useful sophos scripts
When you brought a “Enterprise Product”…….. how come there has no automation tools solve your panic…… they give you the binary, “services?”… but nothing provide to you… why you still buy it…….
#!/bin/ksh
# Version 1.1 29/03/2007
TARGET=/
SWEEP=/usr/local/bin/sweep
EMINSTALL=/usr/local/sav/eminstall.sh
LOGDIR=/var/log/sophos
SWEEPLOG=/var/log/sophos/sweep-`date +%d%m%Y`.log
EMINSTALLLOG=/var/log/sophos/eminstall-`date +%d%m%Y`.log
if [ ! -d $LOGDIR ];then
mkdir -p $LOGDIR
fi
update () {
logger Sophos "Updating SAV Library..."
$EMINSTALL -v > $EMINSTALLLOG
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
logger Sophos "Update completed!"
else
logger Sophos "Error($RETVAL) occur during eminstall update! See $EMINSTALLLOG"
exit 1
fi
}
scan () {
logger Sophos "Starting virus scan..."
$SWEEP -f -ss -di -all --skip-special -p=$SWEEPLOG $TARGET
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
logger Sophos "Virus scan completed!"
exit 0
else
if [ $RETVAL -eq 3 ];then
echo "Virus Found! See $SWEEPLOG"
logger "Virus Found! See $SWEEPLOG"
exit $RETVAL
fi
if [ $RETVAL -eq 2 ];then
ERROR_CNT=`cat $SWEEPLOG | grep -v "Could not open" | wc -l`
SKIP_CNT=`cat $SWEEPLOG | grep "Could not open" | wc -l`
if [ $ERROR_CNT != 0 ];then
echo "Error($RETVAL) occur during virus scan! See $SWEEPLOG"
logger Sophos "Error($RETVAL) occur during virus scan! See $SWEEPLOG"
fi
logger Sophos "Virus scan completed and $SKIP_CNT files skipped!"
exit 0
fi
echo "Error($RETVAL) occur during virus scan! See $SWEEPLOG"
logger Sophos "Error($RETVAL) occur during virus scan! See $SWEEPLOG"
exit $RETVAL
fi
}
case "$1" in
scan)
scan
;;
update)
update
;;
cron)
update
scan
;;
*)
echo $"Usage: $0 {scan|update|cron}"
exit 1
esac
exit 0