#! /bin/sh # postinst script for clamav-freshclam # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. #loading debconf module . /usr/share/debconf/confmodule to_lower() { word="$1" lcword=$(echo "$word" | tr A-Z a-z) echo "$lcword" } is_true() { var="$1" lcvar=$(to_lower "$var") [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ] return $? } is_false() { var="$1" lcvar=$(to_lower "$var") [ 'false' = "$lcvar" ] || [ 'no' = "$lcvar" ] || [ 0 = "$lcvar" ] return $? } ucf_cleanup() { # This only does something if I've fucked up before # Not entirely impossible :( configfile=$1 if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile fi } add_to_ucf() { configfile=$1 ucffile=$2 if ! grep -q "$configfile" /var/lib/ucf/hashfile; then md5sum $configfile >> /var/lib/ucf/hashfile cp $configfile $ucffile fi } ucf_upgrade_check() { configfile=$1 sourcefile=$2 ucffile=$3 if [ -f "$configfile" ]; then add_to_ucf $configfile $ucffile ucf --three-way --debconf-ok "$sourcefile" "$configfile" else [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache pathfind restorecon && restorecon /var/lib/ucf/cache cp $sourcefile $configfile add_to_ucf $configfile $ucffile fi } slurp_config() { CLAMAVCONF="$1" if [ -e "$CLAMAVCONF" ]; then for variable in `egrep -a -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do case "$variable" in DatabaseMirror) if [ -z "$DatabaseMirror" ]; then for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$value $i" done else continue fi ;; DatabaseCustomURL) if [ -z "$DatabaseCustomURL" ]; then for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$value $i" done else continue fi ;; IncludePUA) if [ -z "$IncludePUA" ]; then for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$i $value" done else continue fi ;; ExcludePUA) if [ -z "$ExcludePUA" ]; then for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$i $value" done else continue fi ;; ExtraDatabase) if [ -z "$ExtraDatabase" ]; then for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$value $i" done else continue fi ;; VirusEvent|OnUpdateExecute|OnErrorExecute|RejectMsg) value=`grep -a ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //` ;; *) value=`grep -a "^$variable[[:space:]]" $CLAMAVCONF | head -n1 | awk '{print $2}'` ;; esac if [ -z "$value" ]; then export "$variable"="true" elif [ "$value" != "$variable" ]; then export "$variable"="$value" else export "$variable"="true" fi unset value done fi } pathfind() { OLDIFS="$IFS" IFS=: for p in $PATH; do if [ -x "$p/$*" ]; then IFS="$OLDIFS" return 0 fi done IFS="$OLDIFS" return 1 } set_debconf_value() { prog=$1 name=$2 eval variable="\$${name}" if [ -n "$variable" ]; then db_set clamav-$prog/$name "$variable" || true fi } make_dir() { DIR=$1 if [ -d "$DIR" ]; then return 0; fi [ -n "$User" ] || User=clamav mkdir -p -m 0755 "$DIR" chown "$User" "$DIR" pathfind restorecon && restorecon "$DIR" } # Debconf Functions isdigit () { case $1 in [[:digit:]]*) ISDIGIT=1 ;; *) ISDIGIT=0 ;; esac } inputdigit () { ISDIGIT=0 while [ "$ISDIGIT" = '0' ]; do db_input "$1" "$2" || true if ! db_go; then return 30 fi db_get $2 || true isdigit $RET if [ "$ISDIGIT" = '0' ]; then db_input critical clamav-base/numinfo || true db_go fi done return 0 } StateGeneric() { PRIO=$1 QUESTION=$2 NEXT=$3 LAST=$4 db_input $PRIO $QUESTION || true if db_go; then STATE=$NEXT else STATE=$LAST fi } StateGenericDigit() { PRIO=$1 QUESTION=$2 NEXT=$3 LAST=$4 inputdigit $PRIO $QUESTION || true if db_go; then STATE=$NEXT else STATE=$LAST fi } FRESHCLAMCONFFILE=/etc/clamav/freshclam.conf FRESHCLAMLOGFILE=/var/log/clamav/freshclam.log DEBCONFFILE=/var/lib/clamav/freshclam.conf LOGROTFILE=/etc/logrotate.d/clamav-freshclam DEBROTFILE=/var/lib/clamav/clamav-freshclam DO_RUN_AS_EVALUATION=0 case "$1" in configure) # Configure the hardcoded stuff dbowner=clamav udlogfile="$FRESHCLAMLOGFILE" maxatt=5 # Read the configuration file slurp_config "$FRESHCLAMCONFFILE" # Get the debconf answers db_get clamav-freshclam/local_mirror || true [ "$RET" = "" ] || rawmirrors="$RET" if echo "$rawmirrors" | egrep -q '(\(|\))'; then mirrors=`echo "$rawmirrors" | awk '{print $1}'` else mirrors="$rawmirrors" fi db_get clamav-freshclam/autoupdate_freshclam || true runas="$RET" if [ "$runas" = "ifup.d" ]; then db_get clamav-freshclam/internet_interface || true if [ "$RET" != "" ]; then iface="$RET" else # Like the template promised runas="daemon" fi fi if [ "$runas" = "ifup.d" ] || [ "$runas" = "daemon" ] || [ "$runas" = "cron" ]; then db_get clamav-freshclam/update_interval || true if [ "$RET" != "" ]; then if [ "$runas" != "cron" ]; then checks="$RET" else if [ "$RET" -ge 24 ]; then echo "To check for updates more often than hourly, please run freshclam as a daemon." cronhour=1 else cronhour="`expr 24 / $RET`" fi fi fi fi db_get clamav-freshclam/http_proxy || true if [ "$RET" != "" ]; then url="`echo "$RET" | sed -e 's,^http://,,g' | sed -e 's,/$,,g'`" phost="`echo "$url" | cut -d':' -f 1`" pport="`echo "$url" | cut -d':' -f 2`" if [ "$pport" = "$phost" ]; then pport="" fi fullurl="$RET" db_metaget clamav-freshclam/proxy_user value || true if [ "$RET" != "" ]; then fulluser="$RET" puser="`echo "$RET" | cut -d':' -f 1`" ppass="`echo "$RET" | cut -d':' -f 2`" fi fi db_get clamav-freshclam/NotifyClamd || true [ "$RET" = "true" ] && notify="/etc/clamav/clamd.conf" db_get clamav-freshclam/Bytecode || true Bytecode="$RET" db_get clamav-freshclam/LogRotate || true LogRotate="$RET" db_get clamav-freshclam/PrivateMirror || true PrivateMirror="$RET" # Make sure user changes to unasked questions remain intact [ -n "$DatabaseOwner" ] && [ "$DatabaseOwner" != "$dbowner" ] && dbowner="$DatabaseOwner" [ -n "$UpdateLogFile" ] && [ "$UpdateLogFile" != "$udlogfile" ] && udlogfile="$UpdateLogFile" [ -n "$MaxAttempts" ] && [ "$MaxAttempts" != "$maxatt" ] && maxatt="$MaxAttempts" if [ -n "$udlogfile" ]; then if echo "$udlogfile" | grep -q '^/dev/'; then make_logrotate=false else if [ "$LogRotate" = "true" ]; then make_logrotate=true else make_logrotate=false fi fi [ -z "$User" ] && User=clamav if [ "$make_logrotate" = 'true' ]; then # update the logrotate file echo "$udlogfile {" > $DEBROTFILE echo " rotate 12" >> $DEBROTFILE echo " weekly" >> $DEBROTFILE echo " compress" >> $DEBROTFILE echo " delaycompress" >> $DEBROTFILE echo " missingok" >> $DEBROTFILE echo " create 640 $User adm" >> $DEBROTFILE echo " postrotate" >> $DEBROTFILE echo " if [ -d /run/systemd/system ]; then" >> $DEBROTFILE echo " systemctl -q is-active clamav-freshclam && systemctl kill --signal=SIGHUP clamav-freshclam || true" >> $DEBROTFILE echo " else" >> $DEBROTFILE echo " invoke-rc.d clamav-freshclam reload-log > /dev/null || true" >> $DEBROTFILE echo " fi" >> $DEBROTFILE echo " endscript" >> $DEBROTFILE echo " }" >> $DEBROTFILE touch "$udlogfile" if [ -f "$udlogfile" ] && [ ! -L "$udlogfile" ]; then chown "$User":adm "$udlogfile" chmod 0640 "$udlogfile" fi ucf_cleanup "$LOGROTFILE" ucf_upgrade_check "$LOGROTFILE" "$DEBROTFILE" /var/lib/ucf/cache/:etc:logrotate.d:clamav-freshclam rm -f $DEBROTFILE else if [ -e "$LOGROTFILE" ]; then echo "Disabling old logrotate script for clamav-freshclam" mv "$LOGROTFILE" "$CLAMAVROTATEFILE".dpkg-old ucf -p "$LOGROTFILE" fi fi else if [ -e "$LOGROTFILE" ]; then echo "Disabling old logrotate script for clamav-freshclam" mv "$LOGROTFILE" "$CLAMAVROTATEFILE".dpkg-old ucf -p "$LOGROTFILE" fi fi # Set up cron method if [ "$runas" = cron ]; then min=$(( `od -A n -N 2 -l < /dev/urandom` % 3600 / 60 )) # min=`perl -e 'print int(rand(60))'` FRESHCLAMCRON=/etc/cron.d/clamav-freshclam FRESHCLAMTEMP=/var/lib/clamav/freshclam.cron echo "$min */$cronhour * * * $dbowner [ -x /usr/bin/freshclam ] && /usr/bin/freshclam --quiet >/dev/null" > "$FRESHCLAMTEMP" ucf_cleanup "$FRESHCLAMCRON" ucf_upgrade_check "$FRESHCLAMCRON" "$FRESHCLAMTEMP" /var/lib/ucf/cache/:etc:cron.d:clamav-freshclam rm -f "${FRESHCLAMCRON}.ucf-dist" rm -f "$FRESHCLAMTEMP" else if [ -e /etc/cron.d/clamav-freshclam ]; then echo -n "Disabling old cron script . . . " mv /etc/cron.d/clamav-freshclam /etc/cron.d/clamav-freshclam.dpkg-old ucf -p /etc/cron.d/clamav-freshclam > /dev/null 2>&1 || true echo "done" fi fi # Set up ifup.d method if [ "$runas" = 'ifup.d' ]; then [ -n "$iface" ] && echo "$iface" > /var/lib/clamav/interface else [ -f /var/lib/clamav/interface ] && rm -f /var/lib/clamav/interface fi # Set default values for options not configured via debconf [ -z "$DatabaseDirectory" ] && DatabaseDirectory='/var/lib/clamav' [ -z "$LogFileMaxSize" ] && LogFileMaxSize=0 [ -z "$LogTime" ] && LogTime=true [ -z "$LogVerbose" ] && LogVerbose=false [ -z "$LogSyslog" ] && LogSyslog=false [ -z "$LogFacility" ] && LogFacility=LOG_LOCAL6 [ -z "$DNSDatabaseInfo" ] && DNSDatabaseInfo='current.cvd.clamav.net' [ -z "$ScriptedUpdates" ] && ScriptedUpdates=yes [ -z "$CompressLocalDatabase" ] && CompressLocalDatabase=no [ -z "$Foreground" ] && Foreground=false [ -z "$Debug" ] && Debug=false [ -z "$ConnectTimeout" ] && ConnectTimeout=30 [ -z "$ReceiveTimeout" ] && ReceiveTimeout=0 [ -z "$TestDatabases" ] && TestDatabases=yes # Generate config file cat >> $DEBCONFFILE << EOF # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner $dbowner UpdateLogFile $udlogfile LogVerbose $LogVerbose LogSyslog $LogSyslog LogFacility $LogFacility LogFileMaxSize $LogFileMaxSize LogRotate $LogRotate LogTime $LogTime Foreground $Foreground Debug $Debug MaxAttempts $maxatt DatabaseDirectory $DatabaseDirectory DNSDatabaseInfo $DNSDatabaseInfo ConnectTimeout $ConnectTimeout ReceiveTimeout $ReceiveTimeout TestDatabases $TestDatabases ScriptedUpdates $ScriptedUpdates CompressLocalDatabase $CompressLocalDatabase Bytecode $Bytecode EOF if [ -n "$notify" ] ;then echo "NotifyClamd $notify" >> $DEBCONFFILE fi if [ "$runas" != "cron" ] || [ "$runas" != "manual" ]; then if [ -n "$checks" ] && [ "$checks" != "true" ]; then echo "# Check for new database $checks times a day" >> $DEBCONFFILE echo "Checks $checks" >> $DEBCONFFILE fi fi if [ -n "$mirrors" ]; then for i in $mirrors; do echo "DatabaseMirror $i" >> $DEBCONFFILE done fi # the first mirror is managed via debconf (and might have been changed) DatabaseMirror="`echo $DatabaseMirror | sed 's/^[[:space:]]*[^[:space:]]\+[[:space:]]\*//'`" DatabaseMirror="$DatabaseMirror database.clamav.net" for m in $DatabaseMirror; do grep -q "$m" "$DEBCONFFILE" || echo "DatabaseMirror $m" >> $DEBCONFFILE done if [ -n "$phost" ]; then echo "# Proxy: $fullurl" >> $DEBCONFFILE echo "HTTPProxyServer $phost" >> $DEBCONFFILE if [ -n "$pport" ]; then echo "HTTPProxyPort $pport" >> $DEBCONFFILE fi fi if [ -n "$puser" ] && [ -n "$ppass" ]; then echo "# Proxy authentication: $fulluser" >> $DEBCONFFILE echo "HTTPProxyUsername $puser" >> $DEBCONFFILE echo "HTTPProxyPassword $ppass" >> $DEBCONFFILE fi [ -n "$PidFile" ] && echo "PidFile $PidFile" >> $DEBCONFFILE [ -n "$HTTPUserAgent" ] && echo "HTTPUserAgent $HTTPUserAgent" >> $DEBCONFFILE [ -n "$OnOutdatedExecute" ] && echo "OnOutdatedExecute $OnOutdatedExecute" >> $DEBCONFFILE [ -n "$OnUpdateExecute" ] && echo "OnUpdateExecute $OnUpdateExecute" >> $DEBCONFFILE [ -n "$OnErrorExecute" ] && echo "OnErrorExecute $OnErrorExecute" >> $DEBCONFFILE [ -n "$LocalIPAddress" ] && echo "LocalIPAddress $LocalIPAddress" >> $DEBCONFFILE [ -n "$PrivateMirror" ] && echo "PrivateMirror $PrivateMirror" >> $DEBCONFFILE [ -n "$ExcludeDatabase" ] && echo "ExcludeDatabase $ExcludeDatabase" >> $DEBCONFFILE if [ -n "$DatabaseCustomURL" ]; then for i in $DatabaseCustomURL; do echo "DatabaseCustomURL $i" >> $DEBCONFFILE done fi if [ -n "$ExtraDatabase" ]; then for i in $ExtraDatabase; do echo "ExtraDatabase $i" >> $DEBCONFFILE done fi ucf_cleanup "$FRESHCLAMCONFFILE" ucf_upgrade_check "$FRESHCLAMCONFFILE" "$DEBCONFFILE" /var/lib/ucf/cache/:etc:clamav:freshclam.conf rm -f "$DEBCONFFILE" db_stop || true # Permissions are still fsck'd - repair manually for script in /etc/network/if-up.d/clamav-freshclam-ifupdown \ /etc/network/if-down.d/clamav-freshclam-ifupdown \ /etc/ppp/ip-down.d/clamav-freshclam-ifupdown \ /etc/ppp/ip-up.d/clamav-freshclam-ifupdown; do if [ -e "$script" ]; then [ -x "$script" ] || chmod +x "$script" fi done touch $FRESHCLAMLOGFILE if [ -f "$FRESHCLAMLOGFILE" ] && [ ! -L "$FRESHCLAMLOGFILE" ]; then chmod 640 $FRESHCLAMLOGFILE chown "$dbowner":adm $FRESHCLAMLOGFILE fi if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then # Tighten the permissions up if it contains a password if [ -n "$ppass" ]; then chmod 400 $FRESHCLAMCONFFILE else chmod 444 $FRESHCLAMCONFFILE fi chown "$dbowner":adm $FRESHCLAMCONFFILE fi DO_RUN_AS_EVALUATION=1 ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. # Automatically added by dh_apparmor/3.0.13-2 if [ "$1" = "configure" ]; then APP_PROFILE="/etc/apparmor.d/usr.bin.freshclam" if [ -f "$APP_PROFILE" ]; then # Add the local/ include LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.bin.freshclam" test -e "$LOCAL_APP_PROFILE" || { mkdir -p `dirname "$LOCAL_APP_PROFILE"` install --mode 644 /dev/null "$LOCAL_APP_PROFILE" } # Reload the profile, including any abstraction updates if aa-enabled --quiet 2>/dev/null; then apparmor_parser -r -T -W "$APP_PROFILE" || true fi fi fi # End automatically added section if [ $DO_RUN_AS_EVALUATION -eq 1 ] then if [ "$runas" = 'daemon' ]; then update-rc.d clamav-freshclam defaults >/dev/null invoke-rc.d clamav-freshclam start elif [ "$runas" = 'ifup.d' ]; then for intrface in $iface; do if route | grep -q "$intrface"; then IFACE="$intrface" invoke-rc.d clamav-freshclam start || true break fi done update-rc.d -f clamav-freshclam disable > /dev/null 2>&1 || true else echo "Starting database update: " invoke-rc.d clamav-freshclam no-daemon || true update-rc.d -f clamav-freshclam disable > /dev/null 2>&1 || true fi fi exit 0