Imported Upstream version 1.5.1-pre2

README

@@ -1,6 +1,6 @@
 Linux Malware Detect v1.5
-            (C) 2002-2015, R-fx Networks <proj@r-fx.org>
-            (C) 2015, Ryan MacDonald <ryan@r-fx.org>
+            (C) 2002-2016, R-fx Networks <proj@r-fx.org>
+            (C) 2016, Ryan MacDonald <ryan@r-fx.org>
 This program may be freely redistributed under the terms of the GNU GPL v2
 
 ::::::::::::::::::::::::::::::::::

cron.daily

@@ -1,18 +1,29 @@
 #!/usr/bin/env bash
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
 export LMDCRON=1
-install_path=/usr/local/maldetect
+inspath=/usr/local/maldetect
+intcnf="$inspath/internals/internals.conf"
 
-cron_custom_exec=$inspath/cron/custom.cron
-cron_custom_conf=$inspath/cron/conf.maldet.cron
+if [ -f "$intcnf" ]; then
+	source $intcnf
+else
+	echo "$intcnf not found."
+	exit 1
+fi
 
-if [ -f "$install_path/conf.maldet" ]; then
-	. $install_path/conf.maldet
+if [ -f "$cnf" ]; then
+	. $cnf
 else
-	echo "could not find $install_path/conf.maldet, fatal error, bye."
+	echo "could not find $cnf, fatal error, bye."
 	exit 1
 fi
 
+if [ -f "/etc/sysconfig/maldet" ]; then
+	. /etc/sysconfig/maldet
+elif [ -f "/etc/default/maldet" ]; then
+	. /etc/default/maldet
+fi
+
 if [ -f "$cron_custom_conf" ]; then
 	. $cron_custom_conf
 fi
@@ -21,10 +32,9 @@ if [ -z "$scan_days" ]; then
 	scan_days=1
 fi
 
-find=`which find 2> /dev/null`
 if [ "$find" ]; then
 	# prune any quarantine/session/tmp data older than 7 days
-	tmpdirs="$install_path/tmp $install_path/sess $install_path/quarantine $install_path/pub"
+	tmpdirs="$inspath/tmp $inspath/sess $inspath/quarantine $inspath/pub"
 	for dir in $tmpdirs; do
 	 if [ -d "$dir" ]; then
 	  $find $dir -type f -mtime +7 -print0 | xargs -0 rm -f >> /dev/null 2>&1
@@ -39,45 +49,45 @@ fi
 
 if [ "$autoupdate_version" == "1" ]; then
 	# check for new release version
-	$install_path/maldet -d >> /dev/null 2>&1
+	$inspath/maldet -d >> /dev/null 2>&1
 fi
 
 if [ "$autoupdate_signatures" == "1" ]; then
 	# check for new definition set
-	$install_path/maldet -u >> /dev/null 2>&1
+	$inspath/maldet -u >> /dev/null 2>&1
 fi
 
 # if we're running inotify monitoring, send daily hit summary
 if [ "$(ps -A --user root -o "cmd" | grep maldetect | grep inotifywait)" ]; then
-        $install_path/maldet --monitor-report >> /dev/null 2>&1
+        $inspath/maldet --monitor-report >> /dev/null 2>&1
 else
 	if [ -d "/home/virtual" ] && [ -d "/usr/lib/opcenter" ]; then
 		# ensim
-	        $install_path/maldet -b -r /home/virtual/?/fst/var/www/html/,/home/virtual/?/fst/home/?/public_html/ $scan_days >> /dev/null 2>&1
+	        $inspath/maldet -b -r /home/virtual/?/fst/var/www/html/,/home/virtual/?/fst/home/?/public_html/ $scan_days >> /dev/null 2>&1
 	elif [ -d "/etc/psa" ] && [ -d "/var/lib/psa" ]; then
 		# psa
-		$install_path/maldet -b -r /var/www/vhosts/?/ $scan_days >> /dev/null 2>&1
+		$inspath/maldet -b -r /var/www/vhosts/?/ $scan_days >> /dev/null 2>&1
         elif [ -d "/usr/local/directadmin" ]; then
                 # DirectAdmin
-                $install_path/maldet -b -r /home?/?/domains/?/public_html/,/var/www/html/?/ $scan_days >> /dev/null 2>&1
+                $inspath/maldet -b -r /home?/?/domains/?/public_html/,/var/www/html/?/ $scan_days >> /dev/null 2>&1
 	elif [ -d "/var/www/clients" ]; then
 		# ISPConfig
-                $install_path/maldet -b -r /var/www/clients/?/web?/web,/var/www $scan_days >> /dev/null 2>&1
+                $inspath/maldet -b -r /var/www/clients/?/web?/web,/var/www $scan_days >> /dev/null 2>&1
 	elif [ -d "/etc/webmin/virtual-server" ]; then
 		# Virtualmin
-                $install_path/maldet -b -r /home/?/public_html/,/home/?/domains/?/public_html/ $scan_days >> /dev/null 2>&1
+                $inspath/maldet -b -r /home/?/public_html/,/home/?/domains/?/public_html/ $scan_days >> /dev/null 2>&1
 	elif [ -d "/usr/local/ispmgr" ]; then
 		# ISPmanager
-		$install_path/maldet -b -r /var/www/?/data/,/home/?/data/ $scan_days >> /dev/null 2>&1
+		$inspath/maldet -b -r /var/www/?/data/,/home/?/data/ $scan_days >> /dev/null 2>&1
 	elif [ -d "/var/customers/webs" ]; then
 		# froxlor
-		$install_path/maldet -b -r /var/customers/webs/ $scan_days >> /dev/null 2>&1
+		$inspath/maldet -b -r /var/customers/webs/ $scan_days >> /dev/null 2>&1
         elif [ -d "/usr/local/vesta" ]; then
                 # VestaCP
-                $install_path/maldet -b -r /home/?/web/?/public_html/,/home/?/web/?/public_shtml/,/home/?/tmp/,/home/?/web/?/private/ $scan_days >> /dev/null 2>&1
+                $inspath/maldet -b -r /home/?/web/?/public_html/,/home/?/web/?/public_shtml/,/home/?/tmp/,/home/?/web/?/private/ $scan_days >> /dev/null 2>&1
 	else
 		# cpanel, interworx and other standard home/user/public_html setups
-	        $install_path/maldet -b -r /home?/?/public_html/,/var/www/html/,/usr/local/apache/htdocs/ $scan_days >> /dev/null 2>&1
+	        $inspath/maldet -b -r /home?/?/public_html/,/var/www/html/,/usr/local/apache/htdocs/ $scan_days >> /dev/null 2>&1
 	fi
 fi
 

files/VERSION.hash

@@ -1 +1 @@
-536321f5b5d56f114b4e0bc11b07dd9860d09357e88900f9738b46326768206d
+0ae2ae101cc9ff4925cf17797d02e425b8631bfbcd91dac799b16c37ae903a92

files/conf.maldet

@@ -1,7 +1,7 @@
 ##
 # Linux Malware Detect v1.5
-#             (C) 2002-2015, R-fx Networks <proj@r-fx.org>
-#             (C) 2015, Ryan MacDonald <ryan@r-fx.org>
+#             (C) 2002-2016, R-fx Networks <proj@r-fx.org>
+#             (C) 2016, Ryan MacDonald <ryan@r-fx.org>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/hookscan.sh

@@ -1,8 +1,19 @@
 #!/usr/bin/env bash
 file="$1"
+inspath=/usr/local/maldetect
+intcnf="$inspath/internals/internals.conf"
+
+if [ -f "$intcnf" ]; then
+	source $intcnf
+else
+	header
+	echo "maldet($$): {glob} $intcnf not found, aborting."
+	exit 1
+fi
+
 isclamd=`pidof clamd 2> /dev/null`
-clamdloc=`which clamdscan 2> /dev/null`
-if [ "$isclamd" ] && [ -f "$clamdloc" ]; then
+
+if [ "$isclamd" ] && [ -f "$clamdscan" ]; then
 	clamd_scan=1
 fi
-cd /tmp ; /usr/local/maldetect/maldet --config-option quar_hits=1,quar_clean=0,tmpdir=/var/tmp,scan_tmpdir_paths='',scan_clamscan=$clamd_scan --hook-scan -a "$file"
+cd /tmp ; $inspath/maldet --config-option quarantine_hits=1,quarantine_clean=0,tmpdir=/var/tmp,scan_tmpdir_paths='',scan_clamscan=$clamd_scan --hook-scan -a "$file"

files/internals/functions

@@ -1,8 +1,8 @@
 #!/bin/bash
 ##
 # Linux Malware Detect v1.5
-#             (C) 2002-2015, R-fx Networks <proj@r-fx.org>
-#             (C) 2015, Ryan MacDonald <ryan@r-fx.org>
+#             (C) 2002-2016, R-fx Networks <proj@r-fx.org>
+#             (C) 2016, Ryan MacDonald <ryan@r-fx.org>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #
@@ -16,7 +16,7 @@ prerun() {
 				exit
 			fi
 			header
-			echo "public scanning is currently disabled, please contact your system administrator to enable scan_user_access in conf.maldet."
+			echo "public scanning is currently disabled, please contact your system administrator to enable scan_user_access in $cnffile."
 			exit 1
 		fi
 		pub=1
@@ -190,7 +190,7 @@ trap_exit() {
 		eout "{glob} scan interrupt by user, aborting scan..." 1
 		eout "{scan} scan report saved, to view run: maldet --report $datestamp.$$" 1
 		if [ "$quarantine_hits" == "0" ] && [ ! "$tot_hits" == "0" ]; then
-			eout "{glob} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q $datestamp.$$" 1
+			eout "{glob} quarantine is disabled! set quarantine_hits=1 in $cnffile or to quarantine results run: maldet -q $datestamp.$$" 1
 		fi
 		exit
 	fi
@@ -386,7 +386,7 @@ usage $0 [ OPTION ]
        e.g: maldet --user nobody --restore 050910-1534.21135
 
     -co, --config-option VAR1=VALUE,VAR2=VALUE,VAR3=VALUE
-       Set or redefine the value of conf.maldet config options
+       Set or redefine the value of $cnffile config options
        e.g: maldet --config-option email_addr=you@domain.com,quarantine_hits=1
 
     -p, --purge
@@ -941,13 +941,13 @@ scan() {
 				scan_strlen list "$find_results" >> /dev/null 2>&1
 			fi
 		fi
-		if [ -f "/usr/local/cpanel/3rdparty/share/clamav/main.cld" ]; then
+		if [ -f "/usr/local/cpanel/3rdparty/share/clamav/main.cld" ] || [ -f "/usr/local/cpanel/3rdparty/share/clamav/main.cvd" ]; then
 			clamav_db="-d /usr/local/cpanel/3rdparty/share/clamav"
-			elif [ -f "/var/lib/clamav/main.cld" ]; then
+		elif [ -f "/var/lib/clamav/main.cld" ] || [ -f "/var/lib/clamav/main.cvd" ]; then
 			clamav_db="-d /var/lib/clamav"
-			elif [ -f "/var/clamav/main.cld" ]; then
+		elif [ -f "/var/clamav/main.cld" ] || [ -f "/var/clamav/main.cvd" ]; then
 			clamav_db="-d /var/clamav"
-			elif [ -f "/usr/share/clamav/main.cld" ]; then
+		elif [ -f "/usr/share/clamav/main.cld" ] || [ -f "/usr/share/clamav/main.cvd" ]; then
 			clamav_db="-d /usr/share/clamav"
 		fi
 		if [ -z "$hscan" ]; then
@@ -1037,7 +1037,7 @@ scan() {
 		eout "{scan} scan completed on $spath: files $tot_files, malware hits $tot_hits, cleaned hits $tot_cl, time ${scan_et}s" 1
 		eout "{scan} scan report saved, to view run: maldet --report $datestamp.$$" 1
 		if [ "$quarantine_hits" == "0" ] && [ ! "$tot_hits" == "0" ]; then
-			eout "{scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q $datestamp.$$" 1
+			eout "{scan} quarantine is disabled! set quarantine_hits=1 in $cnffile or to quarantine results run: maldet -q $datestamp.$$" 1
 		fi
 	fi
 
@@ -1324,15 +1324,15 @@ monitor_cycle() {
                 	fi
 			if [ "$scan_clamscan" == "1" ]; then
 		                trim_log $clamscan_log 10000 1
-		                if [ -f "/usr/local/cpanel/3rdparty/share/clamav/main.cld" ]; then
-        		               	clamav_db="-d /usr/local/cpanel/3rdparty/share/clamav"
-                	       	elif [ -f "/var/lib/clamav/main.cld" ]; then
-                		       	clamav_db="-d /var/lib/clamav"
-	                        elif [ -f "/var/clamav/main.cld" ]; then
-        	               		clamav_db="-d /var/clamav"
-                	        elif [ -f "/usr/share/clamav/main.cld" ]; then
-                       			clamav_db="-d /usr/share/clamav"
-	                	fi
+		                if [ -f "/usr/local/cpanel/3rdparty/share/clamav/main.cld" ] || [ -f "/usr/local/cpanel/3rdparty/share/clamav/main.cvd" ]; then
+		                        clamav_db="-d /usr/local/cpanel/3rdparty/share/clamav"
+		                elif [ -f "/var/lib/clamav/main.cld" ] || [ -f "/var/lib/clamav/main.cvd" ]; then
+		                        clamav_db="-d /var/lib/clamav"
+		                elif [ -f "/var/clamav/main.cld" ] || [ -f "/var/clamav/main.cvd" ]; then
+		                        clamav_db="-d /var/clamav"
+		                elif [ -f "/usr/share/clamav/main.cld" ] || [ -f "/usr/share/clamav/main.cvd" ]; then
+                		        clamav_db="-d /usr/share/clamav"
+		                fi
         	       		scan_max_filesize=`cat $sig_md5_file | cut -d':' -f2 | sort -n | tail -n1`
 	                	if [ "$scan_max_filesize" -gt "1" 2> /dev/null ]; then
         	               		scan_max_filesize=$[scan_max_filesize+1]
@@ -1718,7 +1718,7 @@ lmdup() {
 			doupdate=1
 			elif [ "$autoupdate_version_hashed" == "1" ]; then
 			eout "{update} hashing install files and checking against server..." 1
-			$md5sum $inspath/maldet $inspath/internals/functions | awk '{print$1}' | tr '\n' ' ' | tr -d ' ' > $lmd_hash_file
+			$md5sum $inspath/maldet $intfunc | awk '{print$1}' | tr '\n' ' ' | tr -d ' ' > $lmd_hash_file
 			upstreamhash="$tmpwd/.lmdup_hashcheck$$"
 			$wget --referer="$lmd_referer" -q -T$wget_timeout -t$wget_retries "$lmd_hash_url" -O $upstreamhash >> /dev/null 2>&1
 			if [ -s "$upstreamhash" ]; then

files/internals/hexfifo.pl

@@ -2,8 +2,8 @@
 #
 ##
 # Linux Malware Detect v1.5
-#             (C) 2002-2015, R-fx Networks <proj@r-fx.org>
-#             (C) 2015, Ryan MacDonald <ryan@r-fx.org>
+#             (C) 2002-2016, R-fx Networks <proj@r-fx.org>
+#             (C) 2016, Ryan MacDonald <ryan@r-fx.org>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/internals/hexstring.pl

@@ -2,8 +2,8 @@
 #
 ##
 # Linux Malware Detect v1.5
-#             (C) 2002-2015, R-fx Networks <proj@r-fx.org>
-#             (C) 2015, Ryan MacDonald <ryan@r-fx.org>
+#             (C) 2002-2016, R-fx Networks <proj@r-fx.org>
+#             (C) 2016, Ryan MacDonald <ryan@r-fx.org>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/internals/internals.conf

@@ -1,11 +1,17 @@
 ##
 # Linux Malware Detect v1.5
-#             (C) 2002-2015, R-fx Networks <proj@r-fx.org>
-#             (C) 2015, Ryan MacDonald <ryan@r-fx.org>
+#             (C) 2002-2016, R-fx Networks <proj@r-fx.org>
+#             (C) 2016, Ryan MacDonald <ryan@r-fx.org>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #
 
+inspath=/usr/local/maldetect
+intcnf="$inspath/internals/internals.conf"
+intfunc="$inspath/internals/functions"
+cnffile="conf.maldet"
+cnf="$inspath/$cnffile"
+
 logdir="$inspath/logs"
 maldet_log="$logdir/event_log"
 clamscan_log="$logdir/clamscan_log"
@@ -41,6 +47,7 @@ mail=`which mail 2> /dev/null`
 pidof=`which pidof 2> /dev/null`
 stat=`which stat 2> /dev/null`
 logger=`which logger 2> /dev/null`
+clamdscan=`which clamdscan 2> /dev/null`
 
 suppress_cleanhit="$email_ignore_clean"
 ignore_paths="$inspath/ignore_paths"
@@ -92,6 +99,9 @@ find_opts="-regextype posix-egrep"
 email_template="$inspath/internals/scan.etpl"
 email_subj="maldet alert from $(hostname)"
 
+cron_custom_exec="$inspath/cron/custom.cron"
+cron_custom_conf="$inspath/cron/conf.maldet.cron"
+
 ## backwards compatibility for pre-1.5 deprecated config options
 if [ ! "$quarantine_hits" ] && [ "$quar_hits" ]; then
        quarantine_hits="$quar_hits"

files/maldet

@@ -2,40 +2,38 @@
 #
 ##
 # Linux Malware Detect v1.5
-#             (C) 2002-2015, R-fx Networks <proj@rfxn.com>
-#             (C) 2015, Ryan MacDonald <ryan@rfxn.com>
+#             (C) 2002-2016, R-fx Networks <proj@rfxn.com>
+#             (C) 2016, Ryan MacDonald <ryan@rfxn.com>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #
 PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
 ver=1.5
 
 inspath=/usr/local/maldetect
-cnf="$inspath/conf.maldet"
 intcnf="$inspath/internals/internals.conf"
-intfunc="$inspath/internals/functions"
 
 header() {
 	echo "Linux Malware Detect v$ver"
-	echo "            (C) 2002-2015, R-fx Networks <proj@rfxn.com>"
-	echo "            (C) 2015, Ryan MacDonald <ryan@rfxn.com>"
+	echo "            (C) 2002-2016, R-fx Networks <proj@rfxn.com>"
+	echo "            (C) 2016, Ryan MacDonald <ryan@rfxn.com>"
 	echo "This program may be freely redistributed under the terms of the GNU GPL v2"
 	echo ""
 }
 
-if [ -f "$cnf" ]; then
-	source $cnf
+if [ -f "$intcnf" ]; then
+	source $intcnf
 else
 	header
-	echo "maldet($$): {glob} $cnf not found, aborting."
+	echo "maldet($$): {glob} $intcnf not found, aborting."
 	exit 1
 fi
 
-if [ -f "$intcnf" ]; then
-	source $intcnf
+if [ -f "$cnf" ]; then
+	source $cnf
 else
 	header
-	echo "maldet($$): {glob} $intcnf not found, aborting."
+	echo "maldet($$): {glob} $cnf not found, aborting."
 	exit 1
 fi
 
@@ -83,7 +81,7 @@ else
 					exit
 				else
 					header
-					echo "public scanning support not enabled in conf.maldet, aborting."
+					echo "public scanning support not enabled in $cnf, aborting."
 					exit
 				fi
 			;;

files/maldet.1

@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.38.2.
-.TH LINUX-MALWARE-DETECT "19" "September 2015" "Linux Malware Detect v1.5" "User Commands"
+.TH LINUX-MALWARE-DETECT "19" "September 2016" "Linux Malware Detect v1.5" "User Commands"
 .SH NAME
 maldet \- Linux Malware Detect
 .SH SYNOPSIS
@@ -223,6 +223,6 @@ Clear logs, quarantine queue, session and temporary data.
 This program may be freely redistributed under the terms of the GNU GPL v2
 .SH AUTHORS
 .PP
-(C) 2002\-2015, R\-fx Networks <proj@r\-fx.org>
-(C) 2015, Ryan MacDonald <ryan@r\-fx.org>
+(C) 2002\-2016, R\-fx Networks <proj@r\-fx.org>
+(C) 2016, Ryan MacDonald <ryan@r\-fx.org>