2017-02-22 05:26:20 +08:00
|
|
|
#!/bin/bash
|
2017-05-17 13:48:48 +08:00
|
|
|
|
2017-07-05 00:05:44 +08:00
|
|
|
if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
2017-10-15 05:25:29 +08:00
|
|
|
echo "SKIP_CLAMD=y, skipping ClamAV..."
|
|
|
|
sleep 365d
|
|
|
|
exit 0
|
2017-07-05 00:05:44 +08:00
|
|
|
fi
|
|
|
|
|
2019-09-24 22:39:39 +08:00
|
|
|
# Cleaning up garbage
|
|
|
|
echo "Cleaning up tmp files..."
|
|
|
|
rm -rf /var/lib/clamav/clamav-*.tmp
|
|
|
|
|
2018-10-27 19:25:05 +08:00
|
|
|
# Prepare whitelist
|
2019-02-23 17:34:16 +08:00
|
|
|
|
|
|
|
mkdir -p /run/clamav /var/lib/clamav
|
|
|
|
|
2018-10-27 19:25:05 +08:00
|
|
|
if [[ -s /etc/clamav/whitelist.ign2 ]]; then
|
2019-02-23 17:27:13 +08:00
|
|
|
echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
|
2018-10-27 19:25:05 +08:00
|
|
|
cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
|
|
|
|
fi
|
2019-12-14 21:59:31 +08:00
|
|
|
|
2018-10-27 19:25:05 +08:00
|
|
|
if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
|
2019-02-23 17:27:13 +08:00
|
|
|
echo "Creating /var/lib/clamav/whitelist.ign2"
|
2019-12-14 21:59:31 +08:00
|
|
|
cat <<EOF > /var/lib/clamav/whitelist.ign2
|
|
|
|
# Please restart ClamAV after changing signatures
|
|
|
|
Example-Signature.Ignore-1
|
|
|
|
PUA.Pdf.Trojan.EmbeddedJavaScript-1
|
|
|
|
EOF
|
2018-10-27 19:25:05 +08:00
|
|
|
fi
|
2019-02-23 17:27:13 +08:00
|
|
|
|
|
|
|
chown clamav:clamav -R /var/lib/clamav /run/clamav
|
|
|
|
|
|
|
|
chmod 755 /var/lib/clamav
|
|
|
|
chmod 644 -R /var/lib/clamav/*
|
2019-01-16 17:50:34 +08:00
|
|
|
chmod 750 /run/clamav
|
2018-10-27 19:25:05 +08:00
|
|
|
|
2019-02-23 17:34:16 +08:00
|
|
|
stat /var/lib/clamav/whitelist.ign2
|
2018-08-06 04:35:02 +08:00
|
|
|
dos2unix /var/lib/clamav/whitelist.ign2
|
|
|
|
sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
|
|
|
|
|
2017-10-15 05:25:29 +08:00
|
|
|
BACKGROUND_TASKS=()
|
|
|
|
|
2019-10-23 03:30:45 +08:00
|
|
|
echo "Running freshclam..."
|
|
|
|
freshclam
|
|
|
|
|
2018-04-26 18:36:13 +08:00
|
|
|
(
|
|
|
|
while true; do
|
2019-10-22 19:50:03 +08:00
|
|
|
sleep 12600
|
2019-10-23 03:30:45 +08:00
|
|
|
freshclam
|
2018-04-26 18:36:13 +08:00
|
|
|
done
|
|
|
|
) &
|
2017-10-15 05:25:29 +08:00
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
2019-01-08 19:54:33 +08:00
|
|
|
(
|
|
|
|
while true; do
|
2019-10-22 19:50:03 +08:00
|
|
|
sleep 10m
|
2019-01-08 19:54:33 +08:00
|
|
|
SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
|
|
|
|
for sane_mirror in ${SANE_MIRRORS}; do
|
2019-06-16 23:37:25 +08:00
|
|
|
CE=
|
2019-02-23 17:27:13 +08:00
|
|
|
rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
|
2019-01-08 19:54:33 +08:00
|
|
|
--include 'blurl.ndb' \
|
|
|
|
--include 'junk.ndb' \
|
|
|
|
--include 'jurlbl.ndb' \
|
2019-01-17 06:41:27 +08:00
|
|
|
--include 'jurbla.ndb' \
|
|
|
|
--include 'phishtank.ndb' \
|
2019-01-08 19:54:33 +08:00
|
|
|
--include 'phish.ndb' \
|
2019-01-17 06:41:27 +08:00
|
|
|
--include 'spamimg.hdb' \
|
|
|
|
--include 'scam.ndb' \
|
|
|
|
--include 'rogue.hdb' \
|
|
|
|
--include 'sanesecurity.ftm' \
|
|
|
|
--include 'sigwhitelist.ign2' \
|
2019-01-08 19:54:33 +08:00
|
|
|
--exclude='*' /var/lib/clamav/
|
2019-06-30 05:27:20 +08:00
|
|
|
CE=$?
|
2019-07-03 16:46:30 +08:00
|
|
|
chmod 755 /var/lib/clamav/
|
2019-06-16 23:37:25 +08:00
|
|
|
if [ ${CE} -eq 0 ]; then
|
2019-10-22 19:50:03 +08:00
|
|
|
while [ ! -z "$(pidof freshclam)" ]; do
|
|
|
|
echo "Freshclam is active, waiting..."
|
|
|
|
sleep 5
|
|
|
|
done
|
|
|
|
echo RELOAD | nc clamd-mailcow 3310
|
2019-01-08 19:54:33 +08:00
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
2019-10-22 19:50:03 +08:00
|
|
|
sleep 12h
|
2019-01-08 19:54:33 +08:00
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
2019-01-14 06:03:07 +08:00
|
|
|
nice -n10 clamd &
|
2017-10-15 05:25:29 +08:00
|
|
|
BACKGROUND_TASKS+=($!)
|
2017-02-22 05:26:20 +08:00
|
|
|
|
2017-10-15 05:25:29 +08:00
|
|
|
while true; do
|
|
|
|
for bg_task in ${BACKGROUND_TASKS[*]}; do
|
|
|
|
if ! kill -0 ${bg_task} 1>&2; then
|
|
|
|
echo "Worker ${bg_task} died, stopping container waiting for respawn..."
|
|
|
|
kill -TERM 1
|
|
|
|
fi
|
|
|
|
sleep 10
|
|
|
|
done
|
|
|
|
done
|