3
# This script freely provided by Bill Landry (bill@inetmsg.com).
4
# Comments, suggestions, and recommendations for improving this
5
# script are always welcome.
7
# Script documentation and updates can be viewed/downloaded from:
9
# http://www.inetmsg.com/pub/
11
# The latest version will always be named: clamav-unofficial-sigs.tar.gz
12
# Older versions can be found in the "archive" directory.
14
################################################################################
16
# THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT #
18
# ALL CONFIGURATION OPTIONS ARE LOCATED IN THE INCLUDED CONFIGURATION FILE #
20
################################################################################
22
default_config="/etc/clamav-unofficial-sigs.conf"
24
version="v3.1 (updated 2009-05-11)"
26
`basename $0` $version
30
ClamAV Unofficial Signature Databases Update Script - $version
32
Usage: `basename $0` [OPTION] [PATH|FILE]
34
-c Direct script to use a specific configuration file
35
e.g.: '-c /path/to/`basename "$default_config"`'
37
-d Decode a third-party signature either by signature name
38
(e.g: Sanesecurity.Junk.15248) or hexadecimal string.
39
This flag will 'NOT' decode image signatures.
41
-e Hexadecimal encode input string from the command prompt
42
that can be used in a '*.ndb' signature database file.
44
-g GPG verify a specific Sanesecurity database file
45
e.g.: '-g filename.ext' (do not include file path)
47
-h Display this script's help and usage information
49
-i Output system and configuration information for
50
viewing or possible debugging purposes
52
-r Remove the clamav-unofficial-sigs script and all of
53
its associated files and databases from the system.
55
-s Clamscan integrity test a specific database file
56
e.g.: '-s filename.ext' (do not include file path)
58
-v Output script version and date information
60
Alternative to using '-c': Place config file in /etc ($default_config)
63
# Function to handle general response if script cannot find the config file in /etc.
64
no_default_config () {
65
if [ ! -s "$default_config" ] ; then
67
echo "Cannot find your configuration file - place a copy in /etc and try again..."
69
echo " e.g.: $default_config"
77
# Take input from the commandline and process.
78
while getopts 'c:deg:hirs:v' option ; do
80
c) conf_file="$OPTARG"
83
echo "Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or"
84
echo "a hexadecimal encoded data string and press enter (do not include '.UNOFFICIAL'"
85
echo "in the signature name nor add quote marks to any input string):"
88
input=`echo "$input" | tr -d "'" | tr -d '"'`
90
if `echo "$input" | grep "\." > /dev/null`
93
sig=`grep "$input:" *.ndb`
96
db_file=`echo "$sig" | cut -d ':' -f1`
97
echo "$input found in: $db_file"
98
echo "$input signature decodes to:"
100
echo "$sig" | cut -d ":" -f5 | perl -pe 's/{/\n{/g; s/}/}\n/g;' | perl -pe 'next if /^{/; s/([a-fA-F0-9]{2})/chr(hex $1)/eg;' | perl -pe 's/\n//g;'
103
echo "$input signature not found"
105
echo "This script will only decode ClamAV 'UNOFFICIAL' third-Party,"
106
echo "non-image based, signatures as found in the *.ndb databases."
109
echo "Here is the decoded hexadecimal input string:"
111
echo "$input" | perl -pe 's/{/\n{/g; s/}/}\n/g;' | perl -pe 'next if /^{/; s/([a-fA-F0-9]{2})/chr(hex $1)/eg;' | perl -pe 's/\n//g;'
118
echo "Input the data string that you want to hexadecimal encode and then press enter. Do not include"
119
echo "any quotes around the string unless you want them included in the hexadecimal encoded output:"
123
echo "Here is the hexadecimal encoded input string:"
125
echo "$input" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg'
130
db_file=`echo "$OPTARG" | awk -F '/' '{print $NF}'`
131
if [ -s "$ss_dir/$db_file" ]
133
echo "GPG signature testing database file: $ss_dir/$db_file"
135
if ! gpg --trust-model always -q --no-default-keyring --homedir $gpg_dir --keyring $gpg_dir/ss-keyring.gpg --verify $ss_dir/$db_file.sig $ss_dir/$db_file
137
gpg --always-trust -q --no-default-keyring --homedir $gpg_dir --keyring $gpg_dir/ss-keyring.gpg --verify $ss_dir/$db_file.sig $ss_dir/$db_file
140
echo "File '$db_file' cannot be found or is not a Sanesecurity database file."
141
echo "Only the following Sanesecurity and OITC databases can be GPG signature tested:"
143
echo "Check the file name and try again..."
152
echo "*** SCRIPT VERSION ***"
153
echo "`basename $0` $version"
155
echo "*** SYSTEM INFORMATION ***"
159
echo "*** CLAMSCAN LOCATION & VERSION ***"
160
clamscan=`which clamscan`
162
$clamscan --version | head -1
164
echo "*** RSYNC LOCATION & VERSION ***"
167
$rsync --version | head -1
169
echo "*** CURL LOCATION & VERSION ***"
172
$curl --version | head -1
174
echo "*** GPG LOCATION & VERSION ***"
177
$gpg --version | head -1
179
echo "*** SCRIPT WORKING DIRECTORY INFORMATION ***"
182
ls -lR $work_dir | grep -v total
184
echo "*** CLAMAV DIRECTORY INFORMATION ***"
187
ls -l $clam_dbs | grep -v total
189
echo "*** SCRIPT CONFIGURATION SETTINGS ***"
190
egrep -v "^#|^$" $default_config
195
if [ -n "$pkg_mgr" -a -n "$pkg_rm" ]
197
echo " This script (clamav-unofficial-sigs) was installed on the system"
198
echo " via '$pkg_mgr', use '$pkg_rm' to remove the script"
199
echo " and all of its associated files and databases from the system."
202
echo " Are you sure you want to remove the clamav-unofficial-sigs script and all of its"
203
echo -n " associated files, third-party databases, and work directories from the system? (y/n): "
205
if [ "$response" = "y" -o "$response" = "Y" ]
207
if [ -s "$config_dir/purge.txt" ]
210
for file in `cat $config_dir/purge.txt` ; do
212
echo " Removed file: $file"
214
cron_file=`find /etc/ -name clamav-unofficial-sigs.cron`
215
if [ -s "$cron_file" ] ; then
217
echo " Removed file: $cron_file"
219
log_rotate_file=`find /etc/ -name clamav-unofficial-sigs.logrotate`
220
if [ -s "$log_rotate_file" ] ; then
221
rm -f "$log_rotate_file"
222
echo " Removed file: $log_rotate_file"
224
rm -f -- "$default_config" && echo " Removed file: $default_config"
225
rm -f -- "$0" && echo " Removed file: $0"
226
rm -rf -- "$work_dir" && echo " Removed script working directories: $work_dir"
228
echo " The clamav-unofficial-sigs script and all of its associated files, third-party"
229
echo " databases, and work directories have been successfully removed from the system."
232
echo " Cannot locate 'purge.txt' file in $config_dir."
233
echo " Files and signature database will need to be removed manually."
243
input=`echo "$OPTARG" | awk -F '/' '{print $NF}'`
244
db_file=`find $work_dir -name $input`
247
echo "Clamscan integrity testing: $db_file"
249
if clamscan --quiet -d $db_file $config_dir/scan-test.txt ; then
250
echo "Clamscan reports that '$input' database integrity tested GOOD"
253
echo "File '$input' cannot be found."
254
echo "Here is a list of third-party databases that can be clamscan integrity tested:"
256
echo "Sanesecurity $ss_dbs""MSRBL $msrbl_dbs""SecuriteInfo $si_dbs""MalwarePatrol $mbl_dbs"
257
echo "Check the file name and try again..."
262
v) echo "$output_ver"
271
# Handle '-c' config file location issues.
275
if [ ! -s "$conf_file" ] ; then
276
echo " Config file does not exist at: $2"
277
echo " Check the config file path and try again..."
281
if [ "`basename "$conf_file"`" != "`basename "$default_config"`" ] ; then
282
echo " Invalid config file: $2"
283
echo " Config file must be named: `basename $default_config`"
287
config_source="$conf_file"
289
if [ $# -ne 0 ] ; then
290
echo " Invalid option: $1"
294
if [ ! -s "$default_config" ] ; then
295
echo " Cannot find default config file at: $default_config"
299
config_source="$default_config"
304
################################################################################
306
# Using functions here to handle config settings for script comments,
307
# logging, and setting of file and directory access permissions.
309
test "$comment_silence" = "no" && echo "${@:-}"
313
test "$enable_logging" = "yes" && echo `date "+%b %d %T"` "${@:-}" >> "$log_file_path/$log_file_name"
317
if [ -n "$clam_user" -a -n "$clam_group" ] ; then
322
# Check to see if the script's "USER CONFIGURATION FILE" has been completed.
323
if [ "$user_configuration_complete" != "yes" ]
326
echo " *** SCRIPT CONFIGURATION HAS NOT BEEN COMPLETED ***"
327
echo " Please review the script configuration file: `basename $default_config`."
328
echo " Once the user configuration has been completed, rerun the script."
330
log "ALERT - SCRIPT HALTED, user configuration not completed"
334
# Check to see if the working directories have been created.
335
# If not, create them. Otherwise, ignore and proceed with script.
336
mkdir -p "$ss_dir" "$msrbl_dir" "$si_dir" "$mbl_dir" "$config_dir" "$gpg_dir" "$add_dir"
338
# Set secured access permissions to the GPG directory
339
chmod 0700 "$gpg_dir"
341
# If we haven't done so yet, download Sanesecurity public GPG key and import to custom keyring.
342
if [ ! -s "$gpg_dir/publickey.gpg" ] ; then
343
if ! curl -s -S $curl_proxy --connect-timeout 15 --max-time 60 -L -R http://www.sanesecurity.net/publickey.gpg -o $gpg_dir/publickey.gpg
346
echo "Could not download Sanesecurity public GPG key"
347
log "ALERT - Could not download Sanesecurity public GPG key"
351
comment "Sanesecurity public GPG key successfully downloaded"
353
log "INFO - Sanesecurity public GPG key successfully downloaded"
354
rm -f -- "$gpg_dir/ss-keyring.gp*"
355
if ! gpg -q --no-options --no-default-keyring --homedir $gpg_dir --keyring $gpg_dir/ss-keyring.gpg --import $gpg_dir/publickey.gpg 2>/dev/null
357
echo "Could not import Sanesecurity public GPG key to custom keyring"
358
log "ALERT - Could not import Sanesecurity public GPG key to custom keyring"
361
chmod 0644 $gpg_dir/*.*
362
comment "Sanesecurity public GPG key successfully imported to custom keyring"
363
log "INFO - Sanesecurity public GPG key successfully imported to custom keyring"
368
# If custom keyring is missing, try to re-import Sanesecurity public GPG key.
369
if [ ! -s "$gpg_dir/ss-keyring.gpg" ] ; then
370
rm -f -- "$gpg_dir/ss-keyring.gp*"
371
if ! gpg -q --no-options --no-default-keyring --homedir $gpg_dir --keyring $gpg_dir/ss-keyring.gpg --import $gpg_dir/publickey.gpg
373
echo "Custom keyring MISSING or CORRUPT! Could not import Sanesecurity public GPG key to custom keyring"
374
log "ALERT - Custom keyring MISSING or CORRUPT! Could not import Sanesecurity public GPG key to custom keyring"
377
chmod 0644 $gpg_dir/*.*
378
comment "Sanesecurity custom keyring MISSING! GPG key successfully re-imported to custom keyring"
380
log "INFO - Sanesecurity custom keyring MISSING! GPG key successfully re-imported to custom keyring"
384
# Database update check, time randomization section. This script now
385
# provides support for both bash and non-bash enabled system shells.
386
if [ "$enable_random" = "yes" ] ; then
389
sleep_time=$(($RANDOM * $(($max_sleep_time - $min_sleep_time)) / 32767 + $min_sleep_time))
392
while [ "$sleep_time" -lt "$min_sleep_time" -o "$sleep_time" -gt "$max_sleep_time" ] ; do
393
sleep_time=`head -1 /dev/urandom | cksum | awk '{print $2}'`
398
comment "`date` - Pausing database file updates for $sleep_time seconds..."
399
log "INFO - Pausing database file updates for $sleep_time seconds..."
402
comment "`date` - Pause complete, checking for new database files..."
408
log "INFO - Script was run manually"
412
# Create "scan-test.txt" file for clamscan database integrity testing.
413
if [ ! -s "$config_dir/scan-test.txt" ] ; then
414
echo "This is the clamscan test file..." > "$config_dir/scan-test.txt"
417
# Unofficial ClamAV database provider URLs
418
ss_url="rsync.sanesecurity.net"
419
msrbl_url="rsync.mirror.msrbl.com"
420
si_url="clamav.securiteinfo.com"
421
mbl_url="www.malware.com.br"
423
# Create the Sanesecurity rsync "include" file (defines which files to download).
424
ss_include_dbs="$config_dir/ss-include-dbs.txt"
425
if [ -n "$ss_dbs" ] ; then
426
rm -f -- "$ss_include_dbs" "$ss_dir/*.sha256"
427
for db_name in $ss_dbs ; do
428
echo "$db_name" >> "$ss_include_dbs"
429
echo "$db_name.sig" >> "$ss_include_dbs"
433
# Create the MSRBL rsync "include" file (defines which files to download).
434
msrbl_include_dbs="$config_dir/msrbl-include-dbs.txt"
435
if [ -n "$msrbl_dbs" ] ; then
436
rm -f -- "$msrbl_include_dbs"
437
for db_name in $msrbl_dbs ; do
438
echo "$db_name" >> "$msrbl_include_dbs"
442
# If rsync proxy is defined in the config file, then export it for use.
443
if [ -n "$rsync_proxy" ]; then
444
RSYNC_PROXY="$rsync_proxy"
448
# Create files containing lists of current and previously active 3rd-party databases
449
# so that databases and/or backup files that are no longer being used can be removed.
450
current_dbs="$config_dir/current-dbs.txt"
451
previous_dbs="$config_dir/previous-dbs.txt"
452
mv -f "$current_dbs" "$previous_dbs" 2>/dev/null
454
echo "$clam_dbs/$db" >> "$current_dbs"
455
if [ "$keep_db_backup" = "yes" ] ; then
456
echo "$clam_dbs/$db-bak" >> "$current_dbs"
459
if [ -n "$ss_dbs" ] ; then
460
for db in $ss_dbs ; do
461
echo "$ss_dir/$db" >> "$current_dbs"
462
echo "$ss_dir/$db.sig" >> "$current_dbs"
466
if [ -n "$msrbl_dbs" ] ; then
467
for db in $msrbl_dbs ; do
468
echo "$msrbl_dir/$db" >> "$current_dbs"
472
if [ -n "$si_dbs" ] ; then
473
for db in $si_dbs ; do
474
echo "$si_dir/$db" >> "$current_dbs"
475
echo "$si_dir/$db.gz" >> "$current_dbs"
479
if [ -n "$mbl_dbs" ] ; then
480
for db in $mbl_dbs ; do
481
echo "$mbl_dir/$db" >> "$current_dbs"
485
if [ -n "$add_dbs" ] ; then
486
for db in $add_dbs ; do
487
echo "$add_dir/$db" >> "$current_dbs"
492
# Remove 3rd-party databases and/or backup files that are no longer being used.
493
db_changes="$config_dir/db-changes.txt"
494
diff "$current_dbs" "$previous_dbs" 2>/dev/null | grep '>' | awk '{print $2}' > "$db_changes"
495
if [ -s "$db_changes" ] ; then
496
if grep -vq "bak" $db_changes 2> /dev/null ; then
500
for file in `cat $db_changes` ; do
502
comment "File removed: $file"
503
log "INFO - File removed: $file"
507
# Create "purge.txt" file for package maintainers to support package uninstall.
508
purge="$config_dir/purge.txt"
509
cp -f "$current_dbs" "$purge"
510
echo "$config_dir/current-dbs.txt" >> $purge
511
echo "$config_dir/db-changes.txt" >> $purge
512
echo "$config_dir/last-mbl-update.txt" >> $purge
513
echo "$config_dir/last-si-update.txt" >> $purge
514
echo "$config_dir/msrbl-include-dbs.txt" >> $purge
515
echo "$config_dir/previous-dbs.txt" >> $purge
516
echo "$config_dir/scan-test.txt" >> $purge
517
echo "$config_dir/ss-include-dbs.txt" >> $purge
518
echo "$gpg_dir/publickey.gpg" >> $purge
519
echo "$gpg_dir/secring.gpg" >> $purge
520
echo "$gpg_dir/ss-keyring.gpg*" >> $purge
521
echo "$gpg_dir/trustdb.gpg" >> $purge
522
echo "$log_file_path/$log_file_name*" >> $purge
523
echo "$purge" >> "$purge"
525
# Silence rsync output and only report errors - useful if script is run via cron.
526
if [ "$rsync_silence" = "yes" ] ; then
527
rsync_output_level="-q"
530
# If the local rsync client supports the '--no-motd' flag, then enable it.
531
if rsync --help | grep 'no-motd' > /dev/null ; then
535
# If the local rsync client supports the '--contimeout' flag, then enable it.
536
if rsync --help | grep 'contimeout' > /dev/null ; then
537
contimeout="--contimeout=30"
540
# Silence curl output and only report errors - useful if script is run via cron.
541
if [ "$curl_silence" = "yes" ] ; then
542
curl_output_level="-s -S"
545
# If ClamD status check is enabled ("clamd_socket" variable is uncommented
546
# and the socket path is correctly specified in "User Edit" section above),
547
# then test to see if clamd is running or not.
548
if [ -n "$clamd_socket" ] ; then
549
if [ "`perl -e 'use IO::Socket::UNIX; print $IO::Socket::UNIX::VERSION,"\n"' 2>/dev/null`" ]
552
if [ "`perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); \
553
print $s->getline; $s->close' "$clamd_socket" 2>/dev/null`" = "PONG" ] ; then
555
comment "===================="
556
comment "= ClamD is running ="
557
comment "===================="
558
log "INFO - ClamD is running"
561
socat="`which socat 2>/dev/null`"
562
if [ -n "$socat" -a -x "$socat" ] ; then
564
if [ "`(echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null`" = "PONG" ] ; then
566
comment "===================="
567
comment "= ClamD is running ="
568
comment "===================="
569
log "INFO - ClamD is running"
573
if [ -z "$io_socket1" -a -z "$socket_cat1" ]
576
echo " --- WARNING ---"
577
echo " It appears that neither 'SOcket CAT' (socat) nor the perl module"
578
echo " 'IO::Socket::UNIX' are installed on the system. In order to run"
579
echo " the ClamD socket test to determine whether ClamD is running or"
580
echo " or not, either 'socat' or 'IO::Socket::UNIX' must be installed."
582
echo " You can silence this warning by either installing 'socat' or the"
583
echo " 'IO::Socket::UNIX' perl module, or by simply commenting out the"
584
echo " 'clamd_socket' variable in the clamav-unofficial-sigs.conf file."
585
log "WARNING - Neither socat nor IO::Socket::UNIX perl module found, cannot test whether ClamD is running"
587
if [ -z "$io_socket2" -a -z "$socket_cat2" ] ; then
589
echo " *************************"
590
echo " * !!! ALERT !!! *"
591
echo " * CLAMD IS NOT RUNNING! *"
592
echo " *************************"
594
log "ALERT - ClamD is not running"
595
if [ -n "$start_clamd" ] ; then
596
echo " Attempting to start ClamD..."
598
if [ -n "$io_socket1" ]
600
rm -f -- "$clamd_pid" "$clamd_lock" "$clamd_socket" 2>/dev/null
601
$start_clamd > /dev/null && sleep 5
602
if [ "`perl -MIO::Socket::UNIX -we '$s = IO::Socket::UNIX->new(shift); $s->print("PING"); \
603
print $s->getline; $s->close' "$clamd_socket" 2>/dev/null`" = "PONG" ]
605
echo "=================================="
606
echo "= ClamD was successfully started ="
607
echo "=================================="
608
log "NOTICE - ClamD was successfuly started"
610
echo " *************************"
611
echo " * !!! PANIC !!! *"
612
echo " * CLAMD FAILED TO START *"
613
echo " *************************"
615
echo "Check to confirm that the clamd start process defined for"
616
echo "the 'start_clamd' variable in the 'USER EDIT SECTION' is"
617
echo "set correctly for your particular distro. If it is, then"
618
echo "check your logs to determine why clamd failed to start."
620
log "CRITICAL - ClamD failed to start"
624
if [ -n "$socket_cat1" ] ; then
625
rm -f -- "$clamd_pid" "$clamd_lock" "$clamd_socket" 2>/dev/null
626
$start_clamd > /dev/null && sleep 5
627
if [ "`(echo "PING"; sleep 1;) | socat - "$clamd_socket" 2>/dev/null`" = "PONG" ]
629
echo "=================================="
630
echo "= ClamD was successfully started ="
631
echo "=================================="
632
log "NOTICE - ClamD was successfuly started"
634
echo " *************************"
635
echo " * !!! PANIC !!! *"
636
echo " * CLAMD FAILED TO START *"
637
echo " *************************"
639
echo "Check to confirm that the clamd start process defined for"
640
echo "the 'start_clamd' variable in the 'USER EDIT SECTION' is"
641
echo "set correctly for your particular distro. If it is, then"
642
echo "check your logs to determine why clamd failed to start."
644
log "CRITICAL - ClamD failed to start"
654
# Check and save current system time since epoch for time related database downloads.
655
# However, if unsuccessful, issue a warning that we cannot calculate times since epoch.
656
if [ -n "$si_dbs" -o -n "mbl_dbs" ]
658
if [ `date +%s` -gt 0 2>/dev/null ]
660
current_time=`date +%s`
662
if [ `perl -le print+time 2>/dev/null` ] ; then
663
current_time=`perl -le print+time`
668
echo " --- WARNING ---"
669
echo "The system's date function does not appear to support 'date +%s', nor was 'perl' found"
670
echo "on the system. The SecuriteInfo and MalwarePatrol updates were bypassed at this time."
672
echo "You can silence this warning by either commenting out the 'si_dbs' and 'mbl_dbs'"
673
echo "variables in the 'USER CONFIGURATION' section of the script, or by installing perl or"
674
echo "the GNU date utility, either of which can calculate the needed seconds since epoch."
675
log "WARNING - Systems does not support calculating time since epoch, SecuriteInfo and MalwarePatrol updates bypassed"
680
################################################################
681
# Check for Sanesecurity database & GPG signature file updates #
682
################################################################
683
if [ -n "$ss_dbs" ] ; then
686
comment "======================================================================"
687
comment "Sanesecurity Database & GPG Signature File Updates"
688
comment "======================================================================"
689
ss_mirror_ips=`host -T $ss_url | awk '{print $NF}'`
690
for ss_mirror_ip in $ss_mirror_ips ; do
691
ss_mirror_name=`host $ss_mirror_ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'`
692
ss_mirror_site_info="$ss_mirror_name $ss_mirror_ip"
694
comment "Sanesecurity mirror site used: $ss_mirror_site_info"
695
log "INFO - Sanesecurity mirror site used: $ss_mirror_site_info"
696
if rsync $rsync_output_level $no_motd --files-from=$ss_include_dbs -ctz $contimeout \
697
--timeout=30 --stats rsync://$ss_mirror_ip/sanesecurity $ss_dir 2>/dev/null
700
for db_file in $ss_dbs ; do
701
if ! cmp -s $ss_dir/$db_file $clam_dbs/$db_file ; then
703
comment "Testing updated Sanesecurity database file: $db_file"
704
log "INFO - Testing updated Sanesecurity database file: $db_file"
705
if ! gpg --trust-model always -q --no-default-keyring --homedir $gpg_dir --keyring $gpg_dir/ss-keyring.gpg \
706
--verify $ss_dir/$db_file.sig $ss_dir/$db_file 2>/dev/null
708
gpg --always-trust -q --no-default-keyring --homedir $gpg_dir --keyring $gpg_dir/ss-keyring.gpg \
709
--verify $ss_dir/$db_file.sig $ss_dir/$db_file 2>/dev/null
713
test "$gpg_silence" = "no" && echo "Sanesecurity GPG Signature tested good on $db_file database"
714
log "INFO - Sanesecurity GPG Signature tested good on $db_file database" ; true
716
echo "Sanesecurity GPG Signature test FAILED on $db_file database - SKIPPING"
717
log "WARNING - Sanesecurity GPG Signature test FAILED on $db_file database - SKIPPING" ; false
719
if [ "$?" = "0" ] ; then
720
if clamscan --quiet -d $ss_dir/$db_file $config_dir/scan-test.txt 2>/dev/null
722
comment "Clamscan reports Sanesecurity $db_file database integrity tested good"
723
log "INFO - Clamscan reports Sanesecurity $db_file database integrity tested good" ; true
725
echo "Clamscan reports Sanesecurity $db_file database integrity tested BAD - SKIPPING"
726
log "WARNING - Clamscan reports Sanesecurity $db_file database integrity tested BAD - SKIPPING" ; false
728
(test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
729
if rsync -cqt $ss_dir/$db_file $clam_dbs
731
perms chown $clam_user:$clam_group $clam_dbs/$db_file
732
comment "Successfully updated Sanesecurity production database file: $db_file"
733
log "INFO - Successfully updated Sanesecurity production database file: $db_file"
737
echo "Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING"
738
log "WARNING - Failed to successfully update Sanesecurity production database file: $db_file - SKIPPING"
743
if [ "$ss_update" != "1" ]
746
comment "No Sanesecurity database file updates found"
747
log "INFO - No Sanesecurity database file updates found"
753
comment "Connection to $ss_mirror_site_info failed - Trying next mirror site..."
754
log "WARNING - Connection to $ss_mirror_site_info failed - Trying next mirror site..."
757
if [ "$ss_rsync_success" != "1" ] ; then
759
echo "Access to all Sanesecurity mirror sites failed - Check for connectivity issues."
760
log "WARNING - Access to all Sanesecurity mirror sites failed - Check for connectivity issues."
764
#########################################
765
# Check for MSRBL database file updates #
766
#########################################
767
if [ -n "$msrbl_dbs" ] ; then
770
comment "======================================================================"
771
comment "MSRBL Database File Updates"
772
comment "======================================================================"
773
msrbl_mirror_ips=`host -T $msrbl_url | awk '{print $NF}'`
774
for msrbl_mirror_ip in $msrbl_mirror_ips ; do
775
msrbl_mirror_name=`host $msrbl_mirror_ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'`
776
msrbl_mirror_site_info="$msrbl_mirror_name $msrbl_mirror_ip"
778
comment "MSRBL mirror site used: $msrbl_mirror_site_info"
779
log "INFO - MSRBL mirror site used: $msrbl_mirror_site_info"
780
if rsync $rsync_output_level $no_motd --files-from=$msrbl_include_dbs -ctz --stats \
781
$contimeout --timeout=30 rsync://$msrbl_mirror_ip/msrbl $msrbl_dir 2>/dev/null
783
msrbl_rsync_success="1"
784
for db_file in $msrbl_dbs ; do
785
if ! cmp -s $msrbl_dir/$db_file $clam_dbs/$db_file ; then
787
comment "Testing updated MSRBL database file: $db_file"
788
log "INFO - Testing updated MSRBL database file: $db_file"
789
if clamscan --quiet -d $msrbl_dir/$db_file $config_dir/scan-test.txt 2>/dev/null
791
comment "Clamscan reports MSRBL $db_file database integrity tested good"
792
log "INFO - Clamscan reports MSRBL $db_file database integrity tested good" ; true
794
echo "Clamscan reports MSRBL $db_file database integrity tested BAD - SKIPPING"
795
log "WARNING - Clamscan reports MSRBL $db_file database integrity tested BAD - SKIPPING" ; false
797
(test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
798
if rsync -cqt $msrbl_dir/$db_file $clam_dbs
800
perms chown $clam_user:$clam_group $clam_dbs/$db_file
801
comment "Successfully updated MSRBL production database file: $db_file"
802
log "INFO - Successfully updated MSRBL production database file: $db_file"
806
echo "Failed to successfully update MSRBL production database file: $db_file - SKIPPING"
807
log "WARNING - Failed to successfully update MSRBL production database file: $db_file - SKIPPING"
811
if [ "$msrbl_update" != "1" ]
814
comment "No MSRBL database file updates found"
815
log "INFO - No MSRBL database file updates found"
821
comment "Connection to $msrbl_mirror_site_info failed - Trying next mirror site..."
822
log "WARNING - Connection to $msrbl_mirror_site_info failed - Trying next mirror site..."
825
if [ "$msrbl_rsync_success" != "1" ] ; then
827
echo "Access to all MSRBL mirror sites failed - Check for connectivity issues."
828
log "WARNING - Access to all MSRBL mirror sites failed - Check for connectivity issues."
832
#######################################################################
833
# Check for updated SecuriteInfo database files every set number of #
834
# hours as defined in the "USER CONFIGURATION" section of this script #
835
#######################################################################
836
if [ -n "$si_dbs" ] ; then
837
if [ -s "$config_dir/last-si-update.txt" ]
839
last_si_update=`cat $config_dir/last-si-update.txt`
845
update_interval=$(($si_update_hours * 3600))
846
time_interval=$(($current_time - $last_si_update))
847
if [ "$time_interval" -ge $(($update_interval - 600)) ]
849
echo "$current_time" > "$config_dir"/last-si-update.txt
851
comment "======================================================================"
852
comment "SecuriteInfo Database File Updates"
853
comment "======================================================================"
854
log "INFO - Checking for SecuriteInfo updates..."
855
for db_file in $si_dbs ; do
856
z_opt="" DT1="" DT2=""
857
test -s $si_dir/$db_file.gz && DT1=`ls -l $si_dir/$db_file.gz | awk '{print $6,$7}'` && z_opt="-z $si_dir/$db_file.gz"
864
comment "Checking for updated SecuriteInfo database file: $db_file"
867
if curl $curl_proxy $curl_output_level --connect-timeout 15 --max-time 60 \
868
-L -R $z_opt -o $si_dir/$db_file.gz http://$si_url/$db_file.gz
871
test -s $si_dir/$db_file.gz && DT2=`ls -l $si_dir/$db_file.gz | awk '{print $6,$7}'` && \
872
test "$DT1" != "$DT2" -o ! -s "$si_dir/$db_file" && gunzip -cdfq $si_dir/$db_file.gz > $si_dir/$db_file
873
if ! cmp -s $si_dir/$db_file $clam_dbs/$db_file ; then
875
comment "Testing updated SecuriteInfo database file: $db_file"
876
log "INFO - Testing updated SecuriteInfo database file: $db_file"
877
if clamscan --quiet -d $si_dir/$db_file $config_dir/scan-test.txt 2>/dev/null
879
comment "Clamscan reports SecuriteInfo $db_file database integrity tested good"
880
log "INFO - Clamscan reports SecuriteInfo $db_file database integrity tested good" ; true
882
echo "Clamscan reports SecuriteInfo $db_file database integrity tested BAD - SKIPPING"
883
log "WARNING - Clamscan reports SecuriteInfo $db_file database integrity tested BAD - SKIPPING" ; false
885
(test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
886
if rsync -cqt $si_dir/$db_file $clam_dbs
888
perms chown $clam_user:$clam_group $clam_dbs/$db_file
889
comment "Successfully updated SecuriteInfo production database file: $db_file"
890
log "INFO - Successfully updated SecuriteInfo production database file: $db_file"
894
echo "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING"
895
log "WARNING - Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING"
899
log "WARNING - Failed curl connection to $si_url - SKIPPED SecuriteInfo $db_file update"
901
if [ "$si_update" != "1" ] ; then
903
comment "No updated SecuriteInfo $db_file database file found"
906
if [ "$si_update" != "1" ] ; then
907
log "INFO - No SecuriteInfo database file updates found"
911
comment "======================================================================"
912
comment "SecuriteInfo Database File Updates"
913
comment "======================================================================"
915
time_remaining=$(($update_interval - $time_interval))
916
hours_left=$(($time_remaining / 3600))
917
minutes_left=$(($time_remaining % 3600 / 60))
918
comment "$si_update_hours hours have not yet elapsed since the last SecuriteInfo update check."
920
comment " --- No update check was performed at this time ---"
922
comment "Next check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
923
log "INFO - Next SecuriteInfo check will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
927
#####################################################################
928
# Download MalwarePatrol database file(s) every set number of hours #
929
# as defined in the "USER CONFIGURATION" section of this script. #
930
#####################################################################
931
if [ -n "$mbl_dbs" ] ; then
932
if [ -s "$config_dir/last-mbl-update.txt" ]
934
last_mbl_update=`cat $config_dir/last-mbl-update.txt`
939
update_interval=$(($mbl_update_hours * 3600))
940
time_interval=$(($current_time - $last_mbl_update))
941
if [ "$time_interval" -ge $(($update_interval - 600)) ]
943
echo "$current_time" > "$config_dir"/last-mbl-update.txt
944
log "INFO - Checking for MalwarePatrol updates..."
945
for db_file in $mbl_dbs ; do
946
# Delete the old MBL (mbl.db) database file if it exists and start using the newer
947
# format (mbl.ndb) database file instead.
948
test -e $clam_dbs/$db_file -o -e $clam_dbs/$db_file-bak && rm -f -- "$clam_dbs/mbl.d*"
950
comment "======================================================================"
951
comment "MalwarePatrol $db_file Database File Update"
952
comment "======================================================================"
954
if curl $curl_proxy $curl_output_level --connect-timeout 15 --max-time 60 -R \
955
-o $mbl_dir/$db_file http://$mbl_url/cgi/submit?action=list_clamav_ext
957
if ! cmp -s $mbl_dir/$db_file $clam_dbs/$db_file
960
comment "Testing updated MalwarePatrol database file: $db_file"
961
log "INFO - Testing updated database file: $db_file"
962
if clamscan --quiet -d $mbl_dir/$db_file $config_dir/scan-test.txt 2>/dev/null
964
comment "Clamscan reports MalwarePatrol $db_file database integrity tested good"
965
log "INFO - Clamscan reports MalwarePatrol $db_file database integrity tested good" ; true
967
echo "Clamscan reports MalwarePatrol $db_file database integrity tested BAD - SKIPPING"
968
log "WARNING - Clamscan reports MalwarePatrol $db_file database integrity tested BAD - SKIPPING" ; false
970
(test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
971
if rsync -cqt $mbl_dir/$db_file $clam_dbs
973
perms chown $clam_user:$clam_group $clam_dbs/$db_file
974
comment "Successfully updated MalwarePatrol production database file: $db_file"
975
log "INFO - Successfully updated MalwarePatrol production database file: $db_file"
979
echo "Failed to successfully update MalwarePatrol production database file: $db_file - SKIPPING"
980
log "WARNING - Failed to successfully update MalwarePatrol production database file: $db_file - SKIPPING"
984
comment "MalwarePatrol signature database ($db_file) did not change - skipping"
985
log "INFO - MalwarePatrol signature database ($db_file) did not change - skipping"
988
log "WARNING - Failed curl connection to $mbl_url - SKIPPED MalwarePatrol $db_file update"
993
comment "======================================================================"
994
comment "MalwarePatrol Database File Update"
995
comment "======================================================================"
997
time_remaining=$(($update_interval - $time_interval))
998
hours_left=$(($time_remaining / 3600))
999
minutes_left=$(($time_remaining % 3600 / 60))
1000
comment "$mbl_update_hours hours have not yet elapsed since the last MalwarePatrol download."
1002
comment " --- No database download was performed at this time ---"
1004
comment "Next download will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
1005
log "INFO - Next MalwarePatrol download will be performed in approximately $hours_left hour(s), $minutes_left minute(s)"
1009
###################################################
1010
# Check for user added signature database updates #
1011
###################################################
1012
if [ -n "$add_dbs" ] ; then
1014
comment "======================================================================"
1015
comment "User Added Signature Database File Update(s)"
1016
comment "======================================================================"
1018
for db_url in $add_dbs ; do
1019
base_url=`echo $db_url | cut -d "/" -f3`
1020
db_file=`basename $db_url`
1021
if [ "`echo $db_url | cut -d ":" -f1`" = "rsync" ]
1023
if ! rsync $rsync_output_level $no_motd $contimeout --timeout=30 -ctz --exclude=*.txt \
1024
--stats --exclude=*.sha256 --exclude=*.sig --exclude=*.gz $db_url $add_dir ; then
1025
echo "Failed rsync connection to $base_url - SKIPPED $db_file update"
1026
log "WARNING - Failed rsync connection to $base_url - SKIPPED $db_file update"
1029
if [ -s "$add_dir/$db_file" ] ; then
1030
z_opt="-z $add_dir/$db_file"
1031
if ! curl $curl_output_level --connect-timeout 15 --max-time 60 \
1032
-L -R $z_opt -o $add_dir/$db_file $db_url ; then
1033
echo "Failed curl connection to $base_url - SKIPPED $db_file update"
1034
log "WARNING - Failed curl connection to $base_url - SKIPPED $db_file update"
1040
for db_file in `ls $add_dir`; do
1041
if ! cmp -s $add_dir/$db_file $clam_dbs/$db_file ; then
1043
comment "Testing updated database file: $db_file"
1044
clamscan --quiet -d $add_dir/$db_file $config_dir/scan-test.txt 2>/dev/null
1047
comment "Clamscan reports $db_file database integrity tested good"
1048
log "INFO - Clamscan reports $db_file database integrity tested good" ; true
1050
echo "Clamscan reports $db_file database integrity tested BAD - SKIPPING"
1051
log "WARNING - Clamscan reports $db_file database integrity tested BAD - SKIPPING" ; false
1053
(test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
1054
if rsync -cqt $add_dir/$db_file $clam_dbs
1056
perms chown $clam_user:$clam_group $clam_dbs/$db_file
1057
comment "Successfully updated User-Added production database file: $db_file"
1058
log "INFO - Successfully updated User-Added production database file: $db_file"
1062
echo "Failed to successfully update User-Added production database file: $db_file - SKIPPING"
1063
log "WARNING - Failed to successfully update User-Added production database file: $db_file - SKIPPING"
1067
if [ "$add_update" != "1" ] ; then
1069
comment "No User-Defined database file updates found"
1070
log "INFO - No User-Defined database file updates found"
1074
# Set appropriate directory and file access permissions
1075
perms chown -R $clam_user:$clam_group "$clam_dbs"
1076
if ! find "$clam_dbs" "$work_dir" -type f -exec chmod 0644 {} + 2>/dev/null ; then
1077
if ! find "$clam_dbs" "$work_dir" -type f -print0 | xargs -0 chmod 0644 2>/dev/null ; then
1078
if ! find "$clam_dbs" "$work_dir" -type f | xargs chmod 0644 2>/dev/null ; then
1079
find "$clam_dbs" -type f -exec chmod 0644 {} \;
1080
find "$work_dir" -type f -exec chmod 0644 {} \;
1085
# Reload all clamd databases if updates detected and $reload_dbs" is
1086
# set to "yes", and neither $reload_opt nor $do_clamd_reload are null.
1087
if [ "$reload_dbs" = "yes" -a -z "$reload_opt" ]
1090
echo "********************************************************************************************"
1091
echo "* Check the script's configuration file, 'reload_dbs' enabled but no 'reload_opt' selected *"
1092
echo "********************************************************************************************"
1093
log "WARNING - Check the script's configuration file, 'reload_dbs' enabled but no 'reload_opt' selected"
1095
if [ "$reload_dbs" = "yes" -a "$do_clamd_reload" = "1" -a -n "$reload_opt" ]
1098
comment "=================================================="
1099
comment "= Update(s) detected, reloading ClamAV databases ="
1100
comment "=================================================="
1101
log "INFO - Update(s) detected, reloading ClamAV databases"
1104
if [ "$reload_dbs" = "yes" -a "$do_clamd_reload" = "2" -a -n "$reload_opt" ]
1107
comment "============================================================"
1108
comment "= Database removal(s) detected, reloading ClamAV databases ="
1109
comment "============================================================"
1110
log "INFO - Database removal(s) detected, reloading ClamAV databases"
1113
if [ "$reload_dbs" = "yes" -a -z "$do_clamd_reload" ] ; then
1115
comment "========================================================="
1116
comment "= No update(s) detected, NOT reloading ClamAV databases ="
1117
comment "========================================================="
1118
log "INFO - No update(s) detected, NOT reloading ClamAV databases"