All HowTo's Cyber-Security Linux Scripting in Bash Ubuntu, Mint & Debian Linux

ClamAV – Find & Move Viruses, Exclude Directories & Notify of Infections

This article demonstrates how to find viruses on your Linux workstation or server, move the virus to a special directory and notify you if a virus was found.

In addition, (as an example only) we don’t want to scan the “/var/lib/mysql” directory because that’s where our databases are so we’ll exclude them.

/usr/bin/freshclam ; /usr/bin/clamscan --exclude=/var/lib/mysql --exclude=/var/infected /var --move=/var/infected --recursive=yes -i | grep "Infected files" | grep -v "Infected files: 0$" | ifne mail -s clamav_log_`hostname` [email protected] -

The same command as above but in a nicer format:

/usr/bin/freshclam # Update the virus database.
/usr/bin/clamscan \ \ # Start the scan process
 --exclude=/var/lib/mysql \ # Exclude this directory.
 --exclude=/var/infected \ # Exclude this directory because this is where we put viruses.
 /var \ # Scan this directory and its contents.
 --move=/var/infected \ # Put discovered viruses here.
 --recursive=yes -i \ \ # Include the directories inside the target (/var).
 | grep "Infected files" | grep -v "Infected files: 0$" | \ # Clean out what we do and don't want.
 ifne mail -s clamav_log_`hostname` [email protected] - # If there is output, email it somewhere.

The “ifne” command is part of the “moreutils” Yum package.

The “/var/infected” directory needs to exist.

Leave a Reply

Your email address will not be published. Required fields are marked *