|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
aliases pointed at commands, WAS: Re: MyDoom war front (Postfix + Vexira Antivirus)
From: Leeman Strout (l.strout
agilixcorp.com)
Date: Mon Feb 02 2004 - 11:46:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones wrote:
> At 05:35 PM 1/29/04, Luca Berra wrote:
>
>> On Thu, Jan 29, 2004 at 01:15:42PM -0600, Noel Jones wrote:
>>
>>> Clamav released a definition (they call it Worm.SCO.A) at
>>> 26-Jan-2004 20:23 GMT.
>>>
>>> My server downloaded the definitions at 20:35 GMT (download trigged by
>>> an annoucement email).
>
>
>> could you detail how you handle this?
>
>
> Well, pretty simpleminded really.
> I created a local "clamupdate" alias and signed it up for the
> clamav-virusdb announcement mail list.
> Then I added a local alias entry like:
> clamupdate: |/usr/local/bin/freshclam.script
>
> The script then runs freshclam, and mails me what happened.
>
> (all on one line)
> /usr/local/bin/freshclam --log-verbose --log=/var/log/clam-update.log
> --on-error-execute='echo
> freshclam.script FAILED | /usr/local/bin/mutt -s "freshclam.script
> **FAILED**" postmasterlocalhost
> ' --on-update-execute='echo freshclam.script update OK |
> /usr/local/bin/mutt -s "freshclam.script upda
> te success" postmasterlocalhost'
>
> If you use procmail, you could just create a filter that finds mail
> containing:
> Subject: [Clamav-virusdb] Update
> and then runs the script. I don't know the procmail syntax, but I bet
> it's pretty simple.
I'm attempting to do the above with Sophos. My main problem is
permissions as the script is executed as user nobody. What would be the
"right" way to deal with this? I don't exactly like the idea of giving
"nobody" permissions on removing/updating my AV setup.
Thanks,
Leeman
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]