I've had enough. I'm starting a DNS blackhole list.

Jan L. Peterson jlp at softhome.net
Fri Sep 26 10:10:22 PDT 2003 

> How are you finding out what they added?  Does freshclam offer the
> option of telling you?

When you run freshclam, include an options like this:
	--on-update-execute=/path/to/freshclam.successful

freshclam.successful is attached... you'll need to edit the e-mail 
address that it sends the update report to.  Oddly, it tells me every 
day that some 200+ virus definitions were modified, but I can't see 
that they were.  It hasn't bugged me enough to fix it, though. :-)

Basically, it keeps the previous copy of the viruses.db and viruses.db2 
files and diffs them.

Hope this helps.
	
	-jan-
-- 
Jan L. Peterson
Semi-Unemployed "Computer Facilitator"
http://www.peterson.ath.cx/~jlp/resume.html

-------------- next part --------------
#! /usr/local/bin/perl

%ENV = ();

$ENV{'IFS'} = " \t";
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin';

$update_mail_from = 'put_a_local_email_address_here at your.own.domain';
$update_mail_to = 'where_you_want_the_mail_sent at your.own.domain';
$clamdir = '/path/to/your/clamav';	# dir where your viruses.db{,2} are

use Net::SMTP;
use File::Copy;

chdir('/usr/local/share/clamav');

foreach $tab ('viruses.db', 'viruses.db2') {
  &process($tab);
}

$mod = scalar(@mod); $new = scalar(@new); $rem = scalar(@rem);
if ($mod + $new + $rem > 0) {
  $smtp = Net::SMTP->new('localhost');
  $smtp->mail($update_mail_from);
  $smtp->to($update_mail_to);
  $smtp->data();
  $smtp->datasend("From: $update_mail_from
To: $update_mail_to
Subject: freshclam success, $new new, $mod modified, $rem removed

");
  if ($new > 0) {
    $smtp->datasend("New Definitions:\n");
    foreach $tag (sort @new) {
      $smtp->datasend("  $tag\n");
    }
    $smtp->datasend("\n");
  }
  if ($mod > 0) {
    $smtp->datasend("Modified Definitions:\n");
    foreach $tag (sort @mod) {
      $smtp->datasend("  $tag\n");
    }
    $smtp->datasend("\n");
  }
  if ($rem > 0) {
    $smtp->datasend("Removed Definitions:\n");
    foreach $tag (sort @rem) {
      $smtp->datasend("  $tag\n");
    }
    $smtp->datasend("\n");
  }
  $smtp->dataend();
  $smtp->quit;
}

sub process {
  my($vtab) = @_;

  # load old virus data
  open(OLD, ${vtab} . '-');
  while (<OLD>) {
    ($tag, $pat) = split(m/=/);
    $ov{$tag} = $pat;
  }
  close(OLD);

  # read new virus data
  open(NEW, $vtab);
  while (<NEW>) {
    ($tag, $pat) = split(m/=/);
    $nv{$tag}++;
    if (defined($ov{$tag})) {
      if ($ov{$tag} ne $pat) {
	push(@mod, $tag);
      }
    } else {
      push(@new, $tag);
    }
  }
  close(NEW);
  rename($vtab . '-', $vtab . '+');
  copy($vtab, $vtab . '-');

  foreach $tag (keys %ov) {
    if (!defined($nv{$tag})) {
      push(@rem, $tag);
    }
  }
}

More information about the freebsd-stable mailing list