Bug#714132: marked as done (Signature Ignore Problem)

Debian Bug Tracking System Wed, 27 Nov 2013 01:22:11 -0800

Your message dated Wed, 27 Nov 2013 09:19:02 +0000
with message-id <[email protected]>
and subject line Bug#714132: fixed in clamav-unofficial-sigs 3.7.2-1
has caused the Debian Bug report #714132,
regarding Signature Ignore Problem
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
714132: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714132
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: clamav-unofficial-sigs
Version: 3.7.1-3

I have ignored the MBL_311364 signature. The MBL_400944 signature is a
strict superset of this signature. Because the greps in
clamav-unofficial-sigs use unanchored regular expressions when looking
up signatures by their hex value, it finds both of them, and the script
falls apart.

Steps to reproduce:
    echo MBL_311364 | clamav-unofficial-sigs -b
    clamav-unofficial-sigs
    cat /var/lib/clamav-unofficial-sigs/configs/local.ign

Expected results:
    No message from clamav-unofficial-sigs about a changed signature.

    This output from the cat command:
    mbl.ndb:922:MBL_311364

Actual results:
    This message from clamav-unofficial-sigs (note the two signatures
    listed):

    MBL_311364 hexadecimal is signature unchanged, however signature name 
and/or line placement
    in mbl.ndb has change to MBL_311364
    MBL_400944 - updated local.ign to reflect this change.

    This output from the cat command:
    mbl.ndb:922:MBL_311364
    mbl.ndb:2214:MBL_400944

With every invocation of clamav-unofficial-sigs, we get another
MBL_400944 line in the ignore file.

The attached patch and series file can be dropped into a (newly created)
debian/patches directory in the package to fix this.

This still doesn't address the possibility that a signature could be
100% duplicated exactly (i.e. two signatures with different names, but
the exact same hex value). I'm not sure how to best address that,
exactly, other than perhaps to just add a " | head -n1" after the grep.
Also, I'm not sure if this scenario will ever occur in real-life
databases, but the one I outlined above is happening to us right now.

-- 
Richard

signature-lookup-exact-match

Index: clamav-unofficial-sigs-3.7.1/clamav-unofficial-sigs.sh
===================================================================
--- clamav-unofficial-sigs-3.7.1.orig/clamav-unofficial-sigs.sh	2010-06-06 11:43:07.000000000 -0500
+++ clamav-unofficial-sigs-3.7.1/clamav-unofficial-sigs.sh	2013-06-25 23:55:27.976824190 -0500
@@ -1393,8 +1393,8 @@ if [ -s "$clam_dbs/local.ign" -a -s "$co
       sig_name_old=`echo "$entry" | tr -d "\r" | awk -F ":" '{print $3}'`
       sig_ign_old=`grep "$sig_name_old" "$config_dir/local.ign"`
       sig_old=`echo "$entry" | tr -d "\r" | cut -d ":" -f3-`
-      sig_new=`grep -h "$sig_hex" "$sig_file" | tr -d "\r" 2>/dev/null`
-      sig_mon_new=`grep -H -n "$sig_hex" "$sig_file" | tr -d "\r"`
+      sig_new=`grep -h ":$sig_hex$" "$sig_file" | tr -d "\r" 2>/dev/null`
+      sig_mon_new=`grep -H -n ":$sig_hex$" "$sig_file" | tr -d "\r"`
       if [ -n "$sig_new" ]
          then
             if [ "$sig_old" != "$sig_new" -o "$entry" != "$sig_mon_new" ] ; then

signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

Source: clamav-unofficial-sigs
Source-Version: 3.7.2-1

We believe that the bug you reported is fixed in the latest version of
clamav-unofficial-sigs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Wise <[email protected]> (supplier of updated clamav-unofficial-sigs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 Nov 2013 15:38:03 +0800
Source: clamav-unofficial-sigs
Binary: clamav-unofficial-sigs
Architecture: source all
Version: 3.7.2-1
Distribution: unstable
Urgency: low
Maintainer: ClamAV Team <[email protected]>
Changed-By: Paul Wise <[email protected]>
Description: 
 clamav-unofficial-sigs - update script for 3rd-party clamav signatures
Closes: 566702 693542 711161 714132
Changes: 
 clamav-unofficial-sigs (3.7.2-1) unstable; urgency=low
 .
   * New upstream release
     * Fixes signature ignore problem (Closes: #714132)
     * Adds configurability for curl/rsync timeouts (Closes: #693542)
     * Adds the ability to turn off chmod calls (See: #566702)
   * Deal with the cron job being disabled (Closes: #711161)
   * Turn off the chmod calls by default (Closes: #566702)
   * Switch priority to optional
   * Bump debhelper compat level
   * Bump Standards-Version, no changes needed
   * Simplify the dirs file slightly
   * Rewrite and update the copyright file to copyright-format 1.0
   * Ignore a missing purge file
Checksums-Sha1: 
 d3907751f11e49bef43ca8c9565aa0c4463767fd 2055 
clamav-unofficial-sigs_3.7.2-1.dsc
 137c586f219f1a75a0509cf606b6ea1a1ac4ee9e 38549 
clamav-unofficial-sigs_3.7.2.orig.tar.gz
 9ceb6fbfb796031a2969e36511d16d1c8267af1b 9685 
clamav-unofficial-sigs_3.7.2-1.debian.tar.gz
 b2013ddb4b72a6a360b5279231fb1cea1e4cf066 43398 
clamav-unofficial-sigs_3.7.2-1_all.deb
Checksums-Sha256: 
 2459c2951e25e7a760e0a69824b27dee223ffbe933d5fedb1b022d02c56a9c5a 2055 
clamav-unofficial-sigs_3.7.2-1.dsc
 96e98e6e4434c5950fa9831c6a43236fed7eabae44beded16171305cf3f9bdb9 38549 
clamav-unofficial-sigs_3.7.2.orig.tar.gz
 7f3c7559765ed9c08c45bd1de4d9c17e920f4b9608cb913e3ba75bc8efddc474 9685 
clamav-unofficial-sigs_3.7.2-1.debian.tar.gz
 1859c2e0eb9abb2263b6ec53d95443bb268c61be16f9fc537620bf6b9847bdc1 43398 
clamav-unofficial-sigs_3.7.2-1_all.deb
Files: 
 476227ba88efebf43bebef4222d2a668 2055 utils optional 
clamav-unofficial-sigs_3.7.2-1.dsc
 3fc7934f5b3ae139e852fd6d0e1996a0 38549 utils optional 
clamav-unofficial-sigs_3.7.2.orig.tar.gz
 106981cb1204c3763a7c256adefe7ef0 9685 utils optional 
clamav-unofficial-sigs_3.7.2-1.debian.tar.gz
 8c4d3101bce25250b6b51f532c3d2b0c 43398 utils optional 
clamav-unofficial-sigs_3.7.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSlaX4AAoJEDEWul6f+mmjCYsP/2g4OdbF7gcOt+IrEDdMqRUD
/Hw23O+8Dgx4CA501K+pBsXIPRFgaG3D7wuKJmRBNPvGDuoS1bP18q4ysDz4uWgw
NfJTfAc2/kif9f/AMfVbEtPMVoQqBlCLdDMFKnfTZr6rDM0r/X7pjEEft5S36bBb
9gnkKtBlALQ0iJZShLh0RS1jFd2mRUbBySfo7WeO+mvnGLpxyxBUvD5TIijyHEp5
BERBW65lplY0/Fw/fmweDf9R+uzdMSuv4gB2FNx7EIJcz6jLERgWbceMhCNdB+ON
u+9MVJsORJlFfoTjL0RkvAn+dcZ7B1OltlfegRKuI2GGOp7SUDSxeabSGG5w9evU
vZE+Tr2zuEy/kSS+1ECWWw15ExlklESOazmM7hla2Wb2kKEzXnDYwtszZJd55qXI
K5diXaYGmOTcSOtn78EQqnPt5P5Zh+rB9CM1afBiib9sWXAI4vEP8Lo//s6eL51C
kGjJNTEguY+PqEn/621PD3ggE5k6mwzaChinhiJ6DIh4rati9eT3Xee62e2+LCfb
xbluhWLPQtq6jQOTLX5W3/wr7ebis3Cmik6mP6KCqD3p0xUjhAXhBqlzN3cqnFS1
bhwxaXNsnVuOli/XsdfHAZNVWUhrGBhUAaXtWzkx/LreNFAzaN/SX7grUCsMqVtB
c2BvrrSKOXTl/wVH6Fme
=jWb6
-----END PGP SIGNATURE-----

--- End Message ---

Bug#714132: marked as done (Signature Ignore Problem)

Reply via email to