0
Setup ClamAV on CentOS 6 and Perform Daily Scans
Hi All,
This post is about Setting up ClamAV on CentOS 6 and Performing Daily Scans of the Machine and being Alerted by email if anything is found
- Setup a CentOS 6 Machine, look for a guide yourselves, sorry ๐
- Add the EPEL to the Machine
- i386
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
- x86_64
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
- i386
- Next install ClamAV
yum install clamav clamav-db clamd
- Make the stuff folder mkdir /stuff
- Edit /stuff/0-freshclam And add this content, not forgetting to set the variables to your requirements
#!/bin/sh # set the log file LOG_FILE="/var/log/clamav/freshclam.log" if [ ! -f "$LOG_FILE" ]; then touch "$LOG_FILE" chmod 644 "$LOG_FILE" chown clam.clam "$LOG_FILE" fi /usr/bin/freshclam \ --quiet \ --datadir="/var/lib/clamav" \ --log="$LOG_FILE" - Edit /stuff/1-clamscan And add this content, not forgetting to set the variables to your requirements
#!/bin/bash NOW=$(date +"%d-%m-%Y") # email subject SUBJECT="VIRUS DETECTED ON `hostname`!!!" # Email To ? EMAIL="to@me.com" # Email From ? FROMEMAIL="alert@fromme.com" # Log location LOG=/var/log/clamav/scan-$NOW.log # SCAN WHICH FOLDERS SCAN="/" #SCAN="/|/bob/|/fred/" # IGNORE WHICH FOLDERS IGNORE="/sys/" #IGNORE="/sys/|/fred/|/bob/" # force remove of old log file `rm -f $LOG` check_scan () { # Check results. If there are any "Infected", we have a problem. if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ] then EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: ${FROMEMAIL}" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} echo "`cat ${LOG}`" >> ${EMAILMESSAGE} `/usr/sbin/sendmail -f ${FROMEMAIL} -t < ${EMAILMESSAGE}` fi } clamscan -r ${SCAN} --exclude-dir=${IGNORE} --quiet --infected --log=${LOG} check_scan - edit your crontab using crontab -e and add these files to the file
1 0 * * * /stuff/0-freshclam 40 0 * * * /stuff/1-clamscan
- And you are good to go ๐ ๐