0

Setup ClamAV on CentOS 6 and Perform Daily Scans

Posted by simon on 2014-11-19 in Guides |

Hi All,

This post is about Setting up ClamAV on CentOS 6 and Performing Daily Scans of the Machine and being Alerted by email if anything is found

  1. Setup a CentOS 6 Machine, look for a guide yourselves, sorry ๐Ÿ™
  2. Add the EPEL to the Machine
    1. i386
      rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
    2. x86_64
      rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
  3. Next install ClamAV
    yum install clamav clamav-db clamd
  4. Make the stuff folder mkdir /stuff
  5. Edit /stuff/0-freshclam And add this content, not forgetting to set the variables to your requirements
    #!/bin/sh
    
    # set the log file
    LOG_FILE="/var/log/clamav/freshclam.log"
    
    if [ ! -f "$LOG_FILE" ]; then
        touch "$LOG_FILE"
        chmod 644 "$LOG_FILE"
        chown clam.clam "$LOG_FILE"
    fi
    
    /usr/bin/freshclam \
        --quiet \
        --datadir="/var/lib/clamav" \
        --log="$LOG_FILE"
    
    
  6. Edit /stuff/1-clamscan And add this content, not forgetting to set the variables to your requirements
    #!/bin/bash
    
    NOW=$(date +"%d-%m-%Y")
    # email subject
    SUBJECT="VIRUS DETECTED ON `hostname`!!!"
    # Email To ?
    EMAIL="to@me.com"
    # Email From ?
    FROMEMAIL="alert@fromme.com"
    # Log location
    LOG=/var/log/clamav/scan-$NOW.log
    # SCAN WHICH FOLDERS
    SCAN="/"
    #SCAN="/|/bob/|/fred/"
    # IGNORE WHICH FOLDERS
    IGNORE="/sys/"
    #IGNORE="/sys/|/fred/|/bob/"
    
    # force remove of old log file
    `rm -f $LOG`
    
    check_scan () {
        # Check results. If there are any "Infected", we have a problem.
        if [ `tail -n 12 ${LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
        then
            EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
            echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
            echo "From: ${FROMEMAIL}" >>  ${EMAILMESSAGE}
            echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
            echo "Importance: High" >> ${EMAILMESSAGE}
            echo "X-Priority: 1" >> ${EMAILMESSAGE}
            echo "`cat ${LOG}`" >> ${EMAILMESSAGE}
            `/usr/sbin/sendmail -f ${FROMEMAIL} -t < ${EMAILMESSAGE}`
        fi
    
    }
    
    clamscan -r ${SCAN} --exclude-dir=${IGNORE} --quiet --infected --log=${LOG}
    
    check_scan
    
    
  7. edit your crontab using crontab -e and add these files to the file
    1 0 * * * /stuff/0-freshclam
    40 0 * * * /stuff/1-clamscan
    
  8. And you are good to go ๐Ÿ˜€ ๐Ÿ™‚

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2014-2021 Simon Smith All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.