Hi there --
I wrote a script that does an update to the virus database, and then runs a recursive check of all directories, with certain exceptions, on the
system in question. Listed below is the script in two versions. The first version excludes several directories,
Code:
#!/bin/bash
# The purpose of this scipr is to initiate a scan of the
# linux partitions, and if necessary, remove any files that
# are suspected of being infected by viruses or trojans.
# First run the freshclam utility to update the virus definition
# files to the latest version available. NOTE: The system must
# have a network, and by extension, Internet access in order for
# this to work.
/usr/local/bin/freshclam > /tmp/freshclam_update.txt
ls -l /var/lib/clamav >> /tmp/freshclam_update.txt
mail -s "<Server Name> Freshclam Update Results" <system administrator> < /tmp/freshclam_update.txt
# Initiate the antivirus scan on the linux partitions. The options
# included in the command syntax will have the scan go recursively
# through all directories, and if a suspect file is found, it will
# be moved to quarantine.
# NOTE: The /proc, /sys, and /dev directories are excluded from the
# scan due to their contents not being actual files but 'portals' to
# internal data structures of the operating system. Scanning these
# directories can cause adverse side-effects.
cd /
/usr/local/bin/clamscan -r --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/dev --move=/tmp/quarantine > /tmp/clamscan_output.txt
# Go to the output file that was generated, and remove all lines that have
# the status of OK.
cd /tmp
grep -v ' OK' clamscan_output.txt | grep -v 'Empty file' | grep -v 'Excluded' > /tmp/clamscan_outputsummary.txt
# E-mail the results of the scan to the system administrator.
mail -s "<Server Name> Clamscan Results" <system administrator> < /tmp/clamscan_outputsummary.txt
while the other does not use the exclusion option.
Code:
#!/bin/bash
# The purpose of this scipr is to initiate a scan of the
# linux partitions, and if necessary, remove any files that
# are suspected of being infected by viruses or trojans.
# First run the freshclam utility to update the virus definition
# files to the latest version available. NOTE: The system must
# have a network, and by extension, Internet access in order for
# this to work.
/usr/local/bin/freshclam > /tmp/freshclam_update.txt
ls -l /var/lib/clamav >> /tmp/freshclam_update.txt
mailx -s "<Server Name> Freshclam Update Results" <system administrator> < /tmp/freshclam_update.txt
# Initiate the antivirus scan on the linux partitions. The options
# included in the command syntax will have the scan go recursively
# through all directories, and if a suspect file is found, it will
# be moved to quarantine.
cd /
/usr/local/bin/clamscan -r --move=/tmp/quarantine > /tmp/clamscan_output.txt
# Go to the output file that was generated, and remove all lines that have
# the status of OK and other extraneous entries.
cd /tmp
grep -v ' OK' clamscan_output.txt | grep -v 'Empty file' | grep -v 'Excluded' > /tmp/clamscan_outputsummary.txt
# E-mail the results of the scan to the system administrator.
mailx -s "<Server Name> Clamscan Results" <system administrator> < /tmp/clamscan_outputsummary.txt
The two versions of the script run respectively on a SuSE and Fedora server.
I upgraded clamav from version 0.94.2 to the 0.95 distribution last night. After completing the installation, I ran the ldconfig command to ensure all libraries were up to date. The script shown above was scheduled to run at 1:00 AM this morning. A check of my e-mail indicated that while the freshclam update was successful, the output files were totally blank.
Does anyone have any idea as to why this happened, and what I can do to correct it? Thanks.
