#!/bin/bash CLAMD=${CLAMD:-auto} CLAMDSOCK="${CLAMDSOCK:-/run/clamav/clamd.sock}" if [ -f /etc/conf.d/av-scan ] ; then set -o allexport . /etc/conf.d/av-scan set +o allexport fi if [ $$ == 1 ]; then echo "Running in private namespace." echo echo "Umounting by request..." umount -nrl ${UNMOUNT} echo echo "Remounting devices with noatime..." grep '^/dev/' /proc/mounts | cut -d ' ' -f 2 | xargs -n1 mount -n -o remount,noatime echo echo "Unmounting non-device file systems..." grep -v '\(^/dev/\|/run \)' /proc/mounts | cut -d ' ' -f 2 | sort -ru | xargs umount -nrl echo df -Th --total echo grep -vw noatime /proc/mounts | column -t echo declare -a EXCL declare -A M EXCL=( /dev ${EXCLUDE} $(find /var/lib/machines/ -maxdepth 2 -name dev -type d) $(portageq distdir) $(portageq pkgdir) $(portageq get_repo_path / $(portageq get_repos /)) $(mount | grep -v ^/dev/ | sort -u -k3,3 | cut -d ' ' -f 3 | sort -u) $(mount | grep ^/dev | while read dev on path type fs opts ; do devhash=${dev//\//_} if [ ${M[$devhash]} ] ; then echo $path else M[$devhash]=$path fi done) ) echo "Excluding:" echo ${EXCL[@]} echo EXCLARGS=("${EXCL[@]/#/-x }") if [ -S ${CLAMDSOCK} -a ${CLAMD} != "no" ] ; then echo "Using clamd" clamdscan -i --fdpass -f <(simplifind -r / ${EXCLARGS[@]}) -m -l /var/log/av-scan.log else echo "Using clamscan" simplifind -r / ${EXCLARGS[@]} | xargs nice clamscan -ri -l /var/log/av-scan.log fi exit fi if [ ! -S ${CLAMDSOCK} -a ${CLAMD} = "yes" ] ; then echo "Starting clamd..." systemctl start clamd CLAMD="started" fi unshare --pid --mount --mount-proc --fork $0 if [ -S ${CLAMDSOCK} -a ${CLAMD} = "started" ] ; then echo "Stopping clamd..." systemctl stop clamd fi