Clamav: Difference between revisions

Revision as of 20:29, 18 February 2018

wget https://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz

tar zxf clamav-0.99.3.tar.gz

cd clamav-0.99.3

./configure

keeps getting error openssl not found for misconfigured.

so

sudo apt install libssl-dev

this fixed it.

./configure

make

sudo make install

sudo ldconfig

now when I run sudo freshclam I get errors can't find config file so:

sudo cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf

run freshclam again and still get errors, must edit file. put an # in front of example in the file like it sez to do

still errors WARNING: Can't get information about user clamav

so

sudo adduser --disabled-login clamav

and run freshclam again hey look another error...what a supprise! ERROR: Can't change dir to /usr/local/share/clamav

the directory dosen't exist and there is nothing in the config file about it so I guess I will create it

sudo mkdir /usr/local/share/clamav

sudo chown clamav:clamav /usr/local/share/clamav/

run sudo freshclam again and now its finally doing something...downloading the virus definitions I think.

no pcre support...

so...

sudo apt install libpcre3 libpcre3-dev libbz2-dev

time to recompile...

./configue

make

sudo make install

now we can test it with:

clamscan -ri --exclude-dir="^/sys" /home

this will scan /home and report only errors/infections it will find some infected files...no worries though, its just test files included with the program.

now we will setup a daily scan of the whole system and tell it to email us if infections are found.

sudo nano /usr/local/sbin/clamscan_daily.sh

and paste the following script in, change the email address to what you need.

#!/bin/bash
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="clamav@somewhere.com";
EMAIL_TO="someone@gmail.com";

echo "Starting a daily scan";


 clamscan -ri -ri --exclude-dir="^/sys" / >> "$LOGFILE";

 # get the value of "Infected lines"
 MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
 # using heirloom-mailx below
 echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found On nsserver" -r "$EMAIL_FROM" "$EMAIL_TO";
 fi 

exit 0

make it executable:

sudo chmod 0755 /usr/local/sbin/clamscan_daily.sh

create dir /var/log/clamav:

sudo mkdir /var/log/clamav

test it with: (a full system scan takes something like 25 min on my RPI 3)

./usr/local/sbin/clamscan_daily.sh

add a crontab entry to run at 1:30am

sudo crontab -e

paste this in:

#run clamscan full system check at 1:30am and email on infected files
30 01 * * * /usr/local/sbin/clamscan_daily.sh

clear out the stuff we used to build and install clamav:

rm clamav-0.99.3.tar.gz

sudo rm -R clamav-0.99.3/

Finally all done. Please note that the log files are NOT setup with logrotate, so they will eventually build up and eat up space...something else for me to figure out :)

Revision as of 20:27, 18 February 2018 (view source) Ractive (talk \| contribs) No edit summary ← Older edit		Revision as of 20:29, 18 February 2018 (view source) Ractive (talk \| contribs) No edit summary Newer edit →
Line 112:		Line 112:

	Finally all done.		Finally all done.
			Please note that the log files are NOT setup with logrotate, so they will eventually build up and eat up space...something else for me to figure out :)