From 82758a5303b5d89d551280d9019c99aad2e4d195 Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 11 May 2018 02:50:52 -0400 Subject: [PATCH] Improve the malware scanner and enable by default --- Scripts/Common/Functions.sh | 30 +++++++++++++++++++++++++++--- Scripts/LineageOS-14.1/00init.sh | 3 ++- Scripts/LineageOS-15.1/00init.sh | 3 ++- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index a7250934..3a162d85 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -48,20 +48,44 @@ gitReset() { export -f gitReset; scanForMalware() { +#This isn't perfect, but if it ever catches something be happy that it exists +#Speed Goals (on a standard 7200 RPM drive): +# - quick: < 10 mins +# - extra: < 30 mins +# - slow: < 1 hour +#TODO: Scan more of /frameworks and /packages if [ -x /usr/bin/clamscan ] && [ -f /var/lib/clamav/main.cvd ]; then echo -e "\e[0;32mStarting a malware scan, this might take a while...\e[0m"; - scanQueue="$base/build $base/device $base/vendor"; - #scanQueue=$scanQueue" $base/prebuilts $base/sdk $base/toolchain $base/tools"; + $excludes="--exclude-dir=\".git\" --exclude-dir=\".repo\""; + scanQueue="$base/android $base/art $base/bionic $base/bootable $base/build $base/compatibility $base/dalvik $base/device $base/hardware $base/libcore $base/libnativehelper $base/lineage-sdk $base/pdk $base/platform_testing $base/sdk"; #top-level directories + scanQueue=$scanQueue" $base/frameworks/av $base/frameworks/native $base/packages/inputmethods $base/vendor/lineage"; + if [ "$MALWARE_SCAN_SETTING" != "quick" ] || [ "$MALWARE_SCAN_SETTING" = "extra" ]; then + scanQueue=$scanQueue" $base/packages $base/vendor"; + fi; + if [ "$MALWARE_SCAN_SETTING" = "slow" ]; then + scanQueue=$scanQueue"$base/external $base/frameworks $base/prebuilts $base/system $base/toolchain $base/tools"; + fi; + if [ "$MALWARE_SCAN_SETTING" = "full" ]; then + scanQueue="$base"; + fi; du -hsc $scanQueue; - /usr/bin/clamscan --recursive --detect-pua --infected --exclude-dir=".git" $scanQueue; + /usr/bin/clamscan --recursive --detect-pua --infected $excludes $scanQueue; clamscanExit=$?; if [ "$clamscanExit" -eq "1" ]; then echo -e "\e[0;31m----------------------------------------------------------------\e[0m"; echo -e "\e[0;31mWARNING: MALWARE WAS FOUND! PLEASE INVESTIGATE!\e[0m"; echo -e "\e[0;31m----------------------------------------------------------------\e[0m"; + sleep 60; fi; if [ "$clamscanExit" -eq "0" ]; then echo -e "\e[0;32mNo malware found\e[0m"; + sleep 15; + fi; + if [ "$clamscanExit" -eq "2" ]; then + echo -e "\e[0;33m----------------------------------------------------------------\e[0m"; + echo -e "\e[0;33mWARNING: AN ERROR OCCURED. PLEASE INVESTIGATE!\e[0m"; + echo -e "\e[0;33m----------------------------------------------------------------\e[0m"; + sleep 60; fi; else echo -e "\e[0;33mWARNING: clamscan is unavailable, a malware scan will not be performed!\e[0m"; diff --git a/Scripts/LineageOS-14.1/00init.sh b/Scripts/LineageOS-14.1/00init.sh index 0c9ab497..e89a5826 100644 --- a/Scripts/LineageOS-14.1/00init.sh +++ b/Scripts/LineageOS-14.1/00init.sh @@ -45,7 +45,8 @@ export GRADLE_OPTS="-Xmx2048m"; export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches -export MALWARE_SCAN_ON_PATCH=false; #Switch to true to perform a malware scan of certain directories before patching +export MALWARE_SCAN_ON_PATCH=true; #Switch to true to perform a malware scan of certain directories before patching +export MALWARE_SCAN_SETTING="quick"; #Options are quick, extra, slow, full source $scriptsCommon"/Functions.sh"; source $scripts"/Functions.sh"; diff --git a/Scripts/LineageOS-15.1/00init.sh b/Scripts/LineageOS-15.1/00init.sh index 55751f38..26e3054c 100644 --- a/Scripts/LineageOS-15.1/00init.sh +++ b/Scripts/LineageOS-15.1/00init.sh @@ -45,7 +45,8 @@ export GRADLE_OPTS="-Xmx2048m"; export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches -export MALWARE_SCAN_ON_PATCH=false; #Switch to true to perform a malware scan of certain directories before patching +export MALWARE_SCAN_ON_PATCH=true; #Switch to true to perform a malware scan of certain directories before patching +export MALWARE_SCAN_SETTING="quick"; #Options are quick, extra, slow, full source $scriptsCommon"/Functions.sh"; source $scripts"/Functions.sh";