search

lisenet / clamav-daily

Automate ClamAV to perform daily system scans and send email notifications.
BSD 3-Clause "New" or "Revised" License
38 stars 20 forks source link

Support multiple directories #2

Closed Sammaye closed 8 years ago

Sammaye commented 8 years ago

Nice script but one thing that would make it a killer is being able to do multiple directories.

For example I have a couple of upload directories where foreign files could live on my system and I wish to scan all these dirs.

Would be good if you had the dir var be an array which was iterated through and the body ran on each dir.

Sammaye commented 8 years ago

Here is an example:

#!/bin/bash
# written by Tomas Nevar (tomas@lisenet.com)
# 17/01/2014 (dd/mm/yy)
# copyleft free software
#
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached.";
#EMAIL_FROM="clamav-daily@example.com";
EMAIL_TO="it@nhbs.com";
DIRSTOSCAN=("/home" "/nhbs");

# Check for mail installation
type mail >/dev/null 2>&1 || { echo >&2 "I require mail but it's not installed. Aborting."; exit 1; };

# Update ClamAV database
echo "Looking for ClamAV database updates...";
freshclam --quiet;

TODAY=$(date +%u);
for DIRTOSCAN in "${DIRSTOSCAN[@]}"; do
echo $DIRTOSCAN

        if [ "$TODAY" == "6" ];then
                echo "Starting a full weekend scan.";
                # be nice to others while scanning the entire root
                nice -n5 clamscan -ri / --exclude-dir=/sys/ &>"$LOGFILE";
        else
                DIRSIZE=$(du -sh "$DIRTOSCAN"  2>/dev/null|cut -f1);
                echo -e "Starting a daily scan of "$DIRTOSCAN" directory.\nAmount of data to be scanned is "$DIRSIZE".";
                clamscan -ri "$DIRTOSCAN" &>"$LOGFILE";
        fi

        # get the value of "Infected lines"
        MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3);

        # if the value is not equal to zero, send an email with the log file attached
        if [ "$MALWARE" -ne "0" ]; then
                echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "ClamAV: Malware Found" "$EMAIL_TO";
        fi
done

echo "The script has finished.";
exit 0;

but don't use it since I have customised it a little and it will ruin your git copy but it should show what I mean

lisenet commented 8 years ago

It's been a long time since I pushed changes to GitHub, the original script has evolved over time, it's been integrated with rkhunter, and as you suggested, gets a dir list from array. I might update the git repo at some point.

Sammaye commented 8 years ago

That would be awesome I use rkhunter too so would be good to get a definitive script, my bash skills are still mostly Google bound

lisenet commented 8 years ago

I just realised that your 'for' loop would scan the entire root twice if it was Saturdays.

Actually, depending on the amount of paths defined in DIRSTOSCAN, it may scan the entire root several times. You may therefore want to move the 'if' clause for Saturday outside the 'for' loop.

Sammaye commented 8 years ago

Ah yes so it will, good catch. I'll need to edit that tomorrow