[Pkg-clamav-commits] [SCM] packaging for clamav-unoffical-sigs branch, master, updated. debian/3.3-2-43-gcfca1cd
Paul Wise
pabs3 at bonedaddy.net
Fri Feb 11 09:37:52 UTC 2011
The following commit has been merged in the master branch:
commit db0cca883570400f75caee6bcf2fa6f28c1c8c88
Author: Paul Wise <pabs at debian.org>
Date: Fri Jan 29 18:34:01 2010 +0800
Imported Upstream version 3.7
diff --git a/CHANGELOG b/CHANGELOG
index 4342790..88cca8d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,7 +1,30 @@
This file contains the changes for the clamav-unofficial-sigs.sh script
written by Bill Landry (bill at inetmsg.com). The script provides a simple
way to download, test and run the third-party ClamAV signature databases
-provided by Sanesecurity, MSRBL, SecuriteInfo, MalwarePatrol, and OITC.
+provided by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and
+ScamNailer.
+
+Version 3.7 (updated 2010-01-23)
+ - Removed MSRBL from script as the signature files have not been
+ updated since July 2009. Script users should consider removing
+ the MSRBL signature files (MSRBL-Images.hdb & MSRBL-SPAM.ndb)
+ from their systems.
+ - Rearranged some logging lines in the SecruiteInfo section of the
+ script to resolve an issue some were having with rsyncing of files
+ into the ClamAV production directory. Issue reported by Ted S.
+ - Removed "+tcp" from the dig command as some sites are blocking
+ DNS queries over TCP Port 53. Added instead the "+ignore"
+ flag which will silence the "Truncated" warning when the DNS
+ query-response is larger than a single UDP packet can contain.
+ This is not an issue since the script initially uses the first
+ listed IP address anyway. Issue reported by Matija Nalis.
+ - Replaced "echo -ne" with "printf" when the script is run with
+ the "-m" flag, for creating a signature file. The echo "-e"
+ and in some cases "-n" flags are not universally supported by
+ all system shells. Issue reported by Paul Wise.
+ - Added new Sanesecurity distributed signature databases and updated
+ the risk ratings for all signature databases listed in the config
+ file based on info provided at www.sanesecurity.com/databases.htm.
Version 3.6 (updated 2009-08-23)
- Added "tr" to remove Windows CRLF from signatures in local.ign
diff --git a/INSTALL b/INSTALL
index 591a9c8..1b077a8 100644
--- a/INSTALL
+++ b/INSTALL
@@ -2,9 +2,9 @@
GENERAL INFORMATION:
====================
-The 2 files needed to download, update, and test third-party ClamAV database files provided
-by Sanesecurity, MSRBL, SecuriteInfo, MalwarePatrol, and OITC, are the the script itself
-(clamav-unofficial-sig.sh), and the user configuration file (clamav-unofficial-sigs.conf).
+The 2 files needed to download, test and update third-party ClamAV database files provided by
+Sanesecurity, MSRBL, SecuriteInfo, MalwarePatrol, OITC, INetMsg and ScamNailer, are the script
+itself (clamav-unofficial-sig.sh), and the user configuration file (clamav-unofficial-sigs.conf).
Since the user configuration section has been separated from the script itself, the script now
needs to reference the configuration file when run by using the "-c" flag when running the script.
diff --git a/README b/README
index 7eb6970..71d50ac 100644
--- a/README
+++ b/README
@@ -4,9 +4,7 @@ CLAMAV-UNOFFICIAL-SIGS
The clamav-unofficial-sigs.tar.gz package contains script and configuration files that
provide the capability to download, test, and update the 3rd-party signature databases
-provide by Sanesecurity (www.sanesecruity.com), MSRBL (www.msrbl.com), SecuriteInfo
-(http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml),
-MalwarePatrol (www.malware.com.br), and OITC (http://www.oitc.com/winnow/clamsigs).
+provide by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and ScamNailer.
Files contained in the clamav-unofficial-sigs.tar.gz package:
@@ -52,8 +50,8 @@ Script (clamav-unofficial-sigs.sh) features & capabilities:
if detected not running.
- Ability to control script output, which is good when run via cron.
- Ability to create a backup copy of a running database before replacing it.
-- Currently provides support for 5 different unofficial clamav database providers: Sanesecurity,
- MSRBL, SecuriteInfo, MalwarePatrol, and OITC.
+- Currently provides support for six different unofficial clamav database providers:
+ Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and ScamNailer.
- Ability to choose which database files to download and use from each provider.
- Coded to be portable across as many different OS platforms and utility versions as possible.
- Separate user configuration file, which will allow users to setup their configuration and not
diff --git a/clamav-unofficial-sigs.8 b/clamav-unofficial-sigs.8
index 49997c2..2787a52 100644
--- a/clamav-unofficial-sigs.8
+++ b/clamav-unofficial-sigs.8
@@ -1,5 +1,5 @@
.\" Manual page for clamav-unofficial-sigs.sh
-.TH clamav-unofficial-sigs 8 "August 23, 2009" "Version 3.6" "SCRIPT COMMANDS"
+.TH clamav-unofficial-sigs 8 "January 23, 2010" "Version 3.7" "SCRIPT COMMANDS"
.SH NAME
clamav-unofficial-sigs \- Download, test, and install third-party ClamAV signature databases.
.SH SYNOPSIS
diff --git a/clamav-unofficial-sigs.conf b/clamav-unofficial-sigs.conf
index ee43b9d..e0147fc 100644
--- a/clamav-unofficial-sigs.conf
+++ b/clamav-unofficial-sigs.conf
@@ -130,17 +130,21 @@ ss_dbs="
#
# USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES:
#
-# INetMsg-SpamDomains-2w.ndb : HIGH false-positive rating
-# INetMsg-SpamDomains-2m.ndb : HIGH false-positive rating
+# INetMsg-SpamDomains-2w.ndb : MEDIUM false-positive rating
+# INetMsg-SpamDomains-2m.ndb : MEDIUM false-positive rating
#
# ONE DATABASE CONTAINS THE LAST TWO WEEKS OF COLLECTED SPAM DOMAINS (2w), AND
# THE OTHER DATABASE CONTAINS THE LAST TWO MONTHS OF COLLECTED SPAM DOMAINS (2m).
#
-# jurlbla.ndb : HIGH false-positive rating
+# jurlbla.ndb : MEDIUM false-positive rating
# lott.ndb : MEDIUM false-positive rating
# spam.ldb : MEDIUM false-positive rating
# spear.ndb : MEDIUM false-positive rating
-# winnow_spam_complete.ndb : HIGH false-positive rating
+# scamnailer.ndb : MEDIUM false-positive rating
+# winnow.complex.patterns.ldb : MEDIUM false-positive rating
+# winnow_phish_complete.ndb : HIGH false-positive rating
+# winnow_phish_complete_url.ndb : MEDIUM false-positive rating
+# winnow_spam_complete.ndb : MEDIUM false-positive rating
#
# USE 'ONLY' ONE OF THE FOLLOWING TWO SIGNATURE DATABASES:
#
@@ -150,18 +154,6 @@ ss_dbs="
# ONE CONTAINS THE COMPLETE URL PATH (MEDIUM RISK), AND THE OTHER
# CONTAINS ONLY THE URL, WITHOUT THE FULL PATH (HIGH RISK).
-# =================
-# MSRBL Database(s)
-# =================
-# Add or remove database file names between quote marks as needed.
-# To disable any of the MSRBL database file downloads, remove
-# the appropriate database file name lines below. To disable
-# MSRBL database downloads, comment all of the following lines.
-msrbl_dbs="
- MSRBL-Images.hdb
- MSRBL-SPAM.ndb
-"
-
# ========================
# SecuriteInfo Database(s)
# ========================
@@ -227,7 +219,6 @@ mbl_update_hours="6" # Default is 6 hours (4 downloads daily).
work_dir="/usr/unofficial-dbs" #Top level working directory
# Sub-directory names:
ss_dir="$work_dir/ss-dbs" # Sanesecurity sub-directory
-msrbl_dir="$work_dir/msrbl-dbs" # MSRBL sub-directory
si_dir="$work_dir/si-dbs" # SecuriteInfo sub-directory
mbl_dir="$work_dir/mbl-dbs" # MalwarePatrol sub-directory
config_dir="$work_dir/configs" # Script configs sub-directory
diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
index 3aac700..afe9d87 100755
--- a/clamav-unofficial-sigs.sh
+++ b/clamav-unofficial-sigs.sh
@@ -21,7 +21,7 @@
default_config="/etc/clamav-unofficial-sigs.conf"
-version="v3.6 (updated 2009-08-23)"
+version="v3.7 (updated 2010-01-23)"
output_ver="
`basename $0` $version
"
@@ -311,7 +311,7 @@ while getopts 'bc:defg:himrs:tv' option ; do
Encodes to:
- 54686973207369676e6174757265{-10}636f6e7461696e73207365766572616c(5|6|7)666f726d61747465642073706163696e67*6669656c6473
+ 54686973207369676e6174757265{-10}636f6e7461696e73207365766572616c(25|26|27)666f726d61747465642073706163696e67*6669656c6473
Use 'full' encoding if you want to encode everything on the line [including {}, (), *] and 'formatted'
encoding if you want to encode everything on the line except the formatted character spacing fields.
@@ -356,7 +356,7 @@ while getopts 'bc:defg:himrs:tv' option ; do
else
echo "$line" | perl -pe 's/(.)/sprintf("%02lx", ord $1)/eg' | sed "s/^/$prefix\.$line_num:4:\*:/" >> "$path_file"
fi
- echo -ne "Hexadecimal encoding $source_file line: $line_num of $total\r"
+ printf "Hexadecimal encoding $source_file line: $line_num of $total\r"
line_num=$(($line_num + 1))
done
else
@@ -468,7 +468,7 @@ while getopts 'bc:defg:himrs:tv' option ; do
echo "File '$input' cannot be found."
echo "Here is a list of third-party databases that can be clamscan integrity tested:"
echo ""
- echo "Sanesecurity $ss_dbs""MSRBL $msrbl_dbs""SecuriteInfo $si_dbs""MalwarePatrol $mbl_dbs"
+ echo "Sanesecurity $ss_dbs""SecuriteInfo $si_dbs""MalwarePatrol $mbl_dbs"
echo "Check the file name and try again..."
fi
echo ""
@@ -600,7 +600,7 @@ fi
# Check to see if the working directories have been created.
# If not, create them. Otherwise, ignore and proceed with script.
-mkdir -p "$work_dir" "$ss_dir" "$msrbl_dir" "$si_dir" "$mbl_dir" "$config_dir" "$gpg_dir" "$add_dir"
+mkdir -p "$work_dir" "$ss_dir" "$si_dir" "$mbl_dir" "$config_dir" "$gpg_dir" "$add_dir"
# Set secured access permissions to the GPG directory
chmod 0700 "$gpg_dir"
@@ -683,7 +683,6 @@ fi
# Unofficial ClamAV database provider URLs
ss_url="rsync.sanesecurity.net"
-msrbl_url="rsync.mirror.msrbl.com"
si_url="clamav.securiteinfo.com"
mbl_url="www.malwarepatrol.net"
@@ -697,15 +696,6 @@ if [ -n "$ss_dbs" ] ; then
done
fi
-# Create the MSRBL rsync "include" file (defines which files to download).
-msrbl_include_dbs="$config_dir/msrbl-include-dbs.txt"
-if [ -n "$msrbl_dbs" ] ; then
- rm -f -- "$msrbl_include_dbs"
- for db_name in $msrbl_dbs ; do
- echo "$db_name" >> "$msrbl_include_dbs"
- done
-fi
-
# If rsync proxy is defined in the config file, then export it for use.
if [ -n "$rsync_proxy" ]; then
RSYNC_PROXY="$rsync_proxy"
@@ -963,7 +953,7 @@ if [ -n "$ss_dbs" ] ; then
comment "======================================================================"
comment "Sanesecurity Database & GPG Signature File Updates"
comment "======================================================================"
- ss_mirror_ips=`dig +tcp +short $ss_url`
+ ss_mirror_ips=`dig +ignore +short $ss_url`
for ss_mirror_ip in $ss_mirror_ips ; do
ss_mirror_name=`host $ss_mirror_ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'`
ss_mirror_site_info="$ss_mirror_name $ss_mirror_ip"
@@ -1072,110 +1062,6 @@ if [ -n "$ss_dbs" ] ; then
fi
fi
-#########################################
-# Check for MSRBL database file updates #
-#########################################
-if [ -n "$msrbl_dbs" ] ; then
- db_file=""
- comment ""
- comment "======================================================================"
- comment "MSRBL Database File Updates"
- comment "======================================================================"
- msrbl_mirror_ips=`dig +tcp +short $msrbl_url`
- for msrbl_mirror_ip in $msrbl_mirror_ips ; do
- msrbl_mirror_name=`host $msrbl_mirror_ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'`
- msrbl_mirror_site_info="$msrbl_mirror_name $msrbl_mirror_ip"
- comment ""
- comment "MSRBL mirror site used: $msrbl_mirror_site_info"
- log "INFO - MSRBL mirror site used: $msrbl_mirror_site_info"
- if rsync $rsync_output_level $no_motd --files-from=$msrbl_include_dbs -ctuz --stats \
- $contimeout --timeout=30 rsync://$msrbl_mirror_ip/msrbl $msrbl_dir 2>/dev/null
- then
- msrbl_rsync_success="1"
- for db_file in $msrbl_dbs ; do
- if ! cmp -s $msrbl_dir/$db_file $clam_dbs/$db_file ; then
- comment ""
- comment "Testing updated MSRBL database file: $db_file"
- log "INFO - Testing updated MSRBL database file: $db_file"
- if [ "$?" = "0" ] ; then
- db_ext=`echo $db_file | cut -d "." -f2`
- if [ -z "$ham_dir" -o "$db_ext" != "ndb" ]
- then
- if clamscan --quiet -d "$msrbl_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
- then
- comment "Clamscan reports Sanesecurity $db_file database integrity tested good"
- log "INFO - Clamscan reports Sanesecurity $db_file database integrity tested good" ; true
- else
- echo "Clamscan reports Sanesecurity $db_file database integrity tested BAD - SKIPPING"
- log "WARNING - Clamscan reports Sanesecurity $db_file database integrity tested BAD - SKIPPING" ; false
- fi && \
- (test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
- if rsync -cqt $msrbl_dir/$db_file $clam_dbs
- then
- perms chown $clam_user:$clam_group $clam_dbs/$db_file
- comment "Successfully updated MSRBL production database file: $db_file"
- log "INFO - Successfully updated MSRBL production database file: $db_file"
- msrbl_update=1
- do_clamd_reload=1
- else
- echo "Failed to successfully update MSRBL production database file: $db_file - SKIPPING"
- log "WARNING - Failed to successfully update MSRBL production database file: $db_file - SKIPPING"
- fi
- else
- grep -h -v -f "$config_dir/whitelist.hex" "$msrbl_dir/$db_file" > "$test_dir/$db_file"
- clamscan --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | \
- sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$config_dir/whitelist.txt"
- grep -h -f "$config_dir/whitelist.txt" "$test_dir/$db_file" | \
- cut -d "*" -f2 | sort | uniq >> "$config_dir/whitelist.hex"
- grep -h -v -f "$config_dir/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
- mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
- if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
- then
- comment "Clamscan reports Sanesecurity $db_file database integrity tested good"
- log "INFO - Clamscan reports Sanesecurity $db_file database integrity tested good" ; true
- else
- echo "Clamscan reports Sanesecurity $db_file database integrity tested BAD - SKIPPING"
- log "WARNING - Clamscan reports Sanesecurity $db_file database integrity tested BAD - SKIPPING" ; false
- fi && \
- (test "$keep_db_backup" = "yes" && cp -f $clam_dbs/$db_file $clam_dbs/$db_file-bak 2>/dev/null ; true) && \
- if rsync -cqt $test_dir/$db_file $clam_dbs
- then
- perms chown $clam_user:$clam_group $clam_dbs/$db_file
- comment "Successfully updated MSRBL production database file: $db_file"
- log "INFO - Successfully updated MSRBL production database file: $db_file"
- msrbl_update=1
- do_clamd_reload=1
- else
- echo "Failed to successfully update MSRBL production database file: $db_file - SKIPPING"
- log "WARNING - Failed to successfully update MSRBL production database file: $db_file - SKIPPING"
- fi
- fi
- fi
- fi
- done
- if [ "$msrbl_update" != "1" ]
- then
- comment ""
- comment "No MSRBL database file updates found"
- log "INFO - No MSRBL database file updates found"
- break
- else
- break
- fi
- else
- comment "Connection to $msrbl_mirror_site_info failed - Trying next mirror site..."
- log "WARNING - Connection to $msrbl_mirror_site_info failed - Trying next mirror site..."
- fi
- done
- if [ "$msrbl_rsync_success" != "1" ] ; then
- echo ""
- echo "Access to all MSRBL mirror sites failed - Check for connectivity issues or"
- echo "signature database name(s) misspelled in the script's configuration file."
- log "WARNING - Access to all MSRBL mirror sites failed - Check for connectivity issues or"
- log "WARNING - signature database name(s) misspelled in the script's configuration file."
- fi
-fi
-
#######################################################################
# Check for updated SecuriteInfo database files every set number of #
# hours as defined in the "USER CONFIGURATION" section of this script #
@@ -1218,12 +1104,13 @@ if [ -n "$si_dbs" ] ; then
loop="1"
test -s $si_dir/$db_file.gz && DT2=`ls -l $si_dir/$db_file.gz | awk '{print $6,$7}'` && \
test "$DT1" != "$DT2" -o ! -s "$si_dir/$db_file" && gunzip -cdfq $si_dir/$db_file.gz > $si_dir/$db_file
+
if ! cmp -s $si_dir/$db_file $clam_dbs/$db_file ; then
- comment ""
- comment "Testing updated SecuriteInfo database file: $db_file"
- log "INFO - Testing updated SecuriteInfo database file: $db_file"
if [ "$?" = "0" ] ; then
db_ext=`echo $db_file | cut -d "." -f2`
+ comment ""
+ comment "Testing updated SecuriteInfo database file: $db_file"
+ log "INFO - Testing updated SecuriteInfo database file: $db_file"
if [ -z "$ham_dir" -o "$db_ext" != "ndb" ]
then
if clamscan --quiet -d "$si_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
--
packaging for clamav-unoffical-sigs
More information about the Pkg-clamav-commits
mailing list