This script scans a set of folders and reports back to an administrator if a threat is found.
If you dont got it already:
# apt-get update && apt-get install clamav clamav-freshclam s-nail
then create a script for daily scanning:
#vim /opt/clamav-daily.sh
#!/bin/bash
#
# ClamAV-daily.sh - Scans a set of folders and reports back to an administrator if a threat is found.
# 2018 ASBRA AB, Nimpen J. Nordström <j@asbra.nu>
### Check permissions & dependencies
[[ ${UID} -ne 0 ]] && { echo "You are not root!"; exit 1; }
[[ -z "$(which s-nail)" ]] && { echo "You are missing the s-nail package!"; exit 1; }
### Variables
DIRS="/tmp/virus";
EMAIL_SUBJECT="Virus/Malware found on Server 7"
EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="clamav-daily@asbra.nu";
EMAIL_TO="order@vasteraskopia.se";
LOGFILE="/var/log/clamav-$(date +'%Y-%m-%d').log";
### Function for sending mail/sms/wall or whatever you like
alert() {
#echo "${EMAIL_MSG}"|s-nail -a "${LOGFILE}" -s "${EMAIL_SUBJECT}" -r "${EMAIL_FROM}" "${EMAIL_TO}";
wall "$EMAIL_SUBJECT see ${LOGFILE}"
}
### Scan each directory one at a time
for DIR in ${DIRS} ; do
echo -e "\n----------- SCAN START ($(date)) -----------" >> ${LOGFILE}
echo "Scanning: ${DIR}.\n" >> ${LOGFILE}
clamscan --recursive --infected "${DIR}" >> "${LOGFILE}";
echo -e "\n----------- SCAN END -----------" >> ${LOGFILE}
### Did we get a positive..?
[[ "0" -ne $(tail "${LOGFILE}"|grep Infected|cut -d" " -f3) ]] && ERROR=1
done
### Send alert if positive
[[ -n "${ERROR}" ]] && alert
exit 0