-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathclamscan_weekly.sh
74 lines (57 loc) · 2.16 KB
/
clamscan_weekly.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
# email subject
SUBJECT="VIRUS DETECTED ON $(hostname -f)!!!"
# Email To ?
EMAIL="root"
# Log location
LOG=/var/log/clamav/clamscan-$(date +'%Y-%m-%d').log
# Excluded Directories
EXCLUDES=""
INCLUDES=$(/usr/bin/findmnt --noheadings --output "TARGET" --list --types $(echo -n "zfs," ; /usr/bin/grep -v nodev /proc/filesystems | /usr/bin/paste -sd, - | /usr/bin/tr -d \\t)" | paste -sd" " - )
echo "" >> ${LOG}
echo "-- Start $0 at $(date)" >> ${LOG}
echo "" >> ${LOG}
check_scan () {
# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ $(grep "Infected files:" ${LOG} |grep -v "Infected files: 0" | wc -l) != 0 ]
then
echo "" >> ${LOG}
echo "-- Infection detected, sending alert to $EMAIL" >> ${LOG}
echo "" >> ${LOG}
EMAILMESSAGE=$(mktemp /tmp/virus-alert.XXXXX)
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From: root@$(hostname -f)" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
#echo "$(tail -n 50 ${LOG})" >> ${EMAILMESSAGE}
cat ${EMAILMESSAGE} | /bin/mail -a "$LOG" -s "$SUBJECT" "$EMAIL";
fi
}
# Update ClamAV database
echo >> $LOG;
echo "-- Looking for ClamAV database updates at $(date)" >> $LOG;
echo >> $LOG;
/usr/bin/freshclam >> $LOG 2>&1;
echo >> $LOG;
# Build Exclude Lists
for X in $SCAN_EXCLUDE_DIR ; do
FULL_EXCLUDES="$FULL_EXCLUDES --exclude-dir=$X"
done
echo "" >> ${LOG}
echo "-- Clamscan started at $(date)" >> ${LOG}
echo "" >> ${LOG}
echo "Command line: clamscan -r $INCLUDES --exclude-dir=/sys/ $FULL_EXCLUDES --quiet --infected --log=${LOG} --cross-fs=no" >> ${LOG}
clamscan -r $INCLUDES --exclude-dir=/sys/ $FULL_EXCLUDES --quiet --infected --log=${LOG} --cross-fs=no
echo "" >> ${LOG}
check_scan
echo "" >> ${LOG}
echo "-- Scan Complete $(date)" >> ${LOG}
echo "" >> ${LOG}
echo "" >> ${LOG}
echo "-- Cleaning Log Files at $(date)" >> ${LOG}
echo "" >> ${LOG}
find /var/log/clamav -mtime +30 -exec rm {} \;
echo "" >> ${LOG}
echo "***End $0 at $(date)" >> ${LOG}
echo "" >> ${LOG}