From 7404cdc4a8fafd3042d782a68bc5193cae46db6e Mon Sep 17 00:00:00 2001 From: mundschenk_at Date: Tue, 15 Dec 2020 21:40:44 +0100 Subject: [PATCH 1/4] Use POSIX character classes instead of literals --- clamav-unofficial-sigs.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 6484873f..bce3ff31 100755 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1772,7 +1772,7 @@ for config_file in "${config_files[@]}" ; do clean_config=${clean_config//\#*/} # Comment line (duplicated) # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line - #clean_config="$(echo "$clean_config" | $sed_bin -e 's/^[ \t]*//;s/[ \t]*$//')" # trailing and leading whitespace + #clean_config="$(echo "$clean_config" | $sed_bin -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trailing and leading whitespace clean_config="$(echo "$clean_config" | xargs)" # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^\s*$/d')" # Blank lines @@ -1785,7 +1785,7 @@ for config_file in "${config_files[@]}" ; do clean_config="$(echo "$clean_config" | $sed_bin -e 's/#[[:space:]].*//')" # Comment line (duplicated) # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^[[:blank:]]*#/d;s/#.*//')" # Comments at end of line - #clean_config="$(echo "$clean_config" | $sed_bin -e 's/^[ \t]*//;s/[ \t]*$//')" # trailing and leading whitespace + #clean_config="$(echo "$clean_config" | $sed_bin -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//')" # trailing and leading whitespace #clean_config="$(echo "$clean_config" | xargs)" # shellcheck disable=SC2001 clean_config="$(echo "$clean_config" | $sed_bin -e '/^\s*$/d')" # Blank lines @@ -1797,8 +1797,7 @@ for config_file in "${config_files[@]}" ; do # Delete both trailing and leading whitespace # Delete all trailing whitespace # Delete all empty lines - clean_config="$(command "$sed_bin" -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file")" - + clean_config="$(command "$sed_bin" -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//' -e '/^[[:space:]]*$/d' "$config_file")" fi #fix eval of | From f552d7bec4d5c928b935ed4cdbea85f3c9eaf6e4 Mon Sep 17 00:00:00 2001 From: mundschenk_at Date: Tue, 15 Dec 2020 22:01:59 +0100 Subject: [PATCH 2/4] Use POSIX character class instead of \s for compatibility with BSD grep --- clamav-unofficial-sigs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index bce3ff31..fa2933b7 100755 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1812,7 +1812,7 @@ for config_file in "${config_files[@]}" ; do fi # Check there is an = for every set of "" optional whitespace \s* between = and " - config_check_vars="$(echo "$clean_config" | $grep_bin -c '=\s*\"' )" + config_check_vars="$(echo "$clean_config" | $grep_bin -c '=[[:space:]]*\"' )" if [ $(( ${#config_check} / 2 )) -ne "$config_check_vars" ] ; then xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" From e4124f034e5bfd2a90f302aa7002c022ab23dedc Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Sat, 19 Dec 2020 22:35:42 +0200 Subject: [PATCH 3/4] prevent linuxmalwaredetect yara files being extracted when yara is not supported replace echo with xshok_pretty_echo_and_log fixes: #355 --- clamav-unofficial-sigs.sh | 40 +++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index fa2933b7..6d680ac0 100755 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -409,7 +409,7 @@ function xshok_database() { # rating database_array continue # Skip to the next value fi fi - if [ -z "$current_rating" ] ; then # YARA rules are disabled + if [ -z "$current_rating" ] ; then new_dbs+=( "$db_name" ) else if [[ ! "$db_name" = *"|"* ]] ; then # This old format @@ -2597,11 +2597,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${sanesecurity_remove_dbs[0]}" ] ; then for db_file in "${sanesecurity_remove_dbs[@]}" ; do if [ -f "${work_dir_sanesecurity}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_sanesecurity}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_sanesecurity}/${db_file}" rm -f "${work_dir_sanesecurity}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2609,11 +2609,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${securiteinfo_remove_dbs[0]}" ] ; then for db_file in "${securiteinfo_remove_dbs[@]}" ; do if [ -f "${work_dir_securiteinfo}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_securiteinfo}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_securiteinfo}/${db_file}" rm -f "${work_dir_securiteinfo}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2621,11 +2621,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${linuxmalwaredetect_remove_dbs[0]}" ] ; then for db_file in "${linuxmalwaredetect_remove_dbs[@]}" ; do if [ -f "${work_dir_linuxmalwaredetect}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_linuxmalwaredetect}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_linuxmalwaredetect}/${db_file}" rm -f "${work_dir_linuxmalwaredetect}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2633,11 +2633,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${interserver_remove_dbs[0]}" ] ; then for db_file in "${interserver_remove_dbs[@]}" ; do if [ -f "${work_dir_interserver}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_interserver}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_interserver}/${db_file}" rm -f "${work_dir_interserver}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2645,11 +2645,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${malwareexpert_remove_dbs[0]}" ] ; then for db_file in "${malwareexpert_remove_dbs[@]}" ; do if [ -f "${work_dir_malwareexpert}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_malwareexpert}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_malwareexpert}/${db_file}" rm -f "${work_dir_malwareexpert}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2663,11 +2663,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then yr_dir="" fi if [ -f "${work_dir_yararulesproject}/${yr_dir}${db_file}" ] ; then - echo "Removing unused file: ${work_dir_yararulesproject}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_yararulesproject}/${db_file}" rm -f "${work_dir_yararulesproject}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2675,11 +2675,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${urlhaus_remove_dbs[0]}" ] ; then for db_file in "${urlhaus_remove_dbs[@]}" ; do if [ -f "${work_dir_urlhaus}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_urlhaus}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_urlhaus}/${db_file}" rm -f "${work_dir_urlhaus}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -2687,11 +2687,11 @@ if [ "$remove_disabled_databases" == "yes" ] ; then if [ -n "${malwarepatrol_remove_dbs[0]}" ] ; then for db_file in "${malwarepatrol_remove_dbs[@]}" ; do if [ -f "${work_dir_malwarepatrol}/${db_file}" ] ; then - echo "Removing unused file: ${work_dir_malwarepatrol}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${work_dir_malwarepatrol}/${db_file}" rm -f "${work_dir_malwarepatrol}/${db_file}" fi if [ -f "${clam_dbs}/${db_file}" ] ; then - echo "Removing unused file: ${clam_dbs}/${db_file}" + xshok_pretty_echo_and_log "Removing unused file: ${clam_dbs}/${db_file}" rm -f "${clam_dbs}/${db_file}" fi done @@ -3344,7 +3344,11 @@ if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then ret="$?" if [ "$ret" -eq 0 ] ; then # shellcheck disable=SC2035 - $tar_bin --strip-components=1 --wildcards --overwrite -xzf "${work_dir_linuxmalwaredetect}/sigpack.tgz" --directory "${work_dir_linuxmalwaredetect}" */rfxn.* + if [ "$enable_yararules" == "yes" ] ; then + $tar_bin --strip-components=1 --wildcards --overwrite -xzf "${work_dir_linuxmalwaredetect}/sigpack.tgz" --directory "${work_dir_linuxmalwaredetect}" */rfxn.* + else + $tar_bin --strip-components=1 --wildcards --exclude='*.yar' --exclude='*.yara' --overwrite -xzf "${work_dir_linuxmalwaredetect}/sigpack.tgz" --directory "${work_dir_linuxmalwaredetect}" */rfxn.* + fi for db_file in "${linuxmalwaredetect_dbs[@]}" ; do if [ "$loop" == "1" ] ; then xshok_pretty_echo_and_log "---" From 12e676d98abbac1138234b616b17acbb7c104ab8 Mon Sep 17 00:00:00 2001 From: eXtremeSHOK Date: Sat, 19 Dec 2020 22:56:15 +0200 Subject: [PATCH 4/4] prepare 7.2.2 --- README.md | 7 +++++++ clamav-unofficial-sigs.sh | 5 ++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c44dd9bb..553c2a6a 100644 --- a/README.md +++ b/README.md @@ -220,6 +220,13 @@ Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE] ## Change Log +### Version 7.2.2 (20 December 2020) + +* eXtremeSHOK.com Maintenance +* Use POSIX character classes instead of literals +* Prevent linuxmalwaredetect yara files being extracted when yara is not supported +* Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages + ### Version 7.2.1 (13 December 2020) * eXtremeSHOK.com Maintenance diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh index 6d680ac0..7909e5c7 100755 --- a/clamav-unofficial-sigs.sh +++ b/clamav-unofficial-sigs.sh @@ -1530,8 +1530,8 @@ EOF ################################################################################ # Script Info -script_version="7.2.1" -script_version_date="2020-12-13" +script_version="7.2.2" +script_version_date="2020-12-20" minimum_required_config_version="95" minimum_yara_clamav_version="0.100" @@ -2400,7 +2400,6 @@ if [ "$securiteinfo_enabled" == "yes" ] ; then fi securiteinfo_dbs=( ) if [ -n "$temp_db" ] ; then - #securiteinfo_dbs=( $temp_db ) read -r -a securiteinfo_dbs <<< "$temp_db" fi fi