Re: [Clamav-users] freshclam --quiet warnings/bugs

Tue, 17 Aug 2004 19:22:19 -0700 

On Tue, Aug 17, 2004 at 09:04:11AM +0200, Tomasz Papszun wrote:
> On Tue, 17 Aug 2004 at 12:58:34 +1000, Rob Chanter wrote:
> [...]
> > VINFO="/tmp/siginfo.`date +%H%M%S`"
> [...]
> >     echo >> $VINFO
> [...]
> > FCINFO="/tmp/fcinfo.`date +%H%M%S`"
> [...]
> > echo "The ClamAV updater freshclam has failed for some reason." >>$FCINFO
> [...]
> 
> Such setup is vulnerable to "/tmp file race condition" (the filenames
> are very predictable).
> You'd better use files in a directory writable only by the user
> executing the scripts or use mktemp(1) to create unique filenames.
> You remove the files at the end of scripts, so having nice-looking names
> isn't needed anyway.
 
You're absolutely right. On Linux I'd use mktemp(1), but that's not on
these Solaris boxes (there's only the library call, so I'd have to write
my own wrapper utility and a couple extra lines of shell is so much less
effort). I figured that having per-second timestamps would be reasonable
protection from accidental (not malicious) race conditions, but I'd be
better off moving them into a space owned by the scanner user. So here's
a newer example:

#!/bin/sh
# Mail details of a successful DB update to virusadmin.

# Set notify address as required
VIRUSADM="[EMAIL PROTECTED]"

# Environment and scratch files.
SIGTOOL="/usr/local/bin/sigtool"
SCANNER_BASE="/var/amavisd"
VIRUSDBDIR="${SCANNER_BASE}/virusdb"
MYHOSTNAME=`/usr/bin/hostname`
VINFO="${SCANNER_BASE}/siginfo.$$.`date +%H%M%S`"

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

for i in ${VIRUSDBDIR}/*.cvd
do
        echo >> $VINFO
    echo "SIGTOOL INFO FOR ${i}" >> $VINFO
    echo >> $VINFO
    ${SIGTOOL} --stdout --info $i >> $VINFO
    echo >> $VINFO
done

mailx -s "freshclam update succeeded for ${MYHOSTNAME}" \
  $VIRUSADM <$VINFO

rm $VINFO



cheers
rob


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to