[PATCH 12/12] statusmail: Plugin for clamav

5 Apr 2019

Signed-off-by: Tim FitzGeorge ipfr@tfitzgeorge.me.uk
---
 config/rootfiles/packages/clamav          |   1 +
 lfs/clamav                                |   2 +-
 lfs/statusmail                            |   2 +-
 src/statusmail/plugins/services_clamav.pm | 170 ++++++++++++++++++++++++++++++
 4 files changed, 173 insertions(+), 2 deletions(-)
 create mode 100644 src/statusmail/plugins/services_clamav.pm

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 9d6d68647..d4fc283a7 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -49,3 +49,4 @@ var/ipfire/clamav/freshclam.conf.sample
 var/lib/clamav
 etc/rc.d/init.d/clamav
 usr/local/bin/clamavctrl
+usr/lib/statusmail/plugins/services_clamav.pm
diff --git a/lfs/clamav b/lfs/clamav
index 640691408..e4270799d 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 44
+PAK_VER    = 45
DEPS       = ""
diff --git a/lfs/statusmail b/lfs/statusmail
index c57c3adab..c448a92af 100644
--- a/lfs/statusmail
+++ b/lfs/statusmail
@@ -64,7 +64,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    install -v -m 0644 $(DIR_APP)/statusmail/plugins/system_status_services.pm /usr/lib/statusmail/plugins/
    install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_urlfilter.pm /usr/lib/statusmail/plugins/
    install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_intrusion_prevention_system.pm /usr/lib/statusmail/plugins/
-#	install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/lib/statusmail/plugins/
+	install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/lib/statusmail/plugins/
    install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_ups_apc.pm /usr/lib/statusmail/plugins/
@rm -rf $(DIR_APP)
diff --git a/src/statusmail/plugins/services_clamav.pm b/src/statusmail/plugins/services_clamav.pm
new file mode 100644
index 000000000..ff4af766c
--- /dev/null
+++ b/src/statusmail/plugins/services_clamav.pm
@@ -0,0 +1,170 @@
+#!/usr/bin/perl
+
+############################################################################
+#                                                                          #
+# Send log and status emails for IPFire                                    #
+#                                                                          #
+# This is free software; you can redistribute it and/or modify             #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# This is distributed in the hope that it will be useful,                  #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2018 - 2019 The IPFire Team                                #
+#                                                                          #
+############################################################################
+
+require "${General::swroot}/lang.pl";
+
+use strict;
+use warnings;
+
+package Services_Calmav;
+
+use Time::Local;
+
+############################################################################
+# BEGIN Block
+#
+# Register the log items available in this file
+############################################################################
+
+sub BEGIN
+{
+  main::add_mail_item( 'ident'      => 'services-clamav-alerts',
+                        'section'    => $Lang::tr{'services'},
+                        'subsection' => 'Clam AV',
+                        'item'       => $Lang::tr{'statusmail ids alerts'},,
+                        'function'   => &alerts );
+
+  main::add_mail_item( 'ident'      => 'services-clamav-updates',
+                        'section'    => $Lang::tr{'services'},
+                        'subsection' => 'Clam AV',
+                        'item'       => $Lang::tr{'updates'},
+                        'function'   => &updates );
+}
+
+############################################################################
+# Functions
+############################################################################
+
+sub get_log( $ );
+
+#------------------------------------------------------------------------------
+# sub get_log( this )
+#
+# Gets relevant information from the system log and caches it.
+#
+# Parameters:
+#   this  message object
+#
+# Returns:
+#   reference to hash of wanted information
+#------------------------------------------------------------------------------
+
+sub get_log( $ )
+{
+  my ($this) = @_;
+
+  my $data = $this->cache( 'services-clamav' );
+  return $data if (defined $data);
+
+  my %info;
+  my $line;
+
+  while ($line = $this->get_message_log_line)
+  {
+    next unless ($line);
+    next unless ($line =~ m/clamd[.*]:|freshclam[.*]:/);
+
+    my ($time, $message) = $line =~ m/\w+\s+(\d+\s+\d+:\d+:\d+).*(?:clamd[.*]:|freshclam[.*]:) (.*)/;
+
+    if ($message =~ m/^.+?: (.*?) FOUND/i)
+    {
+      $info{viruses}{$1}++;
+    }
+    elsif ($message =~ m/^Database correctly reloaded ((\d+) (?:signatures|viruses))/i)
+    {
+      $info{rules} = $1;
+      $info{updates}++;
+    }
+  }
+
+  $this->cache( 'services-clamav', %info );
+
+  return %info;
+}
+
+#------------------------------------------------------------------------------
+# sub alerts( this, min_count )
+#
+# Outputs information on detected viruses etc.
+#
+# Parameters:
+#   this       message object
+#   min_count  only output information if it occurs at least this many times.
+#------------------------------------------------------------------------------
+
+sub alerts( $$ )
+{
+  my ($self, $min_count) = @_;
+  my @table;
+
+  use Sort::Naturally;
+
+  push @table, [ $Lang::tr{'statusmail ids alert'}, $Lang::tr{'count'} ];
+
+  my $info = get_log( $self );
+
+  foreach my $virus ( sort { $$info{viruses}{$b} <=> $$info{viruses}{$a} || $a cmp $b} keys %{ $$info{viruses} } )
+  {
+    push @table, [ $virus, $$info{viruses}{$virus} ];
+  }
+
+  if (@table > 1)
+  {
+    $self->add_table( @table );
+
+    return 1;
+  }
+
+  return 0;
+}
+
+#------------------------------------------------------------------------------
+# sub updates( this )
+#
+# Output information on ClamAV rule updates.
+#
+# Parameters:
+#   this       message object
+#------------------------------------------------------------------------------
+
+
+sub updates( $ )
+{
+  my ($self) = @_;
+  my @table;
+
+  my $info = get_log( $self );
+
+  if (exists $$info{rules})
+  {
+    $self->add_text( "$Lang::tr{'installed updates'} $$info{updates}\n" );
+    $self->add_text( "$Lang::tr{'statusmail signatures'} $$info{rules}\n" );
+
+    return 1;
+  }
+
+  return 0;
+}
+
+1;
-- 
2.16.4


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[PATCH 12/12] statusmail: Plugin for clamav