clamscan

Updated script to scan linux servers for viruses.

!/bin/bash
 Test log with Infected files
 LOGFILE="/var/log/clamav/malware_detected.log";
 LOGFILE="/var/log/clamav/clamav-$(/bin/date +'%Y-%m-%d').log";
 EMAIL_TO="you@yourdomain.com";
 Need to build an email header to know which system is scanned.
 Gmail gateway is overwriting from line when it forwards the email.
 HEADER_OS_LEVEL="$(/bin/uname -a)";
 HEADER_DATE="$(/bin/date)";
 > /var/log/clamav/freshclam.log
 /usr/bin/freshclam
Test clamscan
 /usr/bin/clamscan -ri /root/* > "$LOGFILE";
 /usr/bin/clamscan -ri --exclude-dir=/sys/* / > "$LOGFILE";
 get the value of "Infected lines"
 MALWARE=$(/bin/cat "$LOGFILE" | /bin/grep Infected | /usr/bin/cut -d" " -f3);
 if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
 /bin/echo " " > /var/log/clamav/EMAIL.MSG;
 /bin/echo "OS: $HEADER_OS_LEVEL" >> /var/log/clamav/EMAIL.MSG;
 /bin/echo "Date: $HEADER_DATE" >> /var/log/clamav/EMAIL.MSG;
 /bin/echo " " >> /var/log/clamav/EMAIL.MSG;
 /bin/echo "Freshclam Status:" >> /var/log/clamav/EMAIL.MSG;
 /bin/cat /var/log/clamav/freshclam.log >> /var/log/clamav/EMAIL.MSG;
 /bin/echo " " >> /var/log/clamav/EMAIL.MSG;
 /bin/echo "Log File: $LOGFILE" >> /var/log/clamav/EMAIL.MSG;
 /bin/cat "$LOGFILE" >> /var/log/clamav/EMAIL.MSG;
 /bin/cat /var/log/clamav/EMAIL.MSG | /usr/bin/mail -s "ClamAV Alert" "$EMAIL_TO";
 fi
 exit 0