Clamav: Difference between revisions
No edit summary |
No edit summary |
||
| Line 61: | Line 61: | ||
sudo make install | sudo make install | ||
now we can test it with: | |||
clamscan -ri --exclude-dir="^/sys" /home | |||
this will scan /home and report only errors/infections | |||
it will find some infected files...no worries though, its just test files included with the program. | |||
now we will setup a daily scan of the whole system and tell it to email us if infections are found. | |||
sudo nano /usr/local/sbin/clamscan_daily.sh | |||
and paste the following script in, change the email address to what you need. | |||
#!/bin/bash | #!/bin/bash | ||
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log"; | LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log"; | ||
EMAIL_MSG="Please see the log file attached."; | EMAIL_MSG="Please see the log file attached."; | ||
EMAIL_FROM="clamav | EMAIL_FROM="clamav@somewhere.com"; | ||
EMAIL_TO=" | EMAIL_TO="someone@gmail.com"; | ||
echo "Starting a daily scan"; | echo "Starting a daily scan"; | ||
| Line 85: | Line 94: | ||
exit 0 | exit 0 | ||
make it executable: | |||
sudo chmod 0755 /usr/local/sbin/clamscan_daily.sh | |||
create dir /var/log/clamav: | |||
sudo mkdir /var/log/clamav | |||
test it with: (a full system scan takes something like 25 min on my RPI 3) | |||
./usr/local/sbin/clamscan_daily.sh | |||
add a crontab entry to run at 1:30am | |||
sudo crontab -e | |||
paste this in: | |||
#run clamscan full system check at 1:30am and email on infected files | |||
30 01 * * * /usr/local/sbin/clamscan_daily.sh | |||
clear out the stuff we used to build and install clamav: | |||
rm clamav-0.99.3.tar.gz | |||
sudo rm -R clamav-0.99.3/ | |||
Finally all done. | |||
Revision as of 20:27, 18 February 2018
wget https://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz
tar zxf clamav-0.99.3.tar.gz
cd clamav-0.99.3
./configure
keeps getting error openssl not found for misconfigured.
so
sudo apt install libssl-dev
this fixed it.
./configure
make
sudo make install
sudo ldconfig
now when I run sudo freshclam I get errors can't find config file so:
sudo cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
run freshclam again and still get errors, must edit file. put an # in front of example in the file like it sez to do
still errors WARNING: Can't get information about user clamav
so
sudo adduser --disabled-login clamav
and run freshclam again hey look another error...what a supprise! ERROR: Can't change dir to /usr/local/share/clamav
the directory dosen't exist and there is nothing in the config file about it so I guess I will create it
sudo mkdir /usr/local/share/clamav
sudo chown clamav:clamav /usr/local/share/clamav/
run sudo freshclam again and now its finally doing something...downloading the virus definitions I think.
no pcre support...
so...
sudo apt install libpcre3 libpcre3-dev libbz2-dev
time to recompile...
./configue
make
sudo make install
now we can test it with:
clamscan -ri --exclude-dir="^/sys" /home
this will scan /home and report only errors/infections it will find some infected files...no worries though, its just test files included with the program.
now we will setup a daily scan of the whole system and tell it to email us if infections are found.
sudo nano /usr/local/sbin/clamscan_daily.sh
and paste the following script in, change the email address to what you need.
#!/bin/bash LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached."; EMAIL_FROM="clamav@somewhere.com"; EMAIL_TO="someone@gmail.com"; echo "Starting a daily scan"; clamscan -ri -ri --exclude-dir="^/sys" / >> "$LOGFILE"; # get the value of "Infected lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then # using heirloom-mailx below echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found On nsserver" -r "$EMAIL_FROM" "$EMAIL_TO"; fi exit 0
make it executable:
sudo chmod 0755 /usr/local/sbin/clamscan_daily.sh
create dir /var/log/clamav:
sudo mkdir /var/log/clamav
test it with: (a full system scan takes something like 25 min on my RPI 3)
./usr/local/sbin/clamscan_daily.sh
add a crontab entry to run at 1:30am
sudo crontab -e
paste this in:
#run clamscan full system check at 1:30am and email on infected files 30 01 * * * /usr/local/sbin/clamscan_daily.sh
clear out the stuff we used to build and install clamav:
rm clamav-0.99.3.tar.gz
sudo rm -R clamav-0.99.3/
Finally all done.
