summaryrefslogtreecommitdiff
path: root/virtual/miller-base/files/weekly-av-scan.cron
blob: 4690b7a79fcce1e0f269b0020c4054e40e578dc7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/bin/bash

CLAMD=${CLAMD:-auto}
CLAMDSOCK="${CLAMDSOCK:-/run/clamav/clamd.sock}"

if [ -f /etc/conf.d/av-scan ] ; then
	set -o allexport
	. /etc/conf.d/av-scan
	set +o allexport
fi

if [ $$ == 1 ]; then
	echo "Running in private namespace."
	echo

	echo "Umounting by request..."
	umount -nrl ${UNMOUNT}
	echo

	echo "Remounting devices with noatime..."
	grep '^/dev/' /proc/mounts | cut -d ' ' -f 2 | xargs -n1 mount -n -o remount,noatime
	echo

	echo "Unmounting non-device file systems..."
	grep -v '\(^/dev/\|/run \)' /proc/mounts | cut -d ' ' -f 2 | sort -ru | xargs umount -nrl
	echo

	df -Th --total
	echo

	grep -vw noatime /proc/mounts | column -t
	echo

	declare -a EXCL
	declare -A M
	EXCL=(
			/dev
			${EXCLUDE}
			$(find /var/lib/machines/ -maxdepth 2 -name dev -type d)
			$(portageq distdir)
			$(portageq pkgdir)
			$(portageq get_repo_path / $(portageq get_repos /))
			$(mount | grep -v ^/dev/ | sort -u -k3,3 | cut -d ' ' -f 3 | sort -u)
			$(mount | grep ^/dev | while read dev on path type fs opts ; do
				devhash=${dev//\//_}
				if [ ${M[$devhash]} ] ; then
					echo $path
				else
					M[$devhash]=$path
				fi
			done)
	)
	echo "Excluding:"
	echo ${EXCL[@]}
	echo
	EXCLARGS=("${EXCL[@]/#/-x }")

	if [ -S ${CLAMDSOCK} -a ${CLAMD} != "no" ] ; then
		echo "Using clamd"
		clamdscan -i --fdpass -f <(simplifind -r / ${EXCLARGS[@]}) -m -l /var/log/av-scan.log
	else
		echo "Using clamscan"
		simplifind -r / ${EXCLARGS[@]} | xargs nice clamscan -ri -l /var/log/av-scan.log
	fi

	exit
fi

if [ ! -S ${CLAMDSOCK} -a ${CLAMD} = "yes" ] ; then
	echo "Starting clamd..."
	systemctl start clamd
	CLAMD="started"
fi

unshare --pid --mount --mount-proc --fork $0

if [ -S ${CLAMDSOCK} -a ${CLAMD} = "started" ] ; then
	echo "Stopping clamd..."
	systemctl stop clamd
fi