-
Notifications
You must be signed in to change notification settings - Fork 1
/
anti-malware
executable file
·61 lines (48 loc) · 1.57 KB
/
anti-malware
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
# MCSS Fedora Version 1.1
# Set SERVER to 1 if this is running on a server. If running on a server,
# the following actions are not executed automatically:
#
# - Notification is not sent to all users or added to the /etc/bashrc file.
#
# It is expected that servers will be monitored more closely.
SERVER=0
LOG=/var/log/anti-malware.log
ROOT=/root/mcss
EXCLUSIONS=$ROOT/malware-exclude
EXCLUDE=""
DATE=`date`
# Make sure clamscan is not still running from a previous invocation.
if pgrep clamscan &>/dev/null; then
echo "$DATE: Found previous clamscan run still active." >>$LOG
exit 1
fi
if [ -f $EXCLUSIONS ]; then
for e in `sed 's/#.*$//' $EXCLUSIONS`; do
if [ -d "$e" ]; then
EXCLUDE="--exclude-dir=$e $EXCLUDE"
else
EXCLUDE="--exclude=$e $EXCLUDE"
fi
done
fi
echo $DATE >>$LOG
clamscan -l $LOG -r -i $EXCLUDE / &>/dev/null
if [ $? -eq 1 ] && [ $SERVER -eq 0 ]; then
if ! egrep '^echo -e "ANTI-MALWARE:' /etc/bashrc &>/dev/null; then
cat >>/etc/bashrc <<EOF
echo -e "ANTI-MALWARE: The anti-malware script found viruses.\n\nCheck the $LOG file.\n\nOnce investigated, remove this message by deleting this echo line from\n/etc/bashrc (should be near the end).\n"
EOF
fi
cat <<EOF >/tmp/notify-message.$$
The anti-malware script found viruses.
Check the $LOG file.
Once investigated, remove this message by deleting this echo line from
/etc/bashrc (should be near the end).
EOF
if [ $SERVER -eq 0 ]; then
wall </tmp/notify-message.$$
fi
rm -f /tmp/notify-message.$$
fi
echo >>$LOG