "$work_dir_malwarepatrol/$malwarepatrol_db.md5")" if [ -n "$malwarepatrol_md5_new" ] && [ "$malwarepatrol_md5" != "$malwarepatrol_md5_new" ] ; then - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code" - ret="$?" - else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code" - ret="$?" - fi - if [ "$ret" -eq "0" ] ; then - malwarepatrol_reloaded=1 - else # wget DB fail - malwarepatrol_reloaded=-1 - fi # wget DB + xshok_file_download "$work_dir_malwarepatrol/$malwarepatrol_db" "$malwarepatrol_url&receipt=$malwarepatrol_receipt_code" + ret="$?" + if [ "$ret" -eq 0 ] ; then + malwarepatrol_reloaded="1" + else # Wget DB fail + malwarepatrol_reloaded="-1" + fi # Wget DB fi # MD5 not equal - else # wget MD5 fail - malwarepatrol_reloaded=-1 - fi # wget md5 + else # Wget MD5 fail + malwarepatrol_reloaded="-1" + fi # Wget MD5 fi - case "$malwarepatrol_reloaded" in - 1) # database was updated, need test and reload - xshok_pretty_echo_and_log "Testing updated MalwarePatrol database file: $malwarepatrol_db" - if $clamscan_bin --quiet -d "$work_dir_malwarepatrol/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_malwarepatrol/$malwarepatrol_db" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_malwarepatrol/$malwarepatrol_db" + case "$malwarepatrol_reloaded" in + 1) # Database was updated, need test and reload + xshok_pretty_echo_and_log "Testing updated MalwarePatrol database file: $malwarepatrol_db" + if $clamscan_bin --quiet -d "$work_dir_malwarepatrol/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_malwarepatrol/$malwarepatrol_db" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_malwarepatrol/$malwarepatrol_db" + fi fi - fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$malwarepatrol_db" + false + fi \ + && ( + test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null + true + ) \ + && if $rsync_bin -pcqt "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$malwarepatrol_db" + fi + xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db" + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING" + fi + ;; # The strange case when $? != 0 in the original + 2) + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_malwarepatrol/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db" + $clamscan_bin --infected --no-summary -d "$test_dir/$malwarepatrol_db" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$malwarepatrol_db" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db-tmp" + mv -f "$test_dir/$malwarepatrol_db-tmp" "$test_dir/$malwarepatrol_db" + if $clamscan_bin --quiet -d "$test_dir/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$test_dir/$malwarepatrol_db" ; then + xshok_pretty_echo_and_log "Removed invalid database: $test_dir/$malwarepatrol_db" + fi + fi + false + fi \ + && ( + test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null + true + ) \ + && if $rsync_bin -pcqt "$test_dir/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$malwarepatrol_db" + fi + xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db" + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING" + fi + ;; + 0) # The database did not update + xshok_pretty_echo_and_log "MalwarePatrol signature database ($malwarepatrol_db) did not change - skipping" + ;; + -1) # Wget failed + xshok_pretty_echo_and_log "WARNING - Failed connection to $malwarepatrol_url - SKIPPED MalwarePatrol $malwarepatrol_db update" + ;; + esac + + else + xshok_pretty_echo_and_log "MalwarePatrol Database File Update" "=" + xshok_draw_time_remaining "$((update_interval - time_interval))" "$malwarepatrol_update_hours" "MalwarePatrol" fi - xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db" - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING" fi - ;; # The strange case when $? != 0 in the original - 2) - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_malwarepatrol/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db" - $clamscan_bin --infected --no-summary -d "$test_dir/$malwarepatrol_db" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$malwarepatrol_db" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db-tmp" - mv -f "$test_dir/$malwarepatrol_db-tmp" "$test_dir/$malwarepatrol_db" - if $clamscan_bin --quiet -d "$test_dir/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$test_dir/$malwarepatrol_db" ; then - xshok_pretty_echo_and_log "Removed invalid database: $test_dir/$malwarepatrol_db" - fi + fi + else + if [ -n "$malwarepatrol_db" ] ; then + if [ "$remove_disabled_databases" == "yes" ] ; then + xshok_pretty_echo_and_log "Removing disabled MalwarePatrol Database file" + if [ -r "$work_dir_malwarepatrol/$malwarepatrol_db" ] ; then + rm -f "$work_dir_malwarepatrol/$malwarepatrol_db" + do_clamd_reload=1 + fi + if [ -r "$clam_dbs/$malwarepatrol_db" ] ; then + rm -f "$clam_dbs/$malwarepatrol_db" + do_clamd_reload=1 fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$malwarepatrol_db" fi - xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db" - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING" - fi - ;; - 0) # The database did not update - xshok_pretty_echo_and_log "MalwarePatrol signature database ($malwarepatrol_db) did not change - skipping" - ;; - -1) # wget failed - xshok_pretty_echo_and_log "WARNING - Failed connection to $malwarepatrol_url - SKIPPED MalwarePatrol $malwarepatrol_db update" - ;; - esac - - else - - xshok_pretty_echo_and_log "MalwarePatrol Database File Update" "=" - - time_remaining=$((update_interval - time_interval)) - hours_left=$((time_remaining / 3600)) - minutes_left=$((time_remaining % 3600 / 60)) - xshok_pretty_echo_and_log "$malwarepatrol_update_hours hours have not yet elapsed since the last MalwarePatrol download" - xshok_pretty_echo_and_log "No database download was performed at this time" "-" - xshok_pretty_echo_and_log "Next download will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" - fi -fi -fi -else - if [ -n "$malwarepatrol_db" ] ; then - if [ "$remove_disabled_databases" == "yes" ] ; then - xshok_pretty_echo_and_log "Removing disabled MalwarePatrol Database file" - if [ -r "$work_dir_malwarepatrol/$malwarepatrol_db" ] ; then - rm -f "$work_dir_malwarepatrol/$malwarepatrol_db" - do_clamd_reload=1 - fi - if [ -r "$clam_dbs/$malwarepatrol_db" ] ; then - rm -f "$clam_dbs/$malwarepatrol_db" - do_clamd_reload=1 fi fi - fi -fi -############################################################################################################################################## -# Check for updated yararulesproject database files every set number of hours as defined in the "USER CONFIGURATION" section of this script -############################################################################################################################################## -if [ "$yararulesproject_enabled" == "yes" ] ; then - if [ -n "$yararulesproject_dbs" ] ; then - if [ "$(xshok_array_count "$yararulesproject_dbs")" -lt "1" ] ; then - xshok_pretty_echo_and_log "Failed yararulesproject_dbs config is invalid or not defined - SKIPPING" - else - rm -f "$work_dir_yararulesproject/*.gz" - if [ -r "$work_dir_work_configs/last-yararulesproject-update.txt" ] ; then - last_yararulesproject_update=$(cat "$work_dir_work_configs/last-yararulesproject-update.txt") - else - last_yararulesproject_update="0" - fi - db_file="" - loop="" - update_interval=$((yararulesproject_update_hours * 3600)) - time_interval=$((current_time - last_yararulesproject_update)) - if [ "$time_interval" -ge $((update_interval - 600)) ] ; then - echo "$current_time" > "$work_dir_work_configs/last-yararulesproject-update.txt" - - xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "=" - xshok_pretty_echo_and_log "Checking for yararulesproject updates..." - yararulesproject_updates="0" - for db_file in $yararulesproject_dbs ; do - if echo "$db_file" | $grep_bin -q "/"; then - yr_dir="/"$(echo "$db_file" | cut -d"/" -f1) - db_file=$(echo "$db_file" | cut -d"/" -f2) - else yr_dir="" - fi - if [ "$loop" = "1" ] ; then - xshok_pretty_echo_and_log "---" - fi - xshok_pretty_echo_and_log "Checking for updated yararulesproject database file: $db_file" - - yararulesproject_db_update="0" - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_yararulesproject/$db_file" "$yararulesproject_url/$yr_dir/$db_file" - ret="$?" + ############################################################################################################################################## + # Check for updated yararulesproject database files every set number of hours as defined in the "USER CONFIGURATION" section of this script + ############################################################################################################################################## + if [ "$yararulesproject_enabled" == "yes" ] ; then + if [ -n "${yararulesproject_dbs[0]}" ] ; then + if [ ${#yararulesproject_dbs} -lt 1 ] ; then + xshok_pretty_echo_and_log "Failed yararulesproject_dbs config is invalid or not defined - SKIPPING" + else + rm -f "$work_dir_yararulesproject/*.gz" + if [ -r "$work_dir_work_configs/last-yararulesproject-update.txt" ] ; then + last_yararulesproject_update="$(cat "$work_dir_work_configs/last-yararulesproject-update.txt")" else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_yararulesproject/$db_file" "$yararulesproject_url/$yr_dir/$db_file" - ret="$?" + last_yararulesproject_update="0" fi - if [ "$ret" -eq "0" ] ; then - loop="1" - if ! cmp -s "$work_dir_yararulesproject/$db_file" "$clam_dbs/$db_file" ; then - if [ "$?" -eq "0" ] ; then - db_ext=$(echo "$db_file" | cut -d "." -f2) - - xshok_pretty_echo_and_log "Testing updated yararulesproject database file: $db_file" - if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then - if $clamscan_bin --quiet -d "$work_dir_yararulesproject/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null - then - xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_yararulesproject/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file" + db_file="" + loop="" + update_interval="$((yararulesproject_update_hours * 3600))" + time_interval="$((current_time - last_yararulesproject_update))" + if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then + echo "$current_time" > "$work_dir_work_configs/last-yararulesproject-update.txt" + + xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "=" + xshok_pretty_echo_and_log "Checking for yararulesproject updates..." + yararulesproject_updates="0" + for db_file in "${yararulesproject_dbs[@]}" ; do + if echo "$db_file" | $grep_bin -q "/"; then + yr_dir="/$(echo "$db_file" | cut -d "/" -f 1)" + db_file="$(echo "$db_file" | cut -d "/" -f 2)" + else yr_dir="" + fi + if [ "$loop" == "1" ] ; then + xshok_pretty_echo_and_log "---" + fi + xshok_pretty_echo_and_log "Checking for updated yararulesproject database file: $db_file" + yararulesproject_db_update="0" + xshok_file_download "$work_dir_yararulesproject/$db_file" "$yararulesproject_url/$yr_dir/$db_file" + ret="$?" + if [ "$ret" -eq 0 ] ; then + loop="1" + if ! cmp -s "$work_dir_yararulesproject/$db_file" "$clam_dbs/$db_file" ; then + if [ $? -eq 0 ] ; then + db_ext="${db_file#*.}" + + xshok_pretty_echo_and_log "Testing updated yararulesproject database file: $db_file" + if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then + if $clamscan_bin --quiet -d "$work_dir_yararulesproject/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null + then + xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_yararulesproject/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_yararulesproject/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file" + yararulesproject_updates=1 + yararulesproject_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING" + fi + else + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_yararulesproject/$db_file" > "$test_dir/$db_file" + $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" + if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_yararulesproject/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file" + yararulesproject_updates=1 + yararulesproject_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING" + fi fi fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_yararulesproject/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" fi - xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file" - yararulesproject_updates=1 - yararulesproject_db_update=1 - do_clamd_reload=1 else - xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING" + xshok_pretty_echo_and_log "WARNING: Failed connection to $yararulesproject_url - SKIPPED yararulesproject $db_file update" fi - else - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_yararulesproject/$db_file" > "$test_dir/$db_file" - $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" - mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" - if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_yararulesproject/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_yararulesproject/$db_file" - fi - fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" + if [ "$yararulesproject_db_update" != "1" ] ; then + xshok_pretty_echo_and_log "No updated yararulesproject $db_file database file found" fi - xshok_pretty_echo_and_log "Successfully updated yararulesproject production database file: $db_file" - yararulesproject_updates=1 - yararulesproject_db_update=1 - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING" + done + if [ "$yararulesproject_updates" != "1" ] ; then + xshok_pretty_echo_and_log "No yararulesproject database file updates found" "-" fi + else + + xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "=" + xshok_draw_time_remaining "$((update_interval - time_interval))" "$yararulesproject_update_hours" "yararulesproject" fi fi fi else - xshok_pretty_echo_and_log "WARNING: Failed connection to $yararulesproject_url - SKIPPED yararulesproject $db_file update" - fi - if [ "$yararulesproject_db_update" != "1" ] ; then - xshok_pretty_echo_and_log "No updated yararulesproject $db_file database file found" - fi - done - if [ "$yararulesproject_updates" != "1" ] ; then - xshok_pretty_echo_and_log "No yararulesproject database file updates found" "-" - fi -else - - xshok_pretty_echo_and_log "Yara-Rules Database File Updates" "=" - - time_remaining=$((update_interval - time_interval)) - hours_left=$((time_remaining / 3600)) - minutes_left=$((time_remaining % 3600 / 60)) - xshok_pretty_echo_and_log "$yararulesproject_update_hours hours have not yet elapsed since the last yararulesproject database update check" - xshok_pretty_echo_and_log "No update check was performed at this time" "-" - xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" -fi -fi -fi -else - if [ -n "$yararulesproject_dbs" ] ; then - if [ "$remove_disabled_databases" == "yes" ] ; then - xshok_pretty_echo_and_log "Removing disabled yararulesproject Database files" - for db_file in $yararulesproject_dbs ; do - if echo "$db_file" | $grep_bin -q "/"; then - db_file=$(echo "$db_file" | cut -d"/" -f2) - fi - if [ -r "$work_dir_yararulesproject/$db_file" ] ; then - rm -f "$work_dir_yararulesproject/$db_file" - do_clamd_reload=1 - fi - if [ -r "$clam_dbs/$db_file" ] ; then - rm -f "$clam_dbs/$db_file" - do_clamd_reload=1 + if [ -n "${yararulesproject_dbs[0]}" ] ; then + if [ "$remove_disabled_databases" == "yes" ] ; then + xshok_pretty_echo_and_log "Removing disabled yararulesproject Database files" + for db_file in "${yararulesproject_dbs[@]}" ; do + if echo "$db_file" | $grep_bin -q "/"; then + db_file="$(echo "$db_file" | cut -d "/" -f 2)" + fi + if echo "$db_file" | $grep_bin -q "|"; then + db_file="${db_file%|*}" + fi + if [ -r "$work_dir_yararulesproject/$db_file" ] ; then + rm -f "$work_dir_yararulesproject/$db_file" + do_clamd_reload="1" + fi + if [ -r "$clam_dbs/$db_file" ] ; then + rm -f "$clam_dbs/$db_file" + do_clamd_reload=1 + fi + done fi - done - fi - fi -fi - -############################################################################################################################################## -# Check for updated additional database files every set number of hours as defined in the "USER CONFIGURATION" section of this script -############################################################################################################################################## -if [ "$additional_enabled" == "yes" ] ; then - if [ -n "$additional_dbs" ] ; then - if [ "$(xshok_array_count "$additional_dbs")" -lt "1" ] ; then - xshok_pretty_echo_and_log "Failed additional_dbs config is invalid or not defined - SKIPPING" - else - rm -f "$work_dir_add/*.gz" - if [ -r "$work_dir_work_configs/last-additional-update.txt" ] ; then - last_additional_update=$(cat "$work_dir_work_configs/last-additional-update.txt") - else - last_additional_update="0" + fi fi - db_file="" - loop="" - update_interval=$((additional_update_hours * 3600)) - time_interval=$((current_time - last_additional_update)) - if [ "$time_interval" -ge $((update_interval - 600)) ] ; then - echo "$current_time" > "$work_dir_work_configs/last-additional-update.txt" - - xshok_pretty_echo_and_log "Additional Database File Updates" "=" - xshok_pretty_echo_and_log "Checking for additional updates..." - additional_updates="0" - for db_url in $additional_dbs ; do - # left for future dir manipulation - # if echo "$db_file" | $grep_bin -q "/"; then - # add_dir="/"$(echo "$db_file" | cut -d"/" -f1) - # db_file=$(echo "$db_file" | cut -d"/" -f2) - # else - # add_dir="" - # fi - db_file=$(basename "$db_url") - - if [ "$loop" = "1" ] ; then - xshok_pretty_echo_and_log "---" - fi - xshok_pretty_echo_and_log "Checking for updated additional database file: $db_file" - - additional_db_update="0" - if [ "$(echo "$db_url" | cut -d ":" -f1)" = "rsync" ] ; then - $rsync_bin $rsync_output_level $no_motd -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>/dev/null - ret="$?" + ############################################################################################################################################## + # Check for updated additional database files every set number of hours as defined in the "USER CONFIGURATION" section of this script + ############################################################################################################################################## + if [ "$additional_enabled" == "yes" ] ; then + if [ -n "$additional_dbs" ] ; then + if [ ${#additional_dbs} -lt 1 ] ; then + xshok_pretty_echo_and_log "Failed additional_dbs config is invalid or not defined - SKIPPING" else - if [ "$wget_bin" != "" ] ; then - $wget_bin $wget_proxy_https $wget_proxy_http $wget_insecure $wget_output_level --connect-timeout="$downloader_connect_timeout" --random-wait --tries="$downloader_tries" --timeout="$downloader_max_time" --output-document="$work_dir_add/$db_file" "$db_url" - ret="$?" + rm -f "$work_dir_add/*.gz" + if [ -r "$work_dir_work_configs/last-additional-update.txt" ] ; then + last_additional_update="$(cat "$work_dir_work_configs/last-additional-update.txt")" else - $curl_bin $curl_proxy $curl_insecure $curl_output_level --connect-timeout "$downloader_connect_timeout" --remote-time --location --retry "$downloader_tries" --max-time "$downloader_max_time" --output "$work_dir_add/$db_file" "$db_url" - ret="$?" + last_additional_update="0" fi - fi + db_file="" + loop="" + update_interval="$((additional_update_hours * 3600))" + time_interval="$((current_time - last_additional_update))" + if [ "$time_interval" -ge "$((update_interval - 600))" ] ; then + echo "$current_time" > "$work_dir_work_configs/last-additional-update.txt" + + xshok_pretty_echo_and_log "Additional Database File Updates" "=" + xshok_pretty_echo_and_log "Checking for additional updates..." + additional_updates="0" + for db_url in "${additional_dbs[@]}" ; do + # Left for future dir manipulation + # if echo "$db_file" | $grep_bin -q "/"; then + # add_dir="/$(echo "$db_file" | cut -d "/" -f 1)" + # db_file="$(echo "$db_file" | cut -d "/" -f 2)" + # else + # add_dir="" + # fi + + #cleanup any leading and trailing whitespace. + db_url="$(echo -e "$db_url" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + + db_file="$(basename "$db_url")" + + if [ "$loop" == "1" ] ; then + xshok_pretty_echo_and_log "---" + fi + xshok_pretty_echo_and_log "Checking for updated additional database file: $db_file" - ##this needs enhancement for rsync, as it will only work with single files... maybe better to process each file inside work_dir_add in its own for loop. - if [ "$ret" -eq "0" ] ; then - loop="1" - if ! cmp -s "$work_dir_add/$db_file" "$clam_dbs/$db_file" ; then - if [ "$?" -eq "0" ] ; then - db_ext=$(echo "$db_file" | cut -d "." -f2) + additional_db_update="0" - xshok_pretty_echo_and_log "Testing updated additional database file: $db_file" - if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then - if $clamscan_bin --quiet -d "$work_dir_add/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null - then - xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_add/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file" + if [ "${db_url%:*}" == "rsync" ] ; then + # shellcheck disable=SC2086 + $rsync_bin $rsync_output_level $no_motd -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>/dev/null + ret="$?" + else + xshok_file_download "$work_dir_add/$db_file" "$db_url" + ret="$?" + fi + + # This needs enhancement for rsync, as it will only work with single files... + # Maybe better to process each file inside work_dir_add in its own for loop. + if [ "$ret" -eq 0 ] ; then + loop="1" + if ! cmp -s "$work_dir_add/$db_file" "$clam_dbs/$db_file" ; then + if [ $? -eq 0 ] ; then + db_ext="${db_file#*.}" + + xshok_pretty_echo_and_log "Testing updated additional database file: $db_file" + if [ -z "$ham_dir" ] || [ "$db_ext" != "ndb" ] ; then + if $clamscan_bin --quiet -d "$work_dir_add/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null + then + xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_add/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_add/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file" + additional_updates=1 + additional_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING" + fi + else + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_add/$db_file" > "$test_dir/$db_file" + $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f 2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" + if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then + xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good" + true + else + xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD" + if [ "$remove_bad_database" == "yes" ] ; then + if rm -f "$work_dir_add/$db_file" ; then + xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file" + fi + fi + false + fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/$db_file" + fi + xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file" + additional_updates=1 + additional_db_update=1 + do_clamd_reload=1 + else + xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING" + fi fi fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_add/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" fi - xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file" - additional_updates=1 - additional_db_update=1 - do_clamd_reload=1 else - xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING" + xshok_pretty_echo_and_log "WARNING: Failed connection to $db_url - SKIPPED additional $db_file update" fi - else - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_add/$db_file" > "$test_dir/$db_file" - $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" - mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" - if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then - xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good" - true - else - xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested BAD" - if [ "$remove_bad_database" == "yes" ] ; then - if rm -f "$work_dir_add/$db_file" ; then - xshok_pretty_echo_and_log "Removed invalid database: $work_dir_add/$db_file" - fi - fi - false - fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/$db_file" + if [ "$additional_db_update" != "1" ] ; then + xshok_pretty_echo_and_log "No updated additional $db_file database file found" fi - xshok_pretty_echo_and_log "Successfully updated additional production database file: $db_file" - additional_updates=1 - additional_db_update=1 - do_clamd_reload=1 - else - xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING" + done + if [ "$additional_updates" != "1" ] ; then + xshok_pretty_echo_and_log "No additional database file updates found" "-" fi + else + xshok_pretty_echo_and_log "Additional Database File Updates" "=" + xshok_draw_time_remaining "$((update_interval - time_interval))" "$additional_update_hours" "additionaldatabaseupdate" fi fi fi else - xshok_pretty_echo_and_log "WARNING: Failed connection to $additional_url - SKIPPED additional $db_file update" - fi - if [ "$additional_db_update" != "1" ] ; then - xshok_pretty_echo_and_log "No updated additional $db_file database file found" - fi - done - if [ "$additional_updates" != "1" ] ; then - xshok_pretty_echo_and_log "No additional database file updates found" "-" - fi -else - - xshok_pretty_echo_and_log "Additional Database File Updates" "=" - - time_remaining=$((update_interval - time_interval)) - hours_left=$((time_remaining / 3600)) - minutes_left=$((time_remaining % 3600 / 60)) - xshok_pretty_echo_and_log "$additional_update_hours hours have not yet elapsed since the last additional database update check" - xshok_pretty_echo_and_log "No update check was performed at this time" "-" - xshok_pretty_echo_and_log "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)" -fi -fi -fi -else - if [ -n "$additional_dbs" ] ; then - if [ "$remove_disabled_databases" == "yes" ] ; then - xshok_pretty_echo_and_log "Removing disabled additional Database files" - for db_file in $additional_dbs ; do - if echo "$db_file" | $grep_bin -q "/"; then - db_file=$(echo "$db_file" | cut -d"/" -f2) - fi - if [ -r "$work_dir_add/$db_file" ] ; then - rm -f "$work_dir_add/$db_file" - do_clamd_reload=1 - fi - if [ -r "$clam_dbs/$db_file" ] ; then - rm -f "$clam_dbs/$db_file" - do_clamd_reload=1 + if [ -n "$additional_dbs" ] ; then + if [ "$remove_disabled_databases" == "yes" ] ; then + xshok_pretty_echo_and_log "Removing disabled additional Database files" + for db_file in "${additional_dbs[@]}" ; do + if echo "$db_file" | $grep_bin -q "/"; then + db_file="$(echo "$db_file" | cut -d "/" -f 2)" + fi + if [ -r "$work_dir_add/$db_file" ] ; then + rm -f "$work_dir_add/$db_file" + do_clamd_reload=1 + fi + if [ -r "$clam_dbs/$db_file" ] ; then + rm -f "$clam_dbs/$db_file" + do_clamd_reload=1 + fi + done fi - done + fi fi - fi -fi -################################################### -# Generate whitelists -################################################### -# Check to see if the local.ign file exists, and if it does, check to see if any of the script -# added bypass entries can be removed due to offending signature modifications or removals. -if [ -r "$clam_dbs/local.ign" ] && [ -s "$work_dir_work_configs/monitor-ign.txt" ] ; then - ign_updated=0 - cd "$clam_dbs" || exit - cp -f local.ign "$work_dir_work_configs/local.ign" - cp -f "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/monitor-ign-old.txt" - - xshok_pretty_echo_and_log "" "=" "80" - while read -r entry ; do - sig_file=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $1}') - sig_hex=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $NF}') - sig_name_old=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}') - sig_ign_old=$($grep_bin ":$sig_name_old" "$work_dir_work_configs/local.ign") - sig_old=$(echo "$entry" | tr -d "\r" | cut -d ":" -f3-) - sig_new=$($grep_bin -hwF ":$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null) - sig_mon_new=$($grep_bin -HwF -n ":$sig_hex" "$sig_file" | tr -d "\r") - if [ -n "$sig_new" ] ; then - if [ "$sig_old" != "$sig_new" ] || [ "$entry" != "$sig_mon_new" ] ; then - sig_name_new=$(echo "$sig_new" | tr -d "\r" | awk -F ":" '{print $1}') - sig_ign_new=$(echo "$sig_mon_new" | cut -d ":" -f1-3) - perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt" - echo "$sig_mon_new" >> "$work_dir_work_configs/monitor-ign.txt" - perl -p -i -e "s/$sig_ign_old/$sig_ign_new/" "$work_dir_work_configs/local.ign" - xshok_pretty_echo_and_log "$sig_name_old hexadecimal signature is unchanged, however signature name and/or line placement" - xshok_pretty_echo_and_log "in $sig_file has changed to $sig_name_new - updated local.ign to reflect this change." - ign_updated=1 - fi - else - perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/local.ign" + ################################################### + # Generate whitelists + ################################################### + # Check to see if the local.ign file exists, and if it does, check to see if any of the script + # added bypass entries can be removed due to offending signature modifications or removals. + if [ -r "$clam_dbs/local.ign" ] && [ -s "$work_dir_work_configs/monitor-ign.txt" ] ; then + ign_updated=0 + cd "$clam_dbs" || exit + cp -f local.ign "$work_dir_work_configs/local.ign" + cp -f "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/monitor-ign-old.txt" + + xshok_pretty_echo_and_log "" "=" "80" + while read -r entry ; do + sig_file="$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $1}')" + sig_hex="$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $NF}')" + sig_name_old="$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}')" + sig_ign_old="$($grep_bin ":$sig_name_old" "$work_dir_work_configs/local.ign")" + sig_old="$(echo "$entry" | tr -d "\r" | cut -d ":" -f 3-)" + sig_new="$($grep_bin -hwF ":$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null)" + sig_mon_new="$($grep_bin -HwF -n ":$sig_hex" "$sig_file" | tr -d "\r")" + if [ -n "$sig_new" ] ; then + if [ "$sig_old" != "$sig_new" ] || [ "$entry" != "$sig_mon_new" ] ; then + sig_name_new="$(echo "$sig_new" | tr -d "\r" | awk -F ":" '{print $1}')" + sig_ign_new="$(echo "$sig_mon_new" | cut -d ":" -f 1-3)" + perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt" + echo "$sig_mon_new" >> "$work_dir_work_configs/monitor-ign.txt" + perl -p -i -e "s/$sig_ign_old/$sig_ign_new/" "$work_dir_work_configs/local.ign" + xshok_pretty_echo_and_log "$sig_name_old hexadecimal signature is unchanged, however signature name and/or line placement" + xshok_pretty_echo_and_log "in $sig_file has changed to $sig_name_new - updated local.ign to reflect this change." + ign_updated=1 + fi + else + perl -i -ne "print unless /$sig_ign_old/" "$work_dir_work_configs/monitor-ign.txt" "$work_dir_work_configs/local.ign" - xshok_pretty_echo_and_log "$sig_name_old signature has been removed from $sig_file, entry removed from local.ign." - ign_updated=1 - fi - done < "$work_dir_work_configs/monitor-ign-old.txt" - if [ "$ign_updated" = "1" ] ; then - if $clamscan_bin --quiet -d "$work_dir_work_configs/local.ign" "$work_dir_work_configs/scan-test.txt" - then - if $rsync_bin -pcqt "$work_dir_work_configs/local.ign" "$clam_dbs" + xshok_pretty_echo_and_log "$sig_name_old signature has been removed from $sig_file, entry removed from local.ign." + ign_updated=1 + fi + done < "$work_dir_work_configs/monitor-ign-old.txt" + if [ "$ign_updated" == "1" ] ; then + if $clamscan_bin --quiet -d "$work_dir_work_configs/local.ign" "$work_dir_work_configs/scan-test.txt" then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/local.ign" - perms chmod -f 0644 "$clam_dbs/local.ign" "$work_dir_work_configs/monitor-ign.txt" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/local.ign" + if $rsync_bin -pcqt "$work_dir_work_configs/local.ign" "$clam_dbs" + then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/local.ign" + perms chmod -f 0644 "$clam_dbs/local.ign" "$work_dir_work_configs/monitor-ign.txt" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/local.ign" + fi + do_clamd_reload=3 + else + xshok_pretty_echo_and_log "Failed to successfully update local.ign file - SKIPPING" + fi + else + xshok_pretty_echo_and_log "Clamscan reports local.ign database integrity is bad - SKIPPING" fi - do_clamd_reload=3 else - xshok_pretty_echo_and_log "Failed to successfully update local.ign file - SKIPPING" + xshok_pretty_echo_and_log "No whitelist signature changes found in local.ign" "=" fi - else - xshok_pretty_echo_and_log "Clamscan reports local.ign database integrity is bad - SKIPPING" fi - else - xshok_pretty_echo_and_log "No whitelist signature changes found in local.ign" "=" - fi -fi - -# Check to see if my-whitelist.ign2 file exists, and if it does, check to see if any of the script -# added whitelist entries can be removed due to offending signature modifications or removals. -if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker.txt" ] ; then - ign2_updated=0 - cd "$clam_dbs" || exit - cp -f my-whitelist.ign2 "$work_dir_work_configs/my-whitelist.ign2" - - xshok_pretty_echo_and_log "" "=" "80" - while read -r entry ; do - sig_file=$(echo "$entry" | cut -d ":" -f1) - sig_full=$(echo "$entry" | cut -d ":" -f2-) - sig_name=$(echo "$entry" | cut -d ":" -f2) - if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then - perl -i -ne "print unless /$sig_name$/" "$work_dir_work_configs/my-whitelist.ign2" - perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker-tmp.txt" - - xshok_pretty_echo_and_log "$sig_name signature no longer exists in $sig_file, whitelist entry removed from my-whitelist.ign2" - ign2_updated=1 - fi - done < "$work_dir_work_configs/tracker.txt" - mv -f "$work_dir_work_configs/tracker-tmp.txt" "$work_dir_work_configs/tracker.txt" + # Check to see if my-whitelist.ign2 file exists, and if it does, check to see if any of the script + # added whitelist entries can be removed due to offending signature modifications or removals. + if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker.txt" ] ; then + ign2_updated=0 + cd "$clam_dbs" || exit + cp -f my-whitelist.ign2 "$work_dir_work_configs/my-whitelist.ign2" + + xshok_pretty_echo_and_log "" "=" "80" + + while read -r entry ; do + sig_file="$(echo "$entry" | cut -d ":" -f 1)" + sig_full="$(echo "$entry" | cut -d ":" -f 2-)" + sig_name="$(echo "$entry" | cut -d ":" -f 2)" + if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then + perl -i -ne "print unless /$sig_name$/" "$work_dir_work_configs/my-whitelist.ign2" + perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker-tmp.txt" + + xshok_pretty_echo_and_log "$sig_name signature no longer exists in $sig_file, whitelist entry removed from my-whitelist.ign2" + ign2_updated="1" + fi + done < "$work_dir_work_configs/tracker.txt" + mv -f "$work_dir_work_configs/tracker-tmp.txt" "$work_dir_work_configs/tracker.txt" - xshok_pretty_echo_and_log "" "=" "80" - if [ "$ign2_updated" = "1" ] - then - if $clamscan_bin --quiet -d "$work_dir_work_configs/my-whitelist.ign2" "$work_dir_work_configs/scan-test.txt" + xshok_pretty_echo_and_log "" "=" "80" + if [ "$ign2_updated" == "1" ] then - if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs" + if $clamscan_bin --quiet -d "$work_dir_work_configs/my-whitelist.ign2" "$work_dir_work_configs/scan-test.txt" then - perms chown -f "$clam_user:$clam_group" "$clam_dbs/my-whitelist.ign2" - perms chmod -f 0644 "$clam_dbs/my-whitelist.ign2" "$work_dir_work_configs/tracker.txt" - if [ "$selinux_fixes" == "yes" ] ; then - restorecon "$clam_dbs/my-whitelist.ign2" - restorecon "$work_dir_work_configs/tracker.txt" + if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs" + then + perms chown -f "$clam_user:$clam_group" "$clam_dbs/my-whitelist.ign2" + perms chmod -f 0644 "$clam_dbs/my-whitelist.ign2" "$work_dir_work_configs/tracker.txt" + if [ "$selinux_fixes" == "yes" ] ; then + restorecon "$clam_dbs/my-whitelist.ign2" + restorecon "$work_dir_work_configs/tracker.txt" + fi + do_clamd_reload=4 + else + xshok_pretty_echo_and_log "Failed to successfully update my-whitelist.ign2 file - SKIPPING" + fi + else + xshok_pretty_echo_and_log "Clamscan reports my-whitelist.ign2 database integrity is bad - SKIPPING" fi - do_clamd_reload=4 else - xshok_pretty_echo_and_log "Failed to successfully update my-whitelist.ign2 file - SKIPPING" + xshok_pretty_echo_and_log "No whitelist signature changes found in my-whitelist.ign2" fi - else - xshok_pretty_echo_and_log "Clamscan reports my-whitelist.ign2 database integrity is bad - SKIPPING" fi - else - xshok_pretty_echo_and_log "No whitelist signature changes found in my-whitelist.ign2" - fi -fi -# Check for non-matching whitelist.hex signatures and remove them from the whitelist file (signature modified or removed). -if [ -n "$ham_dir" ] ; then - if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then - $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f2 | tr -d "\r" | sort | uniq > "$work_dir_work_configs/whitelist.tmp" - mv -f "$work_dir_work_configs/whitelist.tmp" "$work_dir_work_configs/whitelist.hex" - rm -f "$work_dir_work_configs/whitelist.txt" - rm -f "$test_dir"/*.* - xshok_pretty_echo_and_log "WARNING: Signature(s) triggered on HAM directory scan - signature(s) removed" "*" - else - xshok_pretty_echo_and_log "No signatures triggered on HAM directory scan" "=" - fi -fi + # Check for non-matching whitelist.hex signatures and remove them from the whitelist file (signature modified or removed). + if [ -n "$ham_dir" ] ; then + if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then + $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f 2 | tr -d "\r" | sort | uniq > "$work_dir_work_configs/whitelist.tmp" + mv -f "$work_dir_work_configs/whitelist.tmp" "$work_dir_work_configs/whitelist.hex" + rm -f "$work_dir_work_configs/whitelist.txt" + rm -f "$test_dir"/*.* + xshok_pretty_echo_and_log "WARNING: Signature(s) triggered on HAM directory scan - signature(s) removed" "*" + else + xshok_pretty_echo_and_log "No signatures triggered on HAM directory scan" "=" + fi + fi -# Set appropriate directory and file permissions to all production signature files -# and set file access mode to 0644 on all working directory files. + # Set appropriate directory and file permissions to all production signature files + # and set file access mode to 0644 on all working directory files. -if [ "$setmode" = "yes" ] ; then - xshok_pretty_echo_and_log "Setting permissions and ownership" "=" - perms chown -f -R "$clam_user:$clam_group" "$work_dir" - if ! find "$work_dir" -type f -exec chmod -f 0644 {} + 2>/dev/null ; then - if ! find "$work_dir" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then - if ! find "$work_dir" -type f -print0 | xargs chmod -f 0644 2>/dev/null ; then - find "$work_dir" -type f -exec chmod -f 0644 {} \; + if [ "$setmode" == "yes" ] ; then + xshok_pretty_echo_and_log "Setting permissions and ownership" "=" + perms chown -f -R "$clam_user:$clam_group" "$work_dir" + if ! find "$work_dir" -type f -exec chmod -f 0644 "{}" "+" 2>/dev/null ; then + if ! find "$work_dir" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then + find "$work_dir" -type f -exec chmod -f 0644 "{}" ";" + fi fi - fi - fi -# If enabled, set file access mode for all production signature database files to 0644. - perms chown -f -R "$clam_user:$clam_group" "$clam_dbs" - if ! find "$clam_dbs" -type f -exec chmod -f 0644 {} + 2>/dev/null ; then - if ! find "$clam_dbs" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then - if ! find "$clam_dbs" -type f -print0 | xargs chmod -f 0644 2>/dev/null ; then - find "$clam_dbs" -type f -exec chmod -f 0644 {} \; + # If enabled, set file access mode for all production signature database files to 0644. + perms chown -f -R "$clam_user:$clam_group" "$clam_dbs" + if ! find "$clam_dbs" -type f -exec chmod -f 0644 "{}" "+" 2>/dev/null ; then + if ! find "$clam_dbs" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then + find "$clam_dbs" -type f -exec chmod -f 0644 "{}" ";" + fi fi fi - fi -fi -# Reload all clamd databases +# Reload all clamd databases clamscan_reload_dbs xshok_pretty_echo_and_log "Issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues" "-" check_new_version +check_new_config_version + xshok_cleanup # And lastly we exit, Note: the exit is always on the 2nd last line diff --git a/clamav-unofficial-sigs.8 b/clamav-unofficial-sigs.8 index bdc1d60..e22468c 100644 --- a/clamav-unofficial-sigs.8 +++ b/clamav-unofficial-sigs.8 @@ -1,6 +1,6 @@ .\" Manual page for eXtremeSHOK.com ClamAV Unofficial Signature Updater -.TH clamav-unofficial-sigs 8 "20 July 2016" "Version: 5.4.1" "SCRIPT COMMANDS" +.TH clamav-unofficial-sigs 8 "2017-03-19" "Version: 5.6.2" "SCRIPT COMMANDS" .SH NAME clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases. .SH SYNOPSIS @@ -13,50 +13,50 @@ Script updates can be found at: \fBhttps://github.com/extremeshok/clamav-unoffic .SH OPTIONS This script follows the standard GNU command line syntax. .LP -\fB Usage: clamav\-unofficial\-sigs.sh \fR [OPTION] [PATH|FILE] +\fB Usage: clamav\-unofficial\-sigs \fR [OPTION] [PATH|FILE] .TP \fB \-c, \-\-config \fR Use a specific configuration file or directory eg: '\-c /your/dir' or ' \-c /your/file.name' Note: If a directory is specified the directory must contain atleast: master.conf, os.conf or user.conf Default Directory: /etc/clamav\-unofficial\-sigs -.TP +.TP \fB \-F, \-\-force \fR Force all databases to be downloaded, could cause ip to be blocked -.TP +.TP \fB \-h, \-\-help \fR Display this script's help and usage information -.TP +.TP \fB \-V, \-\-version \fR Output script version and date information -.TP +.TP \fB \-v, \-\-verbose \fR Be verbose, enabled when not run under cron -.TP +.TP \fB \-s, \-\-silence \fR Only output error messages, enabled when run under cron -.TP +.TP \fB \-d, \-\-decode\-sig \fR Decode a third\-party signature either by signature name (eg: Sanesecurity.Junk.15248) or hexadecimal string. This flag will 'NOT' decode image signatures -.TP +.TP \fB \-e, \-\-encode\-string \fR Hexadecimal encode an entire input string that can be used in any '*.ndb' signature database file -.TP +.TP \fB \-f, \-\-encode\-formatted \fR Hexadecimal encode a formatted input string containing signature spacing fields '{}, (), *', without encoding the spacing fields, so that the encoded signature can be used in any '*.ndb' signature database file -.TP +.TP \fB \-g, \-\-gpg\-verify \fR GPG verify a specific Sanesecurity database file eg: '\-g filename.ext' (do not include file path) -.TP +.TP \fB \-i, \-\-information \fR Output system and configuration information for viewing or possible debugging purposes -.TP +.TP \fB \-m, \-\-make\-database \fR Make a signature database from an ascii file containing data strings, with one data string per line. Additional information is provided when using this flag -.TP +.TP \fB \-t, \-\-test\-database \fR Clamscan integrity test a specific database file eg: '\-t filename.ext' (do not include file path) -.TP +.TP \fB \-o, \-\-output\-triggered \fR If HAM directory scanning is enabled in the script's configuration file, then output names of any third\-party signatures that triggered during the HAM directory scan -.TP +.TP \fB \-w, \-\-whitelist \fR Adds a signature whitelist entry in the newer ClamAV IGN2 format to 'my\-whitelist.ign2' in order to temporarily resolve a false\-positive issue with a specific third\-party signature. Script added whitelist entries will automatically be removed if the original signature is either modified or removed from the third\-party signature database -.TP +.TP \fB \-\-check\-clamav \fR If ClamD status check is enabled and the socket path is correctly specifiedthen test to see if clamd is running or not -.TP +.TP \fB \-\-install\-all \fR Install and generate the cron, logroate and man files, autodetects the values based on your config files .TP \fB \-\-install\-cron \fR Install and generate the cron file, autodetects the values based on your config files -.TP +.TP \fB \-\-install\-logrotate \fR Install and generate the logrotate file, autodetects the values based on your config files -.TP +.TP \fB \-\-install\-man \fR Install and generate the man file, autodetects the values based on your config files -.TP +.TP \fB \-\-remove\-script \fR Remove the clamav\-unofficial\-sigs script and all of its associated files and databases from the system -.TP +.TP .SH SEE ALSO .BR clamd (8), .BR clamscan (1) diff --git a/debian/changelog b/debian/changelog index 7221236..7f66d00 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +clamav-unofficial-sigs (5.6-1) unstable; urgency=medium + + * Prva verzija za Debian stretch + + -- Ivan Rako Tue, 03 Jul 2018 00:29:50 +0200 + clamav-unofficial-sigs (5.4.1-2) unstable; urgency=medium * Ispravak greske u cron.d diff --git a/debian/control b/debian/control index a265065..7c57ce2 100644 --- a/debian/control +++ b/debian/control @@ -3,13 +3,13 @@ Section: utils Priority: optional Maintainer: Ivan Rako Build-Depends: debhelper (>= 9) -Standards-Version: 3.9.6 +Standards-Version: 3.9.8 Homepage: https://github.com/extremeshok/clamav-unofficial-sigs Package: clamav-unofficial-sigs Architecture: all Depends: clamav, curl, wget, rsync, dnsutils, gnupg, ${misc:Depends} -Suggests: clamav-daemon (>= 0.99.2) +Suggests: clamav-daemon (>= 0.99.4) Description: update script for 3rd-party clamav signatures This package provides a script for updating the following sources of 3rd-party clamav signatures until freshclamav gains support for such diff --git a/debian/cron.d b/debian/cron.d index 4901626..037cf3c 100644 --- a/debian/cron.d +++ b/debian/cron.d @@ -1,6 +1,32 @@ -# This cron file will execute the clamav-unofficial-sigs script that +# https://eXtremeSHOK.com ###################################################### +# This file contains the cron settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# Automatically Generated: Tue Jul 3 00:38:36 CEST 2018 +################## +# +# This cron file will execute the clamav-unofficial-sigs.sh script that # currently supports updating third-party signature databases provided # by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. +# +# The script is set to run hourly, at a random minute past the hour, and the +# script itself is set to randomize the actual execution time between +# 60 - 600 seconds. To Adjust the cron values, edit your configs and run +# bash clamav-unofficial-sigs.sh --install-cron to generate a new file. -54 * * * * clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && /usr/sbin/clamav-unofficial-sigs > /dev/null +15 * * * * clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && /bin/bash /usr/sbin/clamav-unofficial-sigs > /dev/null + +# https://eXtremeSHOK.com ###################################################### diff --git a/debian/logrotate b/debian/logrotate index b60a2cd..71f12d4 100644 --- a/debian/logrotate +++ b/debian/logrotate @@ -1,4 +1,26 @@ +# https://eXtremeSHOK.com ###################################################### +# This file contains the logrotate settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# Automatically Generated: Tue Jul 3 00:38:22 CEST 2018 +################## +# # This logrotate file will rotate the logs generated by the clamav-unofficial-sigs.sh +# +# To Adjust the logrotate values, edit your configs and run +# bash clamav-unofficial-sigs.sh --install-logrotate to generate a new file. /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log { weekly @@ -6,6 +28,6 @@ missingok notifempty compress - create 0644 clamav clamav + create 0640 clamav adm } diff --git a/debian/postinst b/debian/postinst index d792e4e..86676ef 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,7 +5,7 @@ set -e [ "$1" = "configure" ] || exit 0 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx -if [ -x /usr/sbin/clamav-unofficial-sigs.sh ]; then +if [ -x /usr/sbin/clamav-unofficial-sigs ]; then clamav-unofficial-sigs --silence || true fi diff --git a/master.conf b/master.conf index b761631..96cd82c 100644 --- a/master.conf +++ b/master.conf @@ -3,18 +3,20 @@ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +# License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs -# -# Originially based on: -# Script provide by Bill Landry (unofficialsigs@gmail.com). -# -# License: BSD (Berkeley Software Distribution) # ################## # -# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# +################################################################################ +# +# IT IS BETTER TO SET YOUR OPTIONS IN THE user.conf AS THIS MAKES UPDATES EASIER +# +# os.conf AND user.conf OVERRIDES THE OPTIONS IN THIS FILE # ################################################################################ @@ -54,6 +56,9 @@ clamd_pid="/var/run/clamav/clamd.pid" # change the following variable to "yes". reload_dbs="yes" +# Custom Command to do a full clamd reload, this is only used when reload_dbs is enabled +clamd_reload_opt="clamdscan --reload" + # Top level working directory, script will attempt to create them. work_dir="/var/lib/clamav-unofficial-sigs" #Top level working directory @@ -89,7 +94,7 @@ malwarepatrol_free="yes" # - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account # - 4. Click on the Setup tab # - 5. You will need to get your unique identifier from one of the download links, they are individual for every user -# - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/ +# - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/ # - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb # Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters # - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link @@ -113,7 +118,7 @@ additional_update_hours="4" # Default is 4 hours (6 downloads daily). # ======================== # Set to no to disable an entire database, if the database is empty it will also be disabled. sanesecurity_enabled="yes" # Sanesecurity -securiteinfo_enabled="yes" # SecuriteInfo +securiteinfo_enabled="yes" # SecuriteInfo linuxmalwaredetect_enabled="yes" # Linux Malware Detect malwarepatrol_enabled="yes" # Malware Patrol yararulesproject_enabled="yes" # Yara-Rule Project, automatically disabled if clamav is older than 0.99 @@ -128,12 +133,12 @@ enable_yararules="yes" #Enables yararules in the various databases, automatica # The new and old database formats are supported for backwards compatibility # # New Format Usage: -# new_example_dbs=" +# declare -a new_example_dbs=( # file.name|RATING #description -# " -# +# ) +# # Rating (False Positive Rating) -# valid ratings: +# valid ratings: # REQUIRED : always used # LOW : used when the rating is low, medium and high # MEDIUM : used when the rating is medium and high @@ -148,11 +153,11 @@ enable_yararules="yes" #Enables yararules in the various databases, automatica # file.name #LOW description # " -# Default dbs rating +# Default dbs rating # valid rating: LOW, MEDIUM, HIGH default_dbs_rating="LOW" -# Per Database +# Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLED #sanesecurity_dbs_rating="" @@ -166,8 +171,8 @@ default_dbs_rating="LOW" # Add or remove database file names between quote marks as needed. To # disable usage of any of the Sanesecurity distributed database files # shown, remove the database file name from the quoted section below. -# Only databases defined as "low" risk have been enabled by default -# for additional information about the database ratings, see: +# Only databases defined as "low" risk have been enabled by default +# for additional information about the database ratings, see: # http://www.sanesecurity.com/clamav/databases.htm # Only add signature databases here that are "distributed" by Sanesecuirty # as defined at the URL shown above. Database distributed by others sources @@ -176,56 +181,74 @@ default_dbs_rating="LOW" # spelled correctly or you will experience issues when the script runs # (hint: all rsync servers will fail to download signature updates). -sanesecurity_dbs=" # BEGIN SANESECURITY DATABASE +declare -a sanesecurity_dbs=( # BEGIN SANESECURITY DATABASE ### SANESECURITY http://sanesecurity.com/usage/signatures/ ## REQUIRED, Do NOT disable sanesecurity.ftm|REQUIRED # Message file types, for best performance sigwhitelist.ign2|REQUIRED # Fast update file to whitelist any problem signatures -## LOW -junk.ndb|LOW # General high hitting junk, containing spam/phishing/lottery/jobs/419s etc +# LOW +junk.ndb|LOW # General high hitting junk, containing spam/phishing/lottery/jobs/419s etc jurlbl.ndb|LOW # Junk Url based -phish.ndb|LOW # Phishing -rogue.hdb|LOW # Malware, Rogue anti-virus software and Fake codecs etc. Updated hourly to cover the latest malware threats -scam.ndb|LOW # Spam/scams -spamimg.hdb|LOW # Spam images -spamattach.hdb|LOW # Spam Spammed attachments such as pdf/doc/rtf/zip -blurl.ndb|LOW # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad" +phish.ndb|LOW # Phishing and Malware +rogue.hdb|LOW # Malware, Rogue anti-virus software and Fake codecs etc. Updated hourly to cover the latest malware threats +scam.ndb|LOW # Spam/scams +spamimg.hdb|LOW # Spam images +spamattach.hdb|LOW # Spam Spammed attachments such as pdf/doc/rtf/zips +blurl.ndb|LOW # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad" malwarehash.hsb|LOW # Malware hashes without known Size -## MEDIUM +# MEDIUM jurlbla.ndb|MEDIUM # Junk Url based autogenerated from various feeds -lott.ndb|MEDIUM # Lottery +lott.ndb|MEDIUM # Lottery spam.ldb|MEDIUM # Spam detected using the new Logical Signature type spear.ndb|MEDIUM # Spear phishing email addresses (autogenerated from data here) -spearl.ndb|MEDIUM # Spear phishing urls (autogenerated from data here) -badmacro.ndb|MEDIUM # Detect dangerous macros +spearl.ndb|MEDIUM # Spear phishing urls (autogenerated from data here) +badmacro.ndb|MEDIUM # Blocks dangerous macros embedded in Word/Excel/Xml/RTF/JS documents +shelter.ldb|MEDIUM # Phishing and Malware + +### MALWARE.EXPERT https://malware.expert/ +# LOW +malware.expert.hdb|MEDIUM # statics MD5 pattern for files +# MEDIUM +malware.expert.fp|MEDIUM # found to be false positive malware +malware.expert.ldb|MEDIUM # which use multi-words search for malware in files +malware.expert.ndb|MEDIUM # Generic Hex pattern PHP malware, which can cause false positive alarms ### FOXHOLE http://sanesecurity.com/foxhole-databases/ -## LOW +# LOW foxhole_generic.cdb|LOW # See Foxhole page for more details foxhole_filename.cdb|LOW # See Foxhole page for more details -## MEDIUM +# MEDIUM foxhole_js.cdb|MEDIUM # See Foxhole page for more details -## HIGH -foxhole_all.cdb|HIGH # See Foxhole page for more details +foxhole_js.ndb|MEDIUM # See Foxhole page for more details +# HIGH +foxhole_all.cdb|HIGH # See Foxhole page for more details +foxhole_all.ndb|HIGH # See Foxhole page for more details +foxhole_mail.cdb|HIGH # block any mail that contains a possible dangerous attachments such as: js, jse, exe, bat, com, scr, uue, ace, pif, jar, gz, lnk, lzh. ### OITC http://www.oitc.com/winnow/clamsigs/index.html -### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together. +### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together. # LOW winnow_malware.hdb|LOW # Current virus, trojan and other malware not yet detected by ClamAV. winnow_malware_links.ndb|LOW # Links to malware -winnow_extended_malware.hdb|LOW # contain hand generated signatures for malware +winnow_extended_malware.hdb|LOW # contain hand generated signatures for malware winnow.attachments.hdb|LOW # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs winnow_bad_cw.hdb|LOW # md5 hashes of malware attachments acquired directly from a group of botnets -winnow_phish_complete_url.ndb|LOWMEDIUMONLY # Similar to winnow_phish_complete.ndb except that entire urls are used +winnow_phish_complete_url.ndb|LOWMEDIUMONLY # Similar to winnow_phish_complete.ndb except that entire urls are used # MEDIUM winnow_spam_complete.ndb|MEDIUM # Signatures to detect fraud and other malicious spam -winnow.complex.patterns.ldb|MEDIUM # contain hand generated signatures for malware and some egregious fraud -winnow_extended_malware_links.ndb|MEDIUM # contain hand generated signatures for malware links +winnow.complex.patterns.ldb|MEDIUM # contain hand generated signatures for malware and some egregious fraud +winnow_extended_malware_links.ndb|MEDIUM # contain hand generated signatures for malware links # HIGH winnow_phish_complete.ndb|HIGH # Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url** ### OITC YARA Format rules ### Note: Yara signatures require ClamAV 0.99 or newer to work -winnow_malware.yara|LOW # detect spam +winnow_malware.yara|LOW # detect spam + +### MiscreantPunch http://malwarefor.me/about/ +## MEDIUM +MiscreantPunch099-Low.ldb|MEDIUM # ruleset contains comprehensive rules for detecting malicious or abnormal Macros, JS, HTA, HTML, XAP, JAR, SWF, and more. +## HIGH +MiscreantPunch099-INFO-Low.ldb|HIGH # ruleset provides context to various files. Info and Suspicious level signatures may inform analysts of potentially interesting conditions that exist within a document. ### SCAMNAILER http://www.scamnailer.info/ # MEDIUM @@ -233,31 +256,27 @@ scamnailer.ndb|MEDIUM # Spear phishing and other phishing emails ### BOFHLAND http://clamav.bofhland.org/ # LOW -bofhland_cracked_URL.ndb|LOW # Spam URLs -bofhland_malware_URL.ndb|LOW # Malware URLs +bofhland_cracked_URL.ndb|LOW # Spam URLs +bofhland_malware_URL.ndb|LOW # Malware URLs bofhland_phishing_URL.ndb|LOW # Phishing URLs bofhland_malware_attach.hdb|LOW # Malware Hashes ### RockSecurity http://rooksecurity.com/ -#LOW -hackingteam.hsb|LOW # Hacking Team hashes - -### CRDF https://threatcenter.crdf.fr/ # LOW -#crdfam.clamav.hdb|LOW # List of new threats detected by CRDF Anti Malware +hackingteam.hsb|LOW # Hacking Team hashes based on work by rooksecurity.com ### Porcupine # LOW -porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures -phishtank.ndb|LOW # Online and valid phishing urls from phishtank.com data feed +porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures +phishtank.ndb|LOW # Online and valid phishing urls from phishtank.com data feed porcupine.hsb|LOW # Sha256 Hashes of VBS and JSE malware, kept for 7 days ### Sanesecurity YARA Format rules ### Note: Yara signatures require ClamAV 0.99 or newer to work -Sanesecurity_sigtest.yara|LOW # Sanesecurity test signatures -Sanesecurity_spam.yara|LOW # detect spam +Sanesecurity_sigtest.yara|LOW # Sanesecurity test signatures +Sanesecurity_spam.yara|LOW # Detects Spam emails -" # END SANESECURITY DATABASES +) # END SANESECURITY DATABASES # ======================== # SecuriteInfo Database(s) @@ -266,20 +285,20 @@ Sanesecurity_spam.yara|LOW # detect spam # Add or remove database file names between quote marks as needed. To # disable any SecuriteInfo database downloads, remove the appropriate # lines below. -securiteinfo_dbs=" #START SECURITEINFO DATABASES +declare -a securiteinfo_dbs=( #START SECURITEINFO DATABASES ### Securiteinfo https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml ## REQUIRED, Do NOT disable -securiteinfo.ign2|REQUIRED +securiteinfo.ign2|REQUIRED # Signature Whitelist # LOW securiteinfo.hdb|LOW # Malwares in the Wild -javascript.ndb|LOW # Malwares Javascript -securiteinfohtml.hdb|LOW # Malwares HTML +javascript.ndb|LOW # Malwares Javascript +securiteinfohtml.hdb|LOW # Malwares HTML securiteinfoascii.hdb|LOW # Text file malwares (Perl or shell scripts, bat files, exploits, ...) -securiteinfopdf.hdb|LOW # Malwares PDF +securiteinfopdf.hdb|LOW # Malwares PDF securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik # HIGH spam_marketing.ndb|HIGH # Spam Marketing / spammer blacklist -" #END SECURITEINFO DATABASES +) #END SECURITEINFO DATABASES # ======================== # Linux Malware Detect Database(s) @@ -287,12 +306,12 @@ spam_marketing.ndb|HIGH # Spam Marketing / spammer blacklist # Add or remove database file names between quote marks as needed. To # disable any SecuriteInfo database downloads, remove the appropriate # lines below. -linuxmalwaredetect_dbs=" +declare -a linuxmalwaredetect_dbs=( ### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/ # LOW rfxn.ndb|LOW # HEX Malware detection signatures rfxn.hdb|LOW # MD5 malware detection signatures -" #END LINUXMALWAREDETECT DATABASES +) #END LINUXMALWAREDETECT DATABASES # ======================== # Yara Rules Project Database(s) @@ -300,14 +319,13 @@ rfxn.hdb|LOW # MD5 malware detection signatures # Add or remove database file names between quote marks as needed. To # disable any Yara Rule database downloads, remove the appropriate # lines below. -yararulesproject_dbs=" +declare -a yararulesproject_dbs=( ### Yara Rules https://github.com/Yara-Rules/rules # # Some rules are now in sub-directories. To reference a file in a sub-directory # use subdir/file # LOW -email/EMAIL_Cryptowall.yar|LOW # CryptoWall Resume phish -Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware +Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware Exploit-Kits/EK_Angler.yar|LOW # Angler Exploit Kit Redirector Exploit-Kits/EK_Blackhole.yar|LOW # BlackHole2 Exploit Kit Detection Exploit-Kits/EK_BleedingLife.yar|LOW # BleedingLife2 Exploit Kit Detection @@ -322,7 +340,6 @@ Exploit-Kits/EK_Zeus.yar|LOW # Zeus Exploit Kit Detection # MEDIUM Malicious_Documents/maldoc_somerules.yar|MEDIUM # documents with malicious code Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated) -Packers/Javascript_exploit_and_obfuscation.yar|MEDIUM # JavaScript Obfuscation Detection Packers/packer.yar|MEDIUM # well-known sofware packers CVE_Rules/CVE-2010-0805.yar|MEDIUM # CVE 2010 0805 CVE_Rules/CVE-2010-0887.yar|MEDIUM # CVE 2010 0887 @@ -331,8 +348,9 @@ CVE_Rules/CVE-2013-0074.yar|MEDIUM # CVE 2013 0074 CVE_Rules/CVE-2013-0422.yar|MEDIUM # CVE 2013 0422 CVE_Rules/CVE-2015-5119.yar|MEDIUM # CVE 2015 5119 # HIGH +Packers/Javascript_exploit_and_obfuscation.yar|HIGH # JavaScript Obfuscation Detection Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms -" #END yararulesproject DATABASES +) #END yararulesproject DATABASES # ========================= # Additional signature databases @@ -341,19 +359,19 @@ Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms # format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in # place of the "FILE-NAME" to download all files from specified location, # but this *ONLY* works for files downloaded via rsync). For non-rsync -# downloads, wget and curl is used. For download protocols supported by +# downloads, wget and curl is used. For download protocols supported by # wget and curl, see "man wget" and "man curl". # This also works well for locations that have many ClamAV # servers that use 3rd party signature databases, as only one server need # download the remote databases, and all others can update from the local # mirrors copy. See format examples below. To use, remove the comments # and examples shown and add your own sites between the quote marks. -#additional_dbs=" +#declare -a additional_dbs=( # rsync://192.168.1.50/new-db/sigs.hdb # rsync://rsync.example.com/all-dbs/ # ftp://ftp.example.net/pub/sigs.ndb # http://www.example.org/sigs.ldb -#" #END ADDITIONAL DATABASES +#) #END ADDITIONAL DATABASES # ================================================== @@ -381,9 +399,6 @@ max_sleep_time="600" # Default maximum is 600 seconds (10 minutes). # Command to do a full clamd service stop/start #clamd_restart_opt="service clamd restart" -# Custom Command to fo a full clamd reload, this defaults to "clamdscan --reload" when not set -#clamd_reload_opt="clamdscan --reload" - # Custom Command Paths, these are detected with the which command when not set #uname_bin="/usr/bin/uname" #clamscan_bin="/usr/bin/clamscan" @@ -392,6 +407,11 @@ max_sleep_time="600" # Default maximum is 600 seconds (10 minutes). #curl_bin="/usr/bin/curl" #gpg_bin="/usr/bin/gpg" +# GnuPG / Signature verification +# To disable usage of gpg, set the following variable to "no". +# If gpg_bin cannot be found, enable_gpg will automatically disable +enable_gpg="yes" + # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module # are installed on the system, and you want to report whether clamd @@ -425,10 +445,10 @@ downloader_tries="3" # Always located inside the work_dir, do not add / # Sub-directory names: sanesecurity_dir="dbs-ss" # Sanesecurity sub-directory -securiteinfo_dir="dbs-si" # SecuriteInfo sub-directory -linuxmalwaredetect_dir="dbs-lmd" # Linux Malware Detect sub-directory -malwarepatrol_dir="dbs-mbl" # MalwarePatrol sub-directory -yararulesproject_dir="dbs-yara" # Yara-Rules sub-directory +securiteinfo_dir="dbs-si" # SecuriteInfo sub-directory +linuxmalwaredetect_dir="dbs-lmd" # Linux Malware Detect sub-directory +malwarepatrol_dir="dbs-mbl" # MalwarePatrol sub-directory +yararulesproject_dir="dbs-yara" # Yara-Rules sub-directory work_dir_configs="configs" # Script configs sub-directory gpg_dir="gpg-key" # Sanesecurity GPG Key sub-directory pid_dir="pid" # User defined pid sub-directory @@ -441,7 +461,7 @@ add_dir="dbs-add" # User defined databases sub-directory keep_db_backup="no" # When a database integrity has tested BAD, the failed database will be removed. -remove_bad_database="yes" +remove_bad_database="yes" # When a database is disabled we will remove the associated database files. remove_disabled_databases="no" # Default is "no" since we are not a database managament tool by default. @@ -458,8 +478,8 @@ selinux_fixes="no" # Default is "no" ignore ssl errors and warnings # format of "hostname:port". For wget, also note the https and http #rsync_proxy="" #curl_proxy="" -#wget_proxy_http="http://username:password@proxy_host:proxy_port" -#wget_proxy_https="https://username:password@proxy_host:proxy_port" +#wget_proxy_http="-e http_proxy=http://username:password@proxy_host:proxy_port" +#wget_proxy_https="-e https_proxy=https://username:password@proxy_host:proxy_port" # Custom Cron install settings, these are detected and only used if you want to override @@ -484,9 +504,9 @@ selinux_fixes="no" # Default is "no" ignore ssl errors and warnings #man_dir="" #default: /usr/share/man/man8 #man_filename="" #default: clamav-unofficial-sigs.8 -# Provided two variables that package and port maintainers can use in order to +# Provided two variables that package and port maintainers can use in order to # prevent the script from removing itself with the '-r' flag -# If the script was installed via a package manager like yum, apt, pkg, etc. +# If the script was installed via a package manager like yum, apt, pkg, etc. # The script will instead provide feedback to the user about how to uninstall the package. #pkg_mgr="" #the package manager name #pkg_rm="" #the package manager command to remove the script @@ -519,6 +539,6 @@ yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master" # ======================== # DO NOT EDIT ! -config_version="69" +config_version="73" # https://eXtremeSHOK.com ###################################################### diff --git a/os.conf b/os.conf index 3982773..df451d9 100644 --- a/os.conf +++ b/os.conf @@ -3,18 +3,14 @@ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +# License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs -# -# Originially based on: -# Script provide by Bill Landry (unofficialsigs@gmail.com). -# -# License: BSD (Berkeley Software Distribution) # ################## # -# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLAINATIONS @@ -22,17 +18,20 @@ # Rename to os.conf to enable this file ################################################################################ -# Debian 8 (Jessie) +# Debian 9 (Stretch) clam_user="clamav" clam_group="clamav" +logrotate_group="adm" + clam_dbs="/var/lib/clamav" -clamd_pid="/var/run/clamd.pid" +clamd_pid="/run/clamav/clamd.pid" -clamd_restart_opt="service clamav-daemon restart" +#systemd. +clamd_restart_opt="systemctl restart clamav-daemon.service" -#clamd_socket="/var/run/clamav/clamd.ctl" +#clamd_socket="/run/clamav/clamd.ctl" # https://eXtremeSHOK.com ###################################################### diff --git a/user.conf b/user.conf index dede3a2..dda1fa0 100644 --- a/user.conf +++ b/user.conf @@ -3,18 +3,14 @@ # This is property of eXtremeSHOK.com # You are free to use, modify and distribute, however you may not remove this notice. # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +# License: BSD (Berkeley Software Distribution) ################## # # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs -# -# Originially based on: -# Script provide by Bill Landry (unofficialsigs@gmail.com). -# -# License: BSD (Berkeley Software Distribution) # ################## # -# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG # ################################################################################ # SEE MASTER.CONF FOR CONFIG EXPLAINATIONS @@ -32,11 +28,11 @@ #securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER" -# Default dbs rating +# Default dbs rating # valid rating: LOW, MEDIUM, HIGH -#default_dbs_rating="LOW" +#default_dbs_rating="MEDIUM" -# Per Database +# Per Database # These ratings will override the global rating for the specific database # valid rating: LOW, MEDIUM, HIGH, DISABLE #sanesecurity_dbs_rating="" @@ -44,6 +40,15 @@ #linuxmalwaredetect_dbs_rating="" #yararulesproject_dbs_rating="" +# ========================= +# Additional signature databases +# ========================= +#declare -a additional_dbs=( +# ftp://ftp.example.net/pub/sigs.ndb +# http://www.example.org/sigs.ldb +#) #END ADDITIONAL DATABASES + +# Uncomment the following line to enable the script user_configuration_complete="yes" # https://eXtremeSHOK.com ###################################################### -- 1.7.10.4