From: liamfallon Date: Mon, 13 May 2019 10:22:01 +0000 (+0100) Subject: Add install script for clamav scans X-Git-Url: https://gerrit.nordix.org/gitweb?a=commitdiff_plain;h=8d81b3eb80e7c2d8117f1e4dd5de05a0251c38f5;p=infra%2Ftools.git Add install script for clamav scans Change-Id: I5f3039e4eacdc4eaa2f5c0d60f8be8498e5bbe60 Signed-off-by: liamfallon --- diff --git a/clamav/etc/clamav/clamscan_excludes.conf b/clamav/etc/clamav/clamscan_excludes.conf index 236c43b..f62cc49 100644 --- a/clamav/etc/clamav/clamscan_excludes.conf +++ b/clamav/etc/clamav/clamscan_excludes.conf @@ -16,17 +16,18 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# This file is sourced as a shell script -# It's only purpose is to exclude user defined -# file types and directories from the clamscan -# process triggered by -# /etc/cron.daily/clamav +# This file is executed by the /etc/cron/daily/clamav shell script +# It is used to exclude specified file types and directories from the virus scan. # -# FINDFILEFILTER. This parameter should be defined as an array of "find" file filter arguments -# See "man find" for help on file filters for the "find" command +# FIND_FILE_FILTER_ARRAY: +# This parameter should be defined as an array of "find" file filter arguments, useful +# for specifying file types that should be ignored +# See "man find" for help on file filters for the "find" command # -# FINDPRUNEFILTER. This parameter should be defined as an array of "find" path prune filter arguments -# See "man find" for help on pruning paths for the "find" command +# FIND_PRUNE_FILTER_ARRAY: +# This parameter should be defined as an array of "find" path prune filter arguments, useful +# for specifying directory trees that should be ignored +# See "man find" for help on pruning paths for the "find" command # # EXAMPLES: # FIND_FILE_FILTER_ARRAY=(! -iname '*.vdi' ! -iname '*.mp4' ! -name 'Hello World*') diff --git a/clamav/etc/cron.daily/clamav b/clamav/etc/cron.daily/clamav index 2ac26f8..2106235 100755 --- a/clamav/etc/cron.daily/clamav +++ b/clamav/etc/cron.daily/clamav @@ -52,6 +52,7 @@ if [ ! -f /var/lib/clamav/daily.cld -o ! -x /usr/bin/clamscan -o ! -d /var/log/c then echo "$DATE: clamav is not installed or is incorrectly installed." >> $ERRORLOG notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical "clamav: software not installed correctly" + chmod a+r $ERRORLOG exit 1 fi @@ -59,6 +60,7 @@ fi if [ ! -f $SCANEXC ] then echo "$DATE: File $SCANEXC does not exist." >> $ERRORLOG + chmod a+r $ERRORLOG notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical "clamav: File $SCANEXC not found" exit 2 fi @@ -66,14 +68,11 @@ fi # Read and set up the path and file excludes . $SCANEXC >/dev/null 2>&1 -# File permissions for file creations -umask 0027 - # Create the scan log file if it doesn't exist if [ -f $SCANLOG ] then # Compress the previous scan log - TIMESTAMP=`date +"%s"` + TIMESTAMP=`date +"%Y-%m-%d_%T"` gzip -9 -c $SCANLOG > ${SCANLOG}-${TIMESTAMP}.gz else touch -t 000001010000 $SCANLOG @@ -90,11 +89,12 @@ rm $SCANLOG mkdir -p $SCANQNT ionice -c 3 nice /usr/bin/clamscan --file-list=$SCANFIL --log=$SCANLOG --infected --copy=$SCANQNT >/dev/null 2>&1 -DATE=`date -u` echo "Finish time: $DATE" >> $SCANLOG +chmod a+r $SCANLOG + # Check if any viruses were found -INFECTED_FILE_COUNT=`grep '^Infected files: ' /var/log/clamav/scan.log | sed 's/^Infected files: //'` +INFECTED_FILE_COUNT=`grep '^Infected files: ' /var/log/clamav/scan.log | sed 's/^Infected files: //'` if [ "$INFECTED_FILE_COUNT" -gt "0" ] then notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical "clamav: $INFECTED_FILE_COUNT infected files found" "see $SCANLOG for details" @@ -102,4 +102,5 @@ then fi rm -f $SCANFIL + exit 0 diff --git a/clamav/install.sh b/clamav/install.sh new file mode 100755 index 0000000..a620d3b --- /dev/null +++ b/clamav/install.sh @@ -0,0 +1,9 @@ +#! /bin/bash + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi + +cp etc/cron.daily/clamav /etc/cron.daily +cp etc/clamav/clamscan_excludes.conf /etc/clamav