#! /bin/sh # # Use wget and uad|vfind to download, scan, and save only infected files # # Usage: wget.sh [wget options] [URL ...] # # Example: wget.sh http://www.domain.net/ # # Files will be downloaded to a www.domain.net subdirectory; # wget and vfind results will be logged to www.domain.net.LOG; # files not flagged as containing a virus will be removed; # only files flagged as containing a virus will be saved. # For uad, the level of recursion for expanding archive files is set to 25. # If this option needs to be adjusted edit the '--recursion' value # on the script line that executes uad. # # For information about wget see: # # http://www.wget.org/ # http://wget.sunsite.dk/ # http://www.gnu.org/manual/wget/ # ### ## # Please modify this script to suit your requirements before trying to use it. # CyberSoft, Inc. is not responsible for any damage, be it physical or mental, # caused or indirectly caused by this example script. # # Copyright (c) April 2003 by CyberSoft, Incorporated. ## ### umask 022 VSTK_HOME= PATH="$VSTK_HOME/bin:$VSTK_HOME/programs:/bin:/usr/bin:$PATH" export PATH # create wgetrc file # echo "robots=off" > ./wgetrc WGETRC="./wgetrc" export WGETRC # always use wget options: # # -r, --recursive # -np, --no-parent # -nv, --non-verbose # -l inf, --level=inf # no limit of recursion level # options="-r -np -nv -l inf" # additional wget options, e.g. -q, --follow-ftp # for a do case "$a" in -*) options="$options $a"; shift;; *) break;; esac done # remaining arguments are URL's # for url do dir=`echo "$url" | sed -e 's;^.*://;;' -e 's;/.*;;'` if [ -r "$dir" ]; then echo "$0: $dir exists, skipping" 1>&2 continue fi echo "$0: getting $url ..." 1>&2 wget $options "$url" 2>&1 | tee "${dir}.LOG" echo "$0: scanning $dir files ..." 1>&2 find "$dir" -type f -print | uad --recursion 25 -s -z -ssw | vfind -ssr --quiet=1 -p 2>&1 | tee -a "${dir}.LOG" | nawk -F\" ' $1 == "##==>>>> VIRUS POSSIBLE IN FILE: " || \ $1 ~ /^##==>>>> VIRUS ID: / { print } $1 == "##==> Number of possible virus infections found in file " { if( $3 == ": 0") { print $2" is clean, removing"; system("rm '\''"$2"'\''"); } } ' done