| Is it possible to receive e-mails each time the Preloadable Library Call Wrapper finds a virus? |
The Preloadable Library Call Wrapper does not have a built-in feature for reporting infected files. The Preloadable Library Call Wrapper does, however, log infections to syslog using the AUTHPRIV facility and the INFO priority. Therefore, administrators can get a digest of infections on their machines by perusing the file to which syslog is instructed to log these messages. Also, it is then possible for an administrator to create a script that works as a cron job to e-mail this file periodically to a specific e-mail address and then truncate the logfile.
To place all messages on authpriv.info to a file called, for example, /var/log/security_info, you must put the following line in your /etc/syslog.conf:
authpriv.info
/var/log/security_info
Make sure you initially create the file /var/log/security_info, because syslog never creates files.
To periodically e-mail this file and truncate it, you need to put this in a script(e.g. /usr/local/bin/maildigest.sh):
#!/bin/sh
cat /var/log/security_info | mail -s "Security digest" root@localhost
echo > /var/log/security_info
Then create a crontab entry for it by typing the command crontab -e as root and entering the following:
0 17 * * 1-5
/usr/local/bin/maildigest.sh
This will cause cron to run the script every weekday at 17:00. Thus giving root a digest of security related actions since the last report.
Feedback | Contact Technical Support | Contact Sales Support |