This file contains the changes for the clamav-unofficial-sigs.sh script written by Bill Landry (bill@inetmsg.com). The script provides a simple way to download, test and run the third-party ClamAV signature databases provided by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and ScamNailer. Version 3.7.1 (updated 2010-06-06) - Added the rsync "-r" flag to the "add_dbs" section of the script in order to support directory recursion. Reguested by Jim L. - Changed from "host" to "dig" when doing the reverse lookup on the Sanesecurity rsync host being used. The former parse string was truncating the last letter of the FQHN on Debian systems. This change removes the final usage of the "host" command from the script. Issue reported by Ralf Hildebrandt. - Fixed an issue where corrupted SecuriteInfo databases might be created when the signature download site is down or inaccessable. The script will now delete SecuriteInfo signature databases from the download directory when corruptions issues are detected. - Rearranged some logging lines in the MalwarePatrol section of the script to resolve an issue with rsyncing files into the ClamAV production directory when logging is disabled. Issue reported by Marko Njezic. - Updated the SecuriteInfo sections of the script and config files to support the new (uncompressed) signature databases. Version 3.7 (updated 2010-01-23) - Removed MSRBL from script as the signature files have not been updated since July 2009. Script users should consider removing the MSRBL signature files (MSRBL-Images.hdb & MSRBL-SPAM.ndb) from their systems. - Rearranged some logging lines in the SecruiteInfo section of the script to resolve an issue some were having with rsyncing of files into the ClamAV production directory. Issue reported by Ted S. - Removed "+tcp" from the dig command as some sites are blocking DNS queries over TCP Port 53. Added instead the "+ignore" flag which will silence the "Truncated" warning when the DNS query-response is larger than a single UDP packet can contain. This is not an issue since the script initially uses the first listed IP address anyway. Issue reported by Matija Nalis. - Replaced "echo -ne" with "printf" when the script is run with the "-m" flag, for creating a signature file. The echo "-e" and in some cases "-n" flags are not universally supported by all system shells. Issue reported by Paul Wise. - Added new Sanesecurity distributed signature databases and updated the risk ratings for all signature databases listed in the config file based on info provided at www.sanesecurity.com/databases.htm. Version 3.6 (updated 2009-08-23) - Added "tr" to remove Windows CRLF from signatures in local.ign monitoring section. - Updated signature database monitoring section to better handle rearrangement of signature database file name placement in the configuration file. - Removed several of the config file reload options in favor of simplicity and most reliable options. - Changed rsync mirror lookup from 'host' to 'dig' with the hope that 'dig' is more universally consistent between OS platforms. Issue reported by Al Sterman. - Added the '-u' (timestamp check) flag to the rsync downloads so that signature databases will not be downloaded from mirrors that are out of sync and hosting old files. Requested by Wolfgang Breyha - Added a configuration variable that will provide the ability to scan a HAM (non-spam) directory with new signature databases and automatically remove signatures that trigger from the database before implementing. Requested by Mike Cardwell. - Added the '-t' flag to the script to output third-party signatures that trigger during the HAM directory scan, but only if the 'ham_dir' variable is enabled in the configuration file and hit were found. - Updated required utilities section of the config file. Requested by Micah Anderson. - Updated Manual page, README, and INSTALL files. Version 3.5.4 (updated 2009-06-25) - Removed an unnecessary early database reload when a change was detected by the script in the local.ign signature bypass file. - The script was not properly handling exit status when configured with full script output silence and database reloading was disabled. Issue reported by Andreas PrieÃ. - The script was not detecting bypass signature entry changes in local.ign if the entry did not include the line number in the bypass signature entry. Issue reported by Paul Enlund. - Windows convention is to end each line of text with the carriage return character followed by the newline character. In order to work around this, the script now strips the CRLF from the end of signature lines before testing for changes, modifications, or removal of local.ign bypassed signature entries. Issue reported by Paul Enlund. Version 3.5.3 (updated 2009-06-04) - Replaced 'sed -i' (in-place) 'replace/remove' code in the script with similar perl code. It was determined that sed varies too much between OS platforms. The differences between FBSD, Linux, Sun, and HPUX was too problematic to rely on sed for 'in-place' editing. Thanks to Larry Rosenman for testing the new perl code sections on all 4 platforms listed above. Version 3.5.2 (updated 2009-06-04) - Renamed the cron and logrotate files, changing the "." to "-" due the fact that some platform (such as Debian) have certain naming restrictions on cron file names that does not allow for the use of a "." in the file name. The documentation has also been updated. Consider renaming your files. Issue reported by Yizhar Hurwitz. - Added the sed "-e" (expression=script) flag to the 4 sed commands that use the "-i" (edit in-place) in the script's "-b" (create signature bypass) flag. Apparently without the sed "-e" flag, FreeBSD intreprets part of the expanded variable as a command. Issue reported by Larry Rosenman. - Replaced a misplaced hard link with the appropriate variable in the signature bypass section of the script. Issue reported by Larry Rosenman. - Added feedback in warning message regarding signature database name misspelling as a possible issue when all rsync mirror sites fail. - Improved the signature bypass code section that monitors hexadecimal signature modifications and removals and keeps local.ign updated. Version 3.5.1 (updated 2009-05-30) - Fixed an issue with the script exiting with an error condition if both "clamd_reload" is disabled and all script silence options are enabled. Issue reported by Andreas PrieÃ. - Fixed a /path/file statement that was pointing to a scan test file that was used while testing the script and then inadvertently left in the released script. Issue reported by Lukasz Czarnowski. - Moved all third-party signature databases labeled as medium and high risk (as defined at http://www.sanesecurity.com/clamav/databases.htm) into comment sections in the configuration file with a pointer to the above URL. This will require script users to consciously enable the usage of these potentially high false-positive risk databases rather than have them enabled by default. Requested by Steve Basford. Version 3.5 (updated 2009-05-25) - Added the '-m' flag that will make a hexadecimal signature database file (*.ndb) from a clear text, ascii source file that contains one data string entry per line that will then be converted into signature lines in the new database file. - Added the new INetMsg SpamDomains database to the config file. - Updated the INSTALL, README and manual page. Version 3.4 (updated 2009-05-22) - Modified the '-b' (create signature bypass) flag so that the script no longer deletes the local.ign file. The script now tracks changes to any signature bypass entries it creates in local.ign and will remove the signature bypass entry if either the original offending third-party signature being bypassed has been modified or has been removed from the third-party database. - Updated the INSTALL, README and manual page. Version 3.3 (updated 2009-05-19) - Updated the MalwarePatrol URL to now use their new download link. - Added a new '-f' flag that can now hexadecimal encode formatted input strings containing spacing fields '{}, (), *', without encoding the spacing fields. - Modified the perl code that hexadecimal encodes and decodes input strings so that they are more compact, efficient and the decoding will not decode spacer fields containing '{}, (), *'. Thanks to Mark Martinec for his assistence with this. - Tightened up a few sections of the script. - Updated the INSTALL document and manual page. Version 3.2 (updated 2009-05-14) - Repositioned a badly placed 'echo' command that was causing empty cron emails to be sent even if all silence variables were set in the config file and no error conditions existed. Issue reported by Andreas PrieÃ. - Added a '-b' switch that can be used to create a bypass signature for local.ign in order to temporarily resolve false-positive issues with a third-party signature. The local.ign file will automatically be deleted once its timestame shows the last change time to be at least 24 hours old. This is done in order to keep bypass entries from becoming stale. - Updated the README and INSTALL documents, and the manual page. Also updated the cron file to point the script location to /usr/local/bin/ instead of /usr/bin/. This also matches the base path to the config file (/usr/local/). Version 3.1 (updated 2009-05-11) - The script now strips all single (') and double (") quote marks from input to the '-d' (decode) flag. - Added the missing SecruiteInfo '*.gz' files to the list of files to be removed from the system with the "-r" (remove) flag or when uninstalled via a package manager. Reported by Paul Wise. Version 3.0 (updated 2009-05-10) - Added a couple of missing stderr redirects. Reported by Paul Wise. - Updated the manual page and README and INSTALL documentation. - Added cron and logrotate files to the tarball. - Added a '-r' (remove script) flag that will allow the script user to easily remove the script and all of its associated files and databases and work directories from the system. - Provided two variables that package and port maintainers can use in order to prevent the script from removing itself with the '-r' flag if the script was installed via a package manager like yum, apt, pkg, etc. The script will instead provide feedback to the user about how to uninstall the package. - Added the ability to disable execution of "chown" (the setting of user and group permissions on files and directories) if either the "clam_user" or "clam_group" or both variables are commented in the config file. Requested by Micha Lenk - The script will now decode input from both third-party signature names (e.g.: Sanesecurity.Junk.15248) and hexadecimal encoded strings. - The script now supports decoding of third-party signatures that include spacing information within the hexadecimal string (e.g.: {-50}) and will now output the decode string with the spacing information intact. - Added the '-e' (encode) flag that will hexadecimal encode any input string and output a hexadecimal string that can be used in any *.ndb type signature database. - The script will now do a database reload if it detects that signature databases have been removed from the configuration file and deleted from the system. It will also report this information via cron email, if enabled, and will also write this information to the log file, if logging is enabled. Version 2.8 (updated 2009-05-01) - Added file management to the script so package/port maintainers can easily uninstall/purge the script's installation. This same "purge.txt" file, which can be found in the script's '$config_dir' directory, can also be used by script users to manually remove the script and all of its associated files. - Added file removal to the script so that legacy databases and backup files are completely removed from the file system if removed or disabled in the script's configuration file. Any legacy files that reside on the file system prior to using this version of the script will need to be removed manually. This is also true if migrating to this script from some other download script, due to different file naming conventions. - Added support for the rsync "--contimeout" flag, if the local rsync client supports this new flag. This provides a means to timeout a connection attempt after some time interval specified by the flag (set to 30 seconds in the script) when an rsync server is not responding to the connection attempt. - Added some additional output for the script's '-g' (GPG signature test) and '-s' (clamscan integrity test) flags which will output flag specific feedback to the user and provide for an easy way to copy/paste valid databases that can be tested with each flag. - The script's '-d' (decode virus signature) flag will now also output what database the virus signature was found in. - If the script is run in silent mode, it now silences all rsync error conditions and will only output error information if all rsync mirror connection attempts fail. Therefore, when running silent via cron, the script will not report an rsync connection failure as long as the script was able to successfully connect to an alternate mirror. If script logging is enabled, all rsync connection information will still be written to the log file. - Added support for the new Sanesecurity 'jurlbla.ndb' database. - Added manual page written by Paul Wise <pabs@debian.org>, for the Debian project. Version 2.7.3 (updated 2009-04-25) - Added error checking to GPG signature tests and will now fall-back and retest using different parameters if an error is detected. - Added error checking to "find" command and will now fall-back and try several alternatives (from most favorable to least favorable) until the command is run successfully. - Removed the rsync "-r" (recurse into directories) flag since we don't need it, as the script only syncs with those files that have been specifically defined if the '--files-from' file. - Changed the script's '-d' flag to '-i', to "Output system and configuration information". - The script's '-d' flag will now 'decode' ClamAV 'UNOFFICIAL' 3rd-Party signatures for viewing. The script will NOT decode image signatures (for obvious reasons), nor ClamAV 'OFFICIAL' signatures, due to the various signature formats. Version 2.7.2 (update 2009-04-23) - ***** ALERT - ALERT - ALERT - ALERT - ALERT - ALERT - ALERT ***** The script name has been changed. This has been done to facilitate packaging and redistribution of the scripts by various OS package and port maintainers. By renaming the script and tarball from "unofficial-clamav-sigs" to "clamav-unofficial-sigs", the package will show up when using package managers like yum, apt, pkg, etc., to install ClamAV and its supporting and complementary packages. Please be sure to make the necessary changes to your cron jobs to support the new script and config file names. - Added the new Winnow (winnow_spam_complete.ndb) and Sanesecurity (jurlbl.ndb) database files. - Added a safety net to all "rm" commands in the script in order to prevent script config file editing errors that could potentially cause deletion of unintended files and/or directories. Thanks to Mike Cappella for suggesting this. - Modified the script's "getopts" section logic to make it more efficient and easier to understand. Thanks to Mike Cappella for his comments and suggestions in this area. Version 2.7.1 (updated 2009-04-17) - Fixed a bug in the output of the script's '-s' flag (clamscan database integrity test), which would always erroneously output 'scam.ndb' as the database file being tested. - Added missing 'curl_proxy' variable to the Sanesecurity GPG Key download section. - Added an open-source license so that OS package maintainers can package the scripts for redistribution. - A duplicate tarball with the version number included in the file name is now also located in the download directory. This is done so that package maintainers can easily determine if an update has been released. Version 2.7 (updated 2009-03-31) - Added new signature database options: winnow_malware.hdb winnow_phish_complete.ndb winnow_phish_complete_url.ndb See the "unofficial-clamav-sigs.conf" file for usage information. - Revised the email report output of the SecruiteInfo update checks. - Minor modifications to the script's email report comments. - Minor change to the rsync update checks (using "--files-from=FILE" instead of "--include-from=FILE", and therefore no longer needing to use "--exclude=PATTERN"). This also configures rsync to report in its output the exact number of files it is checking for updates. - Apparently there's a problem with some versions of "xargs" causing the script to report "chmod: missing operand after `0644'" when used with the "find" command. The script has been changed to now use "-exec chmod 0644 {} +" instead of "xargs -0 chmod 0644", which is hopefully more widely supported. Reported by Chris Kuhles. - Minor update to INSTALL document to make the instructions flow more logically. Reported by Anthony Cartmell. Version 2.6 (updated 2009-03-25) - The script will now try alternate rsync mirror sites if a site fails for any reason, and will continue trying alternate mirror sites until either successful or all mirror sites have failed. The script will also report and log all failed attempts. This is only applicable to Sanesecurity and MSRBL, as these are currently the only two signature providers that use rsync and provide multiple mirror site locations. - Changed permissions on gpg_dir from 0600 to 0700, as the execute bit is necessary for access to this directory, with the exception being the root account on some distros. Reported by Jernej Porenta. - Corrected a typo in the GPG Signature verify example in the INSTALL file. It should have been: "unofficial-clamav-sigs.sh -g filename", not "-c". Reported by Jernej Porenta. Version 2.5 (updated 2009-03-20) - Changed permissions on gpg_dir from 0644 to 0600, otherwise GPG will report: "WARNING: unsafe permissions on homedir...". - Added "--exclude=*.gz" to the user defined "add_dbs" rsync downloads to prevent compressed files from being downloaded from local mirrors. Requested by Jim Lohiser. - Added comments to the config file with recommendations for specific shell options for different OS platforms, as well as additional path statement instructions. This information is based off of feedback from various script users. Suggested by Jeff Earickson. - Updated the INSTALL document to include information about defining the correct shell and path settings for different OS platforms. - Updated some script comments to make them more applicable with recent script updates. - It's recommended that rsync version 2.6.9 or newer is used, as older versions do not support the '--no-motd' flag. This is not an issue, as the flag is disabled if it's not supported. However, if the "rsync_silence" variable is not being used, the output will contain any "message of the day" text that is presented by the rsync mirror site being used for the update check. - Changed "$1" to "${@:-}" in the "comment" and "log" functions in order to prevent otherwise potentially puzzling errors. This was recommended by Charles Seeger. Version 2.4 (updated 2009-03-15) - Expanded the script's '-h' help and usage information output. - Added the following script flags: '-d' output system & configuration information for debug purposes '-g' gpg signature test a specific Sanesecurity database file '-s' clamscan integrity test a specific database file - Split the scripts RSYNC_PROXY 'PATH' and 'EXPORT' statements onto 2 separate lines. Version 2.3 (updated 2009-03-13) - Broke the PATH and EXPORT statements into two separate lines. Apparently some shells do not like "export PATH" on one line. - Added some perl based reload options for those that want to signal the clamd socket to do a reload after database updates but do not have socat installed on their systems. Also added socat and perl reload options for those running clamd with a tcp socket versus a local unix socket. - Modified help (-h) output and also provide better error handling. - Updated comments and logging to better reflect script changes. - Added comments and logging so as to provide better information about how the script ran. - Reconfigured GPG key handling and signature verifying. This will hopefully resolve the issue that some have been experiencing with GPG signature tests failing when run via cron. - The script now does a "chmod 0644" of the $work_dir to set access permissions to "-rw-r--r--" on all $work_dir files. - Rearranged the clamd status tests in both unofficial-clamav-sig.sh and clamd-status.sh scripts to run perl socket tests first, as it has been reported that the soon to be release ClamAV version 0.95 may not respond to a socat PING with the requisite PONG on some OSs, thereby causing the script to erroneously report clamd as not running and attempting to restart it. It has also been reported that adding a pause to the socat test seems to resolve the issue, so the pause has also been added to the script, as well. - Added the "-T" (enable TCP/IP mode) flag to the "host" lookups, as Patrick Cernko reported that without enabling tcp mode, that the response exceeded the maximum data that can be stored in a UDP packet. This was causing the "host" binary to report: "Truncated, retrying in TCP mode". - Added "rsync_proxy" and "curl_proxy" variables so that users that need to proxy their rsync and/or curl database downloads can now define them in the configuration file instead of having to edit the script itself. Requested by Flávio do Carmo Júnior. Version 2.2 (updated 2009-03-07) - Updated logging identifications (INFO, WARNING, ALERT, CRITICAL) so that logged events are more appropriately labeled. - Now using "checksum" with rsync to determine whether files have been updated instead of "timestamp/file-size", which has been shown to be unreliable with Sanesecurity files (although this may be resolved now). Also using "checksum" update verification with MSRBL files, as well. Currently, all Sanesecurity and MSRBL mirror sites support "checksum" file change testing. - Switched from "diff" to "cmp" to check whether downloaded database files are different then those running in production. Apparently "cmp" is more portable across platforms then "diff". This keeps the script from unnecessarily reloading ClamD's databases when no file changes are detected. - Now logging rsync and curl connection/download failures. - Now using rsync to update files in production instead of copy/move that was used previously. The script also no longer uses temp_dir. - Created a variable option that allows users to add database sites. This will also allow users that have many local servers using third party (unofficial) signature databases to create a local mirror so that the files can be downloaded once and all other servers update via the local mirror. Supports rsync and all download protocols supported by curl (see "man curl" for supported protocols). - The script has been consolidated and tighten as unnecessary routines have been removed and additional logic implemented to reduce size. Version 2.1b (updated 2009-02-26) - Changed MalwarePatrol database download from using older .db format to the newer .ndb format. - Check to see if the older mbl.db and mbl.db-bak files exist, and if so, delete them at the next MalwarePatrol database download of the newer mbl.ndb database file format. - Added another database reload option for those that have "socat" installed on their systems. - If "enable_random" is enabled in the script, then the pause time is now written to the log file. - Minor comment and logging info cleanup. - Updated README and INSTALL documents. - Added a logging option to the clamd-status.sh script. Version 2.1a (updated 2009-02-21) - Implemented patch to create functions for silencing comments and for logging as provided by Panagiotis Christias. - Moved the section that tests for whether the script is being run from the console or via cron to the top and removed the prompt when run manually from the console. Also enabled all script script output to screen when run manually. - Changed MalwarePatrol URL from IP address back to www.malware.com.br (this was an oversight leftover from testing). - Added code to the unofficial-clamav-sigs.sh and clamd-status.sh scripts to delete any orphaned daemon process files (pid, lock, socket) before attempting to start ClamD after a crash. Version 2.1 (updated 2009-02-20) - Provided a default location for the script's configuration file. Now the script can be run either with the "-c" flag, or without any flag, as long as the config file resides in the /etc directory. If you feel compelled to change the default config file location, it is the first variable located near the top of the script file. - Several people have requested logging capabilities. The samples that have been provided used the OS's logging facility. I didn't want to clutter up the "messages" or "maillog" with output from the script, so I've instead implemented more rudimentary logging that writes its output to a user defined log file. - Others have requested the ability to completely silence the script's output so that when run via cron, no emails are generated except when an error condition has been reported. This has now been done. - Some additional script logic corrections and code cleanup have also been made in this update. Version 2.0c (updated 2009-02-12) - Separated the script into 3 files, Script, Config, & Changelog. Now users will no longer have to update the user configuration section of the script every time the script is updated. - Removed the redirect of STDERR to /dev/null for the shell's RANDOM test since it's not necessary there. - Created a separate clamd status and restart script. The code section still remains in unofficial-clamav-sigs.sh script, as well, but can be disabled there if a user wants to run status checks more often then signature database downloads. Version 2.0b (updated 2/10/09) - Added a "diff" test that is run prior to moving a new database file into the clamav directory. If there is no difference between the 2 database files, then the script will report that it's testing the updated (but unchanged) database file. Processing of the database file will still continue so that the file timestamps stay synced. This test was added because it's been noted that some database files are repeatedly being download, even when nothing has changed. This test will assist in tracking down this issue. - Added a variable to silence the gpg output (based on a request from Steffen Ille). - Added a variable to silence most of the scripts text output. When all "silence" variables are enabled, the script will only output the database provider section headers, any error output from the GPG Signature verification tests and Clamscan database integrity tests, and whether updates were detected and clamd reload or not. - Corrected some script logic errors and missing (parenthesis) around some of the "test" command lines. Version 2.0a (updated 2/8/09) - Moved all SecuriteInfo *.gz files out of the clam_dbs directory and placed them instead into the si_dirs directory. Also moved the MBL and SecuriteInfo timestamp files (last-*-update.txt) out of the clam_dbs directory and placed them into the config_dir (based on suggestions from Panagiotis Christias). - Added a variable about whether to create a backup database file before moving an updated database file into the clam_dbs directory (based on suggestions from Panagiotis Christias). - Added a check to confirm that the local SecuriteInfo .gz file exists before doing an "rsync -z" (time condition) test against the remote rsync server's file. - Added a check to test that the uncompressed SecuriteInfo database files exist, are greater than zero, and are newer than the existing database files before proceeding with further database testing and processing. - Added a check to test that the MalwarePatrol database file exists, is greater than zero, and is newer than the existing database file before proceeding with further database testing and processing. - Changed "test_dir" to "temp_dir" since we no longer test database files in this directory. It is now only used as a temporary location for copying files to before moving them into the clam_dbs directory. - Database files for all unofficial database providers are now kept in their working sub-directories. The only directory that remains empty between updates now is the temp_dir directory. Version 2.0 (update 2/6/09) - Added some missing variable quotes and also added some additional checks to confirm which database providers and database files to update (based on suggestions from Alex Pleiner). - Major rearrangement of the scripts layout in order to make the flow more logical. Also consolidated some of the functions and variable names so they could be reused in different parts of the script. - Added a time variable to the SecuriteInfo checks so that the update checks could be configured on an hourly or daily basis (based on request from Bill Maidment). - Removed use of "." to define the current directory and instead used absolute path. This also removed the requirement for the shell to cd into the clamav directory. Version 1.9d (updated 2/5/09) - Added variable "reload_dbs" to enable/disable database reloads after a database has been updated. - Added variable "reload_opt" to select or set how to reload the databases after an update, if "reload_dbs" variable is set to "yes" (based on request from Bob Hutchinson). Version 1.9c (updated 2/4/09) - Added missing "&&" operators to the rsync download sections of the script (thanks to Paul Henson for catching this). Version 1.9b (updated 2/4/09) - Changed final directory permissions execution from "chmod 0664" to "chmod u+Xrw" so as not to change sub-directory permissions (based on recommendation from Daniel McDonald). - Consolidated working directory path to a single variable to simplify script directory location changes (based on request from Justin Davis). - Changed clamd database reload command from "kill -USR2 `cat $clamd_pid`" to "clamdscan --reload" (inspired by Malcolm Scott). - Inadvertently removed a script line from the rsync download section that saved a backup copy of the running database file before the database was updated - it's now been re-added. Version 1.9a (updated 2/4/09) - Added variable to silence rsync output, as already done for curl (based on request from Daniel McDonald). - Changed the rsync "-a" (archive) flag to "-rt" in order to ignore source ownership & permission settings when files are downloaded (based on feedback from Jeff Dairiki). Version 1.9 (updated 2/3/09) - Thanks to Jeff Dairiki & Steve Basford for their suggestions of using "--include-from=FILE" and "--exclude=PATTERN" with rsync to control database file downloads via a single connection. - Rewrote Sanesecurity and MSRBL rsync sections. Now all user specified databases will be downloaded over a single connection. - Script output will now show which Sanesecurity and MSRBL mirror the connection was made to. - Script output will also show the success or failure of GPG signature testing and clamscan database integrity testing for each updated file. - Database files now have permissions set (chmod & chown) before they are moved into the clamav working directory. A final check is also still done at the end of the script, as well. - Some variable names have changed or been removed, as well as some directory paths added, removed, or changed to better accomodate single rsync connection downloads, so carefully review the user configuration section before using the script. Version 1.8a (updated 2/1/09) - Added Sanesecurity.ftm & Sanesecurity.ftm.sig to the Sanesecurity rsync database downloads (this helps clamav determine the signature type to use when scanning email files). - Added output for GPG signature test results (reports good or bad GPG signature test results). - If using clamd daemon monitoring and crash restart, added a check to see if clamd's lock file still exists after the crash and deletes it if it does (the orphaned clamd lock file can sometimes prevent clamd from restarting after a crash has occurred). Version 1.8 (updated 1/21/09) - Changed Sanesecurity downloads from using curl to rsync. - Automatically download and import Sanesecurity GPG key to keyring. - Automatically download, and check for updated Sanesecurity GPG Signature files. - Test Sanesecurity database downloads against GPG Signature files before integrity testing databases with clamscan. If either test fails, that database file will not be updated. - Added and modified working directory paths to better accommodate gpg Signature testing. Version 1.7d (updated 10/5/08 - Thanks to Burt Heymanson for his contribution to this update - silence curl output) - Added 2 new Sanesecurity databases: junk.ndb & rogue.hdb. - Added a configuration option to silence curl output to only report errors to stderr rather than all download stats. Version 1.7c (updated 9/25/07 - Thanks to Dennis Peterson and Jan-Perter Cornet for the perl solution for calculating seconds since epoch) - Added timeout values to curl and rsync downloads in order to prevent the script from hanging on a non-responsive host site. - Apparently Solaris does not support "date +%s", which calculates the number of seconds since epoch. This date function is used to calculate when to do MBL downloads. A perl solution has been added as a fall-back option. If "date +%s" is not supported and perl is not found on the system, the script will report a warning message and skip MBL updates, but the script will continue processing other third-party database updates. Version 1.7b (updated 9/23/07) - Changed all script "`expr ...`" interger expressions to the shell supported "$((...))" format, which is what was being used in all other newer sections of the script. So this change should not pose any problems, but if it does, please let me know. - Changed all clamscan database file tests from using /dev/null, which was causing an access permissions issues to the temporary directory for some users, to a direct path to a temp test file. Version 1.7a (updated 9/10/07) - Added secondary perl socket test to detect if clamd is running. This test uses the 'IO::Socket::UNIX' perl module. If socat is not found on the system, then the script will attempt to use the perl module instead (the user will be warned if neither socat nor IO::Socket::UNIX are found, but the script will still run updates). - Added two new SecuriteInfo database file URLs. - Updated comments to reflect the additional perl socket test. Version 1.7 (updated 9/7/07) - Added a check to see if ClamD is running or not. This can be used if clamd is running in "LocalSocket" mode (*NOT* TCP/IP mode), and socat is installed on the system (a check for socat is done). This test can be enabled in the "User Edit" section below. - Added a user configurable variable to attempt to restart clamd if it's detected to not be running. - Added notification when database file updates are *NOT* detected and databases are *NOT* reloaded, rather than just when they are detected. - Added more portable secondary randomization code, removing the requirement to have the bash shell installed. - Added general improvements to the time randomization code so that the time interval does not always end with a zero. - Added user configurable min and max variables for setting time randomization intervals (defaults to min=60 and max=600 seconds). - Added terminal detection to determine whether the script is being run manually or via cron. If run manually, the script will now prompt the user to see if they want to delay the script execution (random) or not. If "yes" is selected, then the script will pause and display a visual countdown in seconds until script execution. - Added a variable that the user must set before the script will run. This will effectively require that script users at least minimally review the "User Edit Section" before running the script. - Rearranged some sections, timestame placement, and updated comments. Version 1.6 (updated 8/27/07) - Added support for SecuriteInfo and Malware Black List database file downloads. - Changed the script name from ss-msrbl.sh to unofficial-sigs.sh since there are now 4 different database providers supported. - Since the MBL database is dynamically created and therefor cannot be checked for change before downloading, a variable was added so that a specific download time interval can be set (see the "USER EDIT SECTION" below). - Added database file download time randomization (to disable randomization, see the "USER EDIT SECTION" below for details). Version 1.5 (updated 8/17/07 - Thanks to Dan Larsson for his contributions to this update) - Added separate variable for ClamAV group ID for setting appropriate file group access permissions. - Added variables for database file update URLs. - Added support for automatic reloading of databases when updates are found. Version 1.4 (updated 7/13/07) - Added checks to verify that the database files exist, and if not, do an initial download, decompress and test. - Added variables for clamav database location path and clamd user account (the account that clamd runs under). - Added/modified script comments. Version 1.3 - Added checks to either confirm the existence of the temporary working directories or to create them. - Changed "cp --reply=yes" to "cp -f". If this causes problems with older versions of "cp", you will need to change it back. Version 1.2 - Repointed URLs for Sanesecurity downloads to the new mirror redirect links. Version 1.1 - Converted MSRBL downloads from curl to rsync. Version 1.0 (initial script created).