Just over a year ago there was a small discussion about a script re-scanning a home directory periodically in hopes of detecting old e-mail with new virus definitions. More recently, there have been many discussions about using clamd vs clamscan. I would like to get opinions and suggestions regarding this script which I run from cron in hopes of accomplishing the two above tasks.
The basic gist is to start up an instance of clamd without limited privileges so that clamdscan may access all files under /home, scan for and then delete all newly detected infectious e-mail. Of course this script would run after backups are created. There may be some shortcomings of this script which I'm not realizing, and as such I welcome your opinions and suggestions. -- Morgan Smith Dutro Company 675 North 600 West Logan, UT 84321 (435) 752-3921 x146 GPG Key: 76E09074 Keyserver: http://www.keyserver.net/
#!/bin/bash DAYSOLD=5 DIR2SCAN="/home" CLAMDCONF="/etc/clamd.conf" TEMPCONF="/tmp/clamroot.conf" TEMPLOG="/tmp/clamroot.log" ## Create a new temporary config file with temporary settings sed -e 's/^User /#User /' $CLAMDCONF | sed -e 's/^LocalSocket .*/LocalSocket \/tmp\/clamroot.sock/' | sed -e 's/^PidFile .*/PidFile \/var\/run\/clamroot.pid/' > $TEMPCONF ## Start clamd clamd -c $TEMPCONF ## Wait until clamd has finished starting up until [ -f /var/run/clamroot.pid ]; do sleep 1 done ## Find recently modified files and scan them, looking for virii find $DIR2SCAN -type f -mtime -$DAYSOLD -exec clamdscan --config-file=$TEMPCONF --no-summary {} \; | grep FOUND >$TEMPLOG ## Kill clamd xargs kill </var/run/clamroot.pid ## Read the file line by line while read LINE do ## Report what's found echo $LINE ## Extract the filename of the offending e-mail and delete it echo $LINE | sed -e 's/: .*//g' | xargs --null rm -f ## Blank line for readability echo done <$TEMPLOG ## Cleanup rm -f $TEMPLOG rm -f $TEMPCONF rm -f /var/run/clamroot.pid
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html