Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Freshclam: Download missing .sign files for up-to-date .cvd's (#1587)

Browse source 
If the database directory has an up-to-date .cvd (not .cld) which lacks
a .sign file, then Freshclam should try to download the .cvd.sign file.

If no .sign file is available, it will debug-log it and will not
complain loudly.

Example output:
```
❯ ./install/bin/freshclam
ClamAV update process started at Fri Oct  3 17:20:04 2025
daily.cvd database is up-to-date (version: 27780, sigs: 2076928, f-level: 90, builder: tomjudge)
Time:    0.2s, ETA:    0.0s [========================>]    8.87KiB/8.87KiB
Downloaded missing CVD .sign file daily-27780.cvd.sign
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Time:    0.1s, ETA:    0.0s [========================>]    8.87KiB/8.87KiB
Downloaded missing CVD .sign file main-62.cvd.sign
bytecode.cvd database is up-to-date (version: 339, sigs: 80, f-level: 90, builder: nrandolp)
Time:    0.5s, ETA:    0.0s [========================>]    8.87KiB/8.87KiB
Downloaded missing CVD .sign file bytecode-339.cvd.sign
```
This commit is contained in:
Val S. 2025-10-05 17:42:59 -04:00 committed by GitHub
parent 23c3cc05f1
commit c26a818ce4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 65 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

69
libfreshclam/libfreshclam_internal.c
View file

@ -1695,7 +1695,7 @@ static fc_error_t downloadPatchAndApply(
fc_error_t status = FC_EARG; fc_error_t status = FC_EARG;
char patch[DB_FILENAME_MAX]; char patch[DB_FILENAME_MAX];
char patch_sign_file[DB_FILENAME_MAX + 5]; char patch_sign_file[DB_FILENAME_MAX + 5 /* ".sign" */ + 1];
char olddir[PATH_MAX]; char olddir[PATH_MAX];
char *url = NULL; char *url = NULL;
@ -1735,6 +1735,12 @@ static fc_error_t downloadPatchAndApply(
urlLen = strlen(server) + strlen("/") + strlen(patch); urlLen = strlen(server) + strlen("/") + strlen(patch);
url = malloc(urlLen + 1); url = malloc(urlLen + 1);
if (NULL == url) {
logg(LOGG_ERROR, "downloadPatchAndApply: Can't allocate memory for URL\n");
status = FC_EMEM;
goto done;
}
snprintf(url, urlLen + 1, "%s/%s", server, patch); snprintf(url, urlLen + 1, "%s/%s", server, patch);
if (FC_SUCCESS != (ret = downloadFile(url, patch, 1, logerr, 0, 0))) { if (FC_SUCCESS != (ret = downloadFile(url, patch, 1, logerr, 0, 0))) {
@ -1751,9 +1757,16 @@ static fc_error_t downloadPatchAndApply(
* Download the patch sign file. * Download the patch sign file.
*/ */
snprintf(patch_sign_file, sizeof(patch_sign_file), "%s.sign", patch); snprintf(patch_sign_file, sizeof(patch_sign_file), "%s.sign", patch);
patch_sign_file[sizeof(patch_sign_file) - 1] = 0;
sign_urlLen = strlen(server) + strlen("/") + strlen(patch_sign_file); sign_urlLen = strlen(server) + strlen("/") + strlen(patch_sign_file);
sign_url = malloc(sign_urlLen + 1); sign_url = malloc(sign_urlLen + 1);
if (NULL == sign_url) {
logg(LOGG_ERROR, "downloadPatchAndApply: Can't allocate memory for sign URL\n");
status = FC_EMEM;
goto done;
}
snprintf(sign_url, sign_urlLen + 1, "%s/%s", server, patch_sign_file); snprintf(sign_url, sign_urlLen + 1, "%s/%s", server, patch_sign_file);
if (FC_SUCCESS != (ret = downloadFile(sign_url, patch_sign_file, 1, logerr, 1, 0))) { if (FC_SUCCESS != (ret = downloadFile(sign_url, patch_sign_file, 1, logerr, 1, 0))) {
@ -2395,9 +2408,57 @@ fc_error_t updatedb(
goto done; goto done;
} }
if ((localVersion >= remoteVersion) && (NULL != localFilename)) { if (NULL != localFilename) {
*dbFilename = cli_safer_strdup(localFilename); if (localVersion == remoteVersion) {
goto up_to_date; *dbFilename = cli_safer_strdup(localFilename);
/* check if localFilename ends with ".cvd" (i.e., not ".cld") */
if (NULL != strstr(localFilename, ".cvd")) {
/* CVD file detected, lets see if we have the .sign file.
Just in case one was published for the database we have and we missed it. */
char cvd_sign_file[DB_FILENAME_MAX + 5 /* ".sign" */ + 1];
snprintf(cvd_sign_file, sizeof(cvd_sign_file), "%s-%d.cvd.sign", database, localVersion);
cvd_sign_file[sizeof(cvd_sign_file) - 1] = 0;
if (-1 == access(cvd_sign_file, R_OK)) {
/* CVD .sign file not found. We should try to download it. */
char *sign_url = NULL;
size_t sign_urlLen = 0;
sign_urlLen = strlen(server) + strlen("/") + strlen(cvd_sign_file);
sign_url = malloc(sign_urlLen + 1);
if (NULL == sign_url) {
logg(LOGG_ERROR, "updatedb: Can't allocate memory for sign URL\n");
status = FC_EMEM;
goto done;
}
snprintf(sign_url, sign_urlLen + 1, "%s/%s", server, cvd_sign_file);
logg(LOGG_DEBUG, "Trying to download missing CVD .sign file %s\n", sign_url);
ret = downloadFile(
sign_url,
cvd_sign_file,
1,
logerr,
1,
0);
if (FC_SUCCESS != ret) {
// Not a big deal if we can't get it, just debug-log it, and move on.
logg(LOGG_DEBUG, "No .sign file found for %s\n", localFilename);
} else {
logg(LOGG_INFO, "Downloaded missing CVD .sign file %s\n", cvd_sign_file);
}
free(sign_url);
}
}
goto up_to_date;
} else if (localVersion > remoteVersion) {
*dbFilename = cli_safer_strdup(localFilename);
goto up_to_date;
}
} }
/* /*