API tools faq
paste
Advertisement
Ollie920049

qupdate.q

Ollie920049
May 3rd, 2012
2,482
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
q/kdb+ 2.65 KB | None | 0 0
raw download clone embed print report
  1. /=====================================================================================
  2. /      Filename:  update.q
  3. /   Description:  Script to update the KDB database of konwn virus signatures and md5
  4. /                 with the most up to date version from clamAV daily virus updaes
  5. /       Version:  1.0
  6. /       Created:  28/01/12 23:00:55
  7. /        Author:  Oliver Fletcher, ttolf@lboro.ac.uk
  8. /    University:  Loughborough University
  9. /=====================================================================================
  10.  
  11. 1 "Downloading latest clamAV database\n";
  12.  
  13. / Connect to the clamAV.net database and download the lastest daily.cvd file
  14. daily:4h$(`$":http://db.local.clamav.net")"GET /daily.cvd HTTP/1.0\r\nHost:db.local.clamav.net\r\n\r\n";
  15.  
  16. / Strip the header from the downloaded file leaving just the tar ball
  17. bin_search:{z[where daily[z+\:til count 0x1f8b08]~\:0x1f8b08]};
  18. start:first bin_search[0x1f8b08;daily;where ((1-count 0x1f8b08)_daily)=first 0x1f8b08];
  19. daily:raze (start)_daily;
  20.  
  21. / Save the file with the header removed to the tmp folder
  22. `:tmp/daily.cvd 1: daily;
  23.  
  24. 1 "Extracting Database\n";
  25. / Extract the tarball, move to to tmp folder and change permissions
  26. system ["./qupdate/untar tmp/daily.cvd > /dev/null;mv daily* COPYING tmp/;chmod 664 tmp/*;"];
  27.  
  28. / Load the ndb file
  29. up_virus_sigs:("SISS";":") 0: `:tmp/daily.ndb;
  30. up_virus_sigs:up_virus_sigs _2;
  31. up_virus_sigs[2]:string up_virus_sigs[2];
  32. up_virus_sigs:flip `MalwareName`TargetType`HexSig!(up_virus_sigs)
  33.  
  34. / Load the MD5 file /
  35. up_md5_sigs: ("SIS";":") 0: `:tmp/daily.hdb;
  36. up_md5_sigs: flip `MD5`Size`MalwareName!(up_md5_sigs);
  37.  
  38. / Convert format to Regular Expression
  39. up_virus_sigs[`HexSig]:{[xx]ssr[xx;"?";"."]}peach up_virus_sigs[`HexSig];
  40.  
  41. / * converts to .* a "match anything"
  42. up_virus_sigs[`HexSig]:{[xx]ssr[xx;"*";".*"]}peach up_virus_sigs[`HexSig];
  43.  
  44. / Convert {x} to (..){x} - convert {x-} to (..){x,} convert {-x} to (..){0,x}
  45. / Cut at the points { and }
  46. a:up_virus_sigs[`HexSig]; /for clarity
  47. a:{[xx] xx:"{" vs xx;xx:"}" vs/: xx;xx}peach a;
  48.  
  49. / Converts  -42 to (..){,42} etc
  50. adjust:{[c]$[c like "-*";t:"(..){0",c,"}";
  51.     $[c like "*-";t:"(..){",c,"}";
  52.       $[c like "*?-?*";t:"(..){",c,"}";
  53.         t:"(..){",c,"}"]
  54.       ]
  55.     ];
  56.   t
  57.   };
  58. a:{[zz]{[xx]$[(count xx)~2;adjust[xx[0]],xx[1];xx]}each zz}each a;
  59. a:raze each raze each a;
  60. up_virus_sigs[`HexSig]:{[ex]ssr[ex;"-";","]}each a;
  61.  
  62. / Compare agaist current db and update where necessdary
  63. 1 "Updating Database\n";
  64. md5_sigs:md5_sigs union up_md5_sigs;
  65. virus_sigs:virus_sigs union up_virus_sigs;
  66. save `:database/md5_sigs;
  67. save `:database/virus_sigs;
  68.  
  69. / Clean up and delete files
  70. system ["rm -f tmp/*;"];
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!