[clamav-users] clamav-unofficial-sigs download script updated

Michael Orlitzky michael at orlitzky.com
Wed Feb 5 02:39:59 UTC 2020 

On 2/4/20 9:08 PM, Ralph Seichter via clamav-users wrote:
> 
> Opening a ticket reading "Your script is broken and should be rewritten
> from the ground up" does not seem a viable option to me.

My feeling as well. I can rattle off a hundred things,

  * The --install-man option is dumb, just include the man page.
  * The --install-logrotate option is dumb, just include it.
  * The --install-cron option is dumb, just include it.
  * The systemd files are included separately, but the paths aren't
    configurable (which is to say, they're wrong everywhere) and run as
    root.
  * The --install-all option is dumb, use a build system. make install.
  * Running as root to configure everything is dumb, use a build system.
    make install.
  * The implementation of the installation/configuration as root is
    wildly insecure.
  * The --remove-script option is dumb, we have package managers, or
    make uninstall (use a build system), or plain rm -r.
  * The --upgrade options are dumb, we have package managers, or (use a
    build system) make install.
  * Every call to chown/chmod is wrong: you're accessing files created
    by yourself. Set the umask how you want it, and if users have
    issues, troubleshoot them. They did something wrong.
  * Trying to enumerate every possible system configuration in config/os
    is ridiculous, let those distros configure your package (make it
    easy, use a build system).
  * Having multiple levels of configuration files (master, os, user) is
    ridiculous, there should be one file and its values should be set
    before you install the thing. Then you don't need a complicated
    system of run-time overrides.
  * There are standard ways to do integrity checking, let's use them.
  * You don't need to check for wget, curl, clamscan, etc. every time
    the script runs. Do it during the installation.
  * You don't need to run "sudo" in crontab.
  * Most errors are uncaught, because bash scripts don't care if a
    command succeeds. The script then eventually exits with success
    and the cron job doesn't notify you.
  * Errors should be printed to stderr.
  ...

but I don't think that's going to have the intended effect. If you don't
have anything nice to say, and all that. I am instead holding my breath
until freshclam learns how to do this. The main functionality is
straightforward. Only the special cases like MalwarePatrol are tricky
(and that's broken right now).

More information about the clamav-users mailing list