Archive for March, 2008

HOWTO: Samba share with virus scanning

Posted by JohannesTheDeveloper in fun with Linux on March 19th, 2008

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

This explains how to install a windows share that is scanned when files are uploaded or changed there.

We use:

  • clamav
  • inotify-tools

Install those.

I presume you have setup already:

  • /etc/clamd.conf
  • freshclam works.
  • The samba share already exists and works.

What the script does is:

  1. find all files in the share $SHARE
  2. listen on changes using inotify
  3. output from those two is given clam(d)scan, which analyses the $FILE
  4. If the $FILE contains a virus, it is moved to $VIRUSDIR, and $FILE.txt is created containing a report

What to do? How to install?

  1. Save the script below to something in your $PATH, like /usr/local/bin/scanshares
  2. (Set the variables according to your setup)
  3. Make sure $SHARE and $VIRUSDIR is owned by the user “nobody”
  4. Call it using 
    sudo -u nobody scanshares >/var/log/scanshares
  5. Watch /var/log/scanshares while you put a test virus file from EICAR into your share. After some seconds, it should be replaced by a text file.

#!/bin/bash
# if you manage to create a file containing a virus,
# which filename signatures a virus, you will send this script
# in a infinite loop ;-)
TMPFILE=/tmp/lastscanresult.txt
SHARE=/srv/samba/
VIRUSDIR=/srv/samba/hasvirus/
VIRUSDB=/var/clamav/
#INOTIFYWAIT=/home/johannes/inotify-tools-3.13/src/inotifywait
INOTIFYWAIT=inotifywait
# if you have no clamd
CLAMSCAN="clamscan --database $VIRUSDB --block-encrypted -i"
# if you have clamd (faster)
CLAMSCAN="clamdscan"
{
# initial check
find $SHARE -type f | while read line; do echo "$line|CLOSE_WRITE"; done;
# await changes
# we need to listen to create, otherwise inotifywait doesn't follow in subdirs :-(
$INOTIFYWAIT -q -m -r -e create -e close_write "$SHARE" --format '%w%f|%e';
} |
grep '|CLOSE_WRITE' --line-buffered | sed -u 's/|.*//g' | # remove create events again
grep -v --line-buffered  $VIRUSDIR | # we know THOSE have virus
while read file; do
echo "scanning $file"
$CLAMSCAN --no-summary "$file" > $TMPFILE
if [ "$?" == "1" ]; then
mv "$file" $VIRUSDIR
{
echo 'The file contained a virus and was therefore removed.'
cat $TMPFILE
} > "$file.txt"
fi
echo "scanning $file done."
done

This manual is also available on gentoo-wiki.

No Comments

Linux: Hostname change break X apps

Posted by JohannesTheDeveloper in fun with Linux on March 13th, 2008

There exists a really lame problem on X (X11,XFree86,Xorg,…): The authentification or identification mechanism when a new application wants to connect to the X server (read: show a window) works over the hostname.

This is fine if you live in 1990, but wireless network have dhcp and dhcp server can send a hostname to your machine making your X session stop working: You can’t start any programs anymore.

NetworkManager (what also make the little icon on GNOME/KDE desktops, pre-installed on Ubuntus et.al., developed by RedHat) uses dhclient to retrieve a hostname.

The magic words to add to your dhclient.conf are:

send host-name "hoot";
supersede host-name "hoot";

If you use pump (instead of dhclient), you shouldn’t have this problem, as it doesn’t set the hostname (see the man page).

A mailing list entry on this topic starts here: http://lists.freedesktop.org/archives/xorg/2004-August/002772.html

No Comments

HSQL CHECK constraints with CASE statement

Posted by JohannesTheDeveloper in Happy Hacking on March 12th, 2008

Like the post at [0] suggests, HSQL CHECK constraints can not be used together with CASE WHEN statements.
If you try to insert/update, you will receive a (very informative) “S1000 General error java.lang.ClassCastException”, followed by the whole SQL statement. (here I have, HSQL 1.8.0.9).

If you have something like:


ALTER TABLE personnel ADD CONSTRAINT salary_types_constraint
CHECK (
CASE
WHEN pos = 0 AND (salary < 1000 OR salary > 5000)
THEN FALSE -- personal
WHEN pos = 1 AND (salary < 10000 OR salary > 20000)
THEN FALSE -- manager
ELSE TRUE
END
);

It will not work. It will give you a “S1000 General error java.lang.ClassCastException” error message.

Replace with:


ALTER TABLE personnel ADD CONSTRAINT salary_types_constraint
CHECK (
(pos = 0 AND (salary > 1000 OR salary < 5000))
OR
(pos = 1 AND (salary < 10000 OR salary > 20000))
);

No Comments

Gedit patch for go-to-line

Posted by JohannesTheDeveloper in Happy Hacking on March 8th, 2008

There seems to be a patch party going on at the moment …
http://bugzilla.gnome.org/show_bug.cgi?id=521127

No Comments

Skype: Chat Messages/History log file format

Posted by JohannesTheDeveloper in Happy Hacking on March 2nd, 2008

To be able to search and use the Skype chat log, message history, and call history I reverse-engineered the Skype file format of chatmsg256.dbb, chatmsg512.dbb, callmember256.dbb, … files.

I made a script able to export the history to html, as well as Python classes able to random-access the logs.

As far as I can see, I’m the first one on the net that did this, everyone else is sane and uses the API.

You can view and edit all information here: http://johbuc6.coconia.net/doku.php/skype/start

No Comments