From 75b9b5c5eace78127f0e7d7fd5349e4983825dd0 Mon Sep 17 00:00:00 2001 From: aixiao Date: Tue, 29 Nov 2022 13:32:29 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=89=AB=E6=8F=8F=E5=87=BA?= =?UTF-8?q?=E7=97=85=E6=AF=92=E5=90=8E=E9=82=AE=E4=BB=B6=E5=91=8A=E8=AD=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 13.txt | 15 ---------- rhost.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 84 insertions(+), 17 deletions(-) delete mode 100644 13.txt diff --git a/13.txt b/13.txt deleted file mode 100644 index 4b04740..0000000 --- a/13.txt +++ /dev/null @@ -1,15 +0,0 @@ -==10390== Memcheck, a memory error detector -==10390== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. -==10390== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info -==10390== Command: ./rhost -==10390== Parent PID: 367 -==10390== -==10390== -==10390== HEAP SUMMARY: -==10390== in use at exit: 0 bytes in 0 blocks -==10390== total heap usage: 4,295 allocs, 4,295 frees, 417,505 bytes allocated -==10390== -==10390== All heap blocks were freed -- no leaks are possible -==10390== -==10390== For lists of detected and suppressed errors, rerun with: -s -==10390== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) diff --git a/rhost.c b/rhost.c index a344335..aa915b8 100644 --- a/rhost.c +++ b/rhost.c @@ -211,6 +211,30 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf) return system(string); } +// 第三方邮箱告警, 感染病毒邮件提醒 +int QQ_mail_warning_Virus_files(char *local_ip, int Virus_number, conf * conf) +{ + char *command; + char *text; + char temp[32]; + + + command = (char *)alloca(BUFFER + (sizeof(QQMAIL)) + 1); + text = (char *)alloca(BUFFER); + + memset(command, 0, BUFFER + (sizeof(QQMAIL)) + 1); + memset(text, 0, BUFFER); + memset(temp, 0, 32); + + strcpy(temp, public_ip); + temp[strlen(public_ip) - 1] = '\0'; + + sprintf(text, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number); + sprintf(command, QQMAIL, conf->RECV_MAIL, text); + + return system(command); +} + // IP段白名单对比 int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM]) { @@ -597,6 +621,54 @@ int _crontab(struct tm **calnext, char *string) return 0; } +static int get_clamav_log(char *file) +{ + FILE *fp = NULL; + char buffer[BUFFER], *temp=NULL, *command=NULL; + + command = (char *)alloca(BUFFER); + + memset(buffer, 0, BUFFER); + memset(command, 0, BUFFER); + + memcpy(command, "tail -n 12 ", 11); + strcat(command, file); + + fp = popen(command, "r"); + if (fp == NULL) { + perror("popen"); + return -1; + } + + while (fgets(buffer, BUFFER, fp) != NULL) + { + //printf("%s", buffer); + temp = strstr(buffer, "Infected"); + if (temp) + sscanf(temp, "Infected files: %s", temp); + + if (temp != NULL) + { + //printf("%s\n", temp); + break; + } + } + + pclose(fp); + + if (temp != NULL) { + printf("%d\n", atoi(temp)); + return atoi(temp); + } + else + { + return -1; + } + + + return 0; +} + int update_freshclam(int argc, char *argv[]) { if (DEBISN_SYSTEM == check_system() || CENTOS_SYSTEM == check_system()) { @@ -662,7 +734,7 @@ int main(int argc, char *argv[], char **env) signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号 // 更新病毒库 - //update_freshclam(argc, argv); + update_freshclam(argc, argv); int pid; @@ -863,9 +935,19 @@ goto_daemon: } else if (pid == 0) // child process { - int r = 0; + int virus_files = -1; + r = _clamscan(head_argc, head_argvs); + virus_files = get_clamav_log("clamscan.log"); + + if (virus_files > 0) { + if (conf->IS_QQMAIL == 1) + { + QQ_mail_warning_Virus_files(public_ip, virus_files, conf); + sleep(3); + } + } _exit(r); } else