#!/bin/bash
###########################
## Malware Patrol Block List updater, see http://www.malwarepatrol.net/
## This updater lets you change the score (was 3.5, is now 2.0).
## The description was the malware link (danger!), now it goes to explanation.
## GNU tools are required: shell needs $RANDOM, sed needs -r, diff needs -q
## sa-malware 0.3 Copyright (C) 2008-9 by Adam Katz <scriptsATkhopiscom>, AGPLv3
###########################
#### This program is free software: you can redistribute it and/or modify
#### it under the terms of the GNU Affero General Public License as
#### published by the Free Software Foundation, either version 3 of the
#### License, or (at your option) any later version.
#### 
#### This program is distributed in the hope that it will be useful,
#### but WITHOUT ANY WARRANTY; without even the implied warranty of
#### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#### GNU Affero General Public License at <http://www.gnu.org/licenses>.
###########################

SCORE="2.0"	# default is 3.5, which I consider too high

CONF_FILE="${1:-/etc/spamassassin/10_MBL.cf}"

if ! [ -c "`tty`" ]; then # if run without a tty, hold off for a bit
  if [ "$((`date +%k`%2))" -gt 0 ] 2>/dev/null; then exit 0; fi # skip even hrs
  sleep $(($RANDOM%1800+900))  # wait for random time between 15 and 45 minutes
fi

TMP=`tempfile 2>/dev/null || mktemp 2>/dev/null || echo /tmp/tmp.sam$$`
trap "rm -f $TMP $TMP.$$" 0 1 15  # remove TMP file on exit

(
echo "#	This was tweaked after download, see /etc/cron.hourly/sa-malware"
echo "#	Fetched at:   `TZ=UTC date +'%Y%m%d%H%M%S %Z'`"

#wget -q -O - "http://www.malwarepatrol.net/cgi/submit?action=list_sa" \
#  |sed -re "s/^(\s*score\s+MBL_[0-9]+\s*[^0-9])[0-9.]+$/\1$SCORE/" \

# All tests now fit into a giant meta rule (only one scan per msg) like JM's
# sought ruleset, http://taint.org/2007/08/15/004348a.html
wget -q -O - "http://www.malwarepatrol.net/cgi/submit?action=list_sa" \
  |sed -re '/^\s*(#|((raw)?body|header|uri)\sMBL)/!d' \
        -e "s/^(\s*body\s+)(MBL_[0-9].*)/\1__\2/" \
  |tee $TMP.$$
  printf "\n meta MALWARE_BL ("
  egrep -o '__MBL_[0-9]+' $TMP.$$ |uniq |perl -pne 'chomp; s/$/ \|\| /' \
    |sed 's/ || $//'
  echo ")"
  echo " describe MALWARE_BL		Malware Patrol Block List (MBL)"
  echo " score MALWARE_BL		$SCORE"
)  > $TMP

if diff -q $TMP $CONF_FILE >/dev/null 2>&1; then exit; fi # no changes -> exit

# no data or failed install of new data -> exit
# add "$?" to end of next line to be notified if download or install failed
[ -s $TMP ] && cp $TMP $CONF_FILE 2>/dev/null || exit

chmod 644 $CONF_FILE

# You may have a different method required for restarting SpamAssassin...
/etc/init.d/spamassassin reload >/dev/null 2>&1