Package: clamav-unofficial-sigs Version: 3.7.1-3 I have ignored the MBL_311364 signature. The MBL_400944 signature is a strict superset of this signature. Because the greps in clamav-unofficial-sigs use unanchored regular expressions when looking up signatures by their hex value, it finds both of them, and the script falls apart.
Steps to reproduce:
echo MBL_311364 | clamav-unofficial-sigs -b
clamav-unofficial-sigs
cat /var/lib/clamav-unofficial-sigs/configs/local.ign
Expected results:
No message from clamav-unofficial-sigs about a changed signature.
This output from the cat command:
mbl.ndb:922:MBL_311364
Actual results:
This message from clamav-unofficial-sigs (note the two signatures
listed):
MBL_311364 hexadecimal is signature unchanged, however signature name
and/or line placement
in mbl.ndb has change to MBL_311364
MBL_400944 - updated local.ign to reflect this change.
This output from the cat command:
mbl.ndb:922:MBL_311364
mbl.ndb:2214:MBL_400944
With every invocation of clamav-unofficial-sigs, we get another
MBL_400944 line in the ignore file.
The attached patch and series file can be dropped into a (newly created)
debian/patches directory in the package to fix this.
This still doesn't address the possibility that a signature could be
100% duplicated exactly (i.e. two signatures with different names, but
the exact same hex value). I'm not sure how to best address that,
exactly, other than perhaps to just add a " | head -n1" after the grep.
Also, I'm not sure if this scenario will ever occur in real-life
databases, but the one I outlined above is happening to us right now.
--
Richard
signature-lookup-exact-match
Index: clamav-unofficial-sigs-3.7.1/clamav-unofficial-sigs.sh
===================================================================
--- clamav-unofficial-sigs-3.7.1.orig/clamav-unofficial-sigs.sh 2010-06-06 11:43:07.000000000 -0500
+++ clamav-unofficial-sigs-3.7.1/clamav-unofficial-sigs.sh 2013-06-25 23:55:27.976824190 -0500
@@ -1393,8 +1393,8 @@ if [ -s "$clam_dbs/local.ign" -a -s "$co
sig_name_old=`echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}'`
sig_ign_old=`grep "$sig_name_old" "$config_dir/local.ign"`
sig_old=`echo "$entry" | tr -d "\r" | cut -d ":" -f3-`
- sig_new=`grep -h "$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null`
- sig_mon_new=`grep -H -n "$sig_hex" "$sig_file" | tr -d "\r"`
+ sig_new=`grep -h ":$sig_hex$" "$sig_file" | tr -d "\r" 2>/dev/null`
+ sig_mon_new=`grep -H -n ":$sig_hex$" "$sig_file" | tr -d "\r"`
if [ -n "$sig_new" ]
then
if [ "$sig_old" != "$sig_new" -o "$entry" != "$sig_mon_new" ] ; then
signature.asc
Description: This is a digitally signed message part
