Detect Viruses with ClamAV

This script scans a set of folders and reports back to an administrator if a threat is found.

If you dont got it already:

# apt-get update && apt-get install clamav clamav-freshclam s-nail

then create a script for daily scanning:

#vim /opt/clamav-daily.sh

#!/bin/bash
#
# ClamAV-daily.sh - Scans a set of folders and reports back to an administrator if a threat is found.
# 2018 ASBRA AB, Nimpen J. Nordström  <j@asbra.nu>

### Check permissions & dependencies
[[ ${UID} -ne 0 ]] && { echo "You are not root!"; exit 1; }
[[ -z "$(which s-nail)" ]] && { echo "You are missing the s-nail package!"; exit 1; }

### Variables
DIRS="/tmp/virus";
EMAIL_SUBJECT="Virus/Malware found on Server 7"
EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="clamav-daily@asbra.nu";
EMAIL_TO="order@vasteraskopia.se";
LOGFILE="/var/log/clamav-$(date +'%Y-%m-%d').log";

### Function for sending mail/sms/wall or whatever you like
alert() {
    #echo "${EMAIL_MSG}"|s-nail -a "${LOGFILE}" -s "${EMAIL_SUBJECT}" -r "${EMAIL_FROM}" "${EMAIL_TO}";
    wall "$EMAIL_SUBJECT see ${LOGFILE}"
}

### Scan each directory one at a time
for DIR in ${DIRS} ; do
        echo -e "\n----------- SCAN START ($(date)) -----------" >> ${LOGFILE}
        echo "Scanning: ${DIR}.\n" >> ${LOGFILE}
    clamscan --recursive --infected "${DIR}" >> "${LOGFILE}";
        echo -e "\n----------- SCAN END -----------" >> ${LOGFILE}

        ### Did we get a positive..?
        [[ "0" -ne $(tail "${LOGFILE}"|grep Infected|cut -d" " -f3) ]] && ERROR=1
done

### Send alert if positive
[[ -n "${ERROR}" ]] && alert

exit 0

Published by Nimpen J. Nordström

System Developer and Network Security Enthusiast

Leave a comment

Your email address will not be published. Required fields are marked *