Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /=====================================================================================
- / Filename: update.q
- / Description: Script to update the KDB database of konwn virus signatures and md5
- / with the most up to date version from clamAV daily virus updaes
- / Version: 1.0
- / Created: 28/01/12 23:00:55
- / Author: Oliver Fletcher, ttolf@lboro.ac.uk
- / University: Loughborough University
- /=====================================================================================
- 1 "Downloading latest clamAV database\n";
- / Connect to the clamAV.net database and download the lastest daily.cvd file
- daily:4h$(`$":http://db.local.clamav.net")"GET /daily.cvd HTTP/1.0\r\nHost:db.local.clamav.net\r\n\r\n";
- / Strip the header from the downloaded file leaving just the tar ball
- bin_search:{z[where daily[z+\:til count 0x1f8b08]~\:0x1f8b08]};
- start:first bin_search[0x1f8b08;daily;where ((1-count 0x1f8b08)_daily)=first 0x1f8b08];
- daily:raze (start)_daily;
- / Save the file with the header removed to the tmp folder
- `:tmp/daily.cvd 1: daily;
- 1 "Extracting Database\n";
- / Extract the tarball, move to to tmp folder and change permissions
- system ["./qupdate/untar tmp/daily.cvd > /dev/null;mv daily* COPYING tmp/;chmod 664 tmp/*;"];
- / Load the ndb file
- up_virus_sigs:("SISS";":") 0: `:tmp/daily.ndb;
- up_virus_sigs:up_virus_sigs _2;
- up_virus_sigs[2]:string up_virus_sigs[2];
- up_virus_sigs:flip `MalwareName`TargetType`HexSig!(up_virus_sigs)
- / Load the MD5 file /
- up_md5_sigs: ("SIS";":") 0: `:tmp/daily.hdb;
- up_md5_sigs: flip `MD5`Size`MalwareName!(up_md5_sigs);
- / Convert format to Regular Expression
- up_virus_sigs[`HexSig]:{[xx]ssr[xx;"?";"."]}peach up_virus_sigs[`HexSig];
- / * converts to .* a "match anything"
- up_virus_sigs[`HexSig]:{[xx]ssr[xx;"*";".*"]}peach up_virus_sigs[`HexSig];
- / Convert {x} to (..){x} - convert {x-} to (..){x,} convert {-x} to (..){0,x}
- / Cut at the points { and }
- a:up_virus_sigs[`HexSig]; /for clarity
- a:{[xx] xx:"{" vs xx;xx:"}" vs/: xx;xx}peach a;
- / Converts -42 to (..){,42} etc
- adjust:{[c]$[c like "-*";t:"(..){0",c,"}";
- $[c like "*-";t:"(..){",c,"}";
- $[c like "*?-?*";t:"(..){",c,"}";
- t:"(..){",c,"}"]
- ]
- ];
- t
- };
- a:{[zz]{[xx]$[(count xx)~2;adjust[xx[0]],xx[1];xx]}each zz}each a;
- a:raze each raze each a;
- up_virus_sigs[`HexSig]:{[ex]ssr[ex;"-";","]}each a;
- / Compare agaist current db and update where necessdary
- 1 "Updating Database\n";
- md5_sigs:md5_sigs union up_md5_sigs;
- virus_sigs:virus_sigs union up_virus_sigs;
- save `:database/md5_sigs;
- save `:database/virus_sigs;
- / Clean up and delete files
- system ["rm -f tmp/*;"];
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement