###########################################################################
# clam-update script for Logwatch
# Analyzes the Clam Anti-Virus update log
#
# Originally written by: Lars Skjærlund <lars@skjaerlund.dk>
#
# Please send all comments, suggestions, bug reports,
#    etc, to logwatch-devel@lists.sourceforge.net
#########################################################################

########################################################
## Copyright (c) 2008 Lars Skjærlund
## Covered under the included MIT/X-Consortium License:
##    http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms.  If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions.  If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################

#########################################################################
# Files - all shown with default paths:
#
# /usr/share/logwatch/default.conf/logfiles/clam-update.conf
# /usr/share/logwatch/default.conf/services/clam-update.conf
# /usr/share/logwatch/scripts/services/clam-update (this file)
#
# ... and of course
#
# /var/log/clamav/freshclam.log
#########################################################################

#########################################################################
# Important note:
#
# If no update attempt has been done, an alert will be output to inform
# you about this (which probably means that freshclam isn't running).
#
# If you have stopped using ClamAV and would like to get rid of the
# alert, you should delete the logfile. If there's no logfile, no alerts
# will be output - but if Logwatch finds a logfile and no update attempts
# have been made for whatever timeperiod Logwatch is analyzing, an alert
# will be output.
#########################################################################

use Logwatch ':dates';

my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

my $time          = time;
my $Date;
my $SearchDate;
my $InRange       = 0;
my $UpdatedNum    = 0;
my $Status        = "";
my $Version       = "";

my %Starts;
my %Errors;
my %Warnings;


$SearchDate = TimeFilter("%b %e");

while (defined(my $ThisLine = <STDIN>)) {
   # Freshclam ends log messages with a newline.  If using the LogSyslog option, this is
   # turned into a space.  So we remove a space from every line, if it exists.
   $ThisLine =~ s/ $//;
   #If LogTime = yes in freshclam.conf then strip it
   $ThisLine =~ s/^... ... .. ..:..:.. .... \-\> //;
   if (
       # separator of 38 dashes
       ($ThisLine =~ /^\-{38}$/) or
       # the following failure is also recorded with ERROR later on
       ($ThisLine =~ /^Giving up/) or
       # SIGALRM, SIGUSR1, and SIGHIP signals
       ($ThisLine =~ /^Received signal \d*,? wake up$/) or
       ($ThisLine =~ /^Received signal \d*,? re-opening log file$/) or
       # Newer versions use different syntax.  Above two lines to be deleted.
       ($ThisLine =~ /^Received signal: wake up$/) or
       ($ThisLine =~ /^Received signal: re-opening log file$/) or
       # temporary failure
       ($ThisLine =~ /^Trying again/) ) {
      # Do nothing for the above statements
   } elsif ($ThisLine =~ /^Received signal \d*,? terminating$/) {
      $InRange = 0;
      $Status = "Last Status:\n   Freshclam daemon was terminated, and is not currently running\n";
   } elsif ((my $Temp) = ($ThisLine =~ /^freshclam daemon (.*)/)) {
      # just set version for now, to be used later
      $Version = $Temp;
   } elsif (($Date) = ($ThisLine =~ /^ClamAV update process started at \w{3} (\w{3} [\d ]\d ..:..:.. \d{4})$/)) {
      if ($Date =~ $SearchDate) {
         $InRange = 1;
         $UpdatedNum++;
         $Status = "Last " . $ThisLine . "\nLast Status:\n";
         if ($Version) {
            # $Starts is only set if $Version was set just before the current update process
            $Starts{$Version}++;
         }
      } else {
         $InRange = 0;
      }
      # $Version was already logged if necessary, so now we clear it
      $Version = "";
   } elsif ($InRange) {
      $Status = $Status . "   " . $ThisLine;
      chomp($ThisLine);
      if ((my $Text) = ($ThisLine =~ /^ERROR: (.*)/)) {
         $Errors{$Text}++;
      } elsif (($Text) = ($ThisLine =~ /^WARNING: (.*)/)) {
         $Warnings{$Text}++;
      }
   }
}


#####################################################################
if (keys %Starts and ($Detail >= 5)) {
   print "\nThe following version(s) of the freshclam daemon were started\n";
   foreach my $Version (sort keys %Starts) {
      print "   $Version: $Starts{$Version} Time(s)\n";
   }
}

if ($UpdatedNum) {
   print "\nThe ClamAV update process was started $UpdatedNum time(s)\n"
      if ($Detail >= 5);
}
else {
   print "\nNo updates detected in the log for the freshclam daemon (the\n";
   print "ClamAV update process).  If the freshclam daemon is not running,\n";
   print "you may need to restart it.  Other options:\n\n";
   print "A. If you no longer wish to run freshclam, deleting the log file\n";
   print "   (configured is $ENV{'LOGWATCH_LOGFILE_LIST'}) will suppress this error message.\n\n";
   print "B. If you use a different log file, update the appropriate\n";
   print "   configuration file.  For example:\n";
   print "      echo \"LogFile = log_file\" >> /etc/logwatch/conf/logfiles/clam-update.conf\n";
   print "   where log_file is the filename of the freshclam log file.\n\n";
   print "C. If you are logging using syslog, you need to indicate that your\n";
   print "   log file uses the syslog format.  For example:\n";
   print "      echo \"*OnlyService = freshclam\" >> /etc/logwatch/conf/logfiles/clam-update.conf\n";
   print "      echo \"*RemoveHeaders\" >> /etc/logwatch/conf/logfiles/clam-update.conf\n";
}

if ($Status) {
   print "\n" . $Status;
};

if ($Detail >= 10) {
   if ((keys %Errors) or (keys %Warnings)) {
      print "\nThe following ERRORS and/or WARNINGS were detected when\n";
      print "running the ClamAV update process.  If these ERRORS and/or\n";
      print "WARNINGS do not show up in the \"Last Status\" section above,\n";
      print "then their underlying cause has probably been corrected.\n";
   }

   if (keys %Errors) {
      print "\nERRORS:\n";
      foreach my $Text (keys %Errors) {
         print "   $Text: $Errors{$Text} Time(s)\n";
      }
   }

   if (keys %Warnings) {
      print "\nWARNINGS:\n";
      foreach my $Text (keys %Warnings) {
         print "   $Text: $Warnings{$Text} Time(s)\n";
      }
   }
}

exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End: