From 923bc293e385eb4122b2df61384f4271f9d39017 Mon Sep 17 00:00:00 2001 From: Orsiris de Jong Date: Tue, 24 May 2016 11:34:08 +0200 Subject: [PATCH 01/22] Create os conf file for atomic ClamAV repo --- config/os.centos7-atomic.conf | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 config/os.centos7-atomic.conf diff --git a/config/os.centos7-atomic.conf b/config/os.centos7-atomic.conf new file mode 100644 index 00000000..14a5a8eb --- /dev/null +++ b/config/os.centos7-atomic.conf @@ -0,0 +1,40 @@ +# This file contains os configuration settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# +# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# +################################################################################ +# SEE MASTER.CONF FOR CONFIG EXPLAINATIONS +################################################################################ +# Rename to os.conf to enable this file +################################################################################ + +# RHEL/CentOS 7, using ClamAV packages from EPEL + +clam_user="clamav" +clam_group="clamav" + +clam_dbs="/var/clamav" + +#clamd_pid="/var/run/clamd.scan/clamd.pid" + +clamd_restart_opt="systemctl restart clamd" + +clamd_socket="/tmp/clamd.sock" + +clamd_reload_opt="clamdscan --config-file=/etc/clamd.d/scan.conf --reload" + +# https://eXtremeSHOK.com ###################################################### From 0fda3240275be517d6f14b1332b301de078255db Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Tue, 24 May 2016 13:56:42 +0200 Subject: [PATCH 02/22] minor refactoring and removing of unused varibles --- .codeclimate.yml | 2 ++ clamav-unofficial-sigs.sh | 61 ++++++++++++++++++++------------------- 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/.codeclimate.yml b/.codeclimate.yml index 17cb0363..7584fc4f 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -9,6 +9,8 @@ engines: enabled: false SC2076: enabled: false + SC2086: + enabled: false fixme: enabled: true ratings: diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 54d0b16f..e60b9293 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -83,7 +83,7 @@ function xshok_create_pid_file { #pid.file # Function to check if the current running user is the root user, otherwise return false function xshok_is_root () { - if [ $(id -u) = 0 ] ; then + if [ "$(id -u)" = 0 ] ; then return 0 ; else return 1 ; #not root @@ -210,7 +210,7 @@ function xshok_pretty_echo_and_log () { #"string" "repeating" "count" "type" echo "Warning: Logging Disabled, as file not writable: $log_file_path/$log_file_name" enable_log="no" else - echo $(date "+%b %d %T") "$1" >> "$log_file_path/$log_file_name" + echo "$(date "+%b %d %T")" "$1" >> "$log_file_path/$log_file_name" fi fi } @@ -334,7 +334,7 @@ function install_man () { else BOLD="\fB" -REV="" +#REV="" NORM="\fR" manresult=$(help_and_usage "man") @@ -1158,8 +1158,8 @@ config_files=("$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user. config_version="0" do_clamd_reload="0" comment_silence="no" -enable_logging="no" -forced_updates="no" +logging_enabled="no" +force_updates="no" enable_log="no" custom_config="no" we_have_a_config="0" @@ -1180,14 +1180,14 @@ if [ -t 1 ] ; then #Set fonts ##Usage: echo "${BOLD}-a${NORM}" BOLD=$(tput bold) - REV=$(tput smso) + #REV=$(tput smso) NORM=$(tput sgr0) #Verbose force_verbose="yes" else #Null Fonts BOLD='' - REV='' + #REV='' NORM='' #silence force_verbose="no" @@ -1442,8 +1442,8 @@ fi if [ "$enable_locking" == "yes" ] ; then xshok_mkdir_ownership "$work_dir_pid" pid_file_fullpath="$work_dir_pid/clamav-unofficial-sigs.pid" - if [ -f $pid_file_fullpath ] ; then - pid_file_pid=$(cat $pid_file_fullpath) + if [ -f "$pid_file_fullpath" ] ; then + pid_file_pid=$(cat "$pid_file_fullpath") ps -p "$pid_file_pid" > /dev/null 2>&1 if [ $? -eq 0 ] ; then xshok_pretty_echo_and_log "ERROR: Only one instance can run at the same time." "=" @@ -1501,7 +1501,7 @@ fi # This scripts name and path this_script_name="$(basename "$0")" -this_script_path="$( cd $(dirname "$0") ; pwd -P )" +this_script_path="$( cd "$(dirname "$0")" ; pwd -P )" this_script_full_path="$this_script_path/$this_script_name" #set the script to 755 permissions @@ -1823,24 +1823,25 @@ fi # Create "purge.txt" file for package maintainers to support package uninstall. purge="$work_dir_work_configs/purge.txt" cp -f "$current_dbs" "$purge" -echo "$work_dir_work_configs/current-dbs.txt" >> "$purge" -echo "$work_dir_work_configs/db-changes.txt" >> "$purge" -echo "$work_dir_work_configs/last-mbl-update.txt" >> "$purge" -echo "$work_dir_work_configs/last-si-update.txt" >> "$purge" -echo "$work_dir_work_configs/local.ign" >> "$purge" -echo "$work_dir_work_configs/monitor-ign.txt" >> "$purge" -echo "$work_dir_work_configs/my-whitelist.ign2" >> "$purge" -echo "$work_dir_work_configs/tracker.txt" >> "$purge" -echo "$work_dir_work_configs/previous-dbs.txt" >> "$purge" -echo "$work_dir_work_configs/scan-test.txt" >> "$purge" -echo "$work_dir_work_configs/ss-include-dbs.txt" >> "$purge" -echo "$work_dir_work_configs/whitelist.hex" >> "$purge" -echo "$work_dir_gpg/publickey.gpg" >> "$purge" -echo "$work_dir_gpg/secring.gpg" >> "$purge" -echo "$work_dir_gpg/ss-keyring.gpg*" >> "$purge" -echo "$work_dir_gpg/trustdb.gpg" >> "$purge" -echo "$log_file_path/$log_file_name*" >> "$purge" -echo "$purge" >> "$purge" +{ echo "$work_dir_work_configs/current-dbs.txt" +echo "$work_dir_work_configs/db-changes.txt" +echo "$work_dir_work_configs/last-mbl-update.txt" +echo "$work_dir_work_configs/last-si-update.txt" +echo "$work_dir_work_configs/local.ign" +echo "$work_dir_work_configs/monitor-ign.txt" +echo "$work_dir_work_configs/my-whitelist.ign2" +echo "$work_dir_work_configs/tracker.txt" +echo "$work_dir_work_configs/previous-dbs.txt" +echo "$work_dir_work_configs/scan-test.txt" +echo "$work_dir_work_configs/ss-include-dbs.txt" +echo "$work_dir_work_configs/whitelist.hex" +echo "$work_dir_gpg/publickey.gpg" +echo "$work_dir_gpg/secring.gpg" +echo "$work_dir_gpg/ss-keyring.gpg*" +echo "$work_dir_gpg/trustdb.gpg" +echo "$log_file_path/$log_file_name*" +echo "$purge" +} >> "$purge" # Check and save current system time since epoch for time related database downloads. @@ -2417,7 +2418,6 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then restorecon "$clam_dbs/$malwarepatrol_db" fi xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db" - malwarepatrol_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING" @@ -2446,7 +2446,6 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then restorecon "$clam_dbs/$malwarepatrol_db" fi xshok_pretty_echo_and_log "Successfully updated MalwarePatrol production database file: $malwarepatrol_db" - malwarepatrol_update=1 do_clamd_reload=1 else xshok_pretty_echo_and_log "Failed to successfully update MalwarePatrol production database file: $malwarepatrol_db - SKIPPING" @@ -2871,6 +2870,8 @@ if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker. cp -f my-whitelist.ign2 "$work_dir_work_configs/my-whitelist.ign2" xshok_pretty_echo_and_log "" "=" "80" + +##TOFIX: This needs to be reworked, as the file is being read and written in the same pipeline while read -r entry ; do sig_file=$(echo "$entry" | cut -d ":" -f1) sig_full=$(echo "$entry" | cut -d ":" -f2-) From c3dc9ba081c48b3beb7267ca1ced9d19099b4817 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Thu, 30 Jun 2016 02:29:09 +0200 Subject: [PATCH 03/22] Added function xshok_control_c to intercept ctrl+c Added function xshok_cleanup to cleanup when the script is stopped --- clamav-unofficial-sigs.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index e60b9293..6442efdf 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -79,6 +79,22 @@ function xshok_create_pid_file { #pid.file xshok_pretty_echo_and_log "ERROR: Missing value for option" "=" exit 1 fi +} + +# Function to intercept ctrl+c and calls the cleanup function +function xshok_control_c () { + echo -en "\n" + xshok_pretty_echo_and_log "--------------| Exiting ... Please wait |--------------" "-" + xshok_cleanup + exit $? +} + +# cleanup function +function xshok_cleanup () { + #wait for all processes to end + wait + xshok_pretty_echo_and_log " Powered By https://eXtremeSHOK.com " "#" + return $? } # Function to check if the current running user is the root user, otherwise return false @@ -2955,7 +2971,7 @@ xshok_pretty_echo_and_log "Issue tracker : https://github.com/extremeshok/clamav check_new_version -xshok_pretty_echo_and_log " Powered By https://eXtremeSHOK.com " "#" +xshok_cleanup # And lastly we exit, Note: the exit is always on the 2nd last line exit $? From 6557ade43882688afec133bd68d0fa928fbbbd57 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Thu, 30 Jun 2016 02:30:22 +0200 Subject: [PATCH 04/22] trap the keyboard interrupt (ctrl+c) --- clamav-unofficial-sigs.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 6442efdf..eebf8bcc 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -37,6 +37,8 @@ if [ ! "$( tail -1 "$0" | head -1 | cut -c1-7 )" == "exit \$?" ] ; then exit 1 fi +# trap the keyboard interrupt (ctrl+c) +trap xshok_control_c SIGINT ################################################################################ # HELPER FUNCTIONS From 630f54ae7b83273f77bf08f89c979eac5c0a96a3 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Thu, 14 Jul 2016 19:05:45 +0200 Subject: [PATCH 05/22] Initial Solaris 11 config --- config/os.solaris11.conf | 61 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 config/os.solaris11.conf diff --git a/config/os.solaris11.conf b/config/os.solaris11.conf new file mode 100644 index 00000000..639d9505 --- /dev/null +++ b/config/os.solaris11.conf @@ -0,0 +1,61 @@ +# This file contains os configuration settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# +# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# +################################################################################ +# SEE MASTER.CONF FOR CONFIG EXPLAINATIONS +################################################################################ +# Rename to os.conf to enable this file +################################################################################ + +# +# Basic guide to Installing ClamAV on Solaris 11 +# Run in Terminal +# pkgadd -d http://get.opencsw.org/now +# /opt/csw/bin/pkgutil -U +# /opt/csw/bin/pkgutil -a clamac +# /opt/csw/bin/pkgutil -y -i clamav +# export PATH=/opt/csw/bin:$PATH +# freshclam +# Done! You can now use clamav. + +# Solaris 11 clamav via opencsw + +clam_user="clamav" + +# On some systems the clamgroup is "virusgroup" +clam_group="clamav" + +clam_dbs="/var/opt/csw/clamav/db" + +clamd_pid="/var/run/clamd.pid" + +work_dir="/var/db/clamav-unofficial-sigs" + +log_file_path="/var/log" + +clamd_restart_opt="clamdscan --reload" + +#clamd_socket="/tmp/clamd.socket" + +#gpg_bin="/usr/local/bin/gpg" + +# DEV +#/etc/opt/csw/clamd.conf +#/opt/csw/bin/clamdscan + +# https://eXtremeSHOK.com ###################################################### From aaf8ca3f0c187373749b77a62daa2997d012a13b Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 00:08:56 +0200 Subject: [PATCH 06/22] Added Solaris 11 config Under Solaris define our own which function Define grep_bin variable --- clamav-unofficial-sigs.sh | 111 ++++++++++++++++++++++---------------- config/os.solaris11.conf | 10 ++-- 2 files changed, 69 insertions(+), 52 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index eebf8bcc..3ab7b88f 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -538,9 +538,9 @@ function decode_third_party_signature_by_signature_name () { echo "in the signature name nor add quote marks to any input string):" read -r input input=$(echo "$input" | tr -d "'" | tr -d '"') - if echo "$input" | grep "\." > /dev/null ; then + if echo "$input" | $grep_bin "\." > /dev/null ; then cd "$clam_dbs" || exit - sig=$(grep "$input:" ./*.ndb) + sig=$($grep_bin "$input:" ./*.ndb) if [ -n "$sig" ] ; then db_file=$(echo "$sig" | cut -d ':' -f1) echo "$input found in: $db_file" @@ -879,7 +879,7 @@ function output_signatures_triggered_during_ham_directory_scan () { if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then echo "The following third-party signatures triggered hits during the HAM Directory scan:" - grep -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f1 + $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d ":" -f1 else echo "No third-party signatures have triggered hits during the HAM Directory scan." fi @@ -899,10 +899,10 @@ function add_signature_whitelist_entry () { if [ -n "$input" ] ; then cd "$clam_dbs" || exit input=$(echo "$input" | tr -d "'" | tr -d '"') - sig_full=$(grep -H "$input" ./*.*db) + sig_full=$($grep_bin -H "$input" ./*.*db) sig_name=$(echo "$sig_full" | cut -d ":" -f2) if [ -n "$sig_name" ] ; then - if ! grep "$sig_name" my-whitelist.ign2 > /dev/null 2>&1 ; then + if ! $grep_bin "$sig_name" my-whitelist.ign2 > /dev/null 2>&1 ; then cp -f my-whitelist.ign2 "$work_dir_work_configs" 2>/dev/null echo "$sig_name" >> "$work_dir_work_configs/my-whitelist.ign2" echo "$sig_full" >> "$work_dir_work_configs/tracker.txt" @@ -1066,9 +1066,9 @@ function check_clamav () { #function to check for a new version function check_new_version () { if [ "$wget_bin" != "" ] ; then - latest_version="$($wget_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O - 2> /dev/null | grep "script""_version=" | cut -d\" -f2)" + latest_version="$($wget_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O - 2> /dev/null | $grep_bin "script""_version=" | cut -d\" -f2)" else - latest_version="$($curl_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh 2> /dev/null | grep "script""_version=" | cut -d\" -f2)" + latest_version="$($curl_bin https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh 2> /dev/null | $grep_bin "script""_version=" | cut -d\" -f2)" fi if [ "$latest_version" ] ; then if [ ! "$latest_version" == "$script_version" ] ; then @@ -1163,8 +1163,8 @@ EOF ################################################################################ #Script Info -script_version="5.3.2" -script_version_date="24 May 2016" +script_version="5.4" +script_version_date="14 July 2016" minimum_required_config_version="65" minimum_yara_clamav_version="0.99" @@ -1182,6 +1182,15 @@ enable_log="no" custom_config="no" we_have_a_config="0" +## Solaris which function returns garbage when the program is not found +## only define the new which function if running under Solaris +if [ "$(uname -s)" = "SunOS" ] ; then + which () { + # use the switch -p to ignore ksh internal commands + ksh whence -p $* + } +fi + #Default Binaries & Commands clamd_reload_opt="clamdscan --reload" uname_bin=$(which uname) @@ -1191,7 +1200,16 @@ wget_bin=$(which wget) if [ "$wget_bin" == "" ] ; then curl_bin=$(which curl) fi +#detect supprot for gnu grep +if [ -x /usr/gnu/bin/grep ] ; then + grep_bin="/usr/gnu/bin/grep" +else + grep_bin=$(which grep) +fi gpg_bin=$(which gpg) +if [ "$gpg_bin" == "" ] ; then + gpg_bin=$(which gpg2) +fi #Detect if terminal if [ -t 1 ] ; then @@ -1276,7 +1294,9 @@ for config_file in "${config_files[@]}" ; do # delete from '# ' to end of the line # delete both trailing and leading whitespace # delete all empty lines - clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file") + # delete all trailing comments which dont get removed on solaris + # delete all trailing whitespace + clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' -e '/^[[:blank:]]*#/d;s/#.*//' -e 's/ *$//g' "$config_file") ### config error checking # check "" are an even number @@ -1287,7 +1307,8 @@ for config_file in "${config_files[@]}" ; do fi # check there is an = for every set of "" #optional whitespace \s* between = and " - config_check_vars=$(echo "$clean_config" | grep -o '=\s*\"' -c ) + config_check_vars=$(echo "$clean_config" | $grep_bin -c '=\s*\"' ) + if [ $(( ${#config_check} / 2)) -ne "$config_check_vars" ] ; then xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" "=" exit 1 @@ -1490,12 +1511,12 @@ else fi # If the local rsync client supports the '--no-motd' flag, then enable it. -if $rsync_bin --help | grep 'no-motd' > /dev/null ; then +if $rsync_bin --help | $grep_bin 'no-motd' > /dev/null ; then no_motd="--no-motd" fi # If the local rsync client supports the '--contimeout' flag, then enable it. -if $rsync_bin --help | grep 'contimeout' > /dev/null ; then +if $rsync_bin --help | $grep_bin 'contimeout' > /dev/null ; then connect_timeout="--contimeout=$rsync_connect_timeout" fi @@ -1642,11 +1663,11 @@ if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then xshok_mkdir_ownership "$test_dir" cp -f "$work_dir"/*/*.ndb "$test_dir" $clamscan_bin --infected --no-summary -d "$test_dir" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' >> "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir"/* | cut -d "*" -f2 | sort | uniq > "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir"/* | cut -d "*" -f2 | sort | uniq > "$work_dir_work_configs/whitelist.hex" cd "$test_dir" || exit for db_file in * ; do [[ -e $db_file ]] || break # handle the case of no files - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$db_file" > "$db_file-tmp" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$db_file" > "$db_file-tmp" mv -f "$db_file-tmp" "$db_file" if $clamscan_bin --quiet -d "$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then if $rsync_bin -pcqt "$db_file" "$clam_dbs" ; then @@ -1796,7 +1817,7 @@ fi if [ "$yararulesproject_enabled" == "yes" ] ; then if [ -n "$yararulesproject_dbs" ] ; then for db in $yararulesproject_dbs ; do - if echo "$db" | grep -q "/"; then + if echo "$db" | $grep_bin -q "/"; then db=$(echo "$db" | cut -d"/" -f2) fi echo "$work_dir_yararulesproject/$db" >> "$current_tmp" @@ -1826,9 +1847,9 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ ! -s "$previous_dbs" ] ; then cp -f "$current_dbs" "$previous_dbs" 2>/dev/null fi - diff "$current_dbs" "$previous_dbs" 2>/dev/null | grep '>' | awk '{print $2}' > "$db_changes" + diff "$current_dbs" "$previous_dbs" 2>/dev/null | $grep_bin '>' | awk '{print $2}' > "$db_changes" if [ -r "$db_changes" ] ; then - if grep -vq "bak" "$db_changes" 2>/dev/null ; then + if $grep_bin -vq "bak" "$db_changes" 2>/dev/null ; then do_clamd_reload=2 fi while read -r file ; do @@ -1960,10 +1981,10 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then false fi else - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_sanesecurity/$db_file" > "$test_dir/$db_file" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_sanesecurity/$db_file" > "$test_dir/$db_file" $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then xshok_pretty_echo_and_log "Clamscan reports Sanesecurity $db_file database integrity tested good" @@ -2106,10 +2127,10 @@ if [ "$securiteinfo_enabled" == "yes" ] ; then xshok_pretty_echo_and_log "Failed to successfully update SecuriteInfo production database file: $db_file - SKIPPING" fi else - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_securiteinfo/$db_file" > "$test_dir/$db_file" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_securiteinfo/$db_file" > "$test_dir/$db_file" $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null then @@ -2252,10 +2273,10 @@ if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then xshok_pretty_echo_and_log "Failed to successfully update linuxmalwaredetect production database file: $db_file - SKIPPING" fi else - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_linuxmalwaredetect/$db_file" > "$test_dir/$db_file" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_linuxmalwaredetect/$db_file" > "$test_dir/$db_file" $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then xshok_pretty_echo_and_log "Clamscan reports linuxmalwaredetect $db_file database integrity tested good" @@ -2442,10 +2463,10 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then fi ;; # The strange case when $? != 0 in the original 2) - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_malwarepatrol/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_malwarepatrol/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db" $clamscan_bin --infected --no-summary -d "$test_dir/$malwarepatrol_db" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$malwarepatrol_db" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db-tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$malwarepatrol_db" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$malwarepatrol_db" > "$test_dir/$malwarepatrol_db-tmp" mv -f "$test_dir/$malwarepatrol_db-tmp" "$test_dir/$malwarepatrol_db" if $clamscan_bin --quiet -d "$test_dir/$malwarepatrol_db" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then xshok_pretty_echo_and_log "Clamscan reports MalwarePatrol $malwarepatrol_db database integrity tested good" @@ -2531,7 +2552,7 @@ if [ "$yararulesproject_enabled" == "yes" ] ; then xshok_pretty_echo_and_log "Checking for yararulesproject updates..." yararulesproject_updates="0" for db_file in $yararulesproject_dbs ; do - if echo "$db_file" | grep -q "/"; then + if echo "$db_file" | $grep_bin -q "/"; then yr_dir="/"$(echo "$db_file" | cut -d"/" -f1) db_file=$(echo "$db_file" | cut -d"/" -f2) else yr_dir="" @@ -2582,10 +2603,10 @@ if [ "$yararulesproject_enabled" == "yes" ] ; then xshok_pretty_echo_and_log "Failed to successfully update yararulesproject production database file: $db_file - SKIPPING" fi else - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_yararulesproject/$db_file" > "$test_dir/$db_file" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_yararulesproject/$db_file" > "$test_dir/$db_file" $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then xshok_pretty_echo_and_log "Clamscan reports yararulesproject $db_file database integrity tested good" @@ -2641,7 +2662,7 @@ else if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled yararulesproject Database files" for db_file in $yararulesproject_dbs ; do - if echo "$db_file" | grep -q "/"; then + if echo "$db_file" | $grep_bin -q "/"; then db_file=$(echo "$db_file" | cut -d"/" -f2) fi if [ -r "$work_dir_yararulesproject/$db_file" ] ; then @@ -2683,7 +2704,7 @@ if [ "$additional_enabled" == "yes" ] ; then additional_updates="0" for db_url in $additional_dbs ; do # left for future dir manipulation - # if echo "$db_file" | grep -q "/"; then + # if echo "$db_file" | $grep_bin -q "/"; then # add_dir="/"$(echo "$db_file" | cut -d"/" -f1) # db_file=$(echo "$db_file" | cut -d"/" -f2) # else @@ -2745,10 +2766,10 @@ if [ "$additional_enabled" == "yes" ] ; then xshok_pretty_echo_and_log "Failed to successfully update additional production database file: $db_file - SKIPPING" fi else - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_add/$db_file" > "$test_dir/$db_file" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$work_dir_add/$db_file" > "$test_dir/$db_file" $clamscan_bin --infected --no-summary -d "$test_dir/$db_file" "$ham_dir"/* | command sed 's/\.UNOFFICIAL FOUND//' | awk '{print $NF}' > "$work_dir_work_configs/whitelist.txt" - grep -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" - grep -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.txt" "$test_dir/$db_file" | cut -d "*" -f2 | sort | uniq >> "$work_dir_work_configs/whitelist.hex" + $grep_bin -h -v -f "$work_dir_work_configs/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp" mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file" if $clamscan_bin --quiet -d "$test_dir/$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then xshok_pretty_echo_and_log "Clamscan reports additional $db_file database integrity tested good" @@ -2804,7 +2825,7 @@ else if [ "$remove_disabled_databases" == "yes" ] ; then xshok_pretty_echo_and_log "Removing disabled additional Database files" for db_file in $additional_dbs ; do - if echo "$db_file" | grep -q "/"; then + if echo "$db_file" | $grep_bin -q "/"; then db_file=$(echo "$db_file" | cut -d"/" -f2) fi if [ -r "$work_dir_add/$db_file" ] ; then @@ -2836,10 +2857,10 @@ if [ -r "$clam_dbs/local.ign" ] && [ -s "$work_dir_work_configs/monitor-ign.txt" sig_file=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $1}') sig_hex=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $NF}') sig_name_old=$(echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}') - sig_ign_old=$(grep ":$sig_name_old" "$work_dir_work_configs/local.ign") + sig_ign_old=$($grep_bin ":$sig_name_old" "$work_dir_work_configs/local.ign") sig_old=$(echo "$entry" | tr -d "\r" | cut -d ":" -f3-) - sig_new=$(grep -hwF ":$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null) - sig_mon_new=$(grep -HwF -n ":$sig_hex" "$sig_file" | tr -d "\r") + sig_new=$($grep_bin -hwF ":$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null) + sig_mon_new=$($grep_bin -HwF -n ":$sig_hex" "$sig_file" | tr -d "\r") if [ -n "$sig_new" ] ; then if [ "$sig_old" != "$sig_new" ] || [ "$entry" != "$sig_mon_new" ] ; then sig_name_new=$(echo "$sig_new" | tr -d "\r" | awk -F ":" '{print $1}') @@ -2894,7 +2915,7 @@ if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker. sig_file=$(echo "$entry" | cut -d ":" -f1) sig_full=$(echo "$entry" | cut -d ":" -f2-) sig_name=$(echo "$entry" | cut -d ":" -f2) - if ! grep -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then + if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then perl -i -ne "print unless /$sig_name$/" "$work_dir_work_configs/my-whitelist.ign2" perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker.txt" @@ -2931,7 +2952,7 @@ fi # Check for non-matching whitelist.hex signatures and remove them from the whitelist file (signature modified or removed). if [ -n "$ham_dir" ] ; then if [ -r "$work_dir_work_configs/whitelist.hex" ] ; then - grep -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f2 | tr -d "\r" | sort | uniq > "$work_dir_work_configs/whitelist.tmp" + $grep_bin -h -f "$work_dir_work_configs/whitelist.hex" "$work_dir"/*/*.ndb | cut -d "*" -f2 | tr -d "\r" | sort | uniq > "$work_dir_work_configs/whitelist.tmp" mv -f "$work_dir_work_configs/whitelist.tmp" "$work_dir_work_configs/whitelist.hex" rm -f "$work_dir_work_configs/whitelist.txt" rm -f "$test_dir"/*.* diff --git a/config/os.solaris11.conf b/config/os.solaris11.conf index 639d9505..c885f0ed 100644 --- a/config/os.solaris11.conf +++ b/config/os.solaris11.conf @@ -48,14 +48,10 @@ work_dir="/var/db/clamav-unofficial-sigs" log_file_path="/var/log" -clamd_restart_opt="clamdscan --reload" +clamd_restart_opt="/opt/csw/bin/clamdscan --reload" -#clamd_socket="/tmp/clamd.socket" - -#gpg_bin="/usr/local/bin/gpg" +clamscan_bin="/opt/csw/bin/clamscan" -# DEV -#/etc/opt/csw/clamd.conf -#/opt/csw/bin/clamdscan +#clamd_socket="/tmp/clamd.socket" # https://eXtremeSHOK.com ###################################################### From e7797e460ca2907baffcfb13345019a018986788 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 03:20:38 +0200 Subject: [PATCH 07/22] finalize solaris 11 --- config/os.solaris11.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/os.solaris11.conf b/config/os.solaris11.conf index c885f0ed..9eb9cd8a 100644 --- a/config/os.solaris11.conf +++ b/config/os.solaris11.conf @@ -27,13 +27,13 @@ # Run in Terminal # pkgadd -d http://get.opencsw.org/now # /opt/csw/bin/pkgutil -U -# /opt/csw/bin/pkgutil -a clamac +# /opt/csw/bin/pkgutil -a clamav # /opt/csw/bin/pkgutil -y -i clamav -# export PATH=/opt/csw/bin:$PATH -# freshclam +# /opt/csw/bin/freshclam # Done! You can now use clamav. +# optional: # export PATH=/opt/csw/bin:$PATH -# Solaris 11 clamav via opencsw +# Solaris 11 (SunOS 5.11) clamav via opencsw clam_user="clamav" From 6afbd169be4f25ca4269c7e549549f74df56859d Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 03:21:15 +0200 Subject: [PATCH 08/22] fixes for SunOS (aka solaris 10 & 11) --- clamav-unofficial-sigs.sh | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 3ab7b88f..5b59668b 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -101,10 +101,16 @@ function xshok_cleanup () { # Function to check if the current running user is the root user, otherwise return false function xshok_is_root () { - if [ "$(id -u)" = 0 ] ; then - return 0 ; + if [ "$(uname -s)" = "SunOS" ] ; then + id_bin="/usr/xpg4/bin/id" else - return 1 ; #not root + id_bin="$(which id)" + fi + if [ "$($id_bin -u)" = 0 ] ; then + return 0 ; + else + return 1 ; #not root + fi fi } @@ -156,11 +162,16 @@ function xshok_mkdir_ownership () { #"path" # xshok_is_subdir "username" && echo "user found" || echo "no" # xshok_is_subdir "username" "groupname" && echo "user and group found" || echo "no" function xshok_user_group_exists () { #"username" "groupname" + if [ "$(uname -s)" = "SunOS" ] ; then + id_bin="/usr/xpg4/bin/id" + else + id_bin="$(which id)" + fi if [ "$1" ] ; then - id -u "$1" > /dev/null 2>&1 + $id_bin -u "$1" > /dev/null 2>&1 if [ $? -eq 0 ]; then if [ "$2" ] ; then - id -g "$2" > /dev/null 2>&1 + $id_bin -g "$2" > /dev/null 2>&1 if [ $? -eq 0 ]; then return 0 ; #user and group exists else @@ -1882,13 +1893,14 @@ echo "$log_file_path/$log_file_name*" echo "$purge" } >> "$purge" - # Check and save current system time since epoch for time related database downloads. # However, if unsuccessful, issue a warning that we cannot calculate times since epoch. if [ -n "$securiteinfo_dbs" ] || [ -n "$malwarepatrol_db" ] ; then - current_time=$(date "+%s" 2>/dev/null) + current_time=$(date "+%s" 2> /dev/null) + current_time="${current_time//[^0-9]/}" + current_time="$((current_time + 0))" if [ "$current_time" -le 0 ] ; then - current_time=$(perl -le print+time 2>/dev/null) + current_time=$(perl -le print+time 2> /dev/null) fi if [ "$current_time" -le 0 ] ; then xshok_pretty_echo_and_log "WARNING: No support for 'date +%s' or 'perl' was not found , SecuriteInfo and MalwarePatrol updates bypassed" "=" From 4630b8550a2ff073ac35875e821fde60c1b352c5 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 03:21:39 +0200 Subject: [PATCH 09/22] solaris 10 config --- config/os.solaris10.conf | 56 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 config/os.solaris10.conf diff --git a/config/os.solaris10.conf b/config/os.solaris10.conf new file mode 100644 index 00000000..fdbfcf01 --- /dev/null +++ b/config/os.solaris10.conf @@ -0,0 +1,56 @@ +# This file contains os configuration settings for clamav-unofficial-sigs.sh +################### +# This is property of eXtremeSHOK.com +# You are free to use, modify and distribute, however you may not remove this notice. +# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com +################## +# +# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs +# +# Originially based on: +# Script provide by Bill Landry (unofficialsigs@gmail.com). +# +# License: BSD (Berkeley Software Distribution) +# +################## +# +# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG +# +################################################################################ +# SEE MASTER.CONF FOR CONFIG EXPLAINATIONS +################################################################################ +# Rename to os.conf to enable this file +################################################################################ + +# +# Basic guide to Installing ClamAV on Solaris 10 +# Run in Terminal +# pkgadd -d http://get.opencsw.org/now +# /opt/csw/bin/pkgutil -U +# /opt/csw/bin/pkgutil -a clamav +# /opt/csw/bin/pkgutil -y -i clamav +# /opt/csw/bin/freshclam +# Done! You can now use clamav. + +# Solaris 10 (SunOS 5.10) clamav via opencsw + +clam_user="clamav" + +# On some systems the clamgroup is "virusgroup" +clam_group="clamav" + +clam_dbs="/var/opt/csw/clamav/db" + +clamd_pid="/var/run/clamd.pid" + +work_dir="/var/db/clamav-unofficial-sigs" + +log_file_path="/var/log" + +clamd_restart_opt="/opt/csw/bin/clamdscan --reload" + +clamscan_bin="/opt/csw/bin/clamscan" + +#clamd_socket="/tmp/clamd.socket" + +# https://eXtremeSHOK.com ###################################################### From 839add6d88766cfb05d480aaa0b413496e19fb6c Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 03:23:10 +0200 Subject: [PATCH 10/22] Remove extra if --- clamav-unofficial-sigs.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 5b59668b..51085948 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -107,11 +107,10 @@ function xshok_is_root () { id_bin="$(which id)" fi if [ "$($id_bin -u)" = 0 ] ; then - return 0 ; - else - return 1 ; #not root - fi - fi + return 0 ; + else + return 1 ; #not root + fi } # Function to check if its a file, otherwise return false From 37b9264536b2e9150fc92522c2c10a130327b51c Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 04:00:59 +0200 Subject: [PATCH 11/22] todo sunos sed command: line:1306 --- clamav-unofficial-sigs.sh | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 51085948..f1ed9a8a 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1299,15 +1299,24 @@ for config_file in "${config_files[@]}" ; do #config stripping xshok_pretty_echo_and_log "Loading config: $config_file" "=" - # delete lines beginning with # - # delete from ' #' to end of the line - # delete from '# ' to end of the line - # delete both trailing and leading whitespace - # delete all empty lines - # delete all trailing comments which dont get removed on solaris - # delete all trailing whitespace - clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' -e '/^[[:blank:]]*#/d;s/#.*//' -e 's/ *$//g' "$config_file") + + if [ "$(uname -s)" = "SunOS" ] ; then + #Solaris FIXES only + clean_confi=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' -e '/^[[:blank:]]*#/d;s/#.*//' -e 's/*$//g' "$config_file") + echo "NEED TO FIX" + exit + else + # delete lines beginning with # + # delete from ' #' to end of the line + # delete from '# ' to end of the line + # delete both trailing and leading whitespace + # delete all trailing comments which dont get removed on solaris + # delete all trailing whitespace + # delete all empty lines + clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file") + fi + ### config error checking # check "" are an even number config_check="${clean_config//[^\"]}" @@ -1324,9 +1333,12 @@ for config_file in "${config_files[@]}" ; do exit 1 fi + echo "$clean_config" >> /tmp/clean_config + #config loading for i in "${clean_config[@]}" ; do - eval $(echo "${i}" | command sed -e 's/[[:space:]]*$//') + eval $(echo "${i}" | command sed -e 's/[[:space:]]*$//' 2> /dev/null) + #eval $(echo "${i}" 2> /dev/null) done fi done From 52550ac9a92ab990aab7f2b5468f94a86cbb53f5 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 13:01:25 +0200 Subject: [PATCH 12/22] Full support for solaris 10 --- clamav-unofficial-sigs.sh | 28 +++++++++++++++++++--------- config/os.solaris10.conf | 3 ++- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index f1ed9a8a..72c1a0ff 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1206,7 +1206,12 @@ clamd_reload_opt="clamdscan --reload" uname_bin=$(which uname) clamscan_bin=$(which clamscan) rsync_bin=$(which rsync) -wget_bin=$(which wget) +#detect support for wget +if [ -x /usr/sfw/bin/wget ] ; then + wget_bin="/usr/sfw/bin/wget" +else + wget_bin=$(which wget) +fi if [ "$wget_bin" == "" ] ; then curl_bin=$(which curl) fi @@ -1216,7 +1221,11 @@ if [ -x /usr/gnu/bin/grep ] ; then else grep_bin=$(which grep) fi -gpg_bin=$(which gpg) +if [ -x /opt/csw/bin/gpg ] ; then + gpg_bin="/opt/csw/bin/gpg" +else + gpg_bin=$(which gpg) +fi if [ "$gpg_bin" == "" ] ; then gpg_bin=$(which gpg2) fi @@ -1302,16 +1311,17 @@ for config_file in "${config_files[@]}" ; do if [ "$(uname -s)" = "SunOS" ] ; then - #Solaris FIXES only - clean_confi=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' -e '/^[[:blank:]]*#/d;s/#.*//' -e 's/*$//g' "$config_file") - echo "NEED TO FIX" - exit + #Solaris FIXES only, i had issues with running with a single command.. + clean_config=$(command sed -e '/^#.*/d' "$config_file") # comment line + clean_config=$(echo "$clean_config" | sed -e 's/#[[:space:]].*//') # comment line (duplicated) + clean_config=$(echo "$clean_config" | sed -e '/^[[:blank:]]*#/d;s/#.*//') #comments at end of line + clean_config=$(echo "$clean_config" | sed -e 's/^[ \t]*//;s/[ \t]*$//') #trailing and leading whitespace + clean_config=$(echo "$clean_config" | sed -e '/^\s*$/d') #blank lines else # delete lines beginning with # # delete from ' #' to end of the line # delete from '# ' to end of the line # delete both trailing and leading whitespace - # delete all trailing comments which dont get removed on solaris # delete all trailing whitespace # delete all empty lines clean_config=$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file") @@ -1333,8 +1343,6 @@ for config_file in "${config_files[@]}" ; do exit 1 fi - echo "$clean_config" >> /tmp/clean_config - #config loading for i in "${clean_config[@]}" ; do eval $(echo "${i}" | command sed -e 's/[[:space:]]*$//' 2> /dev/null) @@ -1343,6 +1351,8 @@ for config_file in "${config_files[@]}" ; do fi done + + # Assign the log_file_path earlier and remove trailing / (removes / and //) log_file_path=$(echo "$log_file_path" | sed 's:/*$::') #Only start logging once all the configs have been loaded diff --git a/config/os.solaris10.conf b/config/os.solaris10.conf index fdbfcf01..b877d40a 100644 --- a/config/os.solaris10.conf +++ b/config/os.solaris10.conf @@ -23,13 +23,14 @@ ################################################################################ # -# Basic guide to Installing ClamAV on Solaris 10 +# Basic guide to Installing ClamAV on Solaris 10 with gnugp # Run in Terminal # pkgadd -d http://get.opencsw.org/now # /opt/csw/bin/pkgutil -U # /opt/csw/bin/pkgutil -a clamav # /opt/csw/bin/pkgutil -y -i clamav # /opt/csw/bin/freshclam +# /opt/csw/bin/pkgutil -y -i gnupg # Done! You can now use clamav. # Solaris 10 (SunOS 5.10) clamav via opencsw From d5a31abe5c65dd5df387554627ed0bcce449601b Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 13:49:00 +0200 Subject: [PATCH 13/22] Removed CRDF signatures as per Sanesecurity #124 --- config/master.conf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/config/master.conf b/config/master.conf index 21db3484..4ad04df9 100644 --- a/config/master.conf +++ b/config/master.conf @@ -242,10 +242,6 @@ bofhland_malware_attach.hdb|LOW # Malware Hashes #LOW hackingteam.hsb|LOW # Hacking Team hashes -### CRDF https://threatcenter.crdf.fr/ -# LOW -crdfam.clamav.hdb|LOW # List of new threats detected by CRDF Anti Malware - ### Porcupine # LOW porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures From d330071b59d34fa9374231c953ed0f0f134273bb Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 14:14:50 +0200 Subject: [PATCH 14/22] Prepare for 5.4 --- README.md | 17 ++++++++++++++++- clamav-unofficial-sigs.sh | 2 +- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 19acae36..42b30ab5 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,9 @@ Please post them on the issue tracker : https://github.com/extremeshok/clamav-un * rsync: TCP port 873 * wget/curl : TCP port 443 +### Supported Operating Systems +Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS) and derivative systems + ### Quick Install Guide * Download the files to /tmp/ * Copy clamav-unofficial-sigs.sh to /usr/local/bin/ @@ -96,7 +99,19 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje ## Change Log -### Version 5.3.2 (updated 2016-05-24) +### Version 5.4 (updated 2016-06-15) + - eXtremeSHOK.com Maintenance + - Added Solaris 10 and 11 configs + - When under Solaris we define our own which function + - Define grep_bin variable, use gnu grep on sun os + - Fallback to gpg2 if gpg not found, + - Added support for csw gnupg on solaris + - Trap the keyboard interrupt (ctrl+c) and gracefully exit + - Added CentOS 7 Atomic config @deajan + - Minor refactoring and removing of unused variables + - Removed CRDF signatures as per Sanesecurity #124 + +### Version 5.3.2 - eXtremeSHOK.com Maintenance - Bug Fix: Additional Databases not downloading - Added sanesecurity_update_hours option to limit updating to once every 2 hours diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 72c1a0ff..4d003020 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1174,7 +1174,7 @@ EOF #Script Info script_version="5.4" -script_version_date="14 July 2016" +script_version_date="15 July 2016" minimum_required_config_version="65" minimum_yara_clamav_version="0.99" From 63fbf3ed6e9b26786d5065f664c8e154ef0bd5ff Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 14:20:46 +0200 Subject: [PATCH 15/22] fix for additional rsync databases --- clamav-unofficial-sigs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 4d003020..a59a6b88 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -2753,7 +2753,7 @@ if [ "$additional_enabled" == "yes" ] ; then additional_db_update="0" if [ "$(echo "$db_url" | cut -d ":" -f1)" = "rsync" ] ; then - $rsync_bin $rsync_output_level $no_motd --files-from="$sanesecurity_include_dbs" -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>/dev/null + $rsync_bin $rsync_output_level $no_motd -ctuz $connect_timeout --timeout="$rsync_max_time" --exclude=*.txt --exclude=*.sha256 --exclude=*.sig --exclude=*.gz "$db_url" "$work_dir_add" 2>/dev/null ret="$?" else if [ "$wget_bin" != "" ] ; then From c266b60749a207f341cd5fe3a36a2e4611ecd20c Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 14:25:51 +0200 Subject: [PATCH 16/22] Yara Rule Project Database : Malicious_Documents/malicious_document.yar set false positive rating to MEDIUM was LOW --- config/master.conf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/master.conf b/config/master.conf index 4ad04df9..ad2cc260 100644 --- a/config/master.conf +++ b/config/master.conf @@ -242,6 +242,10 @@ bofhland_malware_attach.hdb|LOW # Malware Hashes #LOW hackingteam.hsb|LOW # Hacking Team hashes +### CRDF https://threatcenter.crdf.fr/ +# LOW +#crdfam.clamav.hdb|LOW # List of new threats detected by CRDF Anti Malware + ### Porcupine # LOW porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures @@ -303,8 +307,8 @@ yararulesproject_dbs=" # use subdir/file # LOW antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware -Malicious_Documents/malicious_document.yar|LOW # documents with malicious code # MEDIUM +Malicious_Documents/malicious_document.yar|MEDIUM # documents with malicious code packer.yar|MEDIUM # well-known sofware packers # HIGH crypto.yar|HIGH # detect the existence of cryptographic algoritms From 7110bfd6b13cbaa761f6d8b0f57751b95e9a5b3f Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 14:50:36 +0200 Subject: [PATCH 17/22] Added more yara project rules --- config/master.conf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/config/master.conf b/config/master.conf index ad2cc260..2a9b8854 100644 --- a/config/master.conf +++ b/config/master.conf @@ -306,9 +306,24 @@ yararulesproject_dbs=" # Some rules are now in sub-directories. To reference a file in a sub-directory # use subdir/file # LOW +email/EMAIL_Cryptowall.yar|LOW # CryptoWall Resume phish antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware +Exploit-Kits/Angler_EK.yar|LOW # Angler Exploit Kit Redirector +Exploit-Kits/Blackhole_EK.yar|LOW # BlackHole2 Exploit Kit Detection +Exploit-Kits/BleedingLife_EK.yar|LOW # BleedingLife2 Exploit Kit Detection +Exploit-Kits/Crimepack_EK.yar|LOW # CrimePack Exploit Kit Detection +Exploit-Kits/Eleonore_EK.yar|LOW # Eleonore Exploit Kit Detection +Exploit-Kits/Fragus_EK.yar|LOW # Fragus Exploit Kit Detection +Exploit-Kits/Phoenix_EK.yar|LOW # Phoenix Exploit Kit Detection +Exploit-Kits/Sakura_EK.yar|LOW # Sakura Exploit Kit Detection +Exploit-Kits/ZeroAcces_EK.yar|LOW # ZeroAccess Exploit Kit Detection +Exploit-Kits/Zerox88_EK.yar|LOW # 0x88 Exploit Kit Detection +Exploit-Kits/Zeus_EK.yar|LOW # Zeus Exploit Kit Detection # MEDIUM +Exploit-Kits/Javascript_exploit_and_obfuscation.yar|MEDIUM # JavaScript Obfuscation Detection Malicious_Documents/malicious_document.yar|MEDIUM # documents with malicious code +Malicious_Documents/DecodedPDF_CVE_2010_1297.yar|MEDIUM # PDF CVE 2010 1297 +Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated) packer.yar|MEDIUM # well-known sofware packers # HIGH crypto.yar|HIGH # detect the existence of cryptographic algoritms From d718e3d820737788beff860aa43fe302b0f18b07 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 14:52:59 +0200 Subject: [PATCH 18/22] Increment the config to version 68 --- config/master.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/master.conf b/config/master.conf index 2a9b8854..23500761 100644 --- a/config/master.conf +++ b/config/master.conf @@ -514,6 +514,6 @@ yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master" # ======================== # DO NOT EDIT ! -config_version="67" +config_version="68" # https://eXtremeSHOK.com ###################################################### From e27a3d8a30894b3ab37cecf2170017b6bb0d446b Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 14:56:24 +0200 Subject: [PATCH 19/22] Update readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 42b30ab5..fdd98a77 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,8 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Added CentOS 7 Atomic config @deajan - Minor refactoring and removing of unused variables - Removed CRDF signatures as per Sanesecurity #124 + - Added more Yara rule project Rules + - Incremented the config to version 68 ### Version 5.3.2 - eXtremeSHOK.com Maintenance From 6ad84292e5a1e431c01b88ffd4ade0b71b81c65b Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 15:40:53 +0200 Subject: [PATCH 20/22] shellcheck fixes --- clamav-unofficial-sigs.sh | 52 +++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index a59a6b88..8db36631 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -149,7 +149,7 @@ function xshok_mkdir_ownership () { #"path" xshok_pretty_echo_and_log "ERROR: Could not create directory: $1" exit 1 fi - perms chown -f "$clam_user":"$clam_group" "$1" > /dev/null 2>&1 + perms chown -f "$clam_user:$clam_group" "$1" > /dev/null 2>&1 else xshok_pretty_echo_and_log "ERROR: Missing value for option" "=" exit 1 @@ -232,7 +232,7 @@ function xshok_pretty_echo_and_log () { #"string" "repeating" "count" "type" #xshok_mkdir_ownership "$log_file_path" mkdir -p "$log_file_path" touch "$log_file_path/$log_file_name" 2>/dev/null - perms chown -f "$clam_user":"$clam_group" "$log_file_path/$log_file_name" + perms chown -f "$clam_user:$clam_group" "$log_file_path/$log_file_name" fi if [ ! -w "$log_file_path/$log_file_name" ] ; then echo "Warning: Logging Disabled, as file not writable: $log_file_path/$log_file_name" @@ -299,7 +299,6 @@ function xshok_database () { #database #rating for db_name in $current_dbs ; do #checks if [ "$enable_yararules" == "no" ] ; then #yararules are disabled -# if [[ "$db_name" =~ ".yar" ]] ; then # if it's the value you want to delete if [[ "$db_name" = *".yar"* ]] ; then # if it's the value you want to delete continue # skip to the next value fi @@ -307,7 +306,7 @@ function xshok_database () { #database #rating if [ "$current_rating" == "" ] ; then #yararules are disabled new_dbs="$new_dbs $db_name" else - if [[ ! "$db_name" =~ "|" ]] ; then # this old format + if [[ ! "$db_name" = *"|"* ]] ; then # this old format new_dbs="$new_dbs $db_name" else db_name_rating=$(echo "$db_name" | cut -d "|" -f2) @@ -751,7 +750,7 @@ function make_signature_database_from_ascii_file () { if xshok_prompt_confirm ; then if ! cmp -s "$path_file" "$clam_dbs/$db_file" ; then if $rsync_bin -pcqt "$path_file" "$clam_dbs" ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" perms chmod -f 0644 "$clam_dbs"/"$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" @@ -918,7 +917,7 @@ function add_signature_whitelist_entry () { echo "$sig_full" >> "$work_dir_work_configs/tracker.txt" if $clamscan_bin --quiet -d "$work_dir_work_configs/my-whitelist.ign2" "$work_dir_work_configs/scan-test.txt" ; then if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs" ; then - perms chown -f "$clam_user":"$clam_group" my-whitelist.ign2 + perms chown -f "$clam_user:$clam_group" my-whitelist.ign2 if [ ! -s "$work_dir_work_configs/monitor-ign.txt" ] ; then # Create "monitor-ign.txt" file for clamscan database integrity testing. @@ -976,7 +975,7 @@ function clamscan_reload_dbs () { xshok_pretty_echo_and_log "Update(s) detected, reloading ClamAV databases" "=" fi - if [[ $($clamd_reload_opt 2>&1) =~ "ERROR" ]] ; then + if [[ $($clamd_reload_opt 2>&1) = *"ERROR"* ]] ; then xshok_pretty_echo_and_log "ERROR: Failed to reload, trying again" "-" if [ -r "$clamd_pid" ] ; then mypid=$(cat "$clamd_pid") @@ -1197,7 +1196,7 @@ we_have_a_config="0" if [ "$(uname -s)" = "SunOS" ] ; then which () { # use the switch -p to ignore ksh internal commands - ksh whence -p $* + ksh whence -p "$@" } fi @@ -1345,8 +1344,7 @@ for config_file in "${config_files[@]}" ; do #config loading for i in "${clean_config[@]}" ; do - eval $(echo "${i}" | command sed -e 's/[[:space:]]*$//' 2> /dev/null) - #eval $(echo "${i}" 2> /dev/null) + eval "$(echo "${i}" | command sed -e 's/[[:space:]]*$//' 2> /dev/null)" done fi done @@ -1703,7 +1701,7 @@ if [ -n "$ham_dir" ] && [ -d "$work_dir" ] && [ ! -d "$test_dir" ] ; then mv -f "$db_file-tmp" "$db_file" if $clamscan_bin --quiet -d "$db_file" "$work_dir_work_configs/scan-test.txt" 2>/dev/null ; then if $rsync_bin -pcqt "$db_file" "$clam_dbs" ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2002,7 +2000,7 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_sanesecurity/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2027,7 +2025,7 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then ##DO NOT KILL THIS DB false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2148,7 +2146,7 @@ if [ "$securiteinfo_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_securiteinfo/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2179,7 +2177,7 @@ if [ "$securiteinfo_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2294,7 +2292,7 @@ if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_linuxmalwaredetect/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/local.ign" fi @@ -2323,7 +2321,7 @@ if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2485,7 +2483,7 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_malwarepatrol/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$malwarepatrol_db" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$malwarepatrol_db" fi @@ -2513,7 +2511,7 @@ if [ "$malwarepatrol_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$malwarepatrol_db" "$clam_dbs/$malwarepatrol_db-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$malwarepatrol_db" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$malwarepatrol_db" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$malwarepatrol_db" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$malwarepatrol_db" fi @@ -2624,7 +2622,7 @@ if [ "$yararulesproject_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_yararulesproject/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2653,7 +2651,7 @@ if [ "$yararulesproject_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2787,7 +2785,7 @@ if [ "$additional_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$work_dir_add/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2816,7 +2814,7 @@ if [ "$additional_enabled" == "yes" ] ; then fi false fi && (test "$keep_db_backup" = "yes" && cp -f "$clam_dbs/$db_file" "$clam_dbs/$db_file-bak" 2>/dev/null ; true) && if $rsync_bin -pcqt "$test_dir/$db_file" "$clam_dbs" 2>/dev/null ; then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/$db_file" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/$db_file" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/$db_file" fi @@ -2917,7 +2915,7 @@ if [ -r "$clam_dbs/local.ign" ] && [ -s "$work_dir_work_configs/monitor-ign.txt" then if $rsync_bin -pcqt "$work_dir_work_configs/local.ign" "$clam_dbs" then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/local.ign" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/local.ign" perms chmod -f 0644 "$clam_dbs/local.ign" "$work_dir_work_configs/monitor-ign.txt" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/local.ign" @@ -2964,7 +2962,7 @@ if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker. then if $rsync_bin -pcqt "$work_dir_work_configs/my-whitelist.ign2" "$clam_dbs" then - perms chown -f "$clam_user":"$clam_group" "$clam_dbs/my-whitelist.ign2" + perms chown -f "$clam_user:$clam_group" "$clam_dbs/my-whitelist.ign2" perms chmod -f 0644 "$clam_dbs/my-whitelist.ign2" "$work_dir_work_configs/tracker.txt" if [ "$selinux_fixes" == "yes" ] ; then restorecon "$clam_dbs/my-whitelist.ign2" @@ -3000,7 +2998,7 @@ fi if [ "$setmode" = "yes" ] ; then xshok_pretty_echo_and_log "Setting permissions and ownership" "=" - perms chown -f -R "$clam_user":"$clam_group" "$work_dir" + perms chown -f -R "$clam_user:$clam_group" "$work_dir" if ! find "$work_dir" -type f -exec chmod -f 0644 {} + 2>/dev/null ; then if ! find "$work_dir" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then if ! find "$work_dir" -type f -print0 | xargs chmod -f 0644 2>/dev/null ; then @@ -3010,7 +3008,7 @@ if [ "$setmode" = "yes" ] ; then fi # If enabled, set file access mode for all production signature database files to 0644. - perms chown -f -R "$clam_user":"$clam_group" "$clam_dbs" + perms chown -f -R "$clam_user:$clam_group" "$clam_dbs" if ! find "$clam_dbs" -type f -exec chmod -f 0644 {} + 2>/dev/null ; then if ! find "$clam_dbs" -type f -print0 | xargs -0 chmod -f 0644 2>/dev/null ; then if ! find "$clam_dbs" -type f -print0 | xargs chmod -f 0644 2>/dev/null ; then From 9ec7327ad9646b0e03a7ee998b62ffc375428e03 Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 15:46:46 +0200 Subject: [PATCH 21/22] more shellcheck fixes --- clamav-unofficial-sigs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 8db36631..65c4f687 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -264,7 +264,7 @@ function xshok_check_s2 () { # 3 function xshok_array_count () { k_array=( "$@" ) - if [ -n "$k_array" ] ; then + if [ -n "${k_array[*]}" ] ; then i="0" for k in "${k_array[@]}" ; do let i=$i+1; From c01e9c4ddaf00d6b785a80631d283d660724799f Mon Sep 17 00:00:00 2001 From: "eXtremeSHOK.com" Date: Fri, 15 Jul 2016 15:56:24 +0200 Subject: [PATCH 22/22] Prepare for release --- clamav-unofficial-sigs.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 65c4f687..73bcf5f4 100644 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1892,7 +1892,8 @@ fi # Create "purge.txt" file for package maintainers to support package uninstall. purge="$work_dir_work_configs/purge.txt" cp -f "$current_dbs" "$purge" -{ echo "$work_dir_work_configs/current-dbs.txt" +{ +echo "$work_dir_work_configs/current-dbs.txt" echo "$work_dir_work_configs/db-changes.txt" echo "$work_dir_work_configs/last-mbl-update.txt" echo "$work_dir_work_configs/last-si-update.txt" @@ -1909,7 +1910,7 @@ echo "$work_dir_gpg/secring.gpg" echo "$work_dir_gpg/ss-keyring.gpg*" echo "$work_dir_gpg/trustdb.gpg" echo "$log_file_path/$log_file_name*" -echo "$purge" +echo "$work_dir_work_configs/purge.txt" } >> "$purge" # Check and save current system time since epoch for time related database downloads. @@ -2941,19 +2942,19 @@ if [ -r "$clam_dbs/my-whitelist.ign2" ] && [ -s "$work_dir_work_configs/tracker. xshok_pretty_echo_and_log "" "=" "80" -##TOFIX: This needs to be reworked, as the file is being read and written in the same pipeline while read -r entry ; do sig_file=$(echo "$entry" | cut -d ":" -f1) sig_full=$(echo "$entry" | cut -d ":" -f2-) sig_name=$(echo "$entry" | cut -d ":" -f2) if ! $grep_bin -F "$sig_full" "$sig_file" > /dev/null 2>&1 ; then perl -i -ne "print unless /$sig_name$/" "$work_dir_work_configs/my-whitelist.ign2" - perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker.txt" + perl -i -ne "print unless /:$sig_name:/" "$work_dir_work_configs/tracker-tmp.txt" xshok_pretty_echo_and_log "$sig_name signature no longer exists in $sig_file, whitelist entry removed from my-whitelist.ign2" ign2_updated=1 fi done < "$work_dir_work_configs/tracker.txt" + mv -f "$work_dir_work_configs/tracker-tmp.txt" "$work_dir_work_configs/tracker.txt" xshok_pretty_echo_and_log "" "=" "80" if [ "$ign2_updated" = "1" ]