[clamav-users] clamav-unofficial-sigs download script updated

[Michael Orlitzky]

On 1/31/20 10:01 AM, Reio Remma via clamav-users wrote:
> 
> The way it's set up is that it needs to be ran as root once to have it 
> set itself up. From cron it runs as clamav user.
> 

The upstream systemd service runs as root as well. And from a distro
point of view, it's just bad mojo to install vulnerable scripts to
root's $PATH.

I've been dragging my feet on these updates because I don't know how to
fix this. The least-bad idea I have so far is to just patch the script
to die if it's run as EUID == 0.

But the rest of the script is even more insane, doing things like using
the following as an integrity check:

  if [ "$(tail -n 1 "${0}" | head -n 1 | cut -c 1-7)" != "exit \$?" ];
  then
      echo "FATAL ERROR: Script is incomplete, please redownload"
      exit 1
  fi

I don't even know how to file a bug report for that =P