Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: How to Automate ClamAV Virus Scanning  (Read 2436 times)

0 Members and 1 Guest are viewing this topic.

nidhinjo

  • Guest
How to Automate ClamAV Virus Scanning
« on: March 10, 2018, 01:03:06 am »

In order to setup an automated ClamAV virus scanning on the server, Kindly follow steps provided below,

The most simple way is trying a cron job on daily basis or hourly basis according to client's wish.

1.First of all you need to install the clamAV
Code: [Select]
yum install clamav clamav-db clamd2. Starting it
Code: [Select]
/etc/init.d/clamd start
3. Removing the test virus files
Code: [Select]
rm -rf /usr/share/doc/clamav-0.95.3/test/4.Creating the scripts for daily base
Code: [Select]
vi /etc/cron.daily/clamscan_daily
Past the below codes into the file

Code: [Select]
=================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

    # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
    if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: alert@domain.com" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
        echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
        sendmail -t < ${EMAILMESSAGE}
    fi

}

clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}

check_scan
===================================================================

5.For hourly base

Code: [Select]
vi /etc/cron.hourly/clamscan_hourly
Copy and past below code
Code: [Select]
===================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

    # Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
    if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: alert@domain.com" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
        echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
        sendmail -t < ${EMAILMESSAGE}
    fi

}

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
===================================================================
Please note don't forget to give the execution permission to both the scripts
Code: [Select]
chmod +x script
You can customize the log file according to the client's wish but should be updated in the script along with the full path.
You are permitted to customize all the variables also but should be legible account in case of E-mail account.

Logged
Pages: [1]   Go Up
« previous next »