Raphaël Numbus
89 lines
2.7 KiB
Nix
89 lines
2.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.numbus.services.clamav;
|
|
clamav_notifier = pkgs.writeScript "clamav-notify.sh" ''
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
# Check if triggered by Real-time event (file exists)
|
|
if [ -f /var/lib/clamav/virus_event.env ]; then
|
|
source /var/lib/clamav/virus_event.env
|
|
rm /var/lib/clamav/virus_event.env
|
|
fi
|
|
|
|
ADMIN_EMAIL="${config.numbus.mail.adminAddress}"
|
|
USER_EMAIL="${config.numbus.mail.userAddress}"
|
|
OWNER_NAME="${config.numbus.owner}"
|
|
|
|
if [ -n "$CLAM_VIRUSEVENT_VIRUSNAME" ]; then
|
|
# --- Real-time / VirusEvent Mode ---
|
|
SUBJECT="Numbus Server Alert: Virus Detected (Real-time)"
|
|
|
|
# Retrieve logs from clamav-daemon
|
|
LOGS=$(journalctl -u clamav-daemon.service -n 50 --no-pager | grep "FOUND")
|
|
|
|
TECH_BODY="
|
|
ClamAV Real-time Alert:
|
|
Server owner: $OWNER_NAME
|
|
|
|
Virus detected: $CLAM_VIRUSEVENT_VIRUSNAME
|
|
File: $CLAM_VIRUSEVENT_FILENAME
|
|
|
|
Logs:
|
|
$LOGS
|
|
|
|
Action taken: Access blocked (OnAccessPrevention).
|
|
Please investigate manually.
|
|
"
|
|
|
|
FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
|
|
|
|
L'antivirus de votre serveur a détecté et bloqué une menace en temps réel.
|
|
Fichier : $CLAM_VIRUSEVENT_FILENAME
|
|
|
|
Votre administrateur a été notifié.
|
|
"
|
|
else
|
|
# --- Scheduled Scan Summary Mode ---
|
|
SUBJECT="Numbus Server Alert: Virus Detected during Scheduled Scan"
|
|
|
|
# Retrieve logs (clamdscan prints FOUND when a virus is detected)
|
|
LOGS=$(journalctl -u clamav-periodic-scan.service -n 100 --no-pager | grep "FOUND")
|
|
|
|
TECH_BODY="
|
|
ClamAV Scan Alert:
|
|
Server owner: $OWNER_NAME
|
|
|
|
Viruses detected:
|
|
$LOGS
|
|
|
|
Action taken: Detection only.
|
|
Please investigate manually.
|
|
"
|
|
|
|
FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
|
|
|
|
L'antivirus de votre serveur a détecté une menace potentielle lors de l'analyse périodique.
|
|
Votre administrateur a été notifié avec les détails techniques.
|
|
Nous vous conseillons d'être prudent avec vos fichiers récents.
|
|
"
|
|
fi
|
|
|
|
printf "Subject: [ADMIN] %s\n\n%s" "$SUBJECT" "$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
|
|
printf "Subject: [Alerte] Menace détectée sur votre serveur Numbus\n\n%s\n\nMerci de votre confiance,\nL'équipe de support,\nNumbus-Server." "$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
|
|
'';
|
|
in
|
|
|
|
{
|
|
config = mkIf cfg.enable {
|
|
systemd.services.clamav-virus-notify = {
|
|
description = "Email notification for ClamAV virus detection";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${clamav_notifier}";
|
|
};
|
|
};
|
|
};
|
|
} |