Setup Clamav Virus scan and updates – Ubuntu 14.04 LTS
Step 1. Install and update Clamav
Enter these commands in your terminal to install Clamav, daemon and Freshclam
1 | sudo apt-get install clamav clamav-daemon clamav-freshclam |
Run Freshclam to update the virus database
1 | sudo freshclam |
Start the clamb daemon
1 2 3 | update-rc.d clamav-daemon defaults update-rc.d clamav-freshclam defaults sudo service clamav-daemon start |
Step 2. Automatic virus database update
It is of course essential to update the virus database and if your just a little like me could there be a chance that you would forget it. I will recommend to make a cron job there is running once every day so you have always will have a updated virus database
The easiest way to get this done is to add this line in your crontab, so open your crontab
1 | crontab -e |
You can choose witch text editor you want to use within the nr 1-4 and then press enter and add the content below to the file.
the virus database would get updated every day at 3:30 AM. you can edit the numbers so the cron will be executed when you want it
1 | 30 3 * * * /usr/local/bin/freshclam –quiet |
Step 3. automatic Virus scan
We can easily setup a daily or hourly scan. we are going to create a cron job for this, you can use your favorite text editor i am going to use nano as it is mine. we are going to open /etc/cron.hourly/manual_clamscan and you can replace houry with daily with you only want the scan to perform once a day or every hour that’s up to your.
1 | sudo nano /etc/cron.daily/manual_clamscan |
Add the content below and remember to insert your email and witch directory you want to be scanned. if you choose aggresive 1 then will the infected file be deleted automatically but if you choose aggressive 0 will the file not be deleted but get a mail instead. You will only get mail when there is infected files.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 | #!/bin/bash # Email alert cron job script for ClamAV # Original, unmodified script by: Deven Hillard #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html) # Modified to show infected and/or removed files # Directories to scan #!/bin/bash # Email alert cron job script for ClamAV # Original, unmodified script by: Deven Hillard #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html) # Modified to show infected and/or removed files # Directories to scan SCAN_DIR="/home /tmp /var" # Location of log file LOG_FILE="/var/log/clamav/manual_clamscan.log" # Uncomment to have scan remove files <span style="color: #800000;">#AGGRESSIVE=1</span> # Uncomment to have scan not remove files <span style="color: #800000;">AGGRESSIVE=0</span> # Email Subject SUBJECT="Infections detected on `<span style="color: #800000;">hostname</span>`" # Email To EMAIL="<span style="color: #800000;">your.email@your.domain.com</span>" # Email From EMAIL_FROM="<span style="color: #800000;">clamav@server.hostname.com</span>" check_scan () { # If there were infected files detected, send email alert if [ `tail -n 12 ${LOG_FILE} | grep Infected | grep -v 0 | wc -l` != 0 ] then # Count number of infections SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files') INFECTIONS=${SCAN_RESULTS##* } EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: ${EMAIL_FROM}" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} if [ $AGGRESSIVE = 1 ] then echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE} else echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE} fi sendmail -t < ${EMAILMESSAGE} fi } if [ $AGGRESSIVE = 1 ] then /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE else /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE fi check_scan>/home /tmp /var</span>" # Location of log file LOG_FILE="/var/log/clamav/manual_clamscan.log" # Uncomment to have scan remove files <span style="color: #800000;">#AGGRESSIVE=1</span> # Uncomment to have scan not remove files <span style="color: #800000;">AGGRESSIVE=0</span> # Email Subject SUBJECT="Infections detected on `<span style="color: #800000;">hostname</span>`" # Email To EMAIL="<span style="color: #800000;">your.email@your.domain.com</span>" # Email From EMAIL_FROM="<span style="color: #800000;">clamav@server.hostname.com</span>" check_scan () { # If there were infected files detected, send email alert if [ `tail -n 12 ${LOG_FILE} | grep Infected | grep -v 0 | wc -l` != 0 ] then # Count number of infections SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files') INFECTIONS=${SCAN_RESULTS##* } EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: ${EMAIL_FROM}" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} if [ $AGGRESSIVE = 1 ] then echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE} else echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE} fi sendmail -t < ${EMAILMESSAGE} fi } if [ $AGGRESSIVE = 1 ] then /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE else /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE fi check_scan |
Remember to make the cron job executiable
1 | chmod +x /etc/cron.daily</span>/manual_clamscan |
Step 4. Start Clamscan Manually
The -r flag in the command is important because otherwise Clam would simply scan any files within the user folder, and not in all the sub-folders.
clamscan -r /home/user