[Pkg-clamav-devel] Bug#761162: clamav-unofficial-sigs: Cron job results spread onto mail and logs
Alessandro Vesely
vesely at tana.it
Fri Sep 12 07:58:24 UTC 2014
On Fri 12/Sep/2014 02:46:06 +0200 Paul Wise wrote:
> On Thu, 2014-09-11 at 19:10 +0200, Alessandro Vesely wrote:
>
>> I'd rather suggest something along the lines of the attached patch
>> (not tested). It should get rid of some cron spam. For reporting, I
>> think libclamav does issue some warnings if a database is unacceptably
>> old, not sure that covers all databases though.
>
> Two issues with the patch:
>
> I don't think hardcoding the version number in user-agent is a good
> idea. I also don't think setting a version number in user-agent is
> useful either.
It would be helpful for webmasters at the distributing sites if they
can trace specific behavior to possible problems in the client
software.
> I also don't want the clamav-unofficial-sigs user-agent to be
> specific to Debian so that part of the patch will be removed until
> Bill adds it to the official version.
Fully agreed, the patch was actually meant for Bill.
> You removed the comparison between the original dbs in the clamav
> directory and the newly downloaded dbs.
One gets a 304 reply if the file was changed. I concur that a dummy
change (`touch`) would still cause the database to be reprocessed and
reloaded, but don't think we should expect such kind of attack from a
server.
>>> You can change the default URL by putting si_url=... here:
>>>
>>> /etc/clamav-unofficial-sigs.conf.d/sanesecurl.conf
>>
>> Hm... that would work if those assignments were done before sourcing
>> $config_source.
>
> I guess you missed that the main configuration file sources the files in
> the conf.d directory (as well as the ones in /usr):
>
> /etc/clamav-unofficial-sigs.conf
I had looked at that, it's cute. But comes at line 604.
Alternatively:
--- clamav-unofficial-sigs-3.7.2/clamav-unofficial-sigs.sh 2013-08-27 18:08:25.000000000 +0200
+++ clamav-unofficial-sigs-3.7.2/clamav-unofficial-sigs-patched2.sh 2014-09-12 09:49:51.000000000 +0200
@@ -751,7 +751,7 @@
fi
# Unofficial ClamAV database provider URLs
-ss_url="rsync.sanesecurity.net"
+ss_url=${ss_premium_url:-rsync.sanesecurity.net}
si_url="clamav.securiteinfo.com"
mbl_url="www.malwarepatrol.net"
More information about the Pkg-clamav-devel
mailing list