On Thu 11/Sep/2014 12:20:11 +0200 Paul Wise wrote:
>
> Bill, would it be possible for you to update clamav-unofficial-sigs so
> that only signature downtime of more than one day is reported by the
> cron job? The current setup means that many admins are getting a lot of
> non-actionable cron spam, myself included.
I'd rather suggest something along the lines of the attached patch
(not tested). It should get rid of some cron spam. For reporting, I
think libclamav does issue some warnings if a database is unacceptably
old, not sure that covers all databases though.
>> shell variable si_url is hardcoded in clamav-unofficial-
>> sigs.sh. Perhaps, making it configurable may encourage
>> donations. In fact, it is not clear whether that host
>> is managed by Sanesecurity or SecuriteInfo.
At a closer look, it /is/ clear: Sanesecurity rate SecuriteInfo
databases, but neither produce nor distribute them. Sorry for the
confusion.
> You can change the default URL by putting si_url=... here:
>
> /etc/clamav-unofficial-sigs.conf.d/sanesecurl.conf
Hm... that would work if those assignments were done before sourcing
$config_source.
> I doubt the premium mirrors would resolve this issue though.
You're right. Unlike Sanesecurity, SecuriteInfo have no premium
mirror. Instead, they warn not to download files more than once a day
on pain of ip-ban[1]. Hence, I changed to "24" the default
si_update_hours (it is "4" in the dist clamav-unofficial-sigs.conf).
Ciao
Ale
[1]:
https://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml
--- clamav-unofficial-sigs-3.7.2/clamav-unofficial-sigs.sh 2013-08-27
18:08:25.000000000 +0200
+++ clamav-unofficial-sigs-3.7.2/clamav-unofficial-sigs-patched.sh
2014-09-11 15:36:46.000000000 +0200
@@ -869,7 +869,7 @@
# Silence curl output and only report errors - useful if script is run via
cron.
if [ "$curl_silence" = "yes" ] ; then
- curl_output_level="-s -S"
+ curl_output_level="-s -f"
fi
# If ClamD status check is enabled ("clamd_socket" variable is uncommented
@@ -1166,12 +1166,16 @@
else
z_opt=""
fi
- if curl $curl_proxy $curl_output_level --connect-timeout
"$curl_connect_timeout" \
- --max-time "$curl_max_time" -L -R $z_opt -o $si_dir/$db_file
http://$si_url/$db_file
+ curl_output=$(curl $curl_proxy $curl_output_level
--connect-timeout "$curl_connect_timeout" \
+ --max-time "$curl_max_time" -L -R $z_opt -o $si_dir/$db_file \
+ --user-agent clamav-unofficial-sigs/3.7.2 --write-out
http_code=%{http_code} http://$si_url/$db_file)
+ curl_rtc=$?
+ if [ $curl_rtc -eq 0 ]
then
loop="1"
- if ! cmp -s $si_dir/$db_file $clam_dbs/$db_file ; then
- if [ "$?" = "0" ] ; then
+ eval $curl_output
+ if [ "$http_code" -eq 200 ]
+ then
db_ext=`echo $db_file | cut -d "." -f2`
comment ""
comment "Testing updated SecuriteInfo database file:
$db_file"
@@ -1231,10 +1235,12 @@
log "WARNING - Failed to successfully
update SecuriteInfo production database file: $db_file - SKIPPING"
fi
fi
- fi
+ elif [ "$http_code" -ne 304 ]
+ then
+ log "WARNING - Failed download from $si_url (http
reply code $http_code) - SKIPPED SecuriteInfo $db_file update"
fi
else
- log "WARNING - Failed curl connection to $si_url - SKIPPED
SecuriteInfo $db_file update"
+ log "WARNING - Failed curl connection to $si_url (exit code
$curl_rtc) - SKIPPED SecuriteInfo $db_file update"
fi
if [ "$si_db_update" != "1" ] ; then
comment ""
