From patchwork Sat Apr 6 04:29:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim FitzGeorge X-Patchwork-Id: 2183 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id C8F34861F37 for ; Fri, 5 Apr 2019 18:31:25 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44bRgd24g1z5Lcxx; Fri, 5 Apr 2019 18:31:25 +0100 (BST) Received: from smtp.hosts.co.uk (smtp.hosts.co.uk [85.233.160.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 44bRgG6rrQz5Lcy8 for ; Fri, 5 Apr 2019 18:31:06 +0100 (BST) Received: from [31.127.205.161] (helo=aragorn.tfitzgeorge.me.uk) by smtp.hosts.co.uk with esmtpa (Exim) (envelope-from ) id 1hCSgD-0000Ix-5V; Fri, 05 Apr 2019 18:31:06 +0100 From: Tim FitzGeorge To: development@lists.ipfire.org Subject: [PATCH 12/12] statusmail: Plugin for clamav Date: Fri, 5 Apr 2019 18:29:40 +0100 Message-Id: <20190405172940.13168-13-ipfr@tfitzgeorge.me.uk> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20190405172940.13168-1-ipfr@tfitzgeorge.me.uk> References: <20190405172940.13168-1-ipfr@tfitzgeorge.me.uk> X-Spamd-Result: default: False [-13.17 / 11.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[161.205.127.31.zen.spamhaus.org : 127.0.0.11]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:85.233.160.19]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; REPLY(-4.00)[]; DMARC_NA(0.00)[tfitzgeorge.me.uk]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mx1.ukservers.net]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-2.99)[-0.996,0]; IP_SCORE(-3.77)[ip: (-9.91), ipnet: 85.233.160.0/19(-4.96), asn: 8622(-3.96), country: GB(-0.04)]; RCVD_IN_DNSWL_LOW(-0.10)[19.160.233.85.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8622, ipnet:85.233.160.0/19, country:GB]; RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-3.00)[100.00%]; FROM_EQ_ENVFROM(0.00)[] Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of ipfr@tfitzgeorge.me.uk designates 85.233.160.19 as permitted sender) smtp.mailfrom=ipfr@tfitzgeorge.me.uk X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Tim FitzGeorge --- config/rootfiles/packages/clamav | 1 + lfs/clamav | 2 +- lfs/statusmail | 2 +- src/statusmail/plugins/services_clamav.pm | 170 ++++++++++++++++++++++++++++++ 4 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 src/statusmail/plugins/services_clamav.pm diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 9d6d68647..d4fc283a7 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -49,3 +49,4 @@ var/ipfire/clamav/freshclam.conf.sample var/lib/clamav etc/rc.d/init.d/clamav usr/local/bin/clamavctrl +usr/lib/statusmail/plugins/services_clamav.pm diff --git a/lfs/clamav b/lfs/clamav index 640691408..e4270799d 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 44 +PAK_VER = 45 DEPS = "" diff --git a/lfs/statusmail b/lfs/statusmail index c57c3adab..c448a92af 100644 --- a/lfs/statusmail +++ b/lfs/statusmail @@ -64,7 +64,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 0644 $(DIR_APP)/statusmail/plugins/system_status_services.pm /usr/lib/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_urlfilter.pm /usr/lib/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_intrusion_prevention_system.pm /usr/lib/statusmail/plugins/ -# install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/lib/statusmail/plugins/ + install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_clamav.pm /usr/lib/statusmail/plugins/ install -v -m 0644 $(DIR_APP)/statusmail/plugins/services_ups_apc.pm /usr/lib/statusmail/plugins/ @rm -rf $(DIR_APP) diff --git a/src/statusmail/plugins/services_clamav.pm b/src/statusmail/plugins/services_clamav.pm new file mode 100644 index 000000000..ff4af766c --- /dev/null +++ b/src/statusmail/plugins/services_clamav.pm @@ -0,0 +1,170 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +require "${General::swroot}/lang.pl"; + +use strict; +use warnings; + +package Services_Calmav; + +use Time::Local; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' => 'services-clamav-alerts', + 'section' => $Lang::tr{'services'}, + 'subsection' => 'Clam AV', + 'item' => $Lang::tr{'statusmail ids alerts'},, + 'function' => \&alerts ); + + main::add_mail_item( 'ident' => 'services-clamav-updates', + 'section' => $Lang::tr{'services'}, + 'subsection' => 'Clam AV', + 'item' => $Lang::tr{'updates'}, + 'function' => \&updates ); +} + +############################################################################ +# Functions +############################################################################ + +sub get_log( $ ); + +#------------------------------------------------------------------------------ +# sub get_log( this ) +# +# Gets relevant information from the system log and caches it. +# +# Parameters: +# this message object +# +# Returns: +# reference to hash of wanted information +#------------------------------------------------------------------------------ + +sub get_log( $ ) +{ + my ($this) = @_; + + my $data = $this->cache( 'services-clamav' ); + return $data if (defined $data); + + my %info; + my $line; + + while ($line = $this->get_message_log_line) + { + next unless ($line); + next unless ($line =~ m/clamd\[.*\]:|freshclam\[.*\]:/); + + my ($time, $message) = $line =~ m/\w+\s+(\d+\s+\d+:\d+:\d+).*(?:clamd\[.*\]:|freshclam\[.*\]:) (.*)/; + + if ($message =~ m/^.+?: (.*?) FOUND/i) + { + $info{viruses}{$1}++; + } + elsif ($message =~ m/^Database correctly reloaded \((\d+) (?:signatures|viruses)\)/i) + { + $info{rules} = $1; + $info{updates}++; + } + } + + $this->cache( 'services-clamav', \%info ); + + return \%info; +} + +#------------------------------------------------------------------------------ +# sub alerts( this, min_count ) +# +# Outputs information on detected viruses etc. +# +# Parameters: +# this message object +# min_count only output information if it occurs at least this many times. +#------------------------------------------------------------------------------ + +sub alerts( $$ ) +{ + my ($self, $min_count) = @_; + my @table; + + use Sort::Naturally; + + push @table, [ $Lang::tr{'statusmail ids alert'}, $Lang::tr{'count'} ]; + + my $info = get_log( $self ); + + foreach my $virus ( sort { $$info{viruses}{$b} <=> $$info{viruses}{$a} || $a cmp $b} keys %{ $$info{viruses} } ) + { + push @table, [ $virus, $$info{viruses}{$virus} ]; + } + + if (@table > 1) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + +#------------------------------------------------------------------------------ +# sub updates( this ) +# +# Output information on ClamAV rule updates. +# +# Parameters: +# this message object +#------------------------------------------------------------------------------ + + +sub updates( $ ) +{ + my ($self) = @_; + my @table; + + my $info = get_log( $self ); + + if (exists $$info{rules}) + { + $self->add_text( "$Lang::tr{'installed updates'} $$info{updates}\n" ); + $self->add_text( "$Lang::tr{'statusmail signatures'} $$info{rules}\n" ); + + return 1; + } + + return 0; +} + +1;