This file contains the changes for the clamav-unofficial-sigs.sh script
written by Bill Landry (bill@inetmsg.com). The script provides a simple
way to download, test and run the third-party ClamAV signature databases
provided by Sanesecurity, MSRBL, SecuriteInfo, MalwarePatrol, and OITC.
Version 3.5.4 (updated 2009-06-25)
- Removed an unnecessary early database reload when a change was
detected by the script in the local.ign signature bypass file.
- The script was not properly handling exit status when configured
with full script output silence and database reloading was
disabled. Issue reported by Andreas Priefl.
- The script was not detecting bypass signature entry changes in
local.ign if the entry did not include the line number in the
bypass signature entry. Issue reported by Paul Enlund.
- Windows convention is to end each line of text with the carriage
return character followed by the newline character. In order to
work around this, the script now strips the CRLF from the end of
signature lines before testing for changes, modifications, or
removal of local.ign bypassed signature entries. Issue reported
by Paul Enlund.
Version 3.5.3 (updated 2009-06-04)
- Replaced 'sed -i' (in-place) 'replace/remove' code in the script
with similar perl code. It was determined that sed varies too
much between OS platforms. The differences between FBSD, Linux,
Sun, and HPUX was too problematic to rely on sed for 'in-place'
editing. Thanks to Larry Rosenman for testing the new perl code
sections on all 4 platforms listed above.
Version 3.5.2 (updated 2009-06-04)
- Renamed the cron and logrotate files, changing the "." to "-" due
the fact that some platform (such as Debian) have certain naming
restrictions on cron file names that does not allow for the use of
a "." in the file name. The documentation has also been updated.
Consider renaming your files. Issue reported by Yizhar Hurwitz.
- Added the sed "-e" (expression=script) flag to the 4 sed commands
that use the "-i" (edit in-place) in the script's "-b" (create
signature bypass) flag. Apparently without the sed "-e" flag,
FreeBSD intreprets part of the expanded variable as a command.
Issue reported by Larry Rosenman.
- Replaced a misplaced hard link with the appropriate variable in
the signature bypass section of the script. Issue reported by
Larry Rosenman.
- Added feedback in warning message regarding signature database name
misspelling as a possible issue when all rsync mirror sites fail.
- Improved the signature bypass code section that monitors hexadecimal
signature modifications and removals and keeps local.ign updated.
Version 3.5.1 (updated 2009-05-30)
- Fixed an issue with the script exiting with an error condition if
both "clamd_reload" is disabled and all script silence options are
enabled. Issue reported by Andreas Priefl.
- Fixed a /path/file statement that was pointing to a scan test file
that was used while testing the script and then inadvertently left
in the released script. Issue reported by Lukasz Czarnowski.
- Moved all third-party signature databases labeled as medium and high
risk (as defined at http://www.sanesecurity.com/clamav/databases.htm)
into comment sections in the configuration file with a pointer to the
above URL. This will require script users to consciously enable the
usage of these potentially high false-positive risk databases rather
than have them enabled by default. Requested by Steve Basford.
Version 3.5 (updated 2009-05-25)
- Added the '-m' flag that will make a hexadecimal signature database
file (*.ndb) from a clear text, ascii source file that contains one
data string entry per line that will then be converted into signature
lines in the new database file.
- Added the new INetMsg SpamDomains database to the config file.
- Updated the INSTALL, README and manual page.
Version 3.4 (updated 2009-05-22)
- Modified the '-b' (create signature bypass) flag so that the script
no longer deletes the local.ign file. The script now tracks changes
to any signature bypass entries it creates in local.ign and will
remove the signature bypass entry if either the original offending
third-party signature being bypassed has been modified or has been
removed from the third-party database.
- Updated the INSTALL, README and manual page.
Version 3.3 (updated 2009-05-19)
- Updated the MalwarePatrol URL to now use their new download link.
- Added a new '-f' flag that can now hexadecimal encode formatted
input strings containing spacing fields '{}, (), *', without
encoding the spacing fields.
- Modified the perl code that hexadecimal encodes and decodes input
strings so that they are more compact, efficient and the decoding
will not decode spacer fields containing '{}, (), *'. Thanks to
Mark Martinec for his assistence with this.
- Tightened up a few sections of the script.
- Updated the INSTALL document and manual page.
Version 3.2 (updated 2009-05-14)
- Repositioned a badly placed 'echo' command that was causing empty
cron emails to be sent even if all silence variables were set in
the config file and no error conditions existed. Issue reported
by Andreas Priefl.
- Added a '-b' switch that can be used to create a bypass signature
for local.ign in order to temporarily resolve false-positive issues
with a third-party signature. The local.ign file will automatically
be deleted once its timestame shows the last change time to be at
least 24 hours old. This is done in order to keep bypass entries
from becoming stale.
- Updated the README and INSTALL documents, and the manual page. Also
updated the cron file to point the script location to /usr/local/bin/
instead of /usr/bin/. This also matches the base path to the config
file (/usr/local/).
Version 3.1 (updated 2009-05-11)
- The script now strips all single (') and double (") quote marks
from input to the '-d' (decode) flag.
- Added the missing SecruiteInfo '*.gz' files to the list of files
to be removed from the system with the "-r" (remove) flag or when
uninstalled via a package manager. Reported by Paul Wise.
Version 3.0 (updated 2009-05-10)
- Added a couple of missing stderr redirects. Reported by Paul Wise.
- Updated the manual page and README and INSTALL documentation.
- Added cron and logrotate files to the tarball.
- Added a '-r' (remove script) flag that will allow the script user
to easily remove the script and all of its associated files and
databases and work directories from the system.
- Provided two variables that package and port maintainers can use in
order to prevent the script from removing itself with the '-r' flag
if the script was installed via a package manager like yum, apt, pkg,
etc. The script will instead provide feedback to the user about how
to uninstall the package.
- Added the ability to disable execution of "chown" (the setting of
user and group permissions on files and directories) if either the
"clam_user" or "clam_group" or both variables are commented in the
config file. Requested by Micha Lenk
- The script will now decode input from both third-party signature
names (e.g.: Sanesecurity.Junk.15248) and hexadecimal encoded strings.
- The script now supports decoding of third-party signatures that include
spacing information within the hexadecimal string (e.g.: {-50}) and
will now output the decode string with the spacing information intact.
- Added the '-e' (encode) flag that will hexadecimal encode any input
string and output a hexadecimal string that can be used in any *.ndb
type signature database.
- The script will now do a database reload if it detects that signature
databases have been removed from the configuration file and deleted
from the system. It will also report this information via cron email,
if enabled, and will also write this information to the log file, if
logging is enabled.
Version 2.8 (updated 2009-05-01)
- Added file management to the script so package/port maintainers
can easily uninstall/purge the script's installation. This
same "purge.txt" file, which can be found in the script's
'$config_dir' directory, can also be used by script users to
manually remove the script and all of its associated files.
- Added file removal to the script so that legacy databases and
backup files are completely removed from the file system if
removed or disabled in the script's configuration file. Any
legacy files that reside on the file system prior to using this
version of the script will need to be removed manually. This is
also true if migrating to this script from some other download
script, due to different file naming conventions.
- Added support for the rsync "--contimeout" flag, if the local
rsync client supports this new flag. This provides a means to
timeout a connection attempt after some time interval specified
by the flag (set to 30 seconds in the script) when an rsync server
is not responding to the connection attempt.
- Added some additional output for the script's '-g' (GPG signature
test) and '-s' (clamscan integrity test) flags which will output
flag specific feedback to the user and provide for an easy way
to copy/paste valid databases that can be tested with each flag.
- The script's '-d' (decode virus signature) flag will now also
output what database the virus signature was found in.
- If the script is run in silent mode, it now silences all rsync
error conditions and will only output error information if all
rsync mirror connection attempts fail. Therefore, when running
silent via cron, the script will not report an rsync connection
failure as long as the script was able to successfully connect
to an alternate mirror. If script logging is enabled, all rsync
connection information will still be written to the log file.
- Added support for the new Sanesecurity 'jurlbla.ndb' database.
- Added manual page written by Paul Wise <pabs@debian.org>, for the
Debian project.
Version 2.7.3 (updated 2009-04-25)
- Added error checking to GPG signature tests and will now fall-back
and retest using different parameters if an error is detected.
- Added error checking to "find" command and will now fall-back and
try several alternatives (from most favorable to least favorable)
until the command is run successfully.
- Removed the rsync "-r" (recurse into directories) flag since we
don't need it, as the script only syncs with those files that
have been specifically defined if the '--files-from' file.
- Changed the script's '-d' flag to '-i', to "Output system and
configuration information".
- The script's '-d' flag will now 'decode' ClamAV 'UNOFFICIAL'
3rd-Party signatures for viewing. The script will NOT decode
image signatures (for obvious reasons), nor ClamAV 'OFFICIAL'
signatures, due to the various signature formats.
Version 2.7.2 (update 2009-04-23)
- ***** ALERT - ALERT - ALERT - ALERT - ALERT - ALERT - ALERT *****
The script name has been changed. This has been done to facilitate
packaging and redistribution of the scripts by various OS package
and port maintainers. By renaming the script and tarball from
"unofficial-clamav-sigs" to "clamav-unofficial-sigs", the package
will show up when using package managers like yum, apt, pkg, etc.,
to install ClamAV and its supporting and complementary packages.
Please be sure to make the necessary changes to your cron jobs to
support the new script and config file names.
- Added the new Winnow (winnow_spam_complete.ndb) and Sanesecurity
(jurlbl.ndb) database files.
- Added a safety net to all "rm" commands in the script in order to
prevent script config file editing errors that could potentially
cause deletion of unintended files and/or directories. Thanks to
Mike Cappella for suggesting this.
- Modified the script's "getopts" section logic to make it more
efficient and easier to understand. Thanks to Mike Cappella for
his comments and suggestions in this area.
Version 2.7.1 (updated 2009-04-17)
- Fixed a bug in the output of the script's '-s' flag (clamscan
database integrity test), which would always erroneously output
'scam.ndb' as the database file being tested.
- Added missing 'curl_proxy' variable to the Sanesecurity GPG Key
download section.
- Added an open-source license so that OS package maintainers can
package the scripts for redistribution.
- A duplicate tarball with the version number included in the file
name is now also located in the download directory. This is done
so that package maintainers can easily determine if an update has
been released.
Version 2.7 (updated 2009-03-31)
- Added new signature database options:
winnow_malware.hdb
winnow_phish_complete.ndb
winnow_phish_complete_url.ndb
See the "unofficial-clamav-sigs.conf" file for usage information.
- Revised the email report output of the SecruiteInfo update checks.
- Minor modifications to the script's email report comments.
- Minor change to the rsync update checks (using "--files-from=FILE"
instead of "--include-from=FILE", and therefore no longer needing
to use "--exclude=PATTERN"). This also configures rsync to report
in its output the exact number of files it is checking for updates.
- Apparently there's a problem with some versions of "xargs" causing
the script to report "chmod: missing operand after `0644'" when used
with the "find" command. The script has been changed to now use
"-exec chmod 0644 {} +" instead of "xargs -0 chmod 0644", which is
hopefully more widely supported. Reported by Chris Kuhles.
- Minor update to INSTALL document to make the instructions flow more
logically. Reported by Anthony Cartmell.
Version 2.6 (updated 2009-03-25)
- The script will now try alternate rsync mirror sites if a site fails
for any reason, and will continue trying alternate mirror sites until
either successful or all mirror sites have failed. The script will
also report and log all failed attempts. This is only applicable to
Sanesecurity and MSRBL, as these are currently the only two signature
providers that use rsync and provide multiple mirror site locations.
- Changed permissions on gpg_dir from 0600 to 0700, as the execute bit
is necessary for access to this directory, with the exception being
the root account on some distros. Reported by Jernej Porenta.
- Corrected a typo in the GPG Signature verify example in the INSTALL
file. It should have been: "unofficial-clamav-sigs.sh -g filename",
not "-c". Reported by Jernej Porenta.
Version 2.5 (updated 2009-03-20)
- Changed permissions on gpg_dir from 0644 to 0600, otherwise GPG will
report: "WARNING: unsafe permissions on homedir...".
- Added "--exclude=*.gz" to the user defined "add_dbs" rsync downloads
to prevent compressed files from being downloaded from local mirrors.
Requested by Jim Lohiser.
- Added comments to the config file with recommendations for specific
shell options for different OS platforms, as well as additional path
statement instructions. This information is based off of feedback
from various script users. Suggested by Jeff Earickson.
- Updated the INSTALL document to include information about defining
the correct shell and path settings for different OS platforms.
- Updated some script comments to make them more applicable with
recent script updates.
- It's recommended that rsync version 2.6.9 or newer is used, as older
versions do not support the '--no-motd' flag. This is not an issue,
as the flag is disabled if it's not supported. However, if the
"rsync_silence" variable is not being used, the output will contain
any "message of the day" text that is presented by the rsync mirror
site being used for the update check.
- Changed "$1" to "${@:-}" in the "comment" and "log" functions in
order to prevent otherwise potentially puzzling errors. This was
recommended by Charles Seeger.
Version 2.4 (updated 2009-03-15)
- Expanded the script's '-h' help and usage information output.
- Added the following script flags:
'-d' output system & configuration information for debug purposes
'-g' gpg signature test a specific Sanesecurity database file
'-s' clamscan integrity test a specific database file
- Split the scripts RSYNC_PROXY 'PATH' and 'EXPORT' statements
onto 2 separate lines.
Version 2.3 (updated 2009-03-13)
- Broke the PATH and EXPORT statements into two separate lines.
Apparently some shells do not like "export PATH" on one line.
- Added some perl based reload options for those that want to
signal the clamd socket to do a reload after database updates
but do not have socat installed on their systems. Also added
socat and perl reload options for those running clamd with a
tcp socket versus a local unix socket.
- Modified help (-h) output and also provide better error handling.
- Updated comments and logging to better reflect script changes.
- Added comments and logging so as to provide better information
about how the script ran.
- Reconfigured GPG key handling and signature verifying. This will
hopefully resolve the issue that some have been experiencing with
GPG signature tests failing when run via cron.
- The script now does a "chmod 0644" of the $work_dir to set access
permissions to "-rw-r--r--" on all $work_dir files.
- Rearranged the clamd status tests in both unofficial-clamav-sig.sh
and clamd-status.sh scripts to run perl socket tests first, as it
has been reported that the soon to be release ClamAV version 0.95
may not respond to a socat PING with the requisite PONG on some
OSs, thereby causing the script to erroneously report clamd as not
running and attempting to restart it. It has also been reported
that adding a pause to the socat test seems to resolve the issue,
so the pause has also been added to the script, as well.
- Added the "-T" (enable TCP/IP mode) flag to the "host" lookups, as
Patrick Cernko reported that without enabling tcp mode, that the
response exceeded the maximum data that can be stored in a UDP
packet. This was causing the "host" binary to report: "Truncated,
retrying in TCP mode".
- Added "rsync_proxy" and "curl_proxy" variables so that users that
need to proxy their rsync and/or curl database downloads can now
define them in the configuration file instead of having to edit the
script itself. Requested by Fl·vio do Carmo J˙nior.
Version 2.2 (updated 2009-03-07)
- Updated logging identifications (INFO, WARNING, ALERT, CRITICAL) so
that logged events are more appropriately labeled.
- Now using "checksum" with rsync to determine whether files have been
updated instead of "timestamp/file-size", which has been shown to be
unreliable with Sanesecurity files (although this may be resolved
now). Also using "checksum" update verification with MSRBL files,
as well. Currently, all Sanesecurity and MSRBL mirror sites support
"checksum" file change testing.
- Switched from "diff" to "cmp" to check whether downloaded database
files are different then those running in production. Apparently
"cmp" is more portable across platforms then "diff". This keeps
the script from unnecessarily reloading ClamD's databases when no
file changes are detected.
- Now logging rsync and curl connection/download failures.
- Now using rsync to update files in production instead of copy/move
that was used previously. The script also no longer uses temp_dir.
- Created a variable option that allows users to add database sites.
This will also allow users that have many local servers using third
party (unofficial) signature databases to create a local mirror so
that the files can be downloaded once and all other servers update
via the local mirror. Supports rsync and all download protocols
supported by curl (see "man curl" for supported protocols).
- The script has been consolidated and tighten as unnecessary routines
have been removed and additional logic implemented to reduce size.
Version 2.1b (updated 2009-02-26)
- Changed MalwarePatrol database download from using older .db format
to the newer .ndb format.
- Check to see if the older mbl.db and mbl.db-bak files exist, and if
so, delete them at the next MalwarePatrol database download of the
newer mbl.ndb database file format.
- Added another database reload option for those that have "socat"
installed on their systems.
- If "enable_random" is enabled in the script, then the pause time
is now written to the log file.
- Minor comment and logging info cleanup.
- Updated README and INSTALL documents.
- Added a logging option to the clamd-status.sh script.
Version 2.1a (updated 2009-02-21)
- Implemented patch to create functions for silencing comments and
for logging as provided by Panagiotis Christias.
- Moved the section that tests for whether the script is being run
from the console or via cron to the top and removed the prompt
when run manually from the console. Also enabled all script
script output to screen when run manually.
- Changed MalwarePatrol URL from IP address back to www.malware.com.br
(this was an oversight leftover from testing).
- Added code to the unofficial-clamav-sigs.sh and clamd-status.sh scripts
to delete any orphaned daemon process files (pid, lock, socket) before
attempting to start ClamD after a crash.
Version 2.1 (updated 2009-02-20)
- Provided a default location for the script's configuration file.
Now the script can be run either with the "-c" flag, or without any
flag, as long as the config file resides in the /etc directory.
If you feel compelled to change the default config file location,
it is the first variable located near the top of the script file.
- Several people have requested logging capabilities. The samples
that have been provided used the OS's logging facility. I didn't
want to clutter up the "messages" or "maillog" with output from the
script, so I've instead implemented more rudimentary logging that
writes its output to a user defined log file.
- Others have requested the ability to completely silence the script's
output so that when run via cron, no emails are generated except
when an error condition has been reported. This has now been done.
- Some additional script logic corrections and code cleanup have also
been made in this update.
Version 2.0c (updated 2009-02-12)
- Separated the script into 3 files, Script, Config, & Changelog.
Now users will no longer have to update the user configuration
section of the script every time the script is updated.
- Removed the redirect of STDERR to /dev/null for the shell's
RANDOM test since it's not necessary there.
- Created a separate clamd status and restart script. The code
section still remains in unofficial-clamav-sigs.sh script, as
well, but can be disabled there if a user wants to run status
checks more often then signature database downloads.
Version 2.0b (updated 2/10/09)
- Added a "diff" test that is run prior to moving a new database file
into the clamav directory. If there is no difference between the 2
database files, then the script will report that it's testing the
updated (but unchanged) database file. Processing of the database
file will still continue so that the file timestamps stay synced.
This test was added because it's been noted that some database files
are repeatedly being download, even when nothing has changed. This
test will assist in tracking down this issue.
- Added a variable to silence the gpg output (based on a request from
Steffen Ille).
- Added a variable to silence most of the scripts text output. When
all "silence" variables are enabled, the script will only output the
database provider section headers, any error output from the GPG
Signature verification tests and Clamscan database integrity tests,
and whether updates were detected and clamd reload or not.
- Corrected some script logic errors and missing (parenthesis) around
some of the "test" command lines.
Version 2.0a (updated 2/8/09)
- Moved all SecuriteInfo *.gz files out of the clam_dbs directory and
placed them instead into the si_dirs directory. Also moved the MBL and
SecuriteInfo timestamp files (last-*-update.txt) out of the clam_dbs
directory and placed them into the config_dir (based on suggestions
from Panagiotis Christias).
- Added a variable about whether to create a backup database file before
moving an updated database file into the clam_dbs directory (based on
suggestions from Panagiotis Christias).
- Added a check to confirm that the local SecuriteInfo .gz file exists
before doing an "rsync -z" (time condition) test against the remote
rsync server's file.
- Added a check to test that the uncompressed SecuriteInfo database files
exist, are greater than zero, and are newer than the existing database
files before proceeding with further database testing and processing.
- Added a check to test that the MalwarePatrol database file exists,
is greater than zero, and is newer than the existing database file
before proceeding with further database testing and processing.
- Changed "test_dir" to "temp_dir" since we no longer test database files
in this directory. It is now only used as a temporary location for
copying files to before moving them into the clam_dbs directory.
- Database files for all unofficial database providers are now kept in
their working sub-directories. The only directory that remains empty
between updates now is the temp_dir directory.
Version 2.0 (update 2/6/09)
- Added some missing variable quotes and also added some additional
checks to confirm which database providers and database files to
update (based on suggestions from Alex Pleiner).
- Major rearrangement of the scripts layout in order to make the flow
more logical. Also consolidated some of the functions and variable
names so they could be reused in different parts of the script.
- Added a time variable to the SecuriteInfo checks so that the update
checks could be configured on an hourly or daily basis (based on
request from Bill Maidment).
- Removed use of "." to define the current directory and instead used
absolute path. This also removed the requirement for the shell to
cd into the clamav directory.
Version 1.9d (updated 2/5/09)
- Added variable "reload_dbs" to enable/disable database reloads after
a database has been updated.
- Added variable "reload_opt" to select or set how to reload the
databases after an update, if "reload_dbs" variable is set to "yes"
(based on request from Bob Hutchinson).
Version 1.9c (updated 2/4/09)
- Added missing "&&" operators to the rsync download sections of the
script (thanks to Paul Henson for catching this).
Version 1.9b (updated 2/4/09)
- Changed final directory permissions execution from "chmod 0664" to
"chmod u+Xrw" so as not to change sub-directory permissions (based
on recommendation from Daniel McDonald).
- Consolidated working directory path to a single variable to simplify
script directory location changes (based on request from Justin Davis).
- Changed clamd database reload command from "kill -USR2 `cat $clamd_pid`"
to "clamdscan --reload" (inspired by Malcolm Scott).
- Inadvertently removed a script line from the rsync download section
that saved a backup copy of the running database file before the
database was updated - it's now been re-added.
Version 1.9a (updated 2/4/09)
- Added variable to silence rsync output, as already done for curl
(based on request from Daniel McDonald).
- Changed the rsync "-a" (archive) flag to "-rt" in order to ignore
source ownership & permission settings when files are downloaded
(based on feedback from Jeff Dairiki).
Version 1.9 (updated 2/3/09) - Thanks to Jeff Dairiki & Steve Basford for
their suggestions of using "--include-from=FILE" and "--exclude=PATTERN"
with rsync to control database file downloads via a single connection.
- Rewrote Sanesecurity and MSRBL rsync sections. Now all user specified
databases will be downloaded over a single connection.
- Script output will now show which Sanesecurity and MSRBL mirror the
connection was made to.
- Script output will also show the success or failure of GPG signature
testing and clamscan database integrity testing for each updated file.
- Database files now have permissions set (chmod & chown) before they
are moved into the clamav working directory. A final check is also
still done at the end of the script, as well.
- Some variable names have changed or been removed, as well as some
directory paths added, removed, or changed to better accomodate single
rsync connection downloads, so carefully review the user configuration
section before using the script.
Version 1.8a (updated 2/1/09)
- Added Sanesecurity.ftm & Sanesecurity.ftm.sig to the Sanesecurity
rsync database downloads (this helps clamav determine the signature
type to use when scanning email files).
- Added output for GPG signature test results (reports good or bad
GPG signature test results).
- If using clamd daemon monitoring and crash restart, added a check
to see if clamd's lock file still exists after the crash and deletes
it if it does (the orphaned clamd lock file can sometimes prevent
clamd from restarting after a crash has occurred).
Version 1.8 (updated 1/21/09)
- Changed Sanesecurity downloads from using curl to rsync.
- Automatically download and import Sanesecurity GPG key to keyring.
- Automatically download, and check for updated Sanesecurity GPG
Signature files.
- Test Sanesecurity database downloads against GPG Signature files
before integrity testing databases with clamscan. If either test
fails, that database file will not be updated.
- Added and modified working directory paths to better accommodate
gpg Signature testing.
Version 1.7d (updated 10/5/08 - Thanks to Burt Heymanson for his
contribution to this update - silence curl output)
- Added 2 new Sanesecurity databases: junk.ndb & rogue.hdb.
- Added a configuration option to silence curl output to only report
errors to stderr rather than all download stats.
Version 1.7c (updated 9/25/07 - Thanks to Dennis Peterson and Jan-Perter
Cornet for the perl solution for calculating seconds since epoch)
- Added timeout values to curl and rsync downloads in order to prevent
the script from hanging on a non-responsive host site.
- Apparently Solaris does not support "date +%s", which calculates
the number of seconds since epoch. This date function is used to
calculate when to do MBL downloads. A perl solution has been added
as a fall-back option. If "date +%s" is not supported and perl is
not found on the system, the script will report a warning message
and skip MBL updates, but the script will continue processing other
third-party database updates.
Version 1.7b (updated 9/23/07)
- Changed all script "`expr ...`" interger expressions to the shell
supported "$((...))" format, which is what was being used in all
other newer sections of the script. So this change should not
pose any problems, but if it does, please let me know.
- Changed all clamscan database file tests from using /dev/null,
which was causing an access permissions issues to the temporary
directory for some users, to a direct path to a temp test file.
Version 1.7a (updated 9/10/07)
- Added secondary perl socket test to detect if clamd is running.
This test uses the 'IO::Socket::UNIX' perl module. If socat is
not found on the system, then the script will attempt to use the
perl module instead (the user will be warned if neither socat nor
IO::Socket::UNIX are found, but the script will still run updates).
- Added two new SecuriteInfo database file URLs.
- Updated comments to reflect the additional perl socket test.
Version 1.7 (updated 9/7/07)
- Added a check to see if ClamD is running or not. This can be used
if clamd is running in "LocalSocket" mode (*NOT* TCP/IP mode), and
socat is installed on the system (a check for socat is done). This
test can be enabled in the "User Edit" section below.
- Added a user configurable variable to attempt to restart clamd if
it's detected to not be running.
- Added notification when database file updates are *NOT* detected and
databases are *NOT* reloaded, rather than just when they are detected.
- Added more portable secondary randomization code, removing the
requirement to have the bash shell installed.
- Added general improvements to the time randomization code so that
the time interval does not always end with a zero.
- Added user configurable min and max variables for setting time
randomization intervals (defaults to min=60 and max=600 seconds).
- Added terminal detection to determine whether the script is being
run manually or via cron. If run manually, the script will now
prompt the user to see if they want to delay the script execution
(random) or not. If "yes" is selected, then the script will pause
and display a visual countdown in seconds until script execution.
- Added a variable that the user must set before the script will run.
This will effectively require that script users at least minimally
review the "User Edit Section" before running the script.
- Rearranged some sections, timestame placement, and updated comments.
Version 1.6 (updated 8/27/07)
- Added support for SecuriteInfo and Malware Black List
database file downloads.
- Changed the script name from ss-msrbl.sh to unofficial-sigs.sh
since there are now 4 different database providers supported.
- Since the MBL database is dynamically created and therefor
cannot be checked for change before downloading, a variable was
added so that a specific download time interval can be set (see
the "USER EDIT SECTION" below).
- Added database file download time randomization (to disable
randomization, see the "USER EDIT SECTION" below for details).
Version 1.5 (updated 8/17/07 - Thanks to Dan Larsson for his
contributions to this update)
- Added separate variable for ClamAV group ID for setting
appropriate file group access permissions.
- Added variables for database file update URLs.
- Added support for automatic reloading of databases when
updates are found.
Version 1.4 (updated 7/13/07)
- Added checks to verify that the database files exist,
and if not, do an initial download, decompress and test.
- Added variables for clamav database location path and
clamd user account (the account that clamd runs under).
- Added/modified script comments.
Version 1.3
- Added checks to either confirm the existence of the
temporary working directories or to create them.
- Changed "cp --reply=yes" to "cp -f". If this
causes problems with older versions of "cp",
you will need to change it back.
Version 1.2
- Repointed URLs for Sanesecurity downloads to
the new mirror redirect links.
Version 1.1
- Converted MSRBL downloads from curl to rsync.
Version 1.0 (initial script created).