#/bin/csh -f    This program is written in csh  (C-shell)
# VFCHMOD (vfind-chmod) Version 2.0 November 1997
#
# THIS PROGRAM REQUIRES LOCAL CUSTOMIZATION PRIOR TO USE 
#
# Program vfchmod Version 2.0 November 1, 1997
# Copyright November 1, 1997 by Peter V. Radatti.  All rights reserved.
# Version 1.0 Feb. 1993
# Copyright Feb 1993 by Peter V. Radatti.  All rights reserved.
 
# PURPOSE OF PROGRAM
# This program will isolate all virus infected files on a UNIX system
# by setting their permission bits to zero and sending a report to the
# "root" user.  See the man pages for the command "chmod" for more 
# information.  For more information on vfchmod visit http://www.cyber.com

# KNOWN LIMITATIONS
# This script has a known limitation on the number of infected files
# that it can process.  If the number is very large then the script
# will abort with an error message about "too many words".  This is
# a system dependent limitation of the c-shell and can not be corrected.
# If the chfile report contains the words "End of Job" on the last line
# then the script processed without error.
# A third version of this script in being tested which may work around
# this limitation.
 
# CUSTOMIZATION AND SETUP SUGGESTIONS
# The vfind command must be in your path.  The LICENSE file
# must be operative.  I also suggest that this example script be 
# modified according to your requirements.  At the least, you may wish
# to add in the "uad" and "cit" commands.  You may wish to change the
# chmod to a remove but I strongly suggest you not do so.

echo "VFCHMOD C-Shell Example Script Version 2.0 November 1997"

# Force the removal and creation of the log file
/bin/rm -f chfile 
touch chfile

# Setup a "header" in the "chfile" report
echo -n "Report for Host: " >> chfile
hostname >> chfile
echo -n "Date of report: " >> chfile
date >> chfile
echo "LIST OF FILES WHOSE PERMISSION BITS WERE SET TO 000" >> chfile
echo " " >> chfile

# Mail loop.  The variable "subname" is set to the filename of every
# infected file.  This is then used to chmod the infected file.
# Note that the -quiet=2 on VFind makes the process run faster.
foreach subname (`find / -type f -print | $VSTK_HOME/bin/vfind --quiet=2 | grep "##==>>>>" |\
		  grep "FILE:"|awk -F: '{print $2}'`)
	echo "Chmoding Infected file: $subname"
	echo "$subname" >> chfile
	chmod 000 $subname
end

#Mail out the report and end program
echo "End of Job" >> chfile
mail root < chfile
echo "End of Job"