| Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame^] | 1 | #!/bin/bash |
| 2 | |
| 3 | if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then |
| 4 | echo "SKIP_CLAMD=y, skipping ClamAV..." |
| 5 | sleep 365d |
| 6 | exit 0 |
| 7 | fi |
| 8 | |
| 9 | # Cleaning up garbage |
| 10 | echo "Cleaning up tmp files..." |
| 11 | rm -rf /var/lib/clamav/clamav-*.tmp |
| 12 | |
| 13 | # Prepare whitelist |
| 14 | |
| 15 | mkdir -p /run/clamav /var/lib/clamav |
| 16 | |
| 17 | if [[ -s /etc/clamav/whitelist.ign2 ]]; then |
| 18 | echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2" |
| 19 | cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2 |
| 20 | fi |
| 21 | |
| 22 | if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then |
| 23 | echo "Creating /var/lib/clamav/whitelist.ign2" |
| 24 | cat <<EOF > /var/lib/clamav/whitelist.ign2 |
| 25 | # Please restart ClamAV after changing signatures |
| 26 | Example-Signature.Ignore-1 |
| 27 | PUA.Win.Trojan.EmbeddedPDF-1 |
| 28 | PUA.Pdf.Trojan.EmbeddedJavaScript-1 |
| 29 | PUA.Pdf.Trojan.OpenActionObjectwithJavascript-1 |
| 30 | EOF |
| 31 | fi |
| 32 | |
| 33 | chown clamav:clamav -R /var/lib/clamav /run/clamav |
| 34 | |
| 35 | chmod 755 /var/lib/clamav |
| 36 | chmod 644 -R /var/lib/clamav/* |
| 37 | chmod 750 /run/clamav |
| 38 | |
| 39 | stat /var/lib/clamav/whitelist.ign2 |
| 40 | dos2unix /var/lib/clamav/whitelist.ign2 |
| 41 | sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2 |
| 42 | # Copying to /etc/clamav to expose file as-is to administrator |
| 43 | cp -p /var/lib/clamav/whitelist.ign2 /etc/clamav/whitelist.ign2 |
| 44 | |
| 45 | |
| 46 | BACKGROUND_TASKS=() |
| 47 | |
| 48 | echo "Running freshclam..." |
| 49 | freshclam |
| 50 | |
| 51 | ( |
| 52 | while true; do |
| 53 | sleep 12600 |
| 54 | freshclam |
| 55 | done |
| 56 | ) & |
| 57 | BACKGROUND_TASKS+=($!) |
| 58 | |
| 59 | ( |
| 60 | while true; do |
| 61 | sleep 10m |
| 62 | SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)" |
| 63 | for sane_mirror in ${SANE_MIRRORS}; do |
| 64 | CE= |
| 65 | rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \ |
| 66 | --include 'blurl.ndb' \ |
| 67 | --include 'junk.ndb' \ |
| 68 | --include 'jurlbl.ndb' \ |
| 69 | --include 'jurbla.ndb' \ |
| 70 | --include 'phishtank.ndb' \ |
| 71 | --include 'phish.ndb' \ |
| 72 | --include 'spamimg.hdb' \ |
| 73 | --include 'scam.ndb' \ |
| 74 | --include 'rogue.hdb' \ |
| 75 | --include 'sanesecurity.ftm' \ |
| 76 | --include 'sigwhitelist.ign2' \ |
| 77 | --exclude='*' /var/lib/clamav/ |
| 78 | CE=$? |
| 79 | chmod 755 /var/lib/clamav/ |
| 80 | if [ ${CE} -eq 0 ]; then |
| 81 | while [ ! -z "$(pidof freshclam)" ]; do |
| 82 | echo "Freshclam is active, waiting..." |
| 83 | sleep 5 |
| 84 | done |
| 85 | echo RELOAD | nc clamd-mailcow 3310 |
| 86 | break |
| 87 | fi |
| 88 | done |
| 89 | sleep 12h |
| 90 | done |
| 91 | ) & |
| 92 | BACKGROUND_TASKS+=($!) |
| 93 | |
| 94 | nice -n10 clamd & |
| 95 | BACKGROUND_TASKS+=($!) |
| 96 | |
| 97 | while true; do |
| 98 | for bg_task in ${BACKGROUND_TASKS[*]}; do |
| 99 | if ! kill -0 ${bg_task} 1>&2; then |
| 100 | echo "Worker ${bg_task} died, stopping container waiting for respawn..." |
| 101 | kill -TERM 1 |
| 102 | fi |
| 103 | sleep 10 |
| 104 | done |
| 105 | done |