| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 |
- #!/bin/bash
- if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
- echo "SKIP_CLAMD=y, skipping ClamAV..."
- sleep 365d
- exit 0
- fi
- # Cleaning up garbage
- echo "Cleaning up tmp files..."
- rm -rf /var/lib/clamav/clamav-*.tmp
- # Prepare whitelist
- mkdir -p /run/clamav /var/lib/clamav
- if [[ -s /etc/clamav/whitelist.ign2 ]]; then
- echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
- cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
- fi
- if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
- echo "Creating /var/lib/clamav/whitelist.ign2"
- cat <<EOF > /var/lib/clamav/whitelist.ign2
- # Please restart ClamAV after changing signatures
- Example-Signature.Ignore-1
- PUA.Win.Trojan.EmbeddedPDF-1
- PUA.Pdf.Trojan.EmbeddedJavaScript-1
- PUA.Pdf.Trojan.OpenActionObjectwithJavascript-1
- EOF
- fi
- chown clamav:clamav -R /var/lib/clamav /run/clamav
- chmod 755 /var/lib/clamav
- chmod 644 -R /var/lib/clamav/*
- chmod 750 /run/clamav
- stat /var/lib/clamav/whitelist.ign2
- dos2unix /var/lib/clamav/whitelist.ign2
- sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
- # Copying to /etc/clamav to expose file as-is to administrator
- cp -p /var/lib/clamav/whitelist.ign2 /etc/clamav/whitelist.ign2
- BACKGROUND_TASKS=()
- echo "Running freshclam..."
- freshclam
- (
- while true; do
- sleep 12600
- freshclam
- done
- ) &
- BACKGROUND_TASKS+=($!)
- (
- while true; do
- sleep 10m
- SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
- for sane_mirror in ${SANE_MIRRORS}; do
- CE=
- rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
- --include 'blurl.ndb' \
- --include 'junk.ndb' \
- --include 'jurlbl.ndb' \
- --include 'jurbla.ndb' \
- --include 'phishtank.ndb' \
- --include 'phish.ndb' \
- --include 'spamimg.hdb' \
- --include 'scam.ndb' \
- --include 'rogue.hdb' \
- --include 'sanesecurity.ftm' \
- --include 'sigwhitelist.ign2' \
- --exclude='*' /var/lib/clamav/
- CE=$?
- chmod 755 /var/lib/clamav/
- if [ ${CE} -eq 0 ]; then
- while [ ! -z "$(pidof freshclam)" ]; do
- echo "Freshclam is active, waiting..."
- sleep 5
- done
- echo RELOAD | nc clamd-mailcow 3310
- break
- fi
- done
- sleep 12h
- done
- ) &
- BACKGROUND_TASKS+=($!)
- echo "$(clamd -V) is starting... please wait a moment."
- nice -n10 clamd &
- BACKGROUND_TASKS+=($!)
- while true; do
- for bg_task in ${BACKGROUND_TASKS[*]}; do
- if ! kill -0 ${bg_task} 1>&2; then
- echo "Worker ${bg_task} died, stopping container waiting for respawn..."
- kill -TERM 1
- fi
- sleep 10
- done
- done
|
