Re: Open Antivirus Update script

To: Matthew Grant <grantma@anathoth.gen.nz>
Cc: Brian May <bam@snoopy.apana.org.au>, debian-devel@lists.debian.org, debian-security@debian.org, kstein@xenos.net
Subject: Re: Open Antivirus Update script
From: Kurt Huwig <kurt@iku-netz.de>
Date: Tue, 21 May 2002 14:38:48 +0200
Message-id: <[🔎] 3CEA3FD8.1080804@iku-netz.de>
References: <[🔎] 1021983011.26365.34.camel@zion>

Matthew Grant schrieb:

Hi There!


[...]

With Virus Scanning stuff and peoples E-mail going to be depending onthis, all bugs will have to be elevated to security status, even changesto the base URL for the Updates.
Kurt, could you please confirm that you are not going to change thebasic format of the OAV .credo updates on us, as if it changes too manypeople's security will be affected. Keeping us well informed about URLchanges would also be a good idea.


Hi all!

There are currently no plans to change the credo format; the ZIP fileformat is well suited for this and future versions as well as thedigital signatures from jarsigner. I do not know how to check thesignatures with openssl, so you have to figure this out on your own. Thesignatures are in a file in the subdirectory 'META-INF'.

What will change are new types of signatures to be able to detect moresophisticated viruses. So maybe there will be files like'virussignatures.regexp' as well as 'dialer.strings'. Sooner or laterthere will be subdirectories in the Credo-ZIP to sort things a bit.

The basic principle to have a ZIP file with the ending '.credo' in asubdirectory 'credo/' should be fine, so you can count on this.


----- cut here -----
#!/bin/sh

# updatevirus: Script for updating virus definitions for OpenAntiVirus
#    (http://www.openantivirus.org/).  Uses wget and netcat.

##### User definable options
INSTALLDIR="/usr/local/lib/ScannerDaemon"
UPDATEFILE="VirusSignatures-latest.zip"
BASEURL="http://www.openantivirus.org/";

GETCMD="/usr/bin/wget"
GETCMDARGS="-N -nv"
NETCATCMD="/usr/bin/nc"
UNZIPCMD="/usr/bin/unzip"
UNZIPCMDARGS="-qq -u"

HOST="localhost"
PORT="8127"

##### Main Script
[ -x "$GETCMD" -a -x "$NETCATCMD" -a -x "$UNZIPCMD" ] || exit 1

cd $INSTALLDIR

# Get the updated file
RESULT=`$GETCMD $GETCMDARGS $BASEURL$UPDATEFILE 2>&1`
if [ $? = 1 ]
then
        echo "Error in download:"
        echo "$RESULT"
        exit 1
fi

# Check if anything new was retrieved and exit if not
if [ -z "$RESULT" ]
then
        exit 1
fi

# Uncompress the updated file(s)
$UNZIPCMD $UNZIPCMDARGS $UPDATEFILE || exit 1

# Load the new definitions
RESULT=`echo "COMMAND CREDO RELOAD" | $NETCATCMD $NETCATCMDARGS $HOST $PORT`
if [ "$RESULT" != "OK" ]
then
        echo "Error loading virus definitions: $RESULT"
fi
----- cut here -----

As the signature file grows in size, there will be separate update filesthat do only contain the newer signature files for faster download.


I'm really glad to see someone actually using the stuff!


Have fun,

Kurt
--
Kurt Huwig         iKu Netzwerklösungen   http://www.iku-netz.de/
Gesellschafter     Am Römerkastell 4      Telefon 0681/96751-0
kurt@iku-netz.de   66121 Saarbrücken      Telefax 0681/96751-66
GnuPG  64B1 0C5B 82BC E16E 8940  EB6D 4C32 F908 99DD 9468


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Open Antivirus Update script
  - From: Jim Penny <jpenny@universal-fasteners.com>

References:
- Open Antivirus Update script
  - From: Matthew Grant <grantma@anathoth.gen.nz>

Prev by Date: Re: hurd does NOT need /hurd
Next by Date: Bug#147655: ITP: gkacpi -- GKRellm Plugin for ACPI
Previous by thread: Open Antivirus Update script
Next by thread: Re: Open Antivirus Update script
Index(es):
- Date
- Thread