Automating Linux Anti-Virus Using ClamAv and Cron

Clam AntiVirus (ClamAV) is a free, cross-platform antivirus tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mailservers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, LINUX, MAC OS X, openVMS, OSF (Tru64) and Solaris.Here in this section we will try to automate the entire Process of clamAv using cronjob.We are using Red-hat enterprises Linux platform to test this.

Step 1: Install ClamAV

We can use yum command to install clamav in the server.

# yum install clamav clamav-db clamd

Try to start the clamav by typing the command below.

# /etc/init.d/clamd start

This automatically sets up a daily cron job which runs fresh clam to update virus definitions.

Step 2 : Create new cron jobs to run daily virus scans

First we need to create a file clamscan_daily in cron.daily folder.It will help us to paste our script in this file,all the files or scripts in this folder will run automatically daily.

Create a clamscan_daily file in the folder cron.daily

#vi /etc/cron.daily/clamscan_daily

Paste the below script in the file and save.

#!/bin/bash

# email subject

SUBJECT=”VIRUS DETECTED ON `hostname`!!!”

# Email To ?

EMAIL=”alert@domain.com”

# Log location

LOG=/var/log/clamav/scan.log

check_scan () {

# Check the last set of results. If there are any “Infected” counts that aren’t zero, we have a problem.

if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]

then

EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`

echo “To: ${EMAIL}” >> ${EMAILMESSAGE}

echo “From: alert@domain.com” >> ${EMAILMESSAGE}

echo “Subject: ${SUBJECT}” >> ${EMAILMESSAGE}

echo “Importance: High” >> ${EMAILMESSAGE}

echo “X-Priority: 1” >> ${EMAILMESSAGE}

echo “`tail -n 50 ${LOG}`” >> ${EMAILMESSAGE}

sendmail -t < ${EMAILMESSAGE}

fi

}

clamscan -r / –exclude-dir=/sys/ –quiet –infected log=${LOG}

Step 3 : set-up proper permission to the file

#chmod +x /etc/cron.hourly/clamscan_hourly

This steps will help to setup automation of clamav in the server and reports are send directly to the email given in the script.

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Leave a Reply