To monitor if a clam-av program on my mailserver is up to date, I set up the following trick.
first: I redirected on a file the freshclam output:
# 6 hours period virus definition update
7 1,7,13,19 * * * /usr/local/bin/freshclam > /var/log/clamav/freshcron.latest 2>&1
In case of out of date version, my file should looks like
# cat /var/log/clamav/freshcron.latest
ClamAV update process started at Wed Feb 9 07:07:01 2011
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96.5 Recommended version: 0.97
DON’T PANIC! Read http://www.clamav.net/support/faq
Connecting via …… etc.
otherwise no line starting with the word worning in uppercase or the string recommended is present.
Second step: a script called by SNMP has set on my mailserver by adding the following line to /etc/snmp/snmpd.conf:
exec ClamVrfy /bin/sh /usr/lib/nagios/plugins/clamd_check.sh
the script source is
#!/bin/sh
PROCRUNNING=`ps -C clamd | wc -l`
VERSIONUPD=`grep Recommended /var/log/clamav/freshcron.latest`
echo $PROCRUNNING \”$VERSIONUPD\”
Third step: congiguration of my nagios setup adding
define command {
command_name check_update_clamd
command_line /usr/lib/nagios/plugins/check_clam_update $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$
}
to command definitions, and
define service{
use generic-servicehost_name mymailserver
service_description CLAM-AV DEFS UPDATE
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_interval 240
notification_period 24×7
notification_options c,r
check_command check_update_clamd!public!2!5
process_perf_data 1
}
to services.
My plugin script is:
# cat /usr/lib/nagios/plugins/check_clam_update
#!/bin/bash# Input parameters
HOSTNAME=$1
COMMUNITY=$2
MYVALWARN=$3
MYVALCRIT=$4# Return Values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″checkdata () {
VAL=`echo $2 | wc | awk ‘{print $2}’`
if [ $VAL -eq 0 ]; then
echo $1 is not set
exit $RET_UNKN
fi
}# MAIN
checkdata “HOSTNAME” $HOSTNAME
checkdata “COMMUNITY” $COMMUNITYSTR=`/usr/bin/snmpget -v 2c -c $COMMUNITY $HOSTNAME .1.3.6.1.4.1.2021.8.1.101.3 | sed -e “s/.*STRING: //”`
if [ “$STR” -ge “$MYVALCRIT” ]; then
echo “Clamd Antivirus Definition DB is Out of Date”
exit $RET_CRIT
else
if [ “$STR” -ge “$MYVALWARN” ]; then
echo “Clamd Antivirus Definition DB is Quite Old”
exit $RET_WARN
else
echo “Clamd Antivirus Definition DB is Up to Date”
exit $RET_OK
fi
fi