Difference between revisions of "Virus Scan Shares"
Line 17: | Line 17: | ||
==== Configure Daily Scan ==== | ==== Configure Daily Scan ==== | ||
In this example, we will configure a cronjob to scan the Docs share every day: | In this example, we will configure a cronjob to scan the Docs share every day: | ||
− | * Create | + | * Create '''/etc/cron.daily/manual_clamscan''' and add the text for scan or scan with email notifications: |
− | + | :a. <u>Scan</u> - Change SCAN_DIR to the directory that you want to scan. | |
− | |||
#!/bin/bash | #!/bin/bash | ||
SCAN_DIR="/var/hda/files/docs" | SCAN_DIR="/var/hda/files/docs" | ||
LOG_FILE="/var/log/clamav/manual_clamscan.log" | LOG_FILE="/var/log/clamav/manual_clamscan.log" | ||
/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE | /usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE | ||
+ | :b. <u>Scan with email notifications</u> - Change SCAN_DIR to the directory that you want to scan, EMAIL and EMAIL_FROM to your email addresses. | ||
+ | <pre>#!/bin/bash | ||
+ | # Email alert cron job script for ClamAV | ||
+ | # Original, unmodified script by: Deven Hillard | ||
+ | #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html) | ||
+ | # Modified to show infected and/or removed files | ||
+ | # Directories to scan | ||
+ | SCAN_DIR="/var/hda/files/docs" | ||
+ | # Location of log file | ||
+ | LOG_FILE="/var/log/clamav/manual_clamscan.log" | ||
+ | # Uncomment to have scan remove files | ||
+ | #AGGRESSIVE=1 | ||
+ | # Uncomment to have scan not remove files | ||
+ | AGGRESSIVE=0 | ||
+ | # Email Subject | ||
+ | SUBJECT="Infections detected on `hostname`" | ||
+ | # Email To | ||
+ | EMAIL="your.email@your.domain.com" | ||
+ | # Email From | ||
+ | EMAIL_FROM="clamav@server.hostname.com" | ||
+ | check_scan () { | ||
+ | # If there were infected files detected, send email alert | ||
+ | if [ `tail -n 12 ${LOG_FILE} | grep Infected | grep -v 0 | wc -l` != 0 ] | ||
+ | then | ||
+ | # Count number of infections | ||
+ | SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files') | ||
+ | INFECTIONS=${SCAN_RESULTS##* } | ||
+ | |||
+ | EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` | ||
+ | echo "To: ${EMAIL}" >> ${EMAILMESSAGE} | ||
+ | echo "From: ${EMAIL_FROM}" >> ${EMAILMESSAGE} | ||
+ | echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} | ||
+ | echo "Importance: High" >> ${EMAILMESSAGE} | ||
+ | echo "X-Priority: 1" >> ${EMAILMESSAGE} | ||
+ | if [ $AGGRESSIVE = 1 ] | ||
+ | then | ||
+ | echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE} | ||
+ | else | ||
+ | echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE} | ||
+ | fi | ||
+ | sendmail -t < ${EMAILMESSAGE} | ||
+ | fi | ||
+ | } | ||
+ | if [ $AGGRESSIVE = 1 ] | ||
+ | then | ||
+ | /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE | ||
+ | else | ||
+ | /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE | ||
+ | fi | ||
+ | check_scan</pre> | ||
* Give our cron script executable permissions: | * Give our cron script executable permissions: | ||
chmod +x /etc/cron.daily/manual_clamscan | chmod +x /etc/cron.daily/manual_clamscan |
Revision as of 00:01, 20 July 2014
ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.
Install
- Install required ClamAV packages
yum install clamav clamav-update
- Edit /etc/freshclam.conf and make the following changes:
- Comment out “Example”
- Uncomment lines
- “DNSDatabaseInfo current.cvd.clamav.net”
- “DatabaseMirror db.XY.clamav.net” (replace XY with your country code)
- Ensure line “DatabaseMirror database.clamav.net” is uncommented
- Update ClamAV’s signatures
/usr/bin/freshclam
NOTE: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.
Configure Daily Scan
In this example, we will configure a cronjob to scan the Docs share every day:
- Create /etc/cron.daily/manual_clamscan and add the text for scan or scan with email notifications:
- a. Scan - Change SCAN_DIR to the directory that you want to scan.
#!/bin/bash SCAN_DIR="/var/hda/files/docs" LOG_FILE="/var/log/clamav/manual_clamscan.log" /usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE
- b. Scan with email notifications - Change SCAN_DIR to the directory that you want to scan, EMAIL and EMAIL_FROM to your email addresses.
#!/bin/bash # Email alert cron job script for ClamAV # Original, unmodified script by: Deven Hillard #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html) # Modified to show infected and/or removed files # Directories to scan SCAN_DIR="/var/hda/files/docs" # Location of log file LOG_FILE="/var/log/clamav/manual_clamscan.log" # Uncomment to have scan remove files #AGGRESSIVE=1 # Uncomment to have scan not remove files AGGRESSIVE=0 # Email Subject SUBJECT="Infections detected on `hostname`" # Email To EMAIL="your.email@your.domain.com" # Email From EMAIL_FROM="clamav@server.hostname.com" check_scan () { # If there were infected files detected, send email alert if [ `tail -n 12 ${LOG_FILE} | grep Infected | grep -v 0 | wc -l` != 0 ] then # Count number of infections SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files') INFECTIONS=${SCAN_RESULTS##* } EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: ${EMAIL_FROM}" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} if [ $AGGRESSIVE = 1 ] then echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE} else echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE} fi sendmail -t < ${EMAILMESSAGE} fi } if [ $AGGRESSIVE = 1 ] then /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE else /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE fi check_scan
- Give our cron script executable permissions:
chmod +x /etc/cron.daily/manual_clamscan
- Create empty log file
mkdir -p /var/log/clamav touch /var/log/clamav/manual_clamscan.log
- (OPTIONAL) Run the script
/etc/cron.daily/manual_clamscan
And you’re done! That should be the minimum required to install ClamAV and Perform a daily scan of a specific directory.
Reference: How to Install ClamAV and Configure Daily Scanning on CentOS
Using Greyhole
You will need to do some additional setup to scan files when using Greyhole.
- Set up mount shares locally
- Ensure the SCAN_DIR=
/mnt/samba/share
and not/var/hda/files/share
Now when the daily scan runs, it will scan the Greyhole enabled share correctly.