增加扫描出病毒后邮件告警

This commit is contained in:
aixiao 2022-11-29 13:32:29 +08:00
parent ab042267e5
commit 75b9b5c5ea
2 changed files with 84 additions and 17 deletions

15
13.txt
View File

@ -1,15 +0,0 @@
==10390== Memcheck, a memory error detector
==10390== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==10390== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==10390== Command: ./rhost
==10390== Parent PID: 367
==10390==
==10390==
==10390== HEAP SUMMARY:
==10390== in use at exit: 0 bytes in 0 blocks
==10390== total heap usage: 4,295 allocs, 4,295 frees, 417,505 bytes allocated
==10390==
==10390== All heap blocks were freed -- no leaks are possible
==10390==
==10390== For lists of detected and suppressed errors, rerun with: -s
==10390== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

86
rhost.c
View File

@ -211,6 +211,30 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf)
return system(string); return system(string);
} }
// 第三方邮箱告警, 感染病毒邮件提醒
int QQ_mail_warning_Virus_files(char *local_ip, int Virus_number, conf * conf)
{
char *command;
char *text;
char temp[32];
command = (char *)alloca(BUFFER + (sizeof(QQMAIL)) + 1);
text = (char *)alloca(BUFFER);
memset(command, 0, BUFFER + (sizeof(QQMAIL)) + 1);
memset(text, 0, BUFFER);
memset(temp, 0, 32);
strcpy(temp, public_ip);
temp[strlen(public_ip) - 1] = '\0';
sprintf(text, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
sprintf(command, QQMAIL, conf->RECV_MAIL, text);
return system(command);
}
// IP段白名单对比 // IP段白名单对比
int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM]) int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM])
{ {
@ -597,6 +621,54 @@ int _crontab(struct tm **calnext, char *string)
return 0; return 0;
} }
static int get_clamav_log(char *file)
{
FILE *fp = NULL;
char buffer[BUFFER], *temp=NULL, *command=NULL;
command = (char *)alloca(BUFFER);
memset(buffer, 0, BUFFER);
memset(command, 0, BUFFER);
memcpy(command, "tail -n 12 ", 11);
strcat(command, file);
fp = popen(command, "r");
if (fp == NULL) {
perror("popen");
return -1;
}
while (fgets(buffer, BUFFER, fp) != NULL)
{
//printf("%s", buffer);
temp = strstr(buffer, "Infected");
if (temp)
sscanf(temp, "Infected files: %s", temp);
if (temp != NULL)
{
//printf("%s\n", temp);
break;
}
}
pclose(fp);
if (temp != NULL) {
printf("%d\n", atoi(temp));
return atoi(temp);
}
else
{
return -1;
}
return 0;
}
int update_freshclam(int argc, char *argv[]) int update_freshclam(int argc, char *argv[])
{ {
if (DEBISN_SYSTEM == check_system() || CENTOS_SYSTEM == check_system()) { if (DEBISN_SYSTEM == check_system() || CENTOS_SYSTEM == check_system()) {
@ -662,7 +734,7 @@ int main(int argc, char *argv[], char **env)
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号 signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
// 更新病毒库 // 更新病毒库
//update_freshclam(argc, argv); update_freshclam(argc, argv);
int pid; int pid;
@ -863,9 +935,19 @@ goto_daemon:
} }
else if (pid == 0) // child process else if (pid == 0) // child process
{ {
int r = 0; int r = 0;
int virus_files = -1;
r = _clamscan(head_argc, head_argvs); r = _clamscan(head_argc, head_argvs);
virus_files = get_clamav_log("clamscan.log");
if (virus_files > 0) {
if (conf->IS_QQMAIL == 1)
{
QQ_mail_warning_Virus_files(public_ip, virus_files, conf);
sleep(3);
}
}
_exit(r); _exit(r);
} }
else else