4
edits
Changes
From Amahi Wiki
no edit summary
'''NOTE:''' You will need to enable email on your HDA to use option "b". See [[Main_Page#Community_Tutorials|Community Tutorials]] for guidance.
==== Incremental Daily and Full Weekly Scans ====
You can expand on the above by making a daily cronjob script that only scans files changed in the last 24 hours, and a weekly cronjob script that does a full filesystem scan. You may choose to do this for reasons of efficiency, as scanning only the files changed in the last 24 hours is an order of magnitude faster. Your daily cron file would look something more like this:
{{Code|Code =
#!/usr/bin/env bash
# Variables
DATE=$(date +%Y%m%d)
DIR="/var/log/clamav"
LIST="${DIR}/scan.$DATE"
RESULTS="${DIR}/scanresults.${DATE}"
# A list of partitions and/or directories to scan, in this example /, /boot and /home are on separate partitions
SCANDIRS="/ /boot /home"
# Number of days to keep files generated by this script. Default is 7.
LOGROTATION=7
# Remove files older than the number of days set with the $LOGROTATION variable.
# One might choose to comment this out and keep the files for trend-tracing, breakfix etc),
find ${DIR} -name "scan*" -mtime +${LOGROTATION} -exec rm -f {} \;
# Generate a list of files created in the last 24 hours, this list is fed into clamscan
# Because we're using -mount to prevent unwanted filesystem traversal,
# you'll need to specify per partition or directory with the SCANDIRS variable.
for S in ${SCANDIRS}; do
find "${S}" -mount -mtime 0 >> "${LIST}"
done
# Run clamscan against the list of files and pipe the results out to the results file
# -i prints only infected files, -f is the list of files to scan, and -l is the output log
clamscan -i -f "${LIST}" -l "${RESULTS}"
}}
== Using Greyhole ==
