#!/bin/sh #+ # NAME: # sophos_sweep # PURPOSE: # Script to update Sophos engine and IDE files and run sweep. # CALLING SEQUENCE: # sophos_sweep # INPUTS: # email_recipients list of email addressed to which # the result of the virus sweep is emailed # server name of Sophos server # user user name on Sophos server # password password on Sophos server # These last three are passed to sophos_update # If no server is specified then the update is # skipped. Username and password can also be # specified through $HOME/.netrc # CALLS: # sophos_update # RESTRICTIONS: # > Can only be run on the root account # > /etc/sav.conf MUST exist # > The SAV virus data directory specified in sav.conf MUST exist. # PROCEDURE: # Configuration file /etc/sav.conf contains: # SAV virus data directory = /usr/local/sav # This is stored in local symbol SAV_DIR. # Note that this directory should match the cache directory # in eminstall.conf (see href=sophos_update=) # MODIFICATION HISTORY: # Original written by Paul Yeatman, Oct. 26, 2004 # NOV-2005, Paul Hick (UCSD/CASS) # Modified for use on SMEI subnet. #- MYNAME=$(basename $0) echo_msg() { echo $MYNAME, $* echo $MYNAME, $* | mail -s "$MYNAME failed" $USER return } # Script to update sophos # Sanity checks if [ "$USER" != "root" ]; then echo_msg "run from root account only. Aborting !!!" exit 0 fi # $SAV_CONF contains the local installation directory of Sophos SAV_CONF=/etc/sav.conf # Sophos configuration file if [ ! -f $SAV_CONF ]; then echo_msg "$SAV_CONF not found. Aborting !!!" exit 0 fi SAV_DIR=$(grep "SAV virus data directory" $SAV_CONF | gawk '{print $6}') if [ ! -d "$SAV_DIR" ]; then echo_msg "$SAV_DIR does not exist. Aborting !!!" exit 0 fi EMAIL_RECIPIENTS="$1" SOP_SERVER="$2" SOP_SERVER_USER="$3" SOP_SERVER_PASSWORD="$4" UPDATE_EXEC=$(which sophos_update 2> /dev/null) SWEEP_EXEC=$SAV_DIR/sweep SWEEP_EXEC_OLD=$HOME/sweep.old SWEEP_LOGDIR=/var/log/sophos # log filename for this script SWEEP_LOG=$SWEEP_LOGDIR/sweep SWEEP_OPTIONS="-p=$SWEEP_LOG -nc -nb -di --stay-on-filesystem --stop-scan --no-reset-atime -mime -oe -tnef" SWEEP_TARGET_DIRS="/home /var /root /tmp" # Create directory $SWEEP_LOGDIR if it does not exist yet. if [ ! -e $SWEEP_LOGDIR ]; then mkdir $SWEEP_LOGDIR fi # Check whether there already is a sweep executable. # If it exists and works, than save it as sweep.old if [ -f "$SWEEP_EXEC" ]; then $SWEEP_EXEC -v 2>&1 > /dev/null if [ $? == 0 ]; then mv -vf $SWEEP_EXEC $SWEEP_EXEC_OLD else echo $MYNAME, remove corrupt old executable $SWEEP_EXEC rm -vf $SWEEP_EXEC fi else echo $MYNAME, no old executable $SWEEP_EXEC fi # Update the Sophos engine and virus data base. This may also # update the sweep executable in $SAV_DIR. if [ -n "$UPDATE_EXEC" ]; then echo $MYNAME, updating Sophos ... $UPDATE_EXEC $SOP_SERVER $SOP_SERVER_USER $SOP_SERVER_PASSWORD else echo $MYNAME, $UPDATE_EXEC not found. Skipping Sophos update !!! fi # If the new sweep executable exists, but doesn't work then remove it. if [ -f "$SWEEP_EXEC" ]; then $SWEEP_EXEC -v 2>&1 > /dev/null if [ $? != 0 ]; then echo $MYNAME, remove corrupt new executable $SWEEP_EXEC rm -vf $SWEEP_EXEC else echo $MYNAME, new executable $SWEEP_EXEC fi else echo $MYNAME, no new executable $SWEEP_EXEC fi if [ -f "$SWEEP_EXEC" ]; then # New sweep executable works. Remove the old one. if [ -f "$SWEEP_EXEC_OLD" ]; then rm -vf $SWEEP_EXEC_OLD fi else # New sweep executable not present, because it was not downloaded # from the Sophos server, or because it was corrupt and deleted. # If there also was no old sweep executable, abort. if [ ! -f "$SWEEP_EXEC_OLD" ]; then echo_msg "$SWEEP_EXEC does not exist. Aborting !!!" exit 0 fi # Use the old sweep executable mv -vf $SWEEP_EXEC_OLD $SWEEP_EXEC fi # Run sweep . . . nicely echo $MYNAME, running $SWEEP_EXEC ... if [ -e $SWEEP_LOG ]; then rm -f $SWEEP_LOG fi nice $SWEEP_EXEC $SWEEP_OPTIONS $SWEEP_TARGET_DIRS # Send an alert to $EMAIL_RECIPIENTS if [ -n "$EMAIL_RECIPIENTS" ]; then if [ -f $SWEEP_LOG ]; then grep -q "No viruses were discovered." $SWEEP_LOG if [ $? == 0 ]; then message="No viruses discovered ($HOSTNAME:$SWEEP_LOG)" else message="Viruses found?? Check $HOSTNAME:$SWEEP_LOG for details" fi else message "$SWEEP_LOG not found" fi echo "$MYNAME, $message" | mail -s "from $MYNAME on $USER@$HOSTNAME" $EMAIL_RECIPIENTS fi exit 0