Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. In the previous article, I shown you “How To Install/Compile ClamAV In CentOS 6“. In this article, I will continue to show you How to use ClamAV & Cronjobs to run daily & hourly virus scans.
The first, I will create a new directory to store script & log files of ClamAV
# mkdir -p /usr/local/clamav/script # mkdir -p /usr/local/clamav/log
Setting up hourly scans
Creating a file called name clamscan_hourly
# vi /usr/local/clamav/script/clamscan_hourly
And add the following code
#!/bin/bash SUBJECT="`hostname` PASSED HOURLY SCAN" EMAIL="[email protected]" LOG=/usr/local/clamav/log/clamav.log TMP_LOG=/tmp/clam.hourly av_report() { if [ `cat ${TMP_LOG} | grep Infected | grep -v 0 | wc -l` != 0 ] then SUBJECT="[WARNING] `hostname` PASSED HOURLY SCAN" fi EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: [email protected]" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} echo "`tail -n 50 ${TMP_LOG}`" >> ${EMAILMESSAGE} sendmail -t < ${EMAILMESSAGE} cat ${TMP_LOG} >> ${LOG} rm -rf ${TMP_LOG} } av_scan() { touch ${TMP_LOG} find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${TMP_LOG} } av_scan av_report freshclam
Save the file. Make sure it’s executable, type
# chmod +x /usr/local/clamav/script/clamscan_hourly
Setting up daily scans
Creating a file called name clamscan_daily
# vi /usr/local/clamav/script/clamscan_daily
And add the following code
#!/bin/bash SUBJECT="`hostname` PASSED DAILY SCAN" EMAIL="[email protected]" LOG=/usr/local/clamav/log/clamav.log TMP_LOG=/tmp/clam.daily av_report() { if [ `cat ${TMP_LOG} | grep Infected | grep -v 0 | wc -l` != 0 ] then SUBJECT="[WARNING] `hostname` PASSED DAILY SCAN" fi EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: [email protected]" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} echo "`tail -n 50 ${TMP_LOG}`" >> ${EMAILMESSAGE} sendmail -t < ${EMAILMESSAGE} cat ${TMP_LOG} >> ${LOG} rm -rf ${TMP_LOG} } av_scan() { touch ${TMP_LOG} clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${TMP_LOG} } av_scan av_report
Save the file. Make sure it’s executable, type
# chmod +x /usr/local/clamav/script/clamscan_daily
Setting Up Crontab to run ClamAV hourly & daily scans
Type the following command
# crontab -e
Add the following code
# ClamAV scan 01 * * * * /usr/local/clamav/script/clamscan_hourly 01 00 * * * /usr/local/clamav/script/clamscan_daily
Setting up log rotation for ClamAV
Creating a file called name clamav, type
# vi /etc/logrotate.d/clamav
Add the following code
/usr/local/clamav/log/*.log { daily dateext dateformat -%d%m%Y missingok rotate 90 compress delaycompress notifempty create 600 root root }
{ 1 comment… read it below or add one }
Great article.
This app can scan PHP shell ?