Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Scan and remove if file infected using bash
Top Forums Shell Programming and Scripting Scan and remove if file infected using bash Post 302990196 by Scrutinizer on Monday 23rd of January 2017 02:43:47 PM
Old 01-23-2017
Hi cmccabe, I think the script will need work.

First the script goes in to the directory $DIR and then iterates in a for loop over one single value, the contents of $DIR, which is the name of the parent directory: /home/cmccabe/Desktop/NGS/API. Probably because clamscan also takes directories as an argument, the command will eventually work, but no thanks to the script.

Likewise, [ -s $FILE ] tests that directory again so that also serves no purpose and the condition will always be true.

Then a grep is performed on the same directory as if it were a regular file and it test for the case insensitive ok (which in itself is a very bad test since it will easily give false positives). This will fail, since since it is not a file, but an empty string (the uninitialized variable file is empty that does not contain the characters OK.

So then it tests with [[ -f "$f" ]] if the empty string (uninitialized variable f is empty) is a file, which is not the case, so fortunately the rest of the code will be skipped, otherwise it would have move the entire directory /home/cmccabe/Desktop/API to /home/cmccabe/quarantine .
Last edited by Scrutinizer; 01-23-2017 at 03:58 PM..
This User Gave Thanks to Scrutinizer For This Post:
cmccabe
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

File Scan

Hi everyone , i m working on Sun solaris and i have a file "smsapp.cur" which has information like this paragraph given below , there are millions of such paragraphs From:923212802736 To:923222326807 logMessage: 07-04-08 17:34:29 Getting message topup from code page default in language English... (2 Replies)
Discussion started by: Dastard
2 Replies

2. Shell Programming and Scripting

how can i remove comments in random positions in a file?(bash)

Suppose i have a file like this: #bla bla #bla bla bla bla bla Bla BLA BLA BLA #bla bla .... .... how can i remove all comments from every line,even if they are behind commands or strngs that are not comments? any idea how i could do that using awk? (2 Replies)
Discussion started by: bashuser2
2 Replies

3. Windows & DOS: Issues & Discussions

Internet Explorer is infected - small windows keep popping up

hello, I have an annoying problem on my Internet Explorer. When I open that browser, after some time advertisement windows just pop up, even if I am not browsing anything, or when the browser is running at the background. That is, the pop-ups don't come from the websites I visit, rather, I... (17 Replies)
Discussion started by: milhan
17 Replies

4. Shell Programming and Scripting

How to get rid of cannot remove file error in bash script?

Hi Guys, I am creating a couple of temp. files in a script. After completing the script, I am using the rm command to delete these files. The files are getting deleted but I am getting "filename - cannot find file;no such file or directory" error in my bash shell terminal window. I am using... (3 Replies)
Discussion started by: npatwardhan
3 Replies

5. What is on Your Mind?

iPad infected with virus

What to say nothing is no more secure Apple's new iPad has been taken down by malware within a few weeks of it being in the shops. It is an article of faith amongst Apple fanboys that Jobs' Mob gear is super secure and malware only exists on Windows machines. Despite the fact that Apple gear... (1 Reply)
Discussion started by: solaris_user
1 Replies

6. Shell Programming and Scripting

scan and edit in bash

so assume I have a dozen files in local directory and half of them are .txt and I only want to scan these text files and go inside each of them and replace absolute paths (e.g. C:\blabla\more blahblah\myfile.txt) with just the name of that file (myfile.txt) and then go to next line and look if... (6 Replies)
Discussion started by: Jaymz
6 Replies

7. Shell Programming and Scripting

How to remove '^[[00m' in bash file?

Hi, This should be a simple one: I run the following commands in bash and ksh respectively but got differenant results: # ls -l /var/log > /tmp/a # vi /tmp/a In bash shell, I got: ^ In ksh, I got: total 828552 -rw-r----- 1 root root 189 Aug 9 00:00 acpid -rw-r----- 1 root... (7 Replies)
Discussion started by: aixlover
7 Replies

8. Shell Programming and Scripting

Remove original file from directory after bash executes

The below bash works great, except I can not seem to delete the original file $f from the directory. Thank you :) For example, after the bash executes there are 8 files in the directory: 123.txt (original file) 123_remove.txt 123_index.txt 123_final.txt 456.txt (original file)... (11 Replies)
Discussion started by: cmccabe
11 Replies

9. Shell Programming and Scripting

Create automated scan of specific directory using bash

I am trying to use bash to automate the scan of a specific directory using clamav. Having this in place is a network requirement. The below is an attempt to: 1. count the extensions (.txt, .jpeg) in a directory and write them to a virus-scan.log (section in bold) 2. scan each folder in the... (6 Replies)
Discussion started by: cmccabe
6 Replies

10. UNIX for Beginners Questions & Answers

Bash to remove find and remove specific extension

The bash below executes and does find all the .bam files in each R_2019 folder. However set -x shows that the .bam extension only gets removed from one .bam file in each folder (appears to be the last in each). Why is it not removing the extension from each (this is $SAMPLE)? Thank you :). set... (4 Replies)
Discussion started by: cmccabe
4 Replies

LEARN ABOUT DEBIAN

file::scan

Scan(3pm)						User Contributed Perl Documentation						 Scan(3pm)

NAME

       File::Scan - Perl extension for Scanning files for Viruses

SYNOPSIS

	 use File::Scan;

	 $fs = File::Scan->new([, OPTION ...]);
	 $fs->set_callback(
	   sub {
	     my $filename = shift;
	     my $bytes = shift;
	     ...
	     return("Callback Value");
	   }
	 );
	 $fs->scan([FILE]);
	 if(my $e = $fs->error) { print "$e
"; }
	 if(my $c = $fs->skipped) { print "file skipped ($c)
"; }
	 if($fs->suspicious) { print "suspicious file
"; }
	 if(my $res = $fs->callback) { print "$res
"; }

DESCRIPTION

       This module is designed to allows users to scan files for known viruses.  The purpose is to provide a perl module to make plataform
       independent virus scanners.

METHODS

   new([, OPTION ...])
       This method create a new File::Scan object. The following keys are available:

       callback => 'subroutine reference'
	      if the item is set then use a callback subroutine reference to provide extra information and functionalities. The callback
	      subroutine have two arguments: filename and first 1024 bytes read from the file. This only work for binary files.

       extension => 'string'
	      add the specified extension to the infected file

       move => 'directory'
	      move the infected file to the specified directory

       copy => 'directory'
	      copy the infected file to the specified directory

       mkdir => octal_number
	      if the value is set to octal number then make the specified directories (example: mkdir => 0755).

       delete => 0 or 1
	      if the value is set to 1 delete the infected file

       max_txt_size => 'size in kbytes'
	      scan only the text file if the file size is less then max_txt_size. The default value is 5120 kbytes. Set to 0 for no limit.

       max_bin_size => 'size in kbytes'
	      scan only the binary file if the file size is less then max_bin_size. The default value is 10240 kbytes. Set to 0 for no limit.

   scan([FILE])
       This method scan a file for viruses and return the name of virus if a virus is found.

   set_callback([SUBREF])
       This method is another way to install a callback subroutine reference.  Take a look in callback kay.

   skipped()
       This method return a code number if the file was skipped and 0 if not. The following skipped codes are available:

       0     file not skipped

       1     file is not vulnerable

       2     file has zero size

       3     the size of file is small

       4     the text file size is greater that the 'max_txt_size' argument

       5     the binary file size is greater that the 'max_bin_size' argument

   suspicious()
       This method return 1 if the file is suspicious and 0 if not.

   callback()
       This method return the result from the callback subroutine.

   error()
       This method return a error message if a error happens.

AUTHOR

       Henrique Dias <hdias@aesbuc.pt>

CREDITS

       Thanks to Rui de Castro, Sergio Castro, Ricardo Oliveira, Antonio Campelo, Branca Silveira, Helena Gomes and Anita Afonso for the help.

       Thanks to Fernando Martins for the personal collection of viruses.

SEE ALSO

       perl(1).

perl v5.10.0							    2009-07-19								 Scan(3pm)
All times are GMT -4. The time now is 11:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy