I've had enough. I'm starting a DNS blackhole list.
Jan L. Peterson
jlp at softhome.net
Fri Sep 26 10:10:22 PDT 2003
> How are you finding out what they added? Does freshclam offer the
> option of telling you?
When you run freshclam, include an options like this:
--on-update-execute=/path/to/freshclam.successful
freshclam.successful is attached... you'll need to edit the e-mail
address that it sends the update report to. Oddly, it tells me every
day that some 200+ virus definitions were modified, but I can't see
that they were. It hasn't bugged me enough to fix it, though. :-)
Basically, it keeps the previous copy of the viruses.db and viruses.db2
files and diffs them.
Hope this helps.
-jan-
--
Jan L. Peterson
Semi-Unemployed "Computer Facilitator"
http://www.peterson.ath.cx/~jlp/resume.html
-------------- next part --------------
#! /usr/local/bin/perl
%ENV = ();
$ENV{'IFS'} = " \t";
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin';
$update_mail_from = 'put_a_local_email_address_here at your.own.domain';
$update_mail_to = 'where_you_want_the_mail_sent at your.own.domain';
$clamdir = '/path/to/your/clamav'; # dir where your viruses.db{,2} are
use Net::SMTP;
use File::Copy;
chdir('/usr/local/share/clamav');
foreach $tab ('viruses.db', 'viruses.db2') {
&process($tab);
}
$mod = scalar(@mod); $new = scalar(@new); $rem = scalar(@rem);
if ($mod + $new + $rem > 0) {
$smtp = Net::SMTP->new('localhost');
$smtp->mail($update_mail_from);
$smtp->to($update_mail_to);
$smtp->data();
$smtp->datasend("From: $update_mail_from
To: $update_mail_to
Subject: freshclam success, $new new, $mod modified, $rem removed
");
if ($new > 0) {
$smtp->datasend("New Definitions:\n");
foreach $tag (sort @new) {
$smtp->datasend(" $tag\n");
}
$smtp->datasend("\n");
}
if ($mod > 0) {
$smtp->datasend("Modified Definitions:\n");
foreach $tag (sort @mod) {
$smtp->datasend(" $tag\n");
}
$smtp->datasend("\n");
}
if ($rem > 0) {
$smtp->datasend("Removed Definitions:\n");
foreach $tag (sort @rem) {
$smtp->datasend(" $tag\n");
}
$smtp->datasend("\n");
}
$smtp->dataend();
$smtp->quit;
}
sub process {
my($vtab) = @_;
# load old virus data
open(OLD, ${vtab} . '-');
while (<OLD>) {
($tag, $pat) = split(m/=/);
$ov{$tag} = $pat;
}
close(OLD);
# read new virus data
open(NEW, $vtab);
while (<NEW>) {
($tag, $pat) = split(m/=/);
$nv{$tag}++;
if (defined($ov{$tag})) {
if ($ov{$tag} ne $pat) {
push(@mod, $tag);
}
} else {
push(@new, $tag);
}
}
close(NEW);
rename($vtab . '-', $vtab . '+');
copy($vtab, $vtab . '-');
foreach $tag (keys %ov) {
if (!defined($nv{$tag})) {
push(@rem, $tag);
}
}
}
More information about the freebsd-stable
mailing list