Возможно поможет кому-то. Разместив в кроне, можно забыть о ручном обновлении,
скрипт проверит базы, при необходимости загрузит и соберет обновленную
версию и обновит демоны.
#!/bin/bash
#
# ClamAV auto update routine
#
# Define system variables
#
DESTPATH="/usr/src"
TOREPORT="root"
OK="Ok"
NO="Failed"
echo >> /var/log/`basename $0`.log
#
# Functions library: logger stores all the events in a log file,
# reporter emails error events to admin
#
function logger () {
if [ "$1" != "n" ]; then
DATA="$1"
CMD=""
else
DATA=`date +"%b %d %H:%M:%S $2"`
CMD="-ne"
fi
echo $CMD "$DATA" >> /var/log/`basename $0`.log
}
function reporter () {
echo "Error $1 in `basename $0`" | mail -s "`basename $0` reporting error" $TOREPORT
quit
}
#
# Check for presence of a link to internet, need to prevent dns errors reporting by syslogd
#
logger n "Check for link to clamav.net: "
IPADDR=`host clamav.net | grep address | cut -d " " -f 4`
if [ "$IPADDR" != "" ]; then
#
# Check availability of the node
#
PINGER=`ping -c 1 $IPADDR | grep received | cut -d " " -f 4`
if [ $PINGER == 1 ]; then
logger "$OK"
else
logger "$NO"
reporter 1
fi
else
logger "$NO"
reporter 2
fi
#
# Run database updater:
#
VERSION=`freshclam | grep "WARNING: Local" | cut -d " " -f 7`
#
# If warning message present, check for presence of tarball
#
if [ "$VERSION" != "" ]; then
logger n "Checking presence of tarball: "
if [ ! -e $DESTPATH/clamav-$VERSION.tar.gz ]; then
logger "$NO"
logger n "Fetching mirrors list: "
#
# No tarball found, start fetching subroutine
# First of all, get the mirrors list
#
MIRROR=( $(wget -q http://prdownloads.sourceforge.net/clamav/clamav-$VERSION.tar.gz?download \
-O /dev/stdout | grep "use_mirror" | cut -d "=" -f 3 | sed -r "s/<[^>]*>//g" | cut -d "\"" -f 1))
if [ $? != 0 ]; then
logger "$NO"
reporter 3
else
logger "${#MIRROR[@]} nodes available"
fi
#
# To prevent overloading of the first node in a mirrors list, select random from the list
#
NODE=$RANDOM
let "NODE %= ${#MIRROR[@]}"
logger n "Downloading v$VERSION from ${MIRROR[$NODE]} ($NODE): "
wget -q -c -t 5
http://${MIRROR[$NODE]}.dl.sourceforge.net/sourceforge/clamav/clamav-$VERSION.tar.gz \
-O $DESTPATH/clamav-$VERSION.tar.gz >/dev/null 2>&1
if [ $? != 0 ]; then
logger "$NO"
reporter 4
else
logger "$OK"
fi
else
logger "$OK"
fi
#
# Now tarball must be present, and we have to check it's condition
#
logger n "Checking tarball condition: "
gzip -l $DESTPATH/clamav-$VERSION.tar.gz > /dev/null 2>&1
if [ $? != 0 ]; then
logger "$NO"
#
# If we got an error message in checking of a tarball,
# erase it, and next time try to download fresh one
#
rm -f $DESTPATH/clamav-$VERSION.tar.gz
reporter 5
else
logger "$OK"
cd $DESTPATH/
logger n "Unpacking: "
#
# Ok, gzip reported that's tarball is ok, now unpacking it
#
tar -xzf clamav-$VERSION.tar.gz >/dev/null 2>&1
if [ $? != 0 ]; then
logger "$NO"
reporter 6
else
logger "$OK"
fi
logger n "Configuring: "
cd $DESTPATH/clamav-$VERSION
#
# Below are standard procedures of configuring, assembling and installing of the package
#
./configure > /dev/null 2>&1
if [ $? != 0 ]; then
logger "$NO"
reporter 7
else
logger "$OK"
fi
logger n "Compiling: "
make > /dev/null
if [ $? != 0 ]; then
logger "$NO"
reporter 8
else
logger "$OK"
fi
logger n "Installing: "
make install > /dev/null 2>&1
if [ $? != 0 ]; then
logger "$NO"
reporter 9
else
logger "$OK"
fi
logger n "Check old daemon: "
#
# Now we have to swap old smtpd daemon to new
# If old daemon is preset - kill'em
#
PID=`ps -eo pid,comm | grep clamd | sed -r "s/^\ //" | cut -d " " -f 1`
if [ "$PID" != "" ]; then
logger "$OK"
logger n "Killing old daemon ($PID): "
kill -9 $PID
if [ $? != 0 ]; then
logger "$NO"
reporter 10
else
logger "$OK"
fi
else
logger "$NO"
fi
logger n "Starting new daemon: "
#
# Now memory is clear from old daemon and we're running the new one
#
/usr/local/sbin/clamd & > /dev/null 2>&1
if [ $? != 0 ]; then
logger "$NO"
reporter 11
else
logger "$OK"
fi
#
# Arter all of these, we have to run database updater again
#
logger n "Checking for newer database: "
freshclam > /dev/null 2>&1
if [ $? != 1 ]; then
logger "$NO"
reporter 12
else
logger "$OK"
fi
#
# At this stage, we have new antivirus installed, databases are up to date
# and ready to protect our system
#
fi
else
logger n "ClamAV is up to date"
logger ""
fi
#
# I did not find any benefits to run freshclam in a daemon mode using switch -d.
# Running once for a 4, 6 or whatever hours, it takes system resources for 24 hours, 7 days
# I think better is to use this script and run it with cron daemon (crontab) as
a foreground process
# within the same time range
#
# Dima.
|
