FreeBSD mcafee-autoupdate

[Tony Finch]

Jan-Peter Koopmann <Jan-Peter.Koopmann at SECEIDOS.DE> wrote:
>
>the mcafee-autoupdate script in lib uses /bin/tar. Under FreeBSD this is
>in /usr/bin/tar. The script starts and downloads the update file but
>does not untar it. Unfortunately this does NOT give you an error and
>everything seems to run fine. Please either change this or include a
>note in INSTALL.FreeBSD.

The script I use is as follows. It keeps track of the datfile versions
that have been installed by storing them in /usr/local/lib/uvscan/NNNN
with symlinks from /usr/local/lib/uvscan into the current version. It
checks which upstream version is available, and if it is already
installed it exits quietly (which makes it nice for running from
cron). Otherwise it downloads the new version (using wget since
that is more universally available than FreeBSD's fetch utility),
checks that it works, then activates it. (In this case it is noisy,
so when run from cron you will get an email telling you about the
datfile update.) It will not splat an existing setup if the new
datfile is corrupt. It uses sh -e to avoid failures propagating and
becoming serious, and it relies on a sane PATH setting. It doesn't use
locking, but assumes that updating four symlinks will be fast enough
that the race won't matter. I also don't use a wrapper script since
it's unnecessary if uvscan is installed where McAfee expect it to be.


#!/bin/sh -e
#
# Update the McAfee data files.
#
# $Cambridge: hermes/build/bin/uvscan-update,v 1.10 2003/02/04 04:52:21 fanf2 Exp $

LIBDIR=/usr/local/lib/uvscan

FTPDIR=ftp://ftp.csx.cam.ac.uk/pub/software/antivirus/datfiles/4.x
#FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x

# work out latest dat version
SED='/^DATVersion=\([0-9]*\).*$/!d;s//\1/;q'
VERSION=`wget -q -O- $FTPDIR/update.ini | sed -e "$SED"`

DATDIR=$LIBDIR/$VERSION
FILE=dat-$VERSION.tar

# already got it?
if [ -d $DATDIR ]
then
        case $1 in
        -v)     echo Already have $VERSION
        esac
        exit
fi

echo Latest dat file is $VERSION

run() {
        echo ">" "$@"
        "$@"
}

# fetch and extract dat files
run mkdir -p $DATDIR
run cd $DATDIR
run wget --progress=dot:mega $FTPDIR/$FILE
run tar xvf $FILE

# verify the contents
fail () {
        echo "$OUT"
        echo Test run failed -- removing bad McAfee data files
        run rm -rf $DATDIR
        exit 1
}
trap fail EXIT
CMD="uvscan --dat $DATDIR --version 2>&1"
echo '> OUT=`'$CMD'`'
OUT=`$CMD`
case "$OUT" in
*"Missing or invalid DAT"* | \
*"Data file not found"* | \
*"Removal datafile clean.dat not found"* | \
*"Unable to remove viruses"* )
        fail
        ;;
esac
trap EXIT

echo "$OUT"
echo Update OK
# change the current dat file links
run cd $LIBDIR
run ln -sf $VERSION/*.dat .
# remove some crap
run cd $DATDIR
run rm -f *.exe *.tar *.txt

# done

Tony.
--
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
CROMARTY FORTH TYNE: VARIABLE 3 BECOMING SOUTH OR SOUTHEAST 3 OR 4. FAIR. GOOD
OCCASIONALLY MODERATE.