增加扫描出病毒后邮件告警
This commit is contained in:
parent
ab042267e5
commit
75b9b5c5ea
15
13.txt
15
13.txt
@ -1,15 +0,0 @@
|
|||||||
==10390== Memcheck, a memory error detector
|
|
||||||
==10390== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
|
|
||||||
==10390== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
|
|
||||||
==10390== Command: ./rhost
|
|
||||||
==10390== Parent PID: 367
|
|
||||||
==10390==
|
|
||||||
==10390==
|
|
||||||
==10390== HEAP SUMMARY:
|
|
||||||
==10390== in use at exit: 0 bytes in 0 blocks
|
|
||||||
==10390== total heap usage: 4,295 allocs, 4,295 frees, 417,505 bytes allocated
|
|
||||||
==10390==
|
|
||||||
==10390== All heap blocks were freed -- no leaks are possible
|
|
||||||
==10390==
|
|
||||||
==10390== For lists of detected and suppressed errors, rerun with: -s
|
|
||||||
==10390== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
|
|
86
rhost.c
86
rhost.c
@ -211,6 +211,30 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf)
|
|||||||
return system(string);
|
return system(string);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 第三方邮箱告警, 感染病毒邮件提醒
|
||||||
|
int QQ_mail_warning_Virus_files(char *local_ip, int Virus_number, conf * conf)
|
||||||
|
{
|
||||||
|
char *command;
|
||||||
|
char *text;
|
||||||
|
char temp[32];
|
||||||
|
|
||||||
|
|
||||||
|
command = (char *)alloca(BUFFER + (sizeof(QQMAIL)) + 1);
|
||||||
|
text = (char *)alloca(BUFFER);
|
||||||
|
|
||||||
|
memset(command, 0, BUFFER + (sizeof(QQMAIL)) + 1);
|
||||||
|
memset(text, 0, BUFFER);
|
||||||
|
memset(temp, 0, 32);
|
||||||
|
|
||||||
|
strcpy(temp, public_ip);
|
||||||
|
temp[strlen(public_ip) - 1] = '\0';
|
||||||
|
|
||||||
|
sprintf(text, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
|
||||||
|
sprintf(command, QQMAIL, conf->RECV_MAIL, text);
|
||||||
|
|
||||||
|
return system(command);
|
||||||
|
}
|
||||||
|
|
||||||
// IP段白名单对比
|
// IP段白名单对比
|
||||||
int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM])
|
int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM])
|
||||||
{
|
{
|
||||||
@ -597,6 +621,54 @@ int _crontab(struct tm **calnext, char *string)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int get_clamav_log(char *file)
|
||||||
|
{
|
||||||
|
FILE *fp = NULL;
|
||||||
|
char buffer[BUFFER], *temp=NULL, *command=NULL;
|
||||||
|
|
||||||
|
command = (char *)alloca(BUFFER);
|
||||||
|
|
||||||
|
memset(buffer, 0, BUFFER);
|
||||||
|
memset(command, 0, BUFFER);
|
||||||
|
|
||||||
|
memcpy(command, "tail -n 12 ", 11);
|
||||||
|
strcat(command, file);
|
||||||
|
|
||||||
|
fp = popen(command, "r");
|
||||||
|
if (fp == NULL) {
|
||||||
|
perror("popen");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
while (fgets(buffer, BUFFER, fp) != NULL)
|
||||||
|
{
|
||||||
|
//printf("%s", buffer);
|
||||||
|
temp = strstr(buffer, "Infected");
|
||||||
|
if (temp)
|
||||||
|
sscanf(temp, "Infected files: %s", temp);
|
||||||
|
|
||||||
|
if (temp != NULL)
|
||||||
|
{
|
||||||
|
//printf("%s\n", temp);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pclose(fp);
|
||||||
|
|
||||||
|
if (temp != NULL) {
|
||||||
|
printf("%d\n", atoi(temp));
|
||||||
|
return atoi(temp);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int update_freshclam(int argc, char *argv[])
|
int update_freshclam(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
if (DEBISN_SYSTEM == check_system() || CENTOS_SYSTEM == check_system()) {
|
if (DEBISN_SYSTEM == check_system() || CENTOS_SYSTEM == check_system()) {
|
||||||
@ -662,7 +734,7 @@ int main(int argc, char *argv[], char **env)
|
|||||||
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
|
||||||
|
|
||||||
// 更新病毒库
|
// 更新病毒库
|
||||||
//update_freshclam(argc, argv);
|
update_freshclam(argc, argv);
|
||||||
|
|
||||||
|
|
||||||
int pid;
|
int pid;
|
||||||
@ -863,9 +935,19 @@ goto_daemon:
|
|||||||
}
|
}
|
||||||
else if (pid == 0) // child process
|
else if (pid == 0) // child process
|
||||||
{
|
{
|
||||||
|
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
int virus_files = -1;
|
||||||
|
|
||||||
r = _clamscan(head_argc, head_argvs);
|
r = _clamscan(head_argc, head_argvs);
|
||||||
|
virus_files = get_clamav_log("clamscan.log");
|
||||||
|
|
||||||
|
if (virus_files > 0) {
|
||||||
|
if (conf->IS_QQMAIL == 1)
|
||||||
|
{
|
||||||
|
QQ_mail_warning_Virus_files(public_ip, virus_files, conf);
|
||||||
|
sleep(3);
|
||||||
|
}
|
||||||
|
}
|
||||||
_exit(r);
|
_exit(r);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user