If any client demanding us to setup an automated ClamAV Virus Scanning in the server. Please do the following
The most simple way is trying a cron job on daily basis or hourly basis according to client's wish.
First of all you need to install the clamAV >> yum install clamav clamav-db clamd
Starting it>>/etc/init.d/clamd start
Removing the test virus files>> rm -rf /usr/share/doc/clamav-0.95.3/test/
Creating the scripts
>> vi /etc/cron.daily/clamscan_daily
Past these into the file
=================================================================
#!/bin/bash
# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="
me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log
check_scan () {
# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From:
alert@domain.com" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi
}
clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
===================================================================
For hourly base >> vi /etc/cron.hourly/clamscan_hourly
paste these
===================================================================
#!/bin/bash
# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="
me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log
check_scan () {
# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From:
alert@domain.com" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi
}
find
/ -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61
-type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/
--exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
find
/ -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61
-type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/
--exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
===================================================================
NB>>Dont forget to give the execution permission to both the scripts>>
chmod +x script
You can customize the log file according to the client's wish but should be updated in the script along with the full path.
You are permitted to customize all the variables also but should be legible account in case of E-mail account.
If you have done these then you are all set to go...