Things to be aware of when writing auto-updates

Nick Phillips nwp at LEMON-COMPUTING.COM
Mon Jan 14 10:29:10 GMT 2002


On Sun, Jan 13, 2002 at 09:36:30PM +0100, Evert Jan van Ramselaar wrote:

> #!/bin/sh
> mkdir /tmp/fpupdate
> cd /tmp/fpupdate
> /usr/bin/wget ftp://ftp.f-prot.com/pub/macrdef2.zip
> /usr/bin/wget ftp://ftp.f-prot.com/pub/fp-def.zip
> /usr/bin/unzip macrdef2.zip
> /usr/bin/unzip fp-def.zip
> mv *.DEF *.ASC /usr/local/f-prot
> cd /
> rm -rf /tmp/fpupdate
>
> This does the trick for me. As you can see, it depends on wget.

For the benefit of anyone who ends up writing auto-update scripts,
you may want to think about using the locking that mailscanner does
when starting up a scanner. Otherwise you may be halfway through
updating your signatures when a scan starts, which could be a bad idea.

Essentially, mailscanner creates and locks a file in /tmp (e.g.
/tmp/SophosBusy.lock for sophos) to indicate that the scanner is being used,
and updates should not be made.

If you have a look at Julian's auto-update script for sophos, you'll see
how it works.

Thinking about it, I guess there may be a slight security risk the first
time mailscanner uses a particular scanner (symlink attack could cause it
to truncate any file that mailscanner can write). So far as I remember,
the lock files are never removed, so this should only be a problem once.


Cheers,


Nick
--
Nick Phillips -- nwp at lemon-computing.com
A long-forgotten loved one will appear soon.

Buy the negatives at any price.



More information about the MailScanner mailing list