Advertisement
Ollie920049

qupdate.q

May 3rd, 2012
1,045
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /=====================================================================================
  2. /      Filename:  update.q
  3. /   Description:  Script to update the KDB database of konwn virus signatures and md5
  4. /                 with the most up to date version from clamAV daily virus updaes
  5. /       Version:  1.0
  6. /       Created:  28/01/12 23:00:55
  7. /        Author:  Oliver Fletcher, ttolf@lboro.ac.uk
  8. /    University:  Loughborough University
  9. /=====================================================================================
  10.  
  11. 1 "Downloading latest clamAV database\n";
  12.  
  13. / Connect to the clamAV.net database and download the lastest daily.cvd file
  14. daily:4h$(`$":http://db.local.clamav.net")"GET /daily.cvd HTTP/1.0\r\nHost:db.local.clamav.net\r\n\r\n";
  15.  
  16. / Strip the header from the downloaded file leaving just the tar ball
  17. bin_search:{z[where daily[z+\:til count 0x1f8b08]~\:0x1f8b08]};
  18. start:first bin_search[0x1f8b08;daily;where ((1-count 0x1f8b08)_daily)=first 0x1f8b08];
  19. daily:raze (start)_daily;
  20.  
  21. / Save the file with the header removed to the tmp folder
  22. `:tmp/daily.cvd 1: daily;
  23.  
  24. 1 "Extracting Database\n";
  25. / Extract the tarball, move to to tmp folder and change permissions
  26. system ["./qupdate/untar tmp/daily.cvd > /dev/null;mv daily* COPYING tmp/;chmod 664 tmp/*;"];
  27.  
  28. / Load the ndb file
  29. up_virus_sigs:("SISS";":") 0: `:tmp/daily.ndb;
  30. up_virus_sigs:up_virus_sigs _2;
  31. up_virus_sigs[2]:string up_virus_sigs[2];
  32. up_virus_sigs:flip `MalwareName`TargetType`HexSig!(up_virus_sigs)
  33.  
  34. / Load the MD5 file /
  35. up_md5_sigs: ("SIS";":") 0: `:tmp/daily.hdb;
  36. up_md5_sigs: flip `MD5`Size`MalwareName!(up_md5_sigs);
  37.  
  38. / Convert format to Regular Expression
  39. up_virus_sigs[`HexSig]:{[xx]ssr[xx;"?";"."]}peach up_virus_sigs[`HexSig];
  40.  
  41. / * converts to .* a "match anything"
  42. up_virus_sigs[`HexSig]:{[xx]ssr[xx;"*";".*"]}peach up_virus_sigs[`HexSig];
  43.  
  44. / Convert {x} to (..){x} - convert {x-} to (..){x,} convert {-x} to (..){0,x}
  45. / Cut at the points { and }
  46. a:up_virus_sigs[`HexSig]; /for clarity
  47. a:{[xx] xx:"{" vs xx;xx:"}" vs/: xx;xx}peach a;
  48.  
  49. / Converts  -42 to (..){,42} etc
  50. adjust:{[c]$[c like "-*";t:"(..){0",c,"}";
  51.     $[c like "*-";t:"(..){",c,"}";
  52.       $[c like "*?-?*";t:"(..){",c,"}";
  53.         t:"(..){",c,"}"]
  54.       ]
  55.     ];
  56.   t
  57.   };
  58. a:{[zz]{[xx]$[(count xx)~2;adjust[xx[0]],xx[1];xx]}each zz}each a;
  59. a:raze each raze each a;
  60. up_virus_sigs[`HexSig]:{[ex]ssr[ex;"-";","]}each a;
  61.  
  62. / Compare agaist current db and update where necessdary
  63. 1 "Updating Database\n";
  64. md5_sigs:md5_sigs union up_md5_sigs;
  65. virus_sigs:virus_sigs union up_virus_sigs;
  66. save `:database/md5_sigs;
  67. save `:database/virus_sigs;
  68.  
  69. / Clean up and delete files
  70. system ["rm -f tmp/*;"];
Advertisement
RAW Paste Data Copied
Advertisement