From 283675d3a88ece6bbed890b0f3e344124a14d1a6 Mon Sep 17 00:00:00 2001
From: Liam Fallon <liam.fallon@est.tech>
Date: Fri, 25 Jan 2019 15:51:15 +0000
Subject: [PATCH] clamav daily scan

This review introduces two files for carrying out daily scans
using clamav. The first scan does a full svan, following that,
incremental scans are done.

Change-Id: I4af6be559954cde38fca091fbe7dd8c4f55e2b33
Signed-off-by: Liam Fallon <liam.fallon@est.tech>
---
 clamav/etc/clamav/clamscan_excludes.conf |  36 ++++++++
 clamav/etc/cron.daily/clamav             | 105 +++++++++++++++++++++++
 2 files changed, 141 insertions(+)
 create mode 100644 clamav/etc/clamav/clamscan_excludes.conf
 create mode 100755 clamav/etc/cron.daily/clamav

diff --git a/clamav/etc/clamav/clamscan_excludes.conf b/clamav/etc/clamav/clamscan_excludes.conf
new file mode 100644
index 0000000..236c43b
--- /dev/null
+++ b/clamav/etc/clamav/clamscan_excludes.conf
@@ -0,0 +1,36 @@
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# This file is sourced as a shell script
+# It's only purpose is to exclude user defined
+# file types and directories from the clamscan
+# process triggered by
+# /etc/cron.daily/clamav
+#
+# FINDFILEFILTER. This parameter should be defined as an array of "find" file filter arguments
+#                 See "man find" for help on file filters for the "find" command
+#
+# FINDPRUNEFILTER.  This parameter should be defined as an array of "find" path prune filter arguments
+#                   See "man find" for help on pruning paths for the "find" command
+#
+# EXAMPLES:
+# FIND_FILE_FILTER_ARRAY=(! -iname '*.vdi' ! -iname '*.mp4' ! -name 'Hello World*')
+# FIND_PRUNE_FILTER_ARRAY="/proc|/run|/home/user/VirtualBox VMs"
+
+FIND_FILE_FILTER_ARRAY=(! -iname '*.vdi' ! -name '*.iso')
+FIND_PRUNE_FILTER_ARRAY=(\( -path /proc -o -path /run -o -path /dev -o -path /sys \) -prune -o)
diff --git a/clamav/etc/cron.daily/clamav b/clamav/etc/cron.daily/clamav
new file mode 100755
index 0000000..2ac26f8
--- /dev/null
+++ b/clamav/etc/cron.daily/clamav
@@ -0,0 +1,105 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#
+# This script runs a virus scan on a Linux client using clamav. It is stored in
+# /etc/cron.daily so that it does a scan daily. Once an initial scan is
+# performed, the script only scans changed files. Files and directories can be
+# excluded by updating the etc/clamav/clamscan_excludes.conf file.
+#
+
+# Use notify-send to put a message on the user's display
+function notify-send-user() {
+    #Detect the name of the display in use
+    local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
+
+    #Detect the user using such display
+    local user=$(who | grep '('$display')' | awk '{print $1}')
+
+    #Detect the id of the user
+    local uid=$(id -u $user)
+
+    sudo -u $user DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus notify-send "$@"
+}
+
+# Set the various configuration variables for the script
+SCANLOG="/var/log/clamav/scan.log"
+ERRORLOG="/var/log/clamav/error.log"
+SCANEXC="/etc/clamav/clamscan_excludes.conf"
+SCANQNT="/var/.quatrantine"
+
+# Check if clamav is installed
+DATE=`date -u`
+
+if [ ! -f /var/lib/clamav/daily.cld -o ! -x /usr/bin/clamscan -o ! -d /var/log/clamav ]
+then
+  echo "$DATE: clamav is not installed or is incorrectly installed." >> $ERRORLOG
+  notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical  "clamav: software not installed correctly"
+  exit 1
+fi
+
+# Check if the excludes file exists
+if [ ! -f $SCANEXC ]
+then
+  echo "$DATE: File $SCANEXC does not exist." >> $ERRORLOG
+  notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical  "clamav: File $SCANEXC not found"
+  exit 2
+fi
+
+# Read and set up the path and file excludes
+. $SCANEXC >/dev/null 2>&1
+
+# File permissions for file creations
+umask 0027
+
+# Create the scan log file if it doesn't exist
+if [ -f $SCANLOG ]
+then
+  # Compress the previous scan log
+  TIMESTAMP=`date +"%s"`
+  gzip -9 -c $SCANLOG > ${SCANLOG}-${TIMESTAMP}.gz
+else
+  touch -t 000001010000 $SCANLOG
+fi
+
+# Find the files that should be scanned in this scan
+SCANFIL=`mktemp "/tmp/clamscan_files.XXXXXX"`
+ionice -c 3 nice find / "${FIND_PRUNE_FILTER_ARRAY[@]}" -newer ${SCANLOG} -type f "${FIND_FILE_FILTER_ARRAY[@]}" >> $SCANFIL
+
+# Clear the daa for the previous scan
+rm $SCANLOG
+
+# Run the scan
+mkdir -p $SCANQNT
+ionice -c 3 nice /usr/bin/clamscan --file-list=$SCANFIL --log=$SCANLOG --infected --copy=$SCANQNT >/dev/null 2>&1
+
+DATE=`date -u`
+echo "Finish time: $DATE" >> $SCANLOG
+
+# Check if any viruses were found
+INFECTED_FILE_COUNT=`grep '^Infected files: '  /var/log/clamav/scan.log | sed 's/^Infected files: //'`
+if [ "$INFECTED_FILE_COUNT" -gt "0" ]
+then
+  notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical  "clamav: $INFECTED_FILE_COUNT infected files found" "see $SCANLOG for details"
+  exit 3
+fi
+
+rm -f $SCANFIL
+exit 0
-- 
2.25.1