#!/usr/bin/env bash
# onx-clamav-whitelist-write — imza-adı whitelist'ini /var/lib/clamav/onox-local.ign2'e yaz + clamd reload.
# input: {signatures: ["Sig.Name", ...]}  (boş liste → dosyayı sil)
source "$(dirname "$0")/_lib/common.sh"
require_root
require_cmd jq
onx_json_input
DBDIR="/var/lib/clamav"
IGN="$DBDIR/onox-local.ign2"
COUNT="$(jq -r '(.signatures // []) | length' <<<"$INPUT" 2>/dev/null || echo 0)"
if [[ "${COUNT:-0}" -gt 0 ]]; then
    # .ign2 formatı: her satır = imza adı (clamd o imzayı görmezden gelir). Atomik yaz (temp+mv).
    TMP_IGN="$(mktemp -p "$DBDIR" .onox-ign2.XXXXXX)"
    jq -r '.signatures[]' <<<"$INPUT" > "$TMP_IGN" || { rm -f "$TMP_IGN"; onx_die 3 "invalid signatures"; }
    chmod 644 "$TMP_IGN"
    mv -f "$TMP_IGN" "$IGN"
else
    rm -f "$IGN"
fi
command -v clamdscan &>/dev/null && clamdscan --reload &>/dev/null || true
systemctl reload clamav-daemon &>/dev/null || systemctl reload clamd@scan &>/dev/null || true
onx_json_out ok true count "${COUNT:-0}"
