Control: forwarded -1 Bill Landry <[email protected]> Control: tags -1 + patch
On Tue, Apr 08, 2014 at 11:57:42AM +0200, Andreas Cadhalpun wrote: > Then this needs more investigation. This is caused by the upstream database producers being a bit lax in their QA and releasing files that don't pass clamscan. > I looked into this and found that this error message comes from > clamav-unofficial-sigs.sh [1]. Indeed, CCing upstream on this mail, Bill, full discussion here: https://bugs.debian.org/704656 Bill, would it be possible for you to apply the attached patch to show the errors reported by clamscan so that they can be reported to the relevant database providers? Sometimes it is possible to put workarounds in place to modify the broken clamav sig file to remove problematic lines. Would it be possible to add a mechanism to run some arbitrary commands on the gpg-verified in-cache database files? Is there any way we can get all the database providers to verify their databases with clamscan before they push them out? Perhaps when clamscan fails, clamav-unofficial-sigs should provide contact details for the relevant upstream database providers so that sysadmins can inform them that their databases are broken. -- bye, pabs http://wiki.debian.org/PaulWise
diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
index 8575c87..20240c0 100755
--- a/clamav-unofficial-sigs.sh
+++ b/clamav-unofficial-sigs.sh
@@ -379,7 +379,7 @@ while getopts 'bc:defg:himrs:tvw' option ; do
echo ""
echo ""
echo "Signature database file created at: $path_file"
- if clamscan --quiet -d "$path_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$path_file" "$config_dir/scan-test.txt"
then
echo ""
echo "Clamscan reports database integrity tested good."
@@ -641,7 +641,7 @@ if [ -n "$ham_dir" -a -d "$work_dir" -a ! -d "$test_dir" ] ; then
for db_file in `ls`; do
grep -h -v -f "$config_dir/whitelist.hex" "$db_file" > "$db_file-tmp"
mv -f "$db_file-tmp" "$db_file"
- if clamscan --quiet -d "$db_file" "$config_dir/scan-test.txt" 2>/dev/null ; then
+ if clamscan --quiet -d "$db_file" "$config_dir/scan-test.txt" ; then
if rsync -pcqt $db_file $clam_dbs ; then
perms chown $clam_user:$clam_group $clam_dbs/$db_file
do_clamd_reload=1
@@ -1050,7 +1050,7 @@ if [ -n "$ss_dbs" ] ; then
db_ext=`echo $db_file | cut -d "." -f2`
if [ -z "$ham_dir" -o "$db_ext" != "ndb" ]
then
- if clamscan --quiet -d "$ss_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$ss_dir/$db_file" "$config_dir/scan-test.txt"
then
comment "Clamscan reports Sanesecurity $db_file database integrity tested good"
log "INFO - Clamscan reports Sanesecurity $db_file database integrity tested good" ; true
@@ -1078,7 +1078,7 @@ if [ -n "$ss_dbs" ] ; then
cut -d "*" -f2 | sort | uniq >> "$config_dir/whitelist.hex"
grep -h -v -f "$config_dir/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
- if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt"
then
comment "Clamscan reports Sanesecurity $db_file database integrity tested good"
log "INFO - Clamscan reports Sanesecurity $db_file database integrity tested good" ; true
@@ -1178,7 +1178,7 @@ if [ -n "$si_dbs" ] ; then
log "INFO - Testing updated SecuriteInfo database file: $db_file"
if [ -z "$ham_dir" -o "$db_ext" != "ndb" ]
then
- if clamscan --quiet -d "$si_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$si_dir/$db_file" "$config_dir/scan-test.txt"
then
comment "Clamscan reports SecuriteInfo $db_file database integrity tested good"
log "INFO - Clamscan reports SecuriteInfo $db_file database integrity tested good" ; true
@@ -1208,7 +1208,7 @@ if [ -n "$si_dbs" ] ; then
cut -d "*" -f2 | sort | uniq >> "$config_dir/whitelist.hex"
grep -h -v -f "$config_dir/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
- if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt"
then
comment "Clamscan reports SecuriteInfo $db_file database integrity tested good"
log "INFO - Clamscan reports SecuriteInfo $db_file database integrity tested good" ; true
@@ -1301,7 +1301,7 @@ if [ -n "$mbl_dbs" ] ; then
log "INFO - Testing updated database file: $db_file"
if [ -z "$ham_dir" -o "$db_ext" != "ndb" ]
then
- if clamscan --quiet -d "$mbl_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$mbl_dir/$db_file" "$config_dir/scan-test.txt"
then
comment "Clamscan reports MalwarePatrol $db_file database integrity tested good"
log "INFO - Clamscan reports MalwarePatrol $db_file database integrity tested good" ; true
@@ -1329,7 +1329,7 @@ if [ -n "$mbl_dbs" ] ; then
cut -d "*" -f2 | sort | uniq >> "$config_dir/whitelist.hex"
grep -h -v -f "$config_dir/whitelist.hex" "$test_dir/$db_file" > "$test_dir/$db_file-tmp"
mv -f "$test_dir/$db_file-tmp" "$test_dir/$db_file"
- if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ if clamscan --quiet -d "$test_dir/$db_file" "$config_dir/scan-test.txt"
then
comment "Clamscan reports MalwarePatrol $db_file database integrity tested good"
log "INFO - Clamscan reports MalwarePatrol $db_file database integrity tested good" ; true
@@ -1416,7 +1416,7 @@ if [ -n "$add_dbs" ] ; then
if ! cmp -s $add_dir/$db_file $clam_dbs/$db_file ; then
comment ""
comment "Testing updated database file: $db_file"
- clamscan --quiet -d "$add_dir/$db_file" "$config_dir/scan-test.txt" 2>/dev/null
+ clamscan --quiet -d "$add_dir/$db_file" "$config_dir/scan-test.txt"
if [ "$?" = "0" ]
then
comment "Clamscan reports $db_file database integrity tested good"
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
