[Avcheck] [updated] Automated AVP update script v1.7

[Michael Kubecka]

Robert Dalton suggested:

>>
I found one other case where output of avpupdate fails
and that output is not parsed in the script.

if [ 0 -lt $(egrep -c "(not completed|corrupted)" /root/kavupdate.tmp)

SHOULD BE:

if [ 0 -lt $(egrep -c "(not completed|corrupted|not found)"
/root/kavupdate.tmp)
<<

The script with that change follows:

===========================================

#!/bin/sh
# Modified by M. Kubecka from examples
# provided by Michael Tokarev,
# Ralf Hildebrandt, Kaspersky and others on the
# avcheck list.

# Version 1.7, written for FreeBSD 4.x
# 01/25/2002

# Future mods:
# Kavscanner and kavdaemon should be executed as
# a non-root user.

PATH=$PATH:/usr/local/bin
AVP=/var/chroot/AVP
Subj="AVP Update Status - OK"

# Assumes the directory
# $AVP/test_files which contains eicar.msg
# for test virus-scanning.  The dir should be
# world readable.

# Name of mail administrator acct to receive
# status messages.

MailAdmin="root"

# defer avpcheck Transport
# The defer_transports parameter allows you to specify what
# mail should always be deferred until Postfix is
# explicitly asked to deliver.

echo "Temporarily deferring mail..."
postconf -e "defer_transports = avpcheck"

# kill kavdaemon

echo "Killing the Kaspersky kavdaemon..."
cd $AVP
$AVP/kavdaemon -ka && sleep 2

# Save old virus definition updates
# in case of problems in updating...

echo "Saving the current anti-virus definitions..."
mkdir $AVP/Bases.old
chmod 755 $AVP/Bases.old
cp -p $AVP/Bases/* $AVP/Bases.old

# Fetch updates to temporary directory...
# (You could also use -ki instead of -kb, to get
# incremental updates.)

echo "Fetching Kaspersky virus definition updates..."
$AVP/kavupdater -y -o -kb -b=$AVP/Bases \
-ui=http://downloads1.kaspersky-labs.com/updates > /root/kavupdate.tmp
exitCode=$?

case $exitCode in
        6)
        result="(6) Found corrupted file; process stopped."
        ;;
        4)
        result="(4) Found corrupted file."
        ;;
        2)
        result="Process stopped on corrupted file."
        ;;
        0)
        result="Antiviral databases correctly loaded."
        ;;
        *)
        result="($exitCode) Unknown failure."
esac

# Don't just depend on the exit code; also check
# the output of the update process.
if [ 0 -lt $(egrep -c "(not completed|corrupted|not found)"
/root/kavupdate.tmp) ]; then
        exitCode=6
        result="(6) Found corrupted file; process stopped."
fi

records=`cat /root/kavupdate.tmp | grep 'Known' \
| sed 's/.*\. //'`

# Test the new virus definitions by scanning
# a known infected file...
if [ -f $AVP/test_files/eicar.msg -a $exitCode -eq 0 ]; then
        echo "Testing the virus defs by scanning a known-infected
file..."
        $AVP/kavscanner -T $AVP/tmp -O $AVP/test_files/eicar.msg

        virexitCode=$?
        lo=$[$virexitCode%16]
        hi=$[$virexitCode/16]

        # If it doesn't detect known virus or suspicious object
        # then we'll assume there's a problem with the defs.

        if [ $virexitCode -ne 4 -a $virexitCode -ne 3 ]; then
                echo "Known virus not detected!"
                exitCode=6
                result="(6) Found corrupted file; process stopped."
        else
                echo "Virus detected successfully."
        fi
fi

# If the virus definitions didn't load properly
# then fall back...

if [ $exitCode -ne 0 ]; then
        Subj="AVP Update Status - ERROR"
        echo "A problem was encountered during update."
        echo "Falling back to previous virus definitions..."
        rm -rf $AVP/Bases > /dev/null 2>&1
        mv $AVP/Bases.old $AVP/Bases
        records="Reverted to previous known good anti-virus
definitions."
fi

# Fix permissions.
echo "Setting permissions on anti-virus databases..."
chmod 644 $AVP/Bases/* > /dev/null
chmod 755 $AVP/Bases > /dev/null
rm -rf $AVP/Bases.old > /dev/null 2>&1

# Start kavdaemon chroot()'ed as unprivileged user avdaemon.
# The "echo no" line is needed only for the evaluation version,
# otherwise comment it out.

echo "Starting the Kaspersky kavdaemon..."

# echo no | \   # only needed for the evaluation version!
/usr/bin/env - HOME=/ \
/usr/bin/nice \
/usr/local/sbin/uchroot -u avdaemon $AVP \
./kavdaemon -dl -MP -f=/ctl /tst > /dev/null

# un-defer avpcheck Transport
echo "Undeferring mail..."
sleep 1 && postconf -e "defer_transports ="

# Send a status update to the mail administrator
currentdate=`date`
echo "$currentdate:
Kaspersky's virus definitions update status:
$result
$records" | \
mail -s "$Subj" $MailAdmin

exit $exitCode