Create automated scan of specific directory using bash
I am trying to use bash to automate the scan of a specific directory using clamav. Having this in place is a network requirement. The below is an attempt to:
1. count the extensions (.txt, .jpeg) in a directory and write them to a virus-scan.log (section in bold)
2. scan each folder in the dir and log the results of the scan by date. (section in italics)
Each folder in the directory is scanned and the results of each day the scan is run is logged to /HOME/virus-scan.log by date.
Thank you .
Code:
#!/bin/bash
DIR=/home/cmccabe/Desktop/NGS/API
line_no=$(ls | awk -F . '{print $NF}' | sort | uniq -c | awk '{print $2,$1}') # count folder type and store as variable
echo >> $HOME/virus-scan.log"The folders detected are:
$line_no"
# Get rid of old log file
rm $HOME/virus-scan.log 2> /dev/null
while read FILE in $DIR;
do
# check file length is nonzero otherwise commands may be repeated
if [ -s $FILE ]; then
date > $HOME/virus-scan.log
clamscan -r $FILE >> $HOME/virus-scan.log
else "echo nothing detected by scan"
fi
done
Last edited by cmccabe; 01-06-2017 at 12:10 PM..
Reason: fixed format
hi everyone,
I just began to be interested about the bash access.
I buy a time ago a Raspberry pi, I installed raspbmc and now I would like build a bash to copy everyday all new files inside my server directly on the hard drive in my Pi.
So my HDD is directly plug on my pi with usb connect,... (4 Replies)
Hello Team,
I have Solaris 10 u6
I have a user test1 using bash that belong to the group staff.
I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories.
How can I do it ?
Thanks in advance (1 Reply)
I have a bash that downloads a list and if that list has data in it then a new main directory is created (with the date) with several subdirectories (example1, example2, example3). My question is in that list there are portion of specific file types (.vcf.gz) - identifier towards the end that have... (0 Replies)
I am using bash to prompt a user for a choice using: where a "y" response opens a menu with available panels that can be used.
while true; do
read -p "Do you want to get coverage of a specific panel?" yn
case $yn in
* ) menu; break;;
* ) exit;;
* ) echo... (6 Replies)
The below bash is trying to list the folders in a specific directory. It seems close but adds the path to the filename, which basename could strip off I think, but not sure why it writes the text file created? This list of folders in the directory will be used later, but needs to only be the... (5 Replies)
Hello, how in bash i can get directory loop, but only choose those folders with specific word in it, so it will only echo those with specific word
#!/bin/bash
for filename in /home/test/*
do
if ; then
echo $filename;
fithx! (4 Replies)
In the bash below I am trying to create sub-directories inside a directory from files with specific .bam extensions. There may be more then one $RDIR ing the directory and the .bam file(s) are trimmed (removing the extension and IonCode_0000_) and the result is the folder name that is saved in... (2 Replies)
In the below I am trying to create a parent directory using the R_2019 line from f1 if what above it is not empty.
I then create sub-directories under each parent if there is a match between $2 of f1 and $2. Inside each sub-folder the matching paths in $3 and $4 in f2are printed. If there is no... (2 Replies)
In the below bash I am trying to ensure that all folders (represented by $folders) in a given directory are created. In the file f1 the trimmed folder will be there somewhere (will be multiple trimmed folders).
When that trimmed folder is found (represented by $S5) the the contents of $2 printed... (19 Replies)
Discussion started by: cmccabe
19 Replies
LEARN ABOUT SUSE
clamscan
clamscan(1) Clam AntiVirus clamscan(1)NAME
clamscan - scan files and directories for viruses
SYNOPSIS
clamscan [options] [file/directory/-]
DESCRIPTION
clamscan is a command line anti-virus scanner.
OPTIONS
Most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed
by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting
for a given option.
-h, --help
Print help information and exit.
-V, --version
Print version number and exit.
-v, --verbose
Be verbose.
--debug
Display debug messages from libclamav.
--quiet
Be quiet (only print error messages).
--stdout
Write all messages (except for libclamav output) to the standard output (stdout).
-d FILE/DIR, --database=FILE/DIR
Load virus database from FILE or load all virus database files from DIR.
--official-db-only=[yes/no(*)]
Only load the official signatures published by the ClamAV project.
-l FILE, --log=FILE
Save scan report to FILE.
--tempdir=DIRECTORY
Create temporary files in DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.
--leave-temps
Do not remove temporary files.
-f FILE, --file-list=FILE
Scan files listed line by line in FILE.
-r, --recursive
Scan directories recursively. All the subdirectories in the given directory will be scanned.
--cross-fs=[yes(*)/no]
Scan files and directories on other filesystems.
--bell Sound bell on virus detection.
--no-summary
Do not display summary at the end of scanning.
--exclude=REGEX, --exclude-dir=REGEX
Don't scan file/directory names matching regular expression. These options can be used multiple times.
--include=REGEX, --include-dir=REGEX
Only scan file/directory matching regular expression. These options can be used multiple times.
-i, --infected
Only print infected files.
--remove[=yes/no(*)]
Remove infected files. Be careful.
--move=DIRECTORY
Move infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.
--copy=DIRECTORY
Copy infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.
--bytecode[=yes(*)/no]
With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, oth-
erwise you may miss detections for many new viruses.
--bytecode-trust-all[=yes/no(*)]
This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging.
--bytecode-timeout=N
Set bytecode timeout in milliseconds (default: 60000 = 60s)
--detect-pua[=yes/no(*)]
Detect Possibly Unwanted Applications.
--exclude-pua=CATEGORY
Exclude a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list
of PUA
--include-pua=CATEGORY
Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete
list of PUA
--detect-structured[=yes/no(*)]
Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.
--structured-ssn-format=X
X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted as xxxyyzzzz (stripped); X=2:
search for both formats. Default is 0.
--structured-ssn-count=#n
This option sets the lowest number of Social Security Numbers found in a file to generate a detect (default: 3).
--structured-cc-count=#n
This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).
--scan-mail[=yes(*)/no]
Scan mail files.
--phishing-sigs[=yes(*)/no]
Use the signature-based phishing detection.
--phishing-scan-urls[=yes(*)/no]
Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)
--heuristic-scan-precedence[=yes/no(*)]
Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it
will stop scan immediately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be
reported only at the end of a scan. If an archive contains both a heuristically detected virus/phish, and a real malware, the real
malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a
non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config
option.
--phishing-ssl[=yes/no(*)]
Block SSL mismatches in URLs (might lead to false positives!).
--phishing-cloak[=yes/no(*)]
Block cloaked URLs (might lead to some false positives).
--algorithmic-detection[=yes(*)/no]
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate
detection. This option can be used to control the algorithmic detection.
--scan-pe[=yes(*)/no]
PE stands for Portable Executable - it's an executable file format used in all 32-bit versions of Windows operating systems. By
default ClamAV performs deeper analysis of executable files and attempts to decompress popular executable packers such as UPX,
Petite, and FSG.
--scan-elf[=yes(*)/no]
Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.
--scan-ole2[=yes(*)/no]
Scan Microsoft Office documents and .msi files.
--scan-pdf[=yes(*)/no]
Scan within PDF files.
--scan-html[=yes(*)/no]
Detect, normalize/decrypt and scan HTML files and embedded scripts.
--scan-archive[=yes(*)/no]
Scan archives supported by libclamav.
--detect-broken[=yes/no(*)]
Mark broken executables as viruses (Broken.Executable).
--block-encrypted[=yes/no(*)]
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
--max-files=#n
Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option pro-
tects your system against DoS attacks (default: 10000)
--max-filesize=#n
Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a num-
ber. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)
--max-scansize=#n
Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a
number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)
--max-recursion=#n
Set archive recursion level limit. This option protects your system against DoS attacks (default: 16).
--max-dir-recursion=#n
Maximum depth directories are scanned at (default: 15).
EXAMPLES
(0) Scan a single file:
clamscan file
(1) Scan a current working directory:
clamscan
(2) Scan all files (and subdirectories) in /home:
clamscan -r /home
(3) Load database from a file:
clamscan -d /tmp/newclamdb -r /tmp
(4) Scan a data stream:
cat testfile | clamscan -
(5) Scan a mail spool directory:
clamscan -r /var/spool/mail
RETURN CODES
0 : No virus found.
1 : Virus(es) found.
2 : Some error(s) occured.
CREDITS
Please check the full documentation for credits.
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO clamdscan(1), freshclam(1), freshclam.conf(5)ClamAV 0.96.1 December 30, 2008 clamscan(1)
01-06-2017
.