McAfee autoupdate & wrapper

Tony Finch dot at DOTAT.AT
Wed Mar 24 18:19:17 GMT 2004


Rabellino Sergio <rabellino at DI.UNITO.IT> wrote:
>Tony Finch wrote:
>>
>> I've had a quick look at your new scripts. I like the idea of getting
>> uvscan's idea of the current dat version rather than believing the
>> filesystem, and the proxy support is useful. I'm less convinced by the
>> retry support, since IME NAI's web site is not unreliable and the cron
>> job will run again soon anyway.
>
>but your connection could not be as reliable as the NAI web site.... so
>I've thinked about the retry feature.

Indeed I am blessed with good connectivity :-)

>> There are some problems:
>>
>> (1) You've broken the error handling by removing -e from the #!/bin/sh
>> line, which prevented the script from stumbling on blindly after an error.
>
>this was intentional,  because a wget error (es http/404 file not found)
>break the script. If you know how to do this with the -e , let me know.
>
>> Instead you've added some ad-hoc error handling such as the pointless
>> wget checking, but missed out checks for directory creation etc.
>
>Other checks could be easily done, I'll try to code them.

I suggest restoring the -e and adding special soft-failure handling to the
wget commands (as in my original script when fetching update.ini).

>> (2) You've broken backwards compatibility by removing the -f (force)
>> option.
>
>The "force" option is not useful anymore, because if the release X
>is running, then it's ok (mcafee --version check succesful), in other
>case, I must remove all and force the download of the new release not
>installed.

Ah yes, good point :-) Another reason your running dat check is
better than mine.

>The old script lack this, so if a download is interrupted, then
>the dir X under datafiles exist and only a "force" could get the things
>right.

That shouldn't happen, because of the trap handling around the download
which cleans up the directory if there is any kind of failure.

>> (4) You haven't added command-line options for the new proxy and retry
>> features.
>
>It's so useful ?

It's mainly bebause it's the clean way to do it, so all that the user
needs to do is put the right thing in the crontab without altering
the script.

>> (5) The extra.dat support is not necessary.
>
>why ?

If you put the extra.dat file in /usr/local/uvscan (if you want it to
be persistent) or in /usr/local/uvscan/datfiles/current (if you want it
to go away when new dat files are released) then uvscan will pick it up
automatically -- no special support is required.

>> (6) The code formatting is a disaster.
>
>strange .... i'm using spaces, not tabs.

Exactly -- your additions are not consistent with the existing code.

Tony.
--
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
PORTLAND PLYMOUTH: NORTHEAST BACKING NORTHWEST 5 OR 6 DECREASING 3. SHOWERS
THEN RAIN. GOOD.



More information about the MailScanner mailing list