ClamAV is the Open Source anti-virus scanner. The project publishes updates to the virus database periodically (currently several times a day!), and ClamAV checks to see if it is up to date, by querying the Domain Name Service, a technology I describe in some detail here. Once in a while our freshclam hangs up, more often than not due to network issues. When that happens, freshclam leaves a lock which impedes subsequent freshclam processes from doing what they should. The result is that the clamd database goes stale. This small plugin for Nagios's NRPE monitors the freshness of the database and signals a warning when the database and/or program version goes stale. It queries the TXT resource record for current.cvd.clamav.net and compares that to the output of clamscan -V.

#!/usr/bin/perl
    
    use strict;
    
    my %ERRORS = (
         'OK'=>0,
         'WARNING'=>1,
         'CRITICAL'=>2,
         'UNKNOWN'=>3,
         'DEPENDENT'=>4
         );
    
    my ($cvd, $clam);;
    chomp ($cvd = `host -t txt current.cvd.clamav.net`);
    $cvd =~ s/[^"]+"//;
    my ($engine, $a, $db, $rest) = split(/:/, $cvd);
    
    chomp ($clam = `clamscan -V`);
    $clam =~ s/\// /g;
    
    my ($lengine, $ldb);
    ($a, $lengine, $ldb, $a) = split(/ /, $clam);
    
    print "I:$engine/$db, L:$lengine/$ldb\n";
    if (($engine eq $lengine) && ($db eq $ldb)) {
            exit $ERRORS{OK};
    } else {
            exit $ERRORS{WARNING};
    }

This program is terribly quick and dirty, but it works for me. Your mileage will vary of course, but helps to alert us when something goes wrong.

Flattr this
Nagios, DNS, Security, and Database :: 23 Oct 2006 :: e-mail

Comments

blog comments powered by Disqus