This article demonstrates how to find viruses on your Linux workstation or server, move the virus to a special directory and notify you if a virus was found.
In addition, (as an example only) we don’t want to scan the “/var/lib/mysql” directory because that’s where our databases are so we’ll exclude them.
/usr/bin/freshclam ; /usr/bin/clamscan --exclude=/var/lib/mysql --exclude=/var/infected /var --move=/var/infected --recursive=yes -i | grep "Infected files" | grep -v "Infected files: 0$" | ifne mail -s clamav_log_`hostname` [email protected] -
The same command as above but in a nicer format:
/usr/bin/freshclam # Update the virus database. /usr/bin/clamscan \ \ # Start the scan process --exclude=/var/lib/mysql \ # Exclude this directory. --exclude=/var/infected \ # Exclude this directory because this is where we put viruses. /var \ # Scan this directory and its contents. --move=/var/infected \ # Put discovered viruses here. --recursive=yes -i \ \ # Include the directories inside the target (/var). | grep "Infected files" | grep -v "Infected files: 0$" | \ # Clean out what we do and don't want. ifne mail -s clamav_log_`hostname` [email protected] - # If there is output, email it somewhere.
The “ifne” command is part of the “moreutils” Yum package.
The “/var/infected” directory needs to exist.