Posts Tagged ‘clamav’

a nagios plugin to monitor clamav status

Tuesday, April 12th, 2011

To monitor if a clam-av program on my mailserver is up to date, I set up the following trick.

first: I redirected on a file the freshclam output:

# 6 hours period virus definition update
7 1,7,13,19 * * * /usr/local/bin/freshclam > /var/log/clamav/freshcron.latest 2>&1

In case of out of date version, my file should looks like

# cat /var/log/clamav/freshcron.latest
ClamAV update process started at Wed Feb  9 07:07:01 2011
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96.5 Recommended version: 0.97
DON’T PANIC! Read http://www.clamav.net/support/faq
Connecting via …… etc.

otherwise no line starting with the word worning in uppercase or the string recommended is present.
Second step: a script called by SNMP has set on my mailserver by adding the following line to /etc/snmp/snmpd.conf:

exec ClamVrfy /bin/sh /usr/lib/nagios/plugins/clamd_check.sh

the script source is

#!/bin/sh
PROCRUNNING=`ps -C clamd | wc -l`
VERSIONUPD=`grep Recommended /var/log/clamav/freshcron.latest`
echo $PROCRUNNING \”$VERSIONUPD\”

Third step: congiguration of my nagios setup adding

define command {
command_name  check_update_clamd
command_line  /usr/lib/nagios/plugins/check_clam_update $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$
}

to command definitions, and

define service{
use                             generic-service

host_name                       mymailserver
service_description             CLAM-AV DEFS UPDATE
is_volatile                     0
check_period                    24×7
max_check_attempts              3
normal_check_interval           5
retry_check_interval            1
contact_groups                  admins
notification_interval           240
notification_period             24×7
notification_options            c,r
check_command                   check_update_clamd!public!2!5
process_perf_data               1
}

to services.
My plugin script is:

# cat /usr/lib/nagios/plugins/check_clam_update
#!/bin/bash

# Input parameters
HOSTNAME=$1
COMMUNITY=$2
MYVALWARN=$3
MYVALCRIT=$4

# Return Values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″

checkdata () {
VAL=`echo $2 | wc | awk ‘{print $2}’`
if [ $VAL -eq 0 ]; then
echo $1 is not set
exit $RET_UNKN
fi
}

# MAIN
checkdata “HOSTNAME” $HOSTNAME
checkdata “COMMUNITY” $COMMUNITY

STR=`/usr/bin/snmpget -v 2c -c $COMMUNITY $HOSTNAME .1.3.6.1.4.1.2021.8.1.101.3 | sed -e “s/.*STRING: //”`

if [ “$STR” -ge “$MYVALCRIT” ]; then
echo “Clamd Antivirus Definition DB is Out of Date”
exit $RET_CRIT
else
if [ “$STR” -ge “$MYVALWARN” ]; then
echo “Clamd Antivirus Definition DB is Quite Old”
exit $RET_WARN
else
echo “Clamd Antivirus Definition DB is Up to Date”
exit $RET_OK
fi
fi

 

compiling clam-av 0.96.3 in an old linux system

Wednesday, September 22nd, 2010

If for some reason You are trying to compile clamav-0.96.3 in an old linux system (e.g. a Debian sarge with a 3.3.5 gcc version) You will get a “compiler too old” error.
I know it is a kludge, but it’s possible to ent the compilation process in two steps.
first, opet the ./clamav-0.96.3/libclamav/c++/configure file and disable the line

as_fn_error “C++ compiler too old (${gxx_version})” “$LINENO” 5

e.g. writing [02].*) instead of [023].*) in the previous line.
second, run the main ./configure script disabling llvm.

./configure –disable-llvm

Then run make and make install as usual.

virus filtering on courier-mta

Monday, March 23rd, 2009

A simple way to add virus filtering on a mail server running courier-mta.

  1. install clamav , a good free virus scanner.
    You may download it following this link: http://www.clamav.net/download/sources
    Follow instructions in the downloaded package for a correct install, usually  You need only to create clamav user, clamav group, then
    mkdir /var/lib/clamav (or whatever is set as clamav home dir in /etc/passwd)
    chown clamav:clamav /var/lib/clamav
    open clamav package, cd clamav package
    ./configure
    make
    make install
  2. install python-dev package (apt-get install python-dev)
  3. install pyClamd
    wget http://xael.org/norman/python/pyclamd/pyclamd.py
    cp pyclamd.py /usr/lib/python2.3/site-packages/
  4. install courier pythonfilter
    Standard installation steps are:
    python setup.py install
    mkdir /var/lib/pythonfilter
    chown daemon:daemon /var/lib/pythonfilter
    ln -s /usr/bin/pythonfilter /usr/lib/courier/filters
    filterctl start pythonfilter