Hi Guys
Last Friday ClamAV decided to tag a shed load of files as infected with
Code:
Exploit.PDF-9669 FOUND
and promptly moved the tagged files to quarantine. Now this would have been fine if it was a real virus, but some googleing came up with a dodgy ClamAV update.
So I've now got some 1000+files moved from their homes in a vast multi share super deep folder structure sitting in quarantine and they are perfectly fine.
I need to write a script to take in the log file and return the moved files to their rightful location.
Here is a snippet of the log
Code:
Scan started: Sat Jan 9 00:50:02 2010
/home/e-smith/files/ibays/executive/files/Uniform Sizes.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/Uniform Sizes.xlsx: moved to '/var/spool/clamav/quarantine//Uniform Sizes.xlsx'
/home/e-smith/files/ibays/executive/files/Mobile Phone No..xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/Mobile Phone No..xlsx: moved to '/var/spool/clamav/quarantine//Mobile Phone No..xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Redundancy Information/Grading -MASTER June 2009 - 1.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Redundancy Information/Grading -MASTER June 2009 - 1.xlsx: moved to '/var/spool/clamav/quarantine//Grading -MASTER June 2009 - 1.xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Redundancy Information/Grading -MASTER June 2009.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Redundancy Information/Grading -MASTER June 2009.xlsx: moved to '/var/spool/clamav/quarantine//Grading -MASTER June 2009.xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Current Employees/Andrew Lia/FW Student behaviour JTL1C.htm: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Current Employees/Andrew Lia/FW Student behaviour JTL1C.htm: moved to '/var/spool/clamav/quarantine//FW Student behaviour JTL1C.htm'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Sub-contractors/SubContractors.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Sub-contractors/SubContractors.xlsx: moved to '/var/spool/clamav/quarantine//SubContractors.xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Leavers/Craig Rudge 07.08.09/Grading.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Leavers/Craig Rudge 07.08.09/Grading.xlsx: moved to '/var/spool/clamav/quarantine//Grading.xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Leavers/Craig Rudge 07.08.09/Hours Overbooked.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Leavers/Craig Rudge 07.08.09/Hours Overbooked.xlsx: moved to '/var/spool/clamav/quarantine//Hours Overbooked.xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/Annual Bonus Figures/Staff List.xlsx: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/Annual Bonus Figures/Staff List.xlsx: moved to '/var/spool/clamav/quarantine//Staff List.xlsx'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/ [SPAM_]_ electrician mate.eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/ [SPAM_]_ electrician mate.eml: moved to '/var/spool/clamav/quarantine// [SPAM_]_ electrician mate.eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Vacancy query (1).eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Vacancy query (1).eml: moved to '/var/spool/clamav/quarantine//Vacancy query (1).eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/RE_ CAT5_Telecoms.eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/RE_ CAT5_Telecoms.eml: moved to '/var/spool/clamav/quarantine//RE_ CAT5_Telecoms.eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Application form.eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Application form.eml: moved to '/var/spool/clamav/quarantine//Application form.eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Electricians mate vacancy.eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Electricians mate vacancy.eml: moved to '/var/spool/clamav/quarantine//Electricians mate vacancy.eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/FW_ .eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/FW_ .eml: moved to '/var/spool/clamav/quarantine//FW_ .eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/For attention of Susanne Morris; Electrician CFB_101379 .eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/For attention of Susanne Morris; Electrician CFB_101379 .eml: moved to '/var/spool/clamav/quarantine//For attention of Susanne Morris; Electrician CFB_101379 .eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Hi, I'm Looking for work..eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Hi, I'm Looking for work..eml: moved to '/var/spool/clamav/quarantine//Hi, I'm Looking for work..eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/ [SPAM_]_ apprentiships.eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/ [SPAM_]_ apprentiships.eml: moved to '/var/spool/clamav/quarantine// [SPAM_]_ apprentiships.eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Stuart Harris cv.eml: Exploit.PDF-9669 FOUND
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/Stuart Harris cv.eml: moved to '/var/spool/clamav/quarantine//Stuart Harris cv.eml'
/home/e-smith/files/ibays/executive/files/STAFF FILE/CV's and Applications/cv.eml: Exploit.PDF-9669 FOUND
I've managed to grep the logfile for the lines I want, which I have saved into a mylog.txt file. So I just need a script to run through this and sort out the cp commands?
I hope someone can help me out.
) ...this could have been done just as easily in bash, sorry I didn't see the post earlier.
