From owner-freebsd-stable@FreeBSD.ORG  Fri Sep 26 10:10:22 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5121B16A4B3
	for <freebsd-stable@freebsd.org>;
	Fri, 26 Sep 2003 10:10:22 -0700 (PDT)
Received: from aurora.peterson.ath.cx (12-254-186-217.client.attbi.com
	[12.254.186.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F34F44029
	for <freebsd-stable@freebsd.org>;
	Fri, 26 Sep 2003 10:10:17 -0700 (PDT)
	(envelope-from jlp@softhome.net)
Received: from peterson.ath.cx (localhost [127.0.0.1])
	by aurora.peterson.ath.cx (Postfix) with ESMTP
	id 1EA12C5386; Fri, 26 Sep 2003 11:10:17 -0600 (MDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
From: "Jan L. Peterson" <jlp@softhome.net>
X-message-flag: "Outlook not so good."  Wow, that magic 8-ball really DOES
	work!
To: Chris Dillon <cdillon@wolves.k12.mo.us>
X-face: p=61=y<.Il$z+k*y~"j>%c[8R~8{j3WTnaSd-'RyC>t.Ub>AAm\zYA#5JF
 +W=G?EI+|EI);]=fs_MOfKN0n9`OlmB[1^0;L^64K5][nOb&gv/n}p@mm06|J|WNa
 asp7mMEw0w)e_6T~7v-\]yHKvI^1}[2k)]
References: <8765jhg7eo.fsf@strauser.com>
	<004001c38302$c8589e50$84cba8c0@kendra>
	<20030925144634.R43401@duey.wolves.k12.mo.us>
	<20030926142107.2A327C5386@aurora.peterson.ath.cx>
	<20030926101923.G56428@duey.wolves.k12.mo.us>
In-reply-to: Your message of "Fri, 26 Sep 2003 10:21:43 CDT."
             <20030926101923.G56428@duey.wolves.k12.mo.us> 
Mime-Version: 1.0
Content-Type: multipart/mixed ;
	boundary="==_Exmh_21415240630"
Date: Fri, 26 Sep 2003 11:10:17 -0600
Message-Id: <20030926171017.1EA12C5386@aurora.peterson.ath.cx>
cc: "Jan L. Peterson" <jlp+bsd@peterson.ath.cx>
cc: freebsd-stable@freebsd.org
cc: Drew Derbyshire <avatar@2003-09.plus.kew.com>
Subject: Re: I've had enough. I'm starting a DNS blackhole list. 
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2003 17:10:22 -0000

This is a multipart MIME message.

--==_Exmh_21415240630
Content-Type: text/plain; charset=us-ascii

> How are you finding out what they added?  Does freshclam offer the
> option of telling you?

When you run freshclam, include an options like this:
	--on-update-execute=/path/to/freshclam.successful

freshclam.successful is attached... you'll need to edit the e-mail 
address that it sends the update report to.  Oddly, it tells me every 
day that some 200+ virus definitions were modified, but I can't see 
that they were.  It hasn't bugged me enough to fix it, though. :-)

Basically, it keeps the previous copy of the viruses.db and viruses.db2 
files and diffs them.

Hope this helps.
	
	-jan-
-- 
Jan L. Peterson
Semi-Unemployed "Computer Facilitator"
http://www.peterson.ath.cx/~jlp/resume.html


--==_Exmh_21415240630
Content-Type: text/plain ; name="freshclam.successful"; charset=us-ascii
Content-Description: freshclam.successful
Content-Disposition: attachment; filename="freshclam.successful"

#! /usr/local/bin/perl

%ENV = ();

$ENV{'IFS'} = " \t";
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin';

$update_mail_from = 'put_a_local_email_address_here@your.own.domain';
$update_mail_to = 'where_you_want_the_mail_sent@your.own.domain';
$clamdir = '/path/to/your/clamav';	# dir where your viruses.db{,2} are

use Net::SMTP;
use File::Copy;

chdir('/usr/local/share/clamav');

foreach $tab ('viruses.db', 'viruses.db2') {
  &process($tab);
}

$mod = scalar(@mod); $new = scalar(@new); $rem = scalar(@rem);
if ($mod + $new + $rem > 0) {
  $smtp = Net::SMTP->new('localhost');
  $smtp->mail($update_mail_from);
  $smtp->to($update_mail_to);
  $smtp->data();
  $smtp->datasend("From: $update_mail_from
To: $update_mail_to
Subject: freshclam success, $new new, $mod modified, $rem removed

");
  if ($new > 0) {
    $smtp->datasend("New Definitions:\n");
    foreach $tag (sort @new) {
      $smtp->datasend("  $tag\n");
    }
    $smtp->datasend("\n");
  }
  if ($mod > 0) {
    $smtp->datasend("Modified Definitions:\n");
    foreach $tag (sort @mod) {
      $smtp->datasend("  $tag\n");
    }
    $smtp->datasend("\n");
  }
  if ($rem > 0) {
    $smtp->datasend("Removed Definitions:\n");
    foreach $tag (sort @rem) {
      $smtp->datasend("  $tag\n");
    }
    $smtp->datasend("\n");
  }
  $smtp->dataend();
  $smtp->quit;
}

sub process {
  my($vtab) = @_;

  # load old virus data
  open(OLD, ${vtab} . '-');
  while (<OLD>) {
    ($tag, $pat) = split(m/=/);
    $ov{$tag} = $pat;
  }
  close(OLD);

  # read new virus data
  open(NEW, $vtab);
  while (<NEW>) {
    ($tag, $pat) = split(m/=/);
    $nv{$tag}++;
    if (defined($ov{$tag})) {
      if ($ov{$tag} ne $pat) {
	push(@mod, $tag);
      }
    } else {
      push(@new, $tag);
    }
  }
  close(NEW);
  rename($vtab . '-', $vtab . '+');
  copy($vtab, $vtab . '-');

  foreach $tag (keys %ov) {
    if (!defined($nv{$tag})) {
      push(@rem, $tag);
    }
  }
}

--==_Exmh_21415240630--