增加扫描出病毒后邮件告警

2022-11-29 13:32:29 +08:00 · 2022-11-29 13:32:29 +08:00 · 75b9b5c5ea
commit 75b9b5c5ea
parent ab042267e5
2 changed files with 84 additions and 17 deletions
--- a/13.txt
+++ b/13.txt
@ -1,15 +0,0 @@
-==10390== Memcheck, a memory error detector
-==10390== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
-==10390== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
-==10390== Command: ./rhost
-==10390== Parent PID: 367
-==10390== 
-==10390== 
-==10390== HEAP SUMMARY:
-==10390==     in use at exit: 0 bytes in 0 blocks
-==10390==   total heap usage: 4,295 allocs, 4,295 frees, 417,505 bytes allocated
-==10390== 
-==10390== All heap blocks were freed -- no leaks are possible
-==10390== 
-==10390== For lists of detected and suppressed errors, rerun with: -s
-==10390== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
--- a/rhost.c
+++ b/rhost.c
@ -211,6 +211,30 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf)
    return system(string);
 }

+// 第三方邮箱告警, 感染病毒邮件提醒
+int QQ_mail_warning_Virus_files(char *local_ip, int Virus_number, conf * conf)
+{
+    char *command;
+    char *text;
+    char temp[32];
+    
+    
+    command = (char *)alloca(BUFFER + (sizeof(QQMAIL)) + 1);
+    text = (char *)alloca(BUFFER);
+    
+    memset(command, 0, BUFFER + (sizeof(QQMAIL)) + 1);
+    memset(text, 0, BUFFER);
+    memset(temp, 0, 32);
+    
+    strcpy(temp, public_ip);
+    temp[strlen(public_ip) - 1] = '\0';
+    
+    sprintf(text, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
+    sprintf(command, QQMAIL, conf->RECV_MAIL, text);
+    
+    return system(command);
+}
+
 // IP段白名单对比
 int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM])
 {
@ -597,6 +621,54 @@ int _crontab(struct tm **calnext, char *string)
    return 0;
 }

+static int get_clamav_log(char *file)
+{
+    FILE *fp = NULL;
+    char buffer[BUFFER], *temp=NULL, *command=NULL;
+    
+    command = (char *)alloca(BUFFER);
+    
+    memset(buffer, 0, BUFFER);
+    memset(command, 0, BUFFER);
+    
+    memcpy(command, "tail -n 12 ", 11);
+    strcat(command, file);
+    
+    fp = popen(command, "r");
+    if (fp == NULL) {
+        perror("popen");
+        return -1;
+    }
+
+    while (fgets(buffer, BUFFER, fp) != NULL)
+    {
+        //printf("%s", buffer);
+        temp = strstr(buffer, "Infected");
+        if (temp)
+            sscanf(temp, "Infected files: %s", temp);
+        
+        if (temp != NULL)
+        {
+            //printf("%s\n", temp);
+            break;
+        }
+    }
+    
+    pclose(fp);
+    
+    if (temp != NULL) {
+        printf("%d\n", atoi(temp));
+        return atoi(temp);
+    }
+    else
+    {
+        return -1;
+    }
+    
+    
+    return 0;
+}
+
 int update_freshclam(int argc, char *argv[])
 {
    if (DEBISN_SYSTEM == check_system() || CENTOS_SYSTEM == check_system()) {
@ -662,7 +734,7 @@ int main(int argc, char *argv[], char **env)
    signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号
    
    // 更新病毒库
-    //update_freshclam(argc, argv);
+    update_freshclam(argc, argv);
    
    
    int pid;
@ -863,9 +935,19 @@ goto_daemon:
                    }
                    else if (pid == 0)              // child process
                    {          
-
                        int r = 0;
+                        int virus_files = -1;
+                        
                        r = _clamscan(head_argc, head_argvs);
+                        virus_files = get_clamav_log("clamscan.log");
+                        
+                        if (virus_files > 0) {
+                            if (conf->IS_QQMAIL == 1)
+                            {
+                                QQ_mail_warning_Virus_files(public_ip, virus_files, conf);
+                                sleep(3);
+                            }
+                        }
                        _exit(r);
                    }
                    else