Virus scanner for samba file server

Scott Lawson s.lawson at sghms.ac.uk
Thu Jan 11 10:22:55 GMT 2001 

Guys here are my scripts for you. Obviously you will have to download the Mcafee
anti virus
software first and install it in /usr/local/uvscan (It's the default location
anyway).

There are four scripts that I use (You could do it in one but this is nice n
easy)

First one I run as a cron job like so.

Crontab.

# Download McAfee Unix DAT Files and Scan User File systems for Viruses
#
20 0 * * * /usr/local/scripts/ftp-daily-uvscan-dats.exp
25 0 * * * /usr/local/scripts/sort-out-daily-uvscan-dats.sh > /dev/null 2>&1
15 1 * * * /usr/local/scripts/virus_scan.sh
#



Script : virus_scan.sh : This calls the actual virus scan script for each file
system. I use a separate
script for each file system as I have 4 RAID arrays on separate SCSI channels and
a 4 CPU system
so I scan all file systems simultaneously.

#!/bin/sh
#
PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/uvscan
export PATH
#
/usr/local/scripts/homedirs_scan.sh &
/usr/local/scripts/homedirs2_scan.sh &
/usr/local/scripts/homedirs3_scan.sh &
/usr/local/scripts/homedirs4_scan.sh &






Script : homedirs2 : Just copy this for each filesystem that you want to scan, it
does a recursive
clean on all files. It also creates a log file which gets mailed to my sysadmin
team each morning.
It also generates a count of viruses found for a statistics web page that we
have.

#!/bin/sh
#
# To scan /homedirs2 for viruses and mail output to sysadmin team
#
PATH=/usr/sbin:/usr/bin:/bin:/usr/local/bin
export PATH
#
uvscan -c -r --summary /homedirs2 > /tmp/homedirs2_scan 2>&1
#
echo >> /tmp/scanned2
#
echo "Virus Scan of /homedirs2 on Infoserv `cat /tmp/homedirs2_scan`" >>
/tmp/scanned2
#
mail nospam at sghms.ac.uk < /tmp/scanned2
echo >> /var/uvscan/uvscan.homedirs2.log
echo "Virus scan for `date`" >> /var/uvscan/uvscan.homedirs2.log
echo "-------------------------------------------------------" >>
/var/uvscan/uvscan.homedirs2.log
cat /tmp/scanned2 >> /var/uvscan/uvscan.homedirs2.log
#
rm /tmp/homedirs2_scan
rm /tmp/scanned2
#
# Generate daily log entry for virus count statistics for stats web site
#
X=`tail -2 /var/uvscan/uvscan.homedirs2.log | grep "Cleaned:"`
VIRUSNO=`echo $X | awk '{print $3}'`
#
echo "`date +%y%m%d` $VIRUSNO" >> /var/uvscan/virus.stats.homedirs2
#





Script : ftp-mcafee-dats.exp : This script gets the daily dat files from mcafee
for automatically
updating our virus scan software. This script requires the expect language to be
installed. (I think
it comes by default with most linuxes, you need to download it for Solaris)

#!/usr/local/bin/expect
#
# ftp-mcafee-dats.exp
#
#
# Ftp's McAfee DAT tar files from nai.com
#
exp_version -exit 5.0
#
log_user 0
set timeout 60

# proc copied (and modified) from the O'Reilly Expect book to handle
# good and bad returns from ftp commands
proc sendexpect {cmd msg} {
     send "$cmd\r"
     expect {
         "Password:" {}
        -re "\n2.. (\[^\r]*\r\n)*ftp> " {}
        -re "\n... (\[^\r]*\r\n)*ftp> " {
            send_error "!!! FAILED: $msg\n"
        }
         "ftp> " {}
    }
}

spawn ftp ftp.nai.com
expect "Name*:"
# I have changed the username and password lines to remove our licensed username
and password.
sendexpect "username"
sendexpect "password"
sendexpect "bin" "change to binary"
sendexpect "prompt" "turn off prompt"
sendexpect "cd /licensed/antivirus/datfiles/4.x" "cd to
/licensed/antivirus/datfiles/4.x"
sendexpect "lcd /usr/local/uvscan" "lcd to /usr/local/uvscan"
sendexpect "mget *.tar" "mget *.zip"
sendexpect "quit" "quit"




Script : sort-out-daily-uvscan-dats.sh : This decompresses the new dat files
ready for use.

#!/bin/sh
#
# Sort out DAILYDATs after FTP from NAI
#
PATH=/usr/bin:/bin:/usr/sbin:/usr/local/bin
export PATH
#
cd /usr/local/uvscan
tar xvf *.tar
chown daemon:bin *.dat
chmod 444 *.dat
uvscan --version > /tmp/uvscan_version
mail sysadmin at sghms.ac.uk < /tmp/uvscan_version
rm /tmp/uvscan_version


I hope you find these useful.

Regards,

Scott.

PS. If you have any other questions drop me a line.

PPS. If use these scripts for anything I would be interested in knowing about it
too.

Martin Radford wrote:

> [McAfee Anti virus software]
>
> > Do you have a product name and URL?  I searched around and cannot find any
> > of their products for anything except the Win platforms.  I'm interested in
> > the linux version.  -m
>
> The product is called VirusScan, you can download an evaluation from:
> http://www.nai.com/asp_set/buy_try/try/products_evals.asp
>
> Martin
> --
> Martin Radford              |   "Only wimps use tape backup: _real_
> martin at zamenhof.demon.co.uk | men just upload their important stuff  -o)
> Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
> - see http://counter.li.org |       mirror it ;)"  - Linus Torvalds _\_V

--

__________________________________________________________________

Scott Lawson
Systems Manager
Department Of Information Services
St. George's Hospital Medical School
Tooting
London SW17 0RE
UK

P: 44 (0)208 725 2896
F: 44 (0)208 725 3583

mailto:s.lawson at sghms.ac.uk

http://www.sghms.ac.uk

Quote of the week :

"The difference between 'involvement' and 'commitment' is like a
bacon-and-eggs breakfast: the chicken was 'involved' - the pig was
'committed'."

__________________________________________________________________

-------------- next part --------------
A non-text attachment was scrubbed...
Name: s.lawson.vcf
Type: text/x-vcard
Size: 319 bytes
Desc: Card for Scott Lawson
Url : http://lists.samba.org/archive/samba/attachments/20010111/5abf0058/s.lawson.vcf

More information about the samba mailing list