forked from ni/nilrt-snac
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_clamav_config.py
More file actions
90 lines (76 loc) · 4.4 KB
/
_clamav_config.py
File metadata and controls
90 lines (76 loc) · 4.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import argparse
import os
import pathlib
from nilrt_snac._configs._base_config import _BaseConfig
from nilrt_snac._configs._config_file import _ConfigFile
from nilrt_snac import logger
from nilrt_snac.opkg import opkg_helper
class _ClamAVConfig(_BaseConfig):
"""ClamAV configuration handler."""
def __init__(self):
super().__init__("clamav")
self.clamd_config_path = "/etc/clamav/clamd.conf"
self.freshclam_config_path = "/etc/clamav/freshclam.conf"
self.virus_db_path = "/var/lib/clamav/"
self.resolv_conf_path = "/var/run/resolv.conf"
self.package_names = ["clamav", "clamav-daemon", "clamav-freshclam"]
self._opkg_helper = opkg_helper
def configure(self, args: argparse.Namespace) -> None:
"""ClamAV must be installed manually by the user."""
# Check if any ClamAV package is installed
installed_packages = [pkg for pkg in self.package_names if self._opkg_helper.is_installed(pkg)]
if not installed_packages:
print("ClamAV configuration: Manual installation required")
def verify(self, args: argparse.Namespace) -> bool:
"""Verify ClamAV configuration if any ClamAV package is installed."""
# Check if any ClamAV package is installed
installed_packages = [pkg for pkg in self.package_names if self._opkg_helper.is_installed(pkg)]
if installed_packages:
print("Verifying clamav configuration...")
valid = True
if self._opkg_helper.is_installed("clamav-freshclam"):
# Check DNS configuration (critical for freshclam)
if not os.path.exists(self.resolv_conf_path) or os.path.getsize(self.resolv_conf_path) == 0:
logger.error(f"DNS not configured: {self.resolv_conf_path} is empty or missing")
logger.error("freshclam will fail without DNS. Configure network/DNS before running freshclam.")
valid = False
# Check clamd configuration file (only if daemon package is installed)
if self._opkg_helper.is_installed("clamav-daemon"):
clamd_config = _ConfigFile(self.clamd_config_path)
if not clamd_config.exists():
logger.info(f"ClamAV daemon config file missing: {self.clamd_config_path}")
elif pathlib.Path(self.clamd_config_path).stat().st_size == 0:
logger.info(f"ClamAV daemon config file is empty: {self.clamd_config_path}")
# Check freshclam configuration file
freshclam_config = _ConfigFile(self.freshclam_config_path)
if not freshclam_config.exists():
logger.error(f"ClamAV freshclam config file missing: {self.freshclam_config_path}")
valid = False
elif pathlib.Path(self.freshclam_config_path).stat().st_size == 0:
logger.error(f"ClamAV freshclam config file is empty: {self.freshclam_config_path}")
valid = False
# Check virus database directory and that signatures have been downloaded
virus_db_dir = pathlib.Path(self.virus_db_path)
if not virus_db_dir.exists():
logger.error(f"ClamAV virus database directory missing: {self.virus_db_path}")
valid = False
else:
# Check for signature files (typically .cvd or .cld files)
signature_files = list(virus_db_dir.glob("*.cvd")) + list(virus_db_dir.glob("*.cld"))
if not signature_files:
logger.error(f"No ClamAV signature files found in {self.virus_db_path}")
logger.error("Run 'freshclam' to download virus signatures")
valid = False
else:
# Check that at least one signature file is not empty
valid_signatures = [f for f in signature_files if f.stat().st_size > 0]
if not valid_signatures:
logger.error("All ClamAV signature files are empty")
logger.error("Run 'freshclam' to download virus signatures")
valid = False
if valid:
logger.info(f"ClamAV verification passed. Found packages: {', '.join(installed_packages)}")
return valid
else:
print("ClamAV is not installed; skipping verification.")
return True