New mcafee-autoupdate

[Tony Finch]

This is my current version. It includes a couple of important fixes:
It now uses HTTP, since the FTP server melted down this week.
There's also better error handling if the download of the tarball
fails -- in the past it could have left behind an empty directory
that confuses subsequent runs of the script. I've tested on Solaris,
so it should work OK for everyone it is supposed to.

I have an item on my todo list to get EXTRA.DAT updates working,
but I need to do more investigation first.

Tony.
--
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
DOVER WIGHT: SOUTHWEST 5 OR 6 BECOMING VARIABLE 3. FAIR. MODERATE OR GOOD.



#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/build/bin/uvscan-update,v 1.35 2003/08/22 13:59:59 fanf2 Exp $

# $PREFIX is the directory where the uvscan binary is (NOT a symlink to
# the binary), which is where it looks for its dat files. You may run
# uvscan via a symlink to this place (e.g. from /usr/local/bin/uvscan)
# and it will still look for the dat files here. If uvscan's library
# dependencies can be found in a standard place (e.g. /usr/local/lib)
# then you don't need a wrapper script to set LD_LIBRARY_PATH before
# running it.
#
# The dat files are installed in a subdirectory of $DATDIR named
# according to their version number, with symlinks from $PREFIX into
# the subdirectory via a current link. The current link is updated
# without locking on the assumption that this is sufficiently unlikely
# to cause a problem.
#
PREFIX=/opt/uvscan
DATDIR=$PREFIX/datfiles
SUBDIR=datfiles/current
LINK=$PREFIX/$SUBDIR

FTPDIR=http://download.nai.com/products/datfiles/4.x/nai/

# ensure the path is plausible
PATH=$PREFIX:/usr/local/bin:/usr/bin:/bin
export PATH

# handle the command line
OPTS="$*"
option () {
        case $OPTS in
        -*$1*)  eval $2=yes
        esac
}
case $OPTS in
[!-]*|*[!-dfrtv]*)
        echo "usage: $0 [-dfrtv]"
        echo "  -d      delete old files"
        echo "  -f      force update"
        echo "  -r      show README"
        echo "  -t      timestamp output"
        echo "  -v      verbose"
        exit 1
        ;;
esac
option d DELETE
option f FORCE
option r README
option t TIME
option v VERBOSE
case $FORCE in
yes)    VERBOSE=yes
esac

# wrapper functions for echo etc.
timestamp () {
        case $TIME in
        yes)    date "+%Y-%m-%d %H:%M:%S "
        esac
}
say () {
        case $VERBOSE in
        yes)    echo "`timestamp`$*"
        esac
}
run () {
        say "> $*"
        "$@"
}
say Starting $0

if [ ! -h $LINK ]
then
        INIT=yes
        VERBOSE=yes
        say Initial setup of $0
        run mkdir -p $DATDIR
fi
run cd $DATDIR

# version number pattern
MATCH="[0-9][0-9][0-9][0-9]"

# work out latest dat version
CMD="wget --passive-ftp $FTPDIR/update.ini 2>update.err"
say "> $CMD"
if eval "$CMD"
then
        VERSION=`cat update.ini | sed "/^DATVersion=\($MATCH\).$/!d;s//\1/;q"`
else
        cat update.err
        VERSION=UNKNOWN
fi
run rm -f update.*

badversion () {
        VERBOSE=yes
        say "Failed to get McAfee datfile update from $FTPDIR"
        say "FTP version number \"$VERSION\" $*"
        run exit 1
}

# check the format of the version number
case $VERSION in
$MATCH) : ok
        ;;
*)      badversion does not match "$MATCH"
        ;;
esac

# already got it?
if [ -d $VERSION ]
then
        case $FORCE in
        yes)    say Forced removal of $VERSION
                run rm -rf $VERSION
                ;;
        *)      say Already have $VERSION
                run exit 0
                ;;
        esac
fi

# work out installed dat version
PREVIOUS=`(ls -d $MATCH 2>/dev/null || echo 0000) | tail -1`

# check new version is actually newer
if [ $PREVIOUS -gt $VERSION ]
then
        badversion older than installed $PREVIOUS
fi

VERBOSE=yes

say Installed dat file is $PREVIOUS
say Latest dat file is $VERSION

# protect against failure
fail () {
        trap EXIT
        echo "$OUT"
        say Fetch or test failed -- removing bad McAfee data files
        run cd $DATDIR
        run rm -rf $VERSION
        run exit 1
}
trap fail EXIT

# fetch and extract dat files
TARFILE=dat-$VERSION.tar
run mkdir $VERSION
run cd $VERSION
run wget --passive-ftp --progress=dot:mega $FTPDIR/$TARFILE
run tar xvf $TARFILE

# verify the contents
CMD="uvscan --version --dat ."
say "> $CMD"
OUT=`$CMD 2>&1`
case "$OUT" in
*"Missing or invalid DAT"* | \
*"Data file not found"* | \
*"Removal datafile clean.dat not found"* | \
*"Unable to remove viruses"* )
        fail
esac

# protection not needed now
trap '' EXIT

echo "$OUT"
say Update OK

# show information on this update?
case $README in
yes)    run sed 's/[[:cntrl:]]//g
                1,/^====================/d
                /^====================/,/^NEW VIRUSES DETECTED/d
                /^UNDERSTANDING VIRUS NAMES/,$d
                s/^/# /;/@MM/s/$/ <--/' readme.txt
esac
# remove some crap
run rm -f *.diz *.exe *.ini *.lst *.tar *.txt

# do remaining part of initial setup
case $INIT in
yes)    for file in *.dat
        do
                run rm -f $PREFIX/$file
                run ln -s $SUBDIR/$file $PREFIX/$file
        done
esac

# update the current version link
run rm -f $LINK
run ln -s $VERSION $LINK

# maybe delete old dat files
case $DELETE in
yes)    run cd $DATDIR
        run rm -rf $PREVIOUS
esac

say Completed OK
run exit 0

# done