In this chapter, we explain configuration of clamav-update. First, we show lineup of configuration files. Next, explain configuration by install.sh
At last, We show reference of configuration.
clamav-update use follow configuration files.
path name | role | install or not |
---|---|---|
${Prefix}/etc/clamav-update.conf |
for updating ClamAV | Install |
${Prefix}/etc/clamav-update-update.conf |
for updating clamav-update itself. Don't edit this file. This file will be overwrite when clamav-update is updated | Install |
/etc/clamav-update-update.conf |
for updating clamav-update itself. This files are System wide customization. | Install (In some case, not install) |
~/.clamav-update-update.conf |
for updating clamav-update itself. This files are Personal use customization. | Not install |
Any Others | for updating Other software. | Not install |
where ${Prefix}
is the root directory of clamav-update. If you install clamav-update by install.command
, ${Prefix}
is /usr/local/clamXav
. If you install it by install.sh
, ${Prefix}
is the value specified when you install clamav-update by prefix
options of install.sh
. If you don't use prefix
option, ${Prefix}
is /usr/local
.
install.sh
/install.command
install.sh
obey its options and parameters to make ${Prefix}/clamav-update.conf
and /etc/clamav-update-update.conf
. Here, we explain how to change configuration by options and parameters by install.sh
. it write follow lines in configuration file, but it also add some commented out sentences. They are omitted in this explanation.
${Prefix}/clamav-update.conf
$Setting{environment}->{PATH}
, commands search path for clamav-update, is:install.command
install.sh
with --clamav-prefix=/usr/local/clamXav
option '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/clamXav/bin'
install.sh
with --clamav-prefix=/
option--clamav-prefix=/usr
option'/bin:/sbin:/usr/bin:/usr/sbin'
--clamav-prefix=DIR
option '/bin:/sbin:/usr/bin:/usr/sbin:DIR/bin'
$Setting{option}->{src}
, nearest mirror for clamav, is--clamav-dowmload-from
options, default is used,'http://jaist.dl.sourceforge.net/sourceforge/clamav'
install.command
$Setting{option}->{src}
.
install.sh
with --clamav-dowmload-from=URL
option'URL'
$Setting{phase}->{specifier}
--clamd
option--freshclam
optioninstall.command
install.sh
with --clamav-prefix=/usr/local/clamXav
option--clamav-prefix
option--clamav-prefix=/usr/local
option\&PhaseSpecifier4General
--clamav-prefix=DIR
optionsub {
PhaseSpecifier4General();
\$Phase{build}->{method} = [
['./configure', "--prefix=DIR"],
[qw(make)],
];
# return success
1;
}
--freshclam
option
It require --freshclam-restart=COMMAND
option to restart freshclam daemon. If no --freshclam-restart=COMMAND
, COMMAND
is treated as [qw(/etc/rc.d/init.d/freshclam restart)]
. In case of installing by install.command
, COMMAND
is treated as [qw(/Library/StartupItems/FreshclamDaemon/FreshclamDaemon restart)]
.
install.command
--clamav-prefix=/usr/local/clamXav
option specifiedsub {
PhaseSpecifier4ClamAV4ClamXav();
push @{\$Phase{install}->{method}}, (
[qw(chown root /usr/local/clamXav/bin/freshclam)],
[qw(chmod u-s /usr/local/clamXav/bin/freshclam)],
COMMAND,
);
1;
}
--clamav-prefix
option--clamav-prefix=/usr/local
optionsub {
PhaseSpecifier4General();
push @{\$Phase{install}->{method}}, (
COMMAND,
);
1;
}
--clamav-prefix=DIR
optionsub {
PhaseSpecifier4General();
push @{\$Phase{install}->{method}}, (
COMMAND,
);
\$Phase{build}->{method} = [
['./configure', "--prefix=DIR"],
[qw(make)],
];
1;
}
install.sh
by --clamd
option
It require --clamd-restart=CLAMD_COMMAND
option. If no --clamd-restart=CLAMD_COMMAND
option, CLAMD_COMMAND
value is treated as [qw(/etc/rc.d/init.d/clamd restart)]
. In case of installing by install.command
CLAMD_COMMAND
is treated as [qw(/Library/StartupItems/ClamAntiVirusDaemon/ClamAntiVirusDaemon restart)]
.
--freshclam
optioninstall.command
--clamav-prefix=/usr/local/clamXav
optionsub {
PhaseSpecifier4ClamAV4ClamXav();
push @{\$Phase{install}->{method}}, (
CLAMD_COMMAND,
);
1;
}
--clamav-prefix
option--clamav-prefix=/usr/local
optionsub {
PhaseSpecifier4General();
push @{\$Phase{install}->{method}}, (
CLAMD_COMMAND,
);
1;
}
--clamav-prefix=DIR
optionsub {
PhaseSpecifier4General();
push @{\$Phase{install}->{method}}, (
CLAMD_COMMAND,
);
\$Phase{build}->{method} = [
['./configure', "--prefix=DIR"],
[qw(make)],
];
1;
}
--freshclam
option
It require --freshclam-restart=FRESHCLAM_COMMAND
option. If no --freshclam-restart=FRESHCLAM_COMMAND
option specified, The value of FRESHCLAM_COMMAND
is treated as [qw(/etc/rc.d/init.d/freshclam restart)]
. In case of installing by install.command
, The value of FRESHCLAM_COMMAND
is treated as [qw(/Library/StartupItems/FreshclamDaemon/FreshclamDaemon restart)]
.
install.command
--clamav-prefix=/usr/local/clamXav
optionsub {
PhaseSpecifier4ClamAV4ClamXav();
push @{\$Phase{install}->{method}}, (
CLAMD_COMMAND,
);
push @{\$Phase{install}->{method}}, (
[qw(chown root /usr/local/clamXav/bin/freshclam)],
[qw(chmod u-s /usr/local/clamXav/bin/freshclam)],
FRESHCLAM_COMMAND,
);
1;
}
--clamav-prefix
option--clamav-prefix=/usr/local
optionsub {
PhaseSpecifier4General();
push @{\$Phase{install}->{method}}, (
CLAMD_COMMAND,
);
push @{\$Phase{install}->{method}}, (
FRESHCLAM_COMMAND,
);
1;
}
--clamav-prefix=DIR
option specifiedsub {
PhaseSpecifier4General();
push @{\$Phase{install}->{method}}, (
CLAMD_COMMAND,
);
push @{\$Phase{install}->{method}}, (
FRESHCLAM_COMMAND,
);
\$Phase{build}->{method} = [
['./configure', "--prefix=DIR"],
[qw(make)],
];
1;
}
configuration in /etc/clamav-update-update.conf
In follow 3 term, if no configurations, /etc/clamav-update-update.conf
is not installed
$Setting{environment}->{PATH}
--prefix=/usr/local/clamXav
optioninstall.command
/usr/local/clamXav/etc/clamav-update-update.conf
.
--prefix=/usr/
option'/bin:/sbin:/usr/bin:/usr/sbin'
--prefix=DIR
option'/bin:/sbin:/usr/bin:/usr/sbin:DIR'
$Setting{option}->{src}
--download-from=http://osdn.dl.sourceforge.jp/clamav-update
option/usr/local/clamXav/etc/clamav-update-update.conf
.
--download-from=URL
option$Setting{phase}->{specifier}
install.sh
with --prefix=/usr/local/clamXav
optioninstall.command
/usr/local/clamXav/etc/clamav-update-update.conf
.
--prefix=/usr/local
option\&PhaseSpecifier4ClamavUpdate
--prefix=DIR
optionsub {
PhaseSpecifier4ClamAV4ClamXav();
\$Phase{install}->{method} = [
[qw(install -bp -o root -g root -m 0755 clamav-update.pl),
'DIR/bin/clamav-update.pl'
)],
[qw(install -bp -o root -g root -m 0664 clamav-update-update.conf),
'DIR/etc/clamav-update-update.conf'
)],
];
1;
}
$Setting{logging}
Category of handling clamav-update's logging. This is only category, so $Setting{logging}
has no value.
$Setting{logging}->{setlogsock}
It specify logging methods. you can select GLOB or setlogsock function. GLOB is a GLOB in Perl. The other is setlogsock
function in the Sys::Syslog module of Perl.
You can specify \*STDOUT
and \*STDERR
. They are standard out and standard error respectively.
Using GLOB, you can specify any file as log file. for example.
open MY_LOG_FH, '>> /var/log/clamav-update.log' or die;
$Setting{logging}->{setlogsock} = \*MY_LOG_FH;
all value except GLOB is treated as Syslog. In this case, this value is passed to setlogsock
function of Sys::Syslog module. Effectiveness of the values are depends on your system / version of installed Sys::Syslog module. In my manual of Sys::Syslog, they can accept follow values:
'unix'
Connect to syslog with the UNIX domain socket then output. When using syslog of the local host, in many cases this is effective.
['stream', 'FILE_PATH']
specify FILE_PATH
as log file. Using this form, specify Reference to array in Perl.
It's NOT effective on Mac OS X 10.4.8.
'inet'
Connect to syslog with the INET socket then output by tcp and udp. First, clamav-update try to connect by 'tcp'
described follow lines. If failed it, try by 'udp'
.
'tcp'
Connect to syslog on the host named syslog
or syslogng
host with tcp socket then output.
'udp'
Connect to syslog on the host named syslog
or syslogng
host with udp socket then output.
'console'
output to console.
\*STDERR
$Setting{logging}->{setlogmask}
specify log level to output. clamav-update output in more higher level. If you use syslog, note that syslog's configuration may limit log level.
following values are available.
'emerg'
Emergency level: output when panic error is happened.
'alert'
Alert level: output when an error that administrator should manage quickly is happened.
'crit'
Critical level: output when an critical error is happened.
'err'
Error level: output when any error is happened.
'warning'
Warning level: output when any error may be happened.
'notice'
notice level: output if administrator may need to manage
'info'
info level: output infomation.
'debug'
debug level: for maintenance or debugging
'warning'
$Setting{logging}->{openlog}
Category of modifying clamav-update's logging. It's effective if $Setting{logging}->{setlogsock}
is NOT GLOB. It specify "how" to log in syslog. This is only category, so $Setting{logging}->{openlog}
has no value.
$Setting{logging}->{openlog}->{ident}
specify string added each messages in log as identifier. Generally any other program may log message in syslog . So identification string is needed.
'clamav-update'
$Setting{logging}->{openlog}->{logopt}
specify several syslog
output options with Perl reference to array form. Following elements of array are available.
cons
When clamav-update cannot pass the message to syslogd
, write it in "/dev/console
".
ndelay
No Delay. clamav-update immediately connect to syslogd
if it specified.
perror
Use syslog
and print standard error.
In my Manual of Sys::Syslog
, this is not documented. But this described in C Language interface manual of syslog
.
pid
add process ID to each message. It is useful if 2 or more clamav-update.pl
are running at the same time.
nowait
In my manual of Sys::Syslog
, only this name is described. Reading source code of Sys::Syslog
, it is not to wait and do next operation before console output finishing, but actually it seems not used.
you can connect these elements to make Perl reference to array. For example, ['pid', 'cons']
or [qw(pid cons)]
[]
$Setting{logging}->{openlog}->{facility}
specify types of messages. following value is available.
'auth'
for authentication system, like a login
, su
or getty
'authpriv'
similar to 'auth'
except outputting to write inhibit file.
'console'
output to /dev/console
by using kernel's output.
'cron'
for cron daemon. like cron
'daemon'
for system daemon, like a routed
. It does not mean that output of other specialized daemon specify this implicitly.
'ftp'
for file transfer protocol daemon , like a ftpd
or tftpd
.
'kern'
for kernel. It can not use for user process.
'lpr'
for line printer spool system, like a lpr
, lpc
or lpd
'mail'
for mail system.
'news'
for network news system.
'security'
for security subsystem,
like a ipfw
'syslog'
syslogd use internally.
'user'
for arbitrary user process
'uucp'
for UUCP system.
'local0'
'local1'
'local2'
'local3'
'local4'
'local5'
'local6'
'local7'
use by your system's own way. default of ClamAV is 'local6'
.
'local6'
$Setting{environment}
Category of configuration of environment variables. This is only category so $Setting{environment}
has no value. If your need, arbitrary environment can be set by $Setting{environment}->{Name of Environment Variables} = 'Its Value';
. It may be useful for PATH, http_proxy or ftp_proxy.
$Setting{environment}->{PATH}
Specify command search path. This value is important for security. Because commands described by relative path are searched from directory list of environment variable PATH
. If clamav-update has contaminated environment variable PATH
, perhaps some evil crack command are executed.
'/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/clamXav/bin'
$Setting{version}
Category of getting version of clamav and comparison. This is only category, so $Setting{version}
has no values.
$Setting{version}->{latest}
Category of getting latest version of clamav. This is only category, so $Setting{version}->{latest}
has no values.
$Setting{version}->{latest}->{command}
specify a command to get latest version info of clamav. 3 forms are available: strings, Perl reference to arrays and Perl reference to function are supported.
If the command is given by strings and Perl reference to array form, Perl's open
function receive it, then its standard out by pipe is treated as version info which include version strings. If the command is given by Perl reference to function, its returned value is treated as version info.
those version info is not need to be version strings. clamav-update can version strings from version info by the regular explanation specified by $Setting{version}->{latest}->{regexp}
.
[qw(host -t txt current.cvd.clamav.net)]
$Setting{version}->{latest}->{regexp}
a Perl regular expression to get latest version strings from version info that got by command specified by $Setting{version}->{latest}->{command}
. Pattern matching string to $1
is treated as version string.
qr/"(\d+(?:\.\d+)*):\d+:\d+:\d+:[^"]*"\s*$/
$Setting{version}->{current}
Category of getting current version of clamav. This is only category, so $Setting{version}->{current}
has no values.
$Setting{version}->{current}->{command}
specify a command to get current version info of clamav. 3 forms are available: strings, Perl reference to arrays, and Perl reference to function are supported.
If the command is given by strings and Perl reference to array form, Perl's open
function receive it, then its standard out by pipe is treated as version info which include version strings. If the command is given by Perl reference to function, its returned value is treated as version info.
those version info is not need to be the same as version strings. clamav-update can get version strings from version info by the regular explanation specified by $Setting{version}->{current}->{regexp}
.
[qw(clamav-config --version)]
$Setting{version}->{current}->{regexp}
a Perl regular expression to get current version strings from version info that got by command specified by $Setting{version}->{current}->{command}
. Pattern matching string to $1
is treated as version string.
qr/^(\d+(?:\.\d+)*)\s*$/
$Setting{version}->{compare}
specify Perl reference to function so that compare latest version string and current version string.
This function must has 2 version strings as arguments. and return negative integer if 1st argument is less version and 0 if 1st and 2nd version are the same and positive integer if 1st argument is higher version.
sub {
my ($a, $b) = @_;
my @a = reverse(split(/\./, $a));
my @b = reverse(split(/\./, $b));
while (0 < scalar(@a) and 0 < scalar(@b)) {
$a = pop @a;
$b = pop @b;
return -1 if ($a < $b);
return 1 if ($a > $b);
}
return 1 if (0 < scalar(@a));
return -1 if (0 < scalar(@b));
return 0;
}
$Setting{option}
Category of clamav-update's options that you can change value by command line. This is only category, so $Setting{option}
has no values. All directives in this category are treat as default value and those are used if no relevant options are given.
All directives in this category -- Undocumented directives and your handmade directives -- are also changeable temporary by command line. This function is only available in clamav-update version 2.2 or higher.
$Setting{option}->{src}
Specify url URL of mirror/official site that some software downloading from.
For downloading ClamAV, following 15 values are available.
'http://jaist.dl.sourceforge.net/sourceforge/clamav'
'http://nchc.dl.sourceforge.net/sourceforge/clamav'
'http://optusnet.dl.sourceforge.net/sourceforge/clamav'
'http://surfnet.dl.sourceforge.net/sourceforge/clamav'
'http://belnet.dl.sourceforge.net/sourceforge/clamav'
'http://heanet.dl.sourceforge.net/sourceforge/clamav'
'http://mesh.dl.sourceforge.net/sourceforge/clamav'
'http://kent.dl.sourceforge.net/sourceforge/clamav'
'http://switch.dl.sourceforge.net/sourceforge/clamav'
'http://ovh.dl.sourceforge.net/sourceforge/clamav'
'http://superb-east.dl.sourceforge.net/sourceforge/clamav'
'http://umn.dl.sourceforge.net/sourceforge/clamav'
'http://easynews.dl.sourceforge.net/sourceforge/clamav'
'http://superb-west.dl.sourceforge.net/sourceforge/clamav'
'http://ufpr.dl.sourceforge.net/sourceforge/clamav'
For clamav-update, following 3 URLs are available.
'http://osdn.dl.sourceforge.jp/clamav-update'
'http://keihanna.dl.sourceforge.jp/clamav-update'
'http://qgpop.dl.sourceforge.jp/clamav-update'
Those values are not directly used by clamav-update.pl . Those are used only when it download archives. See detail in %Phase
.
'http://jaist.dl.sourceforge.net/sourceforge/clamav'
$Setting{option}->{dst}
A temporary directory saving downloaded archive and being used as working directory. Default value is several alphanumeric string under system temporary directory. clamav-update make this directory before it download archive, and remove after it finish.
Those values are not directly used by clamav-update.pl . Those are used only when it download archives. See detail in %Phase
.
tempdir(CLEANUP => 1)
$Setting{option}->{name}
Specify a name of package
Those values are not directly used by clamav-update.pl . Those are used only when it download archives. See detail in %Phase
.
clamav
$Setting{option}->{ext}
Specify suffix of the archive
Those values are not directly used by clamav-update.pl . Those are used only when it download archives. See detail in %Phase
.
$Setting{option}->{force}
Specify to force to install if this value is non-nil for Perl. In this case, local version strings are treats as empty string. We assume that $Setting{version}->{compare}
return negative integer.
Perl treat Empty string "", integer 0, real number 0.0, undefined value(undef
) and array with size 0 as nil. Others are treated as no-nil.
0
$Setting{option}->{limit}
Category for update limitation by version. This is category, so $Setting{option}->{limit}
don't have value.
Several abilities and configurations in this category are available for clamav-update version 2.1 or higher
$Setting{option}->{limit}->{version}
This is the limit lowest version number for clamav-update. clamav-update don't update software if its latest version is equal to limit lowest version or higher version.
If you specify undef
, ignore limitation for update software.
undef
$Setting{option}->{limit}->{action}
Specify action when clamav-update stop updating by version limit. you can specify Perl key of %Phase. Practically you would specify action by $Setting{phase}->{specifier}. It is useful to send notice e-mail or something to do notice administrator.
If you specify undef
, clamav-update don't any special things. But clamav-update put log with warning
level. This behavior is value independent.
undef
$Setting{phase}
If a version of the software in mirror is newer than local one, in other words, comparison function defined by ($Setting{version}->{compare}
return negative integer, clamav-update execute several commands. We call it "phase". This is category for phase. so $Setting{phase}
don't have any value.
$Setting{phase}->{sequence}
Specify phase names and its order to execute with Perl reference to array format.
Phase name is a key of Perl hash %Phase
. You had better use strings to output on some log files.
[qw(download extract build install)]
$Setting{phase}->{specifier}
Specify definition of details of each phase as Perl reference to function. This functions are executed with no arguments after version check. If one of those function return nil, it means failure, clamav-update.pl stop all execution.
This function must make several Perl's hash %Phase
completely. We explain a detail of %Phase
in later.
follow built-in phase definition function is available.
PhaseSpecifier4General
We assume that installing the software distributed by source archives for UNIX-like OS has follow steps.
download, extract, build, install
URL of downloading/package name-latest version strings.suffix of archive
gzip
-compressed tar
archive
Package_name-latest_version_string
./configure
make
make install
curl
, and tar
commands (with z option) are available on your system.
PhaseSpecifier4ClamAV4ClamXav
Phase definition of clamav for ClamXav (Mac OS X). We explain only difference this and PhaseSpecifier4General
.
./configure --prefix=/usr/local/clamXav
make
make install
install -d -o root -g admin -m 0775 /usr/local/clamXav
chown -R root:admin /usr/local/clamXav/etc
find /usr/local/clamXav/etc -type d -exec chmod 0775 {} \;
find /usr/local/clamXav/etc -type f -exec chmod 0664 {} \;
chown -R root:admin /usr/local/clamXav/bin
chmod -R 0755 /usr/local/clamXav/bin
chown clamav /usr/local/clamXav/bin/freshclam
chmod u+s /usr/local/clamXav/bin/freshclam
chown -R clamav:clamav /usr/local/clamXav/share/clamav
find /usr/local/clamXav/share/clamav -type d -exec chmod 0775 {} \;
find /usr/local/clamXav/share/clamav -type f -exec chmod 0664 {} \;
touch /usr/local/clamXav/share/clamav/freshclam.log
chmod 0664 /usr/local/clamXav/share/clamav/freshclam.log
/usr/local/clamXav/etc/
, /usr/local/clamXav/bin/
, /usr/local/clamXav/share/clamav/
. In this case, directories under /usr/local/clamXav/etc/
, /usr/local/clamXav/bin/
or /usr/local/cla,mXav/share/clamav/
are countable.
PhaseSpecifier4PkgOnDmg
We assume that installing the software distribution by disk imaged pkg archive for Mac OS X has follow steps.
URL of downloading/package name-latest version strings.suffix of archive
dmg
). When you mount that disk image, it turn into new pkg directory (it treats as file by Finder) package name-version string .
package name-version string.pkg
exist.
hdiutil
, installer
are available on your system.
PhaseSpecifier4ClamavUpdate4ClamXav
Phase for clamav-update for ClamXav. Following points are only different from this and PhaseSpecifier4General
.
download, extract, install
URL of downloading/release ID/package name-latest version strings.suffix of archive
install -Cbp -o root -g admin -m 0755 clamav-update.pl /usr/local/clamXav/bin/clamav-update.pl
install -Cbp -o root -g admin -m 0664 clamav-update-update.conf /usr/local/clamXav/etc/clamav-update-update.conf
PhaseSpecifier4ClamavUpdate
phase definition of clamav-update in case of installing by Install script ./instal.sh
WITHOUT --prefix
option or WITH -prefix=/usr/local
option. This is similar to case of PhaseSpecifier4ClamavUpdate4ClamXav
. But following points are different.
install -bp -o root -g root -m 0755 clamav-update.pl /usr/local/bin/clamav-update.pl
install -bp -o root -g root -m 0664 clamav-update-update.conf /usr/local/etc/clamav-update-update.conf
NOTE: Some Perl variables are already defined, and you can use some Perl variables: Latest Version String, Current Version String variables. And also you can specify Perl's hash %Setting
. Additionally Perl functions defined in clamav-update.pl
are available. Following variables may be useful.
$LatestVersion
$CurrentVersion
Log $level, $format, @args
$Setting{logging}->{setlogmask}
. $format is a format string of Perl function printf
. @args are arguments of that function.
DoCommand $commandLine
DoCommand $command, @args
system
function with log output.
ReadCommandResult $commandLine
ReadCommandResult $command, @args
DoCommand
but this return value that standard output strings of that system function. If it fails, this returns undef
.
If you want to see some samples of Phase definition functions in order to write them, we recommend you to read built-in functions written in clamav-update.pl
.
\&PhaseSpecifier4ClamAV4ClamXav
Hash of Perl %Phase
defines phases as follow:
(
phase name => {
workdir => /path/to/working/directory,
method => [
command,
...
],
rollback => [
command,
...
],
},
...
)
We explain about phase name
, specifying working directory
and commands
phase name
s, being a Perl key of Hash %Phase
, are listed in $Setting{phase}->{sequence}
and/or specified in $Setting{opion}->{limit}->{action}
. Invalid variables are ignored. They have no effect on others, so you can change them by Perl function specified in $Setting{phase}->{specifier}
. But we recommend another variables for simplicity and future extensions.
We recommend ASCII strings as pahse name
s. Because it's used as strings for log messages. And if those are Perl's identifiers, you can write as $Phase{phase name}
. Not $Phase{'phase name'}
Each phase name
's value is corresponding to Perl reference to hash.
You can specify working directory by undef
, strings and reference to function.
undef
means that not specifying. if you specify undef
, you must specify commands in that phase are executed with assumption that current directory is a system/execution dependent.
If you specify strings, those strings must be exist directory. And that directory is current directory when those command are executed. If strings is Null, in other word empty string, or not exist one, clamav-update detect an error and that phase is treated as failed.
If you specify reference to function, strings that the function without arguments return must be exist directory. And that directory is current directory when those commands are executed, If that function return undef
or null string or un-exist directory clamav-update detect an error and that phase of treated as failed. Those command values are evaluated when that executed, so variables and functions specified/defined in $Setting{phase}->{specifier}
, and defined variables in previous phase are available.
You'd better use absolute path not relative for strings or return value of specified reference of function. Generally you cannot assume current directory when clamav-update.pl
is executed. It is NOT secure. If you use relative path, those command in some phase may be different from what you mean. Perhaps, some attacker put on evil one. ( It maybe be malicious)
2 kind of command array are available. Those are method
and rollback
. clamav-update execute commands specified bymethod
for each phase. If an error is detected in some phase, it execute commands specified by rollback
. So commands of rollback
are not executed usually. Commands are done by in order by specified. If a command in array is failed , the command array is treated as an error.
You can specified strings, reference to array, and to function as a command.
Strings and references to array are treated as arguments of Perl system
function, clamav-update execute system function. References to function are executed without arguments. In system function case, if that status is not 0, then that command is treated as error. In the other, that function return not true, that command is treats as error.
Those command values are evaluated when that executed, so variables and functions specified/defined in $Setting{phase}->{specifier}
, and defined variables in previous phase are available.