#! /bin/sh # postinst script for #PACKAGE# # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. #loading debconf module . /usr/share/debconf/confmodule FRESHCLAMCONFFILE=/etc/clamav/freshclam.conf FRESHCLAMLOGFILE=/var/log/clamav/freshclam.log DEBCONFILE=/var/lib/clamav/freshclam.conf LOGROTFILE=/etc/logrotate.d/clamav-freshclam DEBROTFILE=/var/lib/clamav/clamav-freshclam check_ucf() { if ucf -h 2>&1 | grep -q debconf-ok; then echo ok else echo notok fi } to_lower() { word="$1" lcword=$(echo "$word" | tr A-Z a-z) echo "$lcword" } is_true() { var="$1" lcvar=$(to_lower "$var") [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ] return $? } ucf_cleanup() { # This only does something if I've fucked up before # Not entirely impossible :( configfile=$1 if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile fi } add_to_ucf() { configfile=$1 ucffile=$2 if ! grep -q "$configfile" /var/lib/ucf/hashfile; then md5sum $configfile >> /var/lib/ucf/hashfile cp $configfile $ucffile fi } ucf_upgrade_check() { configfile=$1 sourcefile=$2 ucffile=$3 if [ -f "$configfile" ]; then add_to_ucf $configfile $ucffile if [ "$UCFVER" = 'ok' ]; then ucf --three-way --debconf-ok "$sourcefile" "$configfile" else ucf --three-way "$sourcefile" "$configfile" < /dev/tty fi else [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache cp $sourcefile $configfile add_to_ucf $configfile $ucffile fi } slurp_config() { CLAMAVCONF="$1" if [ -e "$CLAMAVCONF" ]; then for variable in `egrep -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do if [ "$variable" = 'DatabaseMirror' ]; then if [ -z "$DatabaseMirror" ]; then for i in `grep ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$i $value" done else continue fi elif [ "$variable" = 'IncludePUA' ]; then if [ -z "$IncludePUA" ]; then for i in `grep ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$i $value" done else continue fi elif [ "$variable" = 'ExcludePUA' ]; then if [ -z "$ExcludePUA" ]; then for i in `grep ^$variable $CLAMAVCONF | awk '{print $2}'`; do value="$i $value" done else continue fi elif [ "$variable" = 'VirusEvent' ] || [ "$variable" = 'OnUpdateExecute' ] || [ "$variable" = 'OnErrorExecute' ]; then value=`grep ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //` else value=`grep ^$variable $CLAMAVCONF | head -n1 | awk '{print $2}'` fi if [ -z "$value" ]; then export "$variable"="true" elif [ "$value" != "$variable" ]; then export "$variable"="$value" else export "$variable"="true" fi unset value done fi } make_dir() { DIR=$1 if [ -d "$DIR" ]; then return 0; fi [ -n "$User" ] || User=clamav mkdir -p -m 0755 "$DIR" chown "$User:$User" "$DIR" } UCFVER=`check_ucf` case "$1" in configure) # Configure the hardcoded stuff dbowner=clamav udlogfile="$FRESHCLAMLOGFILE" maxatt=5 # Get the debconf answers db_metaget clamav-freshclam/local_mirror value || true [ "$RET" = "" ] || rawmirrors="$RET" if echo "$rawmirrors" | egrep -q '($|$)'; then mirrors=`echo "$rawmirrors" | awk '{print $1}'` else mirrors="$rawmirrors" fi db_metaget clamav-freshclam/autoupdate_freshclam value || true runas="$RET" if [ "$runas" = "ifup.d" ]; then db_metaget clamav-freshclam/internet_interface value || true if [ "$RET" != "" ]; then iface="$RET" else # Like the template promised runas="daemon" fi fi if [ "$runas" = "ifup.d" ] || [ "$runas" = "daemon" ] || [ "$runas" = "cron" ]; then db_metaget clamav-freshclam/update_interval value || true if [ "$RET" != "" ]; then if [ "$runas" != "cron" ]; then checks="$RET" else if [ "$RET" -ge 24 ]; then echo "To check for updates more often than hourly, please run freshclam as a daemon." cronhour=1 else cronhour="`expr 24 / $RET`" fi fi fi fi db_metaget clamav-freshclam/http_proxy value || true if [ "$RET" != "" ]; then url="`echo "$RET" | sed -e 's,^http://,,g' | sed -e 's,/$,,g'`" phost="`echo "$url" | cut -d':' -f 1`" pport="`echo "$url" | cut -d':' -f 2`" fullurl="$RET" db_metaget clamav-freshclam/proxy_user value || true if [ "$RET" != "" ]; then fulluser="$RET" puser="`echo "$RET" | cut -d':' -f 1`" ppass="`echo "$RET" | cut -d':' -f 2`" fi fi db_metaget clamav-freshclam/NotifyClamd value || true [ "$RET" = "true" ] && notify="/etc/clamav/clamd.conf" slurp_config "$FRESHCLAMCONFFILE" # Make sure user changes to unasked questions remain intact [ -n "$DatabaseOwner" ] && [ "$DatabaseOwner" != "$dbowner" ] && dbowner="$DatabaseOwner" [ -n "$UpdateLogFile" ] && [ "$UpdateLogFile" != "$udlogfile" ] && udlogfile="$UpdateLogFile" [ -n "$MaxAttempts" ] && [ "$MaxAttempts" != "$maxatt" ] && maxatt="$MaxAttempts" # Set up cron method if [ "$runas" = cron ]; then min=$(( `od -A n -N 2 -l < /dev/urandom` % 3600 / 60 )) # min=`perl -e 'print int(rand(60))'` FRESHCLAMCRON=/etc/cron.d/clamav-freshclam FRESHCLAMTEMP=/var/lib/clamav/freshclam.cron echo "$min */$cronhour * * * $dbowner [ -x /usr/bin/freshclam ] && /usr/bin/freshclam --quiet >/dev/null" > "$FRESHCLAMTEMP" ucf_cleanup "$FRESHCLAMCRON" ucf_upgrade_check "$FRESHCLAMCRON" "$FRESHCLAMTEMP" /var/lib/ucf/cache/:etc:cron.d:clamav-freshclam rm -f "$FRESHCLAMTEMP" else if [ -e /etc/cron.d/clamav-freshclam ]; then echo -n "Disabling old cron script . . . " mv /etc/cron.d/clamav-freshclam /etc/cron.d/clamav-freshclam.dpkg-old ucf -p /etc/cron.d/clamav-freshclam > /dev/null 2>&1 || true echo "done" fi fi # Set up ifup.d method if [ "$runas" = 'ifup.d' ]; then [ -n "$iface" ] && echo "$iface" > /var/lib/clamav/interface else [ -f /var/lib/clamav/interface ] && rm -f /var/lib/clamav/interface fi dpkg --compare-versions "$2" lt 0.79 && DNSDatabaseInfo=current.cvd.clamav.net # Only for this upgrade [ -z "$LogVerbose" ] && LogVerbose=false [ -z "$LogSyslog" ] && LogSyslog=false [ -z "$LogFacility" ] && LogFacility=LOG_LOCAL6 [ -z "$LogFileMaxSize" ] && LogFileMaxSize=0 [ -z "$Foreground" ] && Foreground=false [ -z "$Debug" ] && Debug=false [ -z "$DatabaseDirectory" ] && DatabaseDirectory='/var/lib/clamav/' [ -z "$DNSDatabaseInfo" ] && DNSDatabaseInfo='current.cvd.clamav.net' [ -z "$AllowSupplementaryGroups" ] && AllowSupplementaryGroups=false [ -z "$PidFile" ] && PidFile='/var/run/clamav/freshclam.pid' [ -z "$ConnectTimeout" ] && ConnectTimeout=30 [ -z "$ReceiveTimeout" ] && ReceiveTimeout=30 [ -z "$ScriptedUpdates" ] && ScriptedUpdates=yes [ -z "$LogTime" ] && LogTime=no [ -z "$CompressLocalDatabase" ] && CompressLocalDatabase=no # Generate config file cat >> $DEBCONFILE << EOF # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner $dbowner UpdateLogFile $udlogfile LogVerbose $LogVerbose LogSyslog $LogSyslog LogFacility $LogFacility LogFileMaxSize $LogFileMaxSize LogTime $LogTime Foreground $Foreground Debug $Debug MaxAttempts $maxatt DatabaseDirectory $DatabaseDirectory DNSDatabaseInfo $DNSDatabaseInfo AllowSupplementaryGroups $AllowSupplementaryGroups PidFile $PidFile ConnectTimeout $ConnectTimeout ReceiveTimeout $ReceiveTimeout ScriptedUpdates $ScriptedUpdates CompressLocalDatabase $CompressLocalDatabase EOF if [ -n "$notify" ] ;then if [ -n "$NotifyClamd" ] && is_true "$NotifyClamd"; then echo "NotifyClamd $NotifyClamd" >> $DEBCONFILE else echo "NotifyClamd /etc/clamav/clamd.conf" >> $DEBCONFILE fi fi if [ "$runas" != "cron" ] || [ "$runas" != "manual" ]; then if [ -n "$checks" ] && [ "$checks" != "true" ]; then echo "# Check for new database $checks times a day" >> $DEBCONFILE echo "Checks $checks" >> $DEBCONFILE fi fi if [ -n "$mirrors" ]; then for i in $mirrors; do echo "DatabaseMirror $i" >> $DEBCONFILE done fi if ! echo "$mirrors" | grep -q database.clamav.net; then echo "DatabaseMirror database.clamav.net" >> $DEBCONFILE fi if [ -n "$DatabaseMirror" ]; then for m in $DatabaseMirror; do grep -q "$m" "$DEBCONFILE" || echo "DatabaseMirror $m" >> $DEBCONFILE done fi if [ -n "$phost" ] && [ -n "$pport" ]; then echo "# Proxy: $fullurl" >> $DEBCONFILE echo "HTTPProxyServer $phost" >> $DEBCONFILE echo "HTTPProxyPort $pport" >> $DEBCONFILE fi if [ -n "$puser" ] && [ -n "$ppass" ]; then echo "# Proxy authentication: $fulluser" >> $DEBCONFILE echo "HTTPProxyUsername $puser" >> $DEBCONFILE echo "HTTPProxyPassword $ppass" >> $DEBCONFILE fi [ -n "$HTTPUserAgent" ] && echo "HTTPUserAgent $HTTPUserAgent" >> $DEBCONFILE [ -n "$OnOutdatedExecute" ] && echo "OnOutdatedExecute $OnOutdatedExecute" >> $DEBCONFILE [ -n "$OnUpdateExecute" ] && echo "OnUpdateExecute $OnUpdateExecute" >> $DEBCONFILE [ -n "$OnErrorExecute" ] && echo "OnErrorExecute $OnErrorExecute" >> $DEBCONFILE [ -n "$LocalIPAddress" ] && echo "LocalIPAddress $LocalIPAddress" >> $DEBCONFILE [ -n "$SubmitDetectionStats" ] && echo "SubmitDetectionStats $SubmitDetectionStats" >> $DEBCONFILE [ -n "$DetectionStatsCountry" ] && echo "DetectionStatsCountry $DetectionStatsCountry" >> $DEBCONFILE ucf_cleanup "$FRESHCLAMCONFFILE" ucf_upgrade_check "$FRESHCLAMCONFFILE" "$DEBCONFILE" /var/lib/ucf/cache/:etc:clamav:freshclam.conf rm -f "$DEBCONFILE" db_stop || true # Permissions are still fsck'd - repair manually for script in /etc/network/if-up.d/clamav-freshclam-ifupdown \ /etc/network/if-down.d/clamav-freshclam-ifupdown \ /etc/ppp/ip-down.d/clamav-freshclam-ifupdown \ /etc/ppp/ip-up.d/clamav-freshclam-ifupdown; do if [ -e "$script" ]; then [ -x "$script" ] || chmod +x "$script" fi done touch $FRESHCLAMLOGFILE chmod 640 $FRESHCLAMLOGFILE chown "$dbowner":adm $FRESHCLAMLOGFILE # Tighten the permissions up if it contains a password if [ -n "$ppass" ]; then chmod 600 $FRESHCLAMCONFFILE else chmod 644 $FRESHCLAMCONFFILE fi chown "$dbowner":adm $FRESHCLAMCONFFILE if [ "$runas" = 'daemon' ]; then if [ -x "/etc/init.d/clamav-freshclam" ]; then update-rc.d clamav-freshclam defaults >/dev/null fi if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d clamav-freshclam start else /etc/init.d/clamav-freshclam start fi elif [ "$runas" = 'ifup.d' ]; then for intrface in $iface; do if route | grep -q "$intrface"; then if [ -x /usr/sbin/invoke-rc.d ]; then IFACE="$intrface" invoke-rc.d clamav-freshclam start || true else IFACE="$intrface" /etc/init.d/clamav-freshclam start || true fi break fi done update-rc.d -f clamav-freshclam remove > /dev/null 2>&1 else echo "Starting database update: " if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d clamav-freshclam no-daemon || true else /etc/init.d/clamav-freshclam no-daemon || true fi update-rc.d -f clamav-freshclam remove > /dev/null 2>&1 fi ;; abort-remove|abort-deconfigure|abort-upgrade) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac exit 0