clamscan logs...

.gitignore

@@ -1,2 +1,3 @@
 execguard
 migrated_apps.txt
+my_bins_apps.txt

README.md

@@ -32,16 +32,16 @@ This will initialize the /etc/execguard/system.db SQLite3 Database.
 It is in Leaning mode... All program will run as normal.
 
 ## How it works:
-* NOTE: All executables are blocked that are not in the allowed.db, so the protected_dirs config does not matter! 
+* NOTE: All executables are blocked that are not in the system.db, so the protected_dirs config does not matter! 
-* To add a program to this system.db Database: sudo execguard --update /THEPATH/TO/PROGRAM_GOES_HERE Beacreful when updating/add to the allowed Database as the whole point is to Block Bad Programs.
+* To add a program to this system.db Database: sudo execguard --update /THEPATH/TO/PROGRAM_GOES_HERE Becareful when updating/adding to the allowed Database as the whole point is to Block Bad Programs.
 * However, your systen need to run things, so be wise... 
 * You should monitor the output of the log file: 
     - tail -F /var/log/execguard.log 
 
 ## Make a key for xxtea
-This will generate a new key phrase for you that is safe in size...to be placed inside of your config.json file. Do this before you go live.
+This is done automatically in install.sh.
 ```
-sudo execguard --newKey
+execguard --newKey
 ```
 
 ## /etc/execgaurd/config.json
@@ -62,6 +62,12 @@ scan_interval is the number of minutes to delay before scanning the protected_di
     "hash_type": "sha512"
 }
 ```
+## To get root mail
+```
+sudo mail -u root
+OR
+sudo mutt -f /var/mail/root
+```
 ## Install
 ```
 cd execgaurd

core/new_file_monitor/new_file_monitor.go

@@ -90,7 +90,17 @@ func scanFile(filePath string, scannerPath string, db *sql.DB, log log.Logger) {
 	
 	log.Printf("Scanning file: %s\n", fileName)
 	
-	cmd := exec.Command(scannerPath, "-v", filePath)
+    var cmd *exec.Cmd
+    if scannerPath == "/usr/bin/clamscan" {
+        cmd = exec.Command(
+            scannerPath,
+            "-v",
+            "--move=/var/lib/clamav/quarantine",
+            "--log=/var/log/clamav/results.log",
+            filePath)
+    } else {
+        cmd = exec.Command(scannerPath, filePath)
+    }
 	output, err := cmd.CombinedOutput()
 	
 	if err != nil {

install.sh

@@ -203,4 +203,6 @@ case $? in
 esac
 ${USE_SUPER} ./execguard --update "$(pwd)/update_bins.sh"
 ${USE_SUPER} ./execguard --update "$(pwd)/sys_update.sh"
+${USE_SUPER} ./execguard --update "$(pwd)/vscan_bins.sh"
 ./update_bins.sh
+./vscan_bins.sh

vscan_bins.sh

@@ -1,4 +1,74 @@
 #!/bin/bash
+/usr/bin/echo "Stopping execguard service if on..."
+/usr/bin/sudo /usr/sbin/service execguard stop
+
+/usr/bin/echo "Dumping contents of Database to file..."
 /usr/bin/sudo /usr/bin/sqlite3 /etc/execguard/system.db "SELECT path FROM allowed;" > my_bins_apps.txt
-/usr/bin/clamscan -v --infected --move=/var/lib/clamav/quarantine --file-list=my_bins_apps.txt
+if [ $? -eq 0 ]; then
-/usr/bin/echo "Done -- you may: rm my_bins_apps"
+   /usr/bin/echo "Done dumping execs to file..."
+else
+   /usr/bin/echo "Error dumping execs to file...!"
+   exit 1
+fi
+
+/usr/bin/echo "Setting up log permissions..."
+/usr/bin/sudo /usr/bin/touch /var/log/exescans.log
+/usr/bin/sudo /usr/bin/chown root:adm /var/log/exescans.log
+/usr/bin/sudo /usr/bin/chmod 640 /var/log/exescans.log
+if [ ! -d /var/log/clamav ]; then
+    /usr/bin/sudo /usr/bin/mkdir -p /var/log/clamav
+    /usr/bin/sudo /usr/bin/chown clamav:clamav /var/log/clamav
+    /usr/bin/sudo /usr/bin/chmod 755 /var/log/clamav
+fi
+/usr/bin/sudo /usr/bin/touch /var/log/clamav/results.log
+/usr/bin/sudo /usr/bin/chown clamav:clamav /var/log/clamav/results.log
+/usr/bin/sudo /usr/bin/chmod 640 /var/log/exescans.log
+
+echo "Configuring rsyslog for exescans..."
+cat << EOF | sudo tee /etc/rsyslog.d/exescans.conf
+# Send exescans logs (facility local0) to a dedicated file
+local0.*    /var/log/exescans.log
+EOF
+
+/usr/bin/echo "Setting up log rotation..."
+cat << EOF | sudo tee /etc/logrotate.d/exescans
+/var/log/exescans.log {
+    weekly
+    missingok
+    rotate 4
+    compress
+    delaycompress
+    notifempty
+    create 640 root adm
+    su root root
+}
+EOF
+
+echo "Restarting rsyslog..."
+sudo systemctl restart rsyslog
+
+/usr/bin/echo "Running clamScan...this will take some time!"
+/usr/bin/sudo /usr/bin/clamscan -v --move=/var/lib/clamav/quarantine --file-list=my_bins_apps.txt 2>/dev/null --log=/var/log/clamav/results.log
+case $? in
+    0)
+        /usr/bin/logger -t exescans -p local0.info "System Bin clamscan Complete - All Okay..."
+        /usr/bin/echo "All is well!!! No Viruses found..."
+        ;;
+    1)
+        /usr/bin/logger -t exescans -p local0.info "System Bin clamscan Complete - Visus Found!!! Check /var/lib/clamav/quarantine"
+        /usr/bin/echo "Oh, No!! Virus Found!! Check /var/lib/clamav/quarantine"
+        ;;
+    2)
+        /usr/bin/logger -t exescans -p local0.info "System Bin clamscan Complete - Some Errors occurred...but should be Virus Free."
+        /usr/bin/echo "All done...some errors found...but should be Virus Free."
+        ;;
+    *)
+        /usr/bin/logger -t exescans -p local0.info "System Bin clamscan Complete - in a Unknown Status..."
+        /usr/bin/echo "All done unknown state..."
+        ;;
+esac
+#/usr/bin/echo "Rotating logs..."
+#/usr/bin/sudo /usr/sbin/logrotate -vf /etc/logrotate.d/exescans
+
+/usr/bin/echo "Done -- you may: \$ rm my_bins_apps"
+/usr/bin/echo "If you want to: \$ service execguard start"