[FUGSPBR] script de atualizacao automatica de antivirus
Mauricio Bonani
mbonani em aboutlinux.com.br
Qua Ago 18 22:52:48 BRT 2004
Eu uso o seguinte script agendado no cron:
#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/build/bin/uvscan-update,v 1.38 2003/09/04 12:27:27
fanf2 Exp $
# $PREFIX is the directory where the uvscan binary is (NOT a symlink to
# the binary), which is where it looks for its dat files. You may run
# uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan)
# and it will still look for the dat files here. If uvscan's library
# dependencies can be found in a standard place (e.g. /usr/local/lib)
# then you don't need a wrapper script to set LD_LIBRARY_PATH before
# running it.
#
# The dat files are installed in a subdirectory of $DATDIR named
# according to their version number, with symlinks from $PREFIX into
# the subdirectory via a current link. The current link is updated
# without locking on the assumption that this is sufficiently unlikely
# to cause a problem.
# defaults
OPTS=""
PREFIX=/usr/local/uvscan
FTPDIR=http://download.nai.com/products/datfiles/4.x/nai/
# handle the command line
usage () {
echo "usage: $0 [-dfrtv] [prefix]"
echo " -d delete old files"
echo " -f force update"
echo " -r show README"
echo " -t timestamp output"
echo " -v verbose"
echo " prefix uvscan installation directory"
exit 1
}
case $# in
0|1|2) : ok
;;
*) usage
;;
esac
for arg in "$@"
do
case $arg in
-*) OPTS=$arg
;;
/*) PREFIX=$arg
;;
*) usage
;;
esac
done
case $OPTS in
*[!-dfrtv]*)
usage
esac
option () {
case $OPTS in
-*$1*) eval $2=yes
;;
*) eval $2=no
;;
esac
}
option d DELETE
option f FORCE
option r README
option t TIME
option v VERBOSE
case $FORCE in
yes) VERBOSE=yes
esac
# set up paths
PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin
export PATH
DATDIR=$PREFIX/datfiles
SUBDIR=datfiles/current
LINK=$PREFIX/$SUBDIR
# wrapper functions for echo etc.
timestamp () {
case $TIME in
yes) date "+%Y-%m-%d %H:%M:%S "
esac
}
say () {
case $VERBOSE in
yes) echo "`timestamp`$*"
esac
}
run () {
say "> $*"
"$@"
}
say Starting $0
say DELETE=$DELETE
say FORCE=$FORCE
say README=$README
say TIME=$TIME
say VERBOSE=$VERBOSE
say PREFIX=$PREFIX
if [ ! -h $LINK ]
then
INIT=yes
VERBOSE=yes
say Initial setup of $0
run mkdir -p $DATDIR
fi
run cd $DATDIR
# version number pattern
MATCH="[0-9][0-9][0-9][0-9]"
# work out latest dat version
CMD="wget --passive-ftp $FTPDIR/update.ini 2>update.err"
say "> $CMD"
if eval "$CMD"
then
VERSION=`cat update.ini | sed "/^DATVersion=\($MATCH\).$/!d;s//\1/;q"`
else
cat update.err
VERSION=UNKNOWN
fi
run rm -f update.*
badversion () {
VERBOSE=yes
say "Failed to get McAfee datfile update from $FTPDIR"
say "FTP version number \"$VERSION\" $*"
run exit 1
}
# check the format of the version number
case $VERSION in
$MATCH) : ok
;;
*) badversion does not match "$MATCH"
;;
esac
# already got it?
if [ -d $VERSION ]
then
case $FORCE in
yes) say Forced removal of $VERSION
run rm -rf $VERSION
;;
*) say Already have $VERSION
run exit 0
;;
esac
fi
# work out installed dat version
PREVIOUS=`(ls -d $MATCH 2>/dev/null || echo 0000) | tail -1`
# check new version is actually newer
if [ $PREVIOUS -gt $VERSION ]
then
badversion older than installed $PREVIOUS
fi
VERBOSE=yes
say Installed dat file is $PREVIOUS
say Latest dat file is $VERSION
# protect against failure
fail () {
trap EXIT
echo "$OUT"
say Fetch or test failed -- removing bad McAfee data files
run cd $DATDIR
run rm -rf $VERSION
run exit 1
}
trap fail EXIT
# fetch and extract dat files
TARFILE=dat-$VERSION.tar
run mkdir $VERSION
run cd $VERSION
run wget --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE
run tar xvf $TARFILE
# verify the contents
CMD="uvscan --version --dat ."
say "> $CMD"
OUT=`$CMD 2>&1`
case "$OUT" in
*"Missing or invalid DAT"* | \
*"Data file not found"* | \
*"Removal datafile clean.dat not found"* | \
*"Unable to remove viruses"* )
fail
esac
# protection not needed now
trap '' EXIT
echo "$OUT"
say Update OK
# show information on this update?
case $README in
yes) run sed 's/[[:cntrl:]]//g
1,/^====================/d
/^====================/,/^NEW VIRUSES DETECTED/d
/^UNDERSTANDING VIRUS NAMES/,$d
s/^/# /;/@MM/s/$/ <--/' readme.txt
esac
# remove some crap
run rm -f *.diz *.exe *.ini *.lst *.tar *.txt
# do remaining part of initial setup
case $INIT in
yes) for file in *.dat
do
run rm -f $PREFIX/$file
run ln -s $SUBDIR/$file $PREFIX/$file
done
esac
# update the current version link
run rm -f $LINK
run ln -s $VERSION $LINK
# maybe delete old dat files
case $DELETE in
yes) run cd $DATDIR
run rm -rf $PREVIOUS
esac
say Completed OK
run exit 0
# done
At 17:13 18/8/2004, you wrote:
>Pessoal,
>estou usando o antivirus uvscan e gostaria de criar um script para a
>atulizcao automatica do mesmo. O script em si eu ate achei na propria
>documentacao do antivirus. Mas o problema e que eu tenho que logar e
>baixar o arquivos de assinaturas de virus no ftp da nai automaticamente.
>Ja pesquisei e encontrei um tal de .netrc em alguns unix mas o freebsd nao
>tem isso...o que eu uso e como para realizar a tarefa de conexao e
>download via ftp automatico?
>
>
>_______________________________________________________________
>Para enviar um novo email para a lista: fugspbr em fugspbr.org
>Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
>Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
--
Mauricio Bonani
mailto:mbonani em aboutlinux.com.br
_______________________________________________________________
Para enviar um novo email para a lista: fugspbr em fugspbr.org
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd