[Clamav-users] Rescan script

[Morgan Smith]

Just over a year ago there was a small discussion about a script
re-scanning a home directory periodically in hopes of detecting old
e-mail with new virus definitions. More recently, there have been many
discussions about using clamd vs clamscan. I would like to get opinions
and suggestions regarding this script which I run from cron in hopes of
accomplishing the two above tasks.

The basic gist is to start up an instance of clamd without limited
privileges so that clamdscan may access all files under /home, scan for
and then delete all newly detected infectious e-mail. Of course this
script would run after backups are created.

There may be some shortcomings of this script which I'm not realizing,
and as such I welcome your opinions and suggestions.

-- 
Morgan Smith
Dutro Company
675 North 600 West
Logan, UT 84321
(435) 752-3921 x146
GPG Key: 76E09074
Keyserver: http://www.keyserver.net/

#!/bin/bash

DAYSOLD=5
DIR2SCAN="/home"
CLAMDCONF="/etc/clamd.conf"
TEMPCONF="/tmp/clamroot.conf"
TEMPLOG="/tmp/clamroot.log"

## Create a new temporary config file with temporary settings
sed -e 's/^User /#User /' $CLAMDCONF | sed -e 's/^LocalSocket .*/LocalSocket 
\/tmp\/clamroot.sock/' | sed -e 's/^PidFile .*/PidFile 
\/var\/run\/clamroot.pid/' > $TEMPCONF

## Start clamd 
clamd -c $TEMPCONF 

## Wait until clamd has finished starting up
until [ -f /var/run/clamroot.pid ];
do
        sleep 1
done

## Find recently modified files and scan them, looking for virii
find $DIR2SCAN -type f -mtime -$DAYSOLD -exec clamdscan --config-file=$TEMPCONF 
--no-summary {} \; | grep FOUND >$TEMPLOG

## Kill clamd
xargs kill </var/run/clamroot.pid 

## Read the file line by line
while read LINE
do
        ## Report what's found
        echo $LINE
        ## Extract the filename of the offending e-mail and delete it
        echo $LINE | sed -e 's/: .*//g' | xargs --null rm -f
        ## Blank line for readability
        echo
done <$TEMPLOG

## Cleanup
rm -f $TEMPLOG
rm -f $TEMPCONF
rm -f /var/run/clamroot.pid

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html