I am using inotify-tools in order to achive my task. inotify-tools has two commands inotifywait or inotifywatch. I am using inotifywait. I want to be able to extract unique paths that inotifywait will output and then take those unique file path run them through clamscan and quarantine the
files if necessary. Here's what I have come up with so far.
Following command will output to stdout file paths (could be duplicates as well):
Code:
inotifywait -rm -e modify -e create --format '%w%f' /var/ftp
I want to use uniq -u to extract unique paths from the above output
I want to run these files through clamscan for antivirus checking.
================================
One thing I can do is redirect the inotifywait output to a file and then go through the file and get the uniq -u paths and throw them through clamscan. But
when I run following command
Code:
inotifywait -rm -e modify -e create --format '%w%f' /var/ftp > /etc/clamav/tmp/updatedfiles.txt
The output keeps appending to the txt file rather then being overwritten.
I would prefer a method where I am getting an output from inotifywait "pipe" it through uniq -u and then redirect the output to a while statement where
inside it I am "clamscanning" each file and quarantining if necessary. Something likee the following:
Code:
inotifywait -rm -e modify -e create /var/ftp | uniq -u | while read each filepath; do clamscan --quite
--move=/etc/clamav/tmp/quarantine /path-to-ftp-dir OR file & done
Can anyone please suggest the best way to do that?