Archive for March, 2008

HOWTO: Samba share with virus scanning

Posted by JohannesTheDeveloper in fun with Linux on March 19th, 2008

This explains how to install a windows share that is scanned when files are uploaded or changed there.

We use:

  • clamav
  • inotify-tools

Install those.

I presume you have setup already:

  • /etc/clamd.conf
  • freshclam works.
  • The samba share already exists and works.

What the script does is:

  1. find all files in the share $SHARE
  2. listen on changes using inotify
  3. output from those two is given clam(d)scan, which analyses the $FILE
  4. If the $FILE contains a virus, it is moved to $VIRUSDIR, and $FILE.txt is created containing a report

What to do? How to install?

  1. Save the script below to something in your $PATH, like /usr/local/bin/scanshares
  2. (Set the variables according to your setup)
  3. Make sure $SHARE and $VIRUSDIR is owned by the user “nobody”
  4. Call it using 
    sudo -u nobody scanshares >/var/log/scanshares
  5. Watch /var/log/scanshares while you put a test virus file from EICAR into your share. After some seconds, it should be replaced by a text file.

#!/bin/bash
# if you manage to create a file containing a virus,
# which filename signatures a virus, you will send this script
# in a infinite loop ;-)
TMPFILE=/tmp/lastscanresult.txt
SHARE=/srv/samba/
VIRUSDIR=/srv/samba/hasvirus/
VIRUSDB=/var/clamav/
#INOTIFYWAIT=/home/johannes/inotify-tools-3.13/src/inotifywait
INOTIFYWAIT=inotifywait
# if you have no clamd
CLAMSCAN="clamscan --database $VIRUSDB --block-encrypted -i"
# if you have clamd (faster)
CLAMSCAN="clamdscan"
{
# initial check
find $SHARE -type f | while read line; do echo "$line|CLOSE_WRITE"; done;
# await changes
# we need to listen to create, otherwise inotifywait doesn't follow in subdirs :-(
$INOTIFYWAIT -q -m -r -e create -e close_write "$SHARE" --format '%w%f|%e';
} |
grep '|CLOSE_WRITE' --line-buffered | sed -u 's/|.*//g' | # remove create events again
grep -v --line-buffered  $VIRUSDIR | # we know THOSE have virus
while read file; do
echo "scanning $file"
$CLAMSCAN --no-summary "$file" > $TMPFILE
if [ "$?" == "1" ]; then
mv "$file" $VIRUSDIR
{
echo 'The file contained a virus and was therefore removed.'
cat $TMPFILE
} > "$file.txt"
fi
echo "scanning $file done."
done

This manual is also available on gentoo-wiki.

No Comments

Linux: Hostname change break X apps

Posted by JohannesTheDeveloper in fun with Linux on March 13th, 2008

There exists a really lame problem on X (X11,XFree86,Xorg,…): The authentification or identification mechanism when a new application wants to connect to the X server (read: show a window) works over the hostname.

This is fine if you live in 1990, but wireless network have dhcp and dhcp server can send a hostname to your machine making your X session stop working: You can’t start any programs anymore.

NetworkManager (what also make the little icon on GNOME/KDE desktops, pre-installed on Ubuntus et.al., developed by RedHat) uses dhclient to retrieve a hostname.

The magic words to add to your dhclient.conf are:

send host-name "hoot";
supersede host-name "hoot";

If you use pump (instead of dhclient), you shouldn’t have this problem, as it doesn’t set the hostname (see the man page).

A mailing list entry on this topic starts here: http://lists.freedesktop.org/archives/xorg/2004-August/002772.html

No Comments

HSQL CHECK constraints with CASE statement

Posted by JohannesTheDeveloper in Happy Hacking on March 12th, 2008

Like the post at [0] suggests, HSQL CHECK constraints can not be used together with CASE WHEN statements.
If you try to insert/update, you will receive a (very informative) “S1000 General error java.lang.ClassCastException”, followed by the whole SQL statement. (here I have, HSQL 1.8.0.9).

If you have something like:


ALTER TABLE personnel ADD CONSTRAINT salary_types_constraint
CHECK (
CASE
WHEN pos = 0 AND (salary < 1000 OR salary > 5000)
THEN FALSE -- personal
WHEN pos = 1 AND (salary < 10000 OR salary > 20000)
THEN FALSE -- manager
ELSE TRUE
END
);

It will not work. It will give you a “S1000 General error java.lang.ClassCastException” error message.

Replace with:


ALTER TABLE personnel ADD CONSTRAINT salary_types_constraint
CHECK (
(pos = 0 AND (salary > 1000 OR salary < 5000))
OR
(pos = 1 AND (salary < 10000 OR salary > 20000))
);

No Comments

Gedit patch for go-to-line

Posted by JohannesTheDeveloper in Happy Hacking on March 8th, 2008

There seems to be a patch party going on at the moment …
http://bugzilla.gnome.org/show_bug.cgi?id=521127

No Comments

Skype: Chat Messages/History log file format

Posted by JohannesTheDeveloper in Happy Hacking on March 2nd, 2008

To be able to search and use the Skype chat log, message history, and call history I reverse-engineered the Skype file format of chatmsg256.dbb, chatmsg512.dbb, callmember256.dbb, … files.

I made a script able to export the history to html, as well as Python classes able to random-access the logs.

As far as I can see, I’m the first one on the net that did this, everyone else is sane and uses the API.

You can view and edit all information here: http://johbuc6.coconia.net/doku.php/skype/start

No Comments