Hi there,
On Thu, 1 Oct 2020, Victor Miriti [ICT Security] wrote:
... I worked on your idea and ... voila!
It wasn't really my idea. :)
Just some more questions:
1. How do I automate these scheduled scans?
This is general Unix system administration, not specific to ClamAV.
Most people use an operating system utility called 'cron' to do any
regularly scheduled tasks. There are other, similar utilities and I
don't know which one you will have installed but 'cron' is usual. I'd
be really surprised if you didn't have such a utility running on your
system right now, but you might just possibly need to install it and
make sure that the daemon/service/whatever_they_call_it is runnning.
Using cron is a subject for study all on its own. It's very flexible.
A thing for cron to do is usually called a 'cron job', and is usually
just a single line in the 'crontab', which is what we call a list of
cron jobs. The line tells the system when to run the job as well as
what to run. Each user on the system can have its own crontab, and
cron jobs generally run as the UID of the user which owns the crontab
which starts the job. That means it has permissions to do only what
you would have permissions to do. You'd probably now guess that you
find out more about the crontab with 'man crontab'. You'd be right. :)
The cron utility is rather fussy about the format of the crontab, it
can be tricky to get it just right without some help from the editor.
You can get that help when you use the command 'crontab -e' to edit a
crontab. That starts an editor which might not be your favourite one
but you can tell it which editor you want. Read the 'man' pages, and
at this stage it's probably worth reading 'man man'.
2. Is there a way to get alerts of scan reports, virus detected
etc. especially via mail?
By default 'cron' will mail the output of jobs it runs to the owner of
the crontab, but you can tell it to send the output wherever you like.
You can even make a 'mail' command part of the job itself depending on
how fancy you want to make it. If you don't want the mail sent to the
crontab owner you can send it to /dev/null in the cron job and it will
send no mail at all, or you can for example put a MAILTO assignment at
the top of the crontab. If a crontab contains something like
MAILTO=m...@example.com
19 01 * * * /usr/local/bin/clamdscan --reload ; \
/usr/bin/nice -19 /usr/local/bin/clamdscan /home
then at about twenty-past one each morning cron will first reload the
database, then run the scan at very low priority, and mail the output
to 'me' when it's finished. There are many other ways to do this sort
of thing with Unix-type systems. Note that for this email I've split
the line for the cron job with a backslash-escaped newline. You can
also do that in the crontab itself, if for example you wish to make it
more readable. Whether or not it mails you, when cron runs a job it
will usually also write to the system log to say when it's done what.
Note that the full pathnames for everything usually need to be given
in a cron job entry, as for good reasons the environment variables are
not set up for a cron job in the way they are for you when you log in.
If you're wondering why I chose to run my cron job at 01:19, think
about what happens if _everybody_ runs their cron jobs at midnight
on the same machine. :/
HTH
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
