From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tim FitzGeorge To: development@lists.ipfire.org Subject: [PATCH 12/12] statusmail: Plugin for clamav Date: Fri, 05 Apr 2019 18:29:40 +0100 Message-ID: <20190405172940.13168-13-ipfr@tfitzgeorge.me.uk> In-Reply-To: <20190405172940.13168-1-ipfr@tfitzgeorge.me.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6460886431729680323==" List-Id: --===============6460886431729680323== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Tim FitzGeorge --- config/rootfiles/packages/clamav | 1 + lfs/clamav | 2 +- lfs/statusmail | 2 +- src/statusmail/plugins/services_clamav.pm | 170 ++++++++++++++++++++++++++++= ++ 4 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 src/statusmail/plugins/services_clamav.pm diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/cla= mav index 9d6d68647..d4fc283a7 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -49,3 +49,4 @@ var/ipfire/clamav/freshclam.conf.sample var/lib/clamav etc/rc.d/init.d/clamav usr/local/bin/clamavctrl +usr/lib/statusmail/plugins/services_clamav.pm diff --git a/lfs/clamav b/lfs/clamav index 640691408..e4270799d 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D clamav -PAK_VER =3D 44 +PAK_VER =3D 45 =20 DEPS =3D "" =20 diff --git a/lfs/statusmail b/lfs/statusmail index c57c3adab..c448a92af 100644 --- a/lfs/statusmail +++ b/lfs/statusmail @@ -64,7 +64,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 0644 $(DIR_APP)/statusmail/plugins/system_status_services.pm = /usr/lib/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_urlfilter.pm /usr= /lib/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_intrusion_prevent= ion_system.pm /usr/lib/statusmail/plugins/ -# install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/l= ib/statusmail/plugins/ + install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/li= b/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_ups_apc.pm /usr/l= ib/statusmail/plugins/ =20 @rm -rf $(DIR_APP) diff --git a/src/statusmail/plugins/services_clamav.pm b/src/statusmail/plugi= ns/services_clamav.pm new file mode 100644 index 000000000..ff4af766c --- /dev/null +++ b/src/statusmail/plugins/services_clamav.pm @@ -0,0 +1,170 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +require "${General::swroot}/lang.pl"; + +use strict; +use warnings; + +package Services_Calmav; + +use Time::Local; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' =3D> 'services-clamav-alerts', + 'section' =3D> $Lang::tr{'services'}, + 'subsection' =3D> 'Clam AV', + 'item' =3D> $Lang::tr{'statusmail ids alerts'}= ,, + 'function' =3D> \&alerts ); + + main::add_mail_item( 'ident' =3D> 'services-clamav-updates', + 'section' =3D> $Lang::tr{'services'}, + 'subsection' =3D> 'Clam AV', + 'item' =3D> $Lang::tr{'updates'}, + 'function' =3D> \&updates ); +} + +############################################################################ +# Functions +############################################################################ + +sub get_log( $ ); + +#---------------------------------------------------------------------------= --- +# sub get_log( this ) +# +# Gets relevant information from the system log and caches it. +# +# Parameters: +# this message object +# +# Returns: +# reference to hash of wanted information +#---------------------------------------------------------------------------= --- + +sub get_log( $ ) +{ + my ($this) =3D @_; + + my $data =3D $this->cache( 'services-clamav' ); + return $data if (defined $data); + + my %info; + my $line; + + while ($line =3D $this->get_message_log_line) + { + next unless ($line); + next unless ($line =3D~ m/clamd\[.*\]:|freshclam\[.*\]:/); + + my ($time, $message) =3D $line =3D~ m/\w+\s+(\d+\s+\d+:\d+:\d+).*(?:clam= d\[.*\]:|freshclam\[.*\]:) (.*)/; + + if ($message =3D~ m/^.+?: (.*?) FOUND/i) + { + $info{viruses}{$1}++; + } + elsif ($message =3D~ m/^Database correctly reloaded \((\d+) (?:signature= s|viruses)\)/i) + { + $info{rules} =3D $1; + $info{updates}++; + } + } + + $this->cache( 'services-clamav', \%info ); + + return \%info; +} + +#---------------------------------------------------------------------------= --- +# sub alerts( this, min_count ) +# +# Outputs information on detected viruses etc. +# +# Parameters: +# this message object +# min_count only output information if it occurs at least this many times. +#---------------------------------------------------------------------------= --- + +sub alerts( $$ ) +{ + my ($self, $min_count) =3D @_; + my @table; + + use Sort::Naturally; + + push @table, [ $Lang::tr{'statusmail ids alert'}, $Lang::tr{'count'} ]; + + my $info =3D get_log( $self ); + + foreach my $virus ( sort { $$info{viruses}{$b} <=3D> $$info{viruses}{$a} |= | $a cmp $b} keys %{ $$info{viruses} } ) + { + push @table, [ $virus, $$info{viruses}{$virus} ]; + } + + if (@table > 1) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + +#---------------------------------------------------------------------------= --- +# sub updates( this ) +# +# Output information on ClamAV rule updates. +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + + +sub updates( $ ) +{ + my ($self) =3D @_; + my @table; + + my $info =3D get_log( $self ); + + if (exists $$info{rules}) + { + $self->add_text( "$Lang::tr{'installed updates'} $$info{updates}\n" ); + $self->add_text( "$Lang::tr{'statusmail signatures'} $$info{rules}\n" ); + + return 1; + } + + return 0; +} + +1; --=20 2.16.4 --===============6460886431729680323==--