ClamAV is the Open Source anti-virus scanner. The project publishes
updates to the virus database periodically (currently several times a
day!), and ClamAV checks to see if it is up to date, by querying the Domain
Name Service, a technology I describe in some detail here. Once in a
while our freshclam hangs up, more often than not due to network issues. When
that happens, freshclam leaves a lock which impedes subsequent freshclam
processes from doing what they should. The result is that the clamd database
goes stale. This small plugin for Nagios’s NRPE monitors the freshness of
the database and signals a warning when the database and/or program version
goes stale. It queries the TXT resource record for current.cvd.clamav.net
and compares that to the output of clamscan -V
.
#!/usr/bin/perl
use strict;
my %ERRORS = (
'OK'=>0,
'WARNING'=>1,
'CRITICAL'=>2,
'UNKNOWN'=>3,
'DEPENDENT'=>4
);
my ($cvd, $clam);;
chomp ($cvd = `host -t txt current.cvd.clamav.net`);
$cvd =~ s/[^"]+"//;
my ($engine, $a, $db, $rest) = split(/:/, $cvd);
chomp ($clam = `clamscan -V`);
$clam =~ s/\// /g;
my ($lengine, $ldb);
($a, $lengine, $ldb, $a) = split(/ /, $clam);
print "I:$engine/$db, L:$lengine/$ldb\n";
if (($engine eq $lengine) && ($db eq $ldb)) {
exit $ERRORS{OK};
} else {
exit $ERRORS{WARNING};
}
This program is terribly quick and dirty, but it works for me. Your mileage will vary of course, but helps to alert us when something goes wrong.