On Wed, 15 Nov 2006 at 1:54:13 +0100, Laurent Besson wrote: > > First i wrote this script (name clam-ip-drop.sh) > > #! /bin/sh > > ip=`cat /var/log/httpd/error_log | grep "virus daemon" | cut -d " " -f8-8 | > cut -d "]" -f1-1`; > date=`date`; > > for i in $ip ; do > echo $date." Drop de l'IP : "$i >> /var/log/messages; > /sbin/iptables -I INPUT -s $i -j DROP; > done > > But the rule in clamd.conf seams not execute !??? > VirusEvent /path/of/prog/clam-ip-drop.sh > > The prog is executable by other !
Hopefully the user running Apache or ClamAV is not root, hence it can't modify iptables' rules. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
