You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.4 KiB
41 lines
1.4 KiB
#!/bin/bash
|
|
|
|
# Daniel Berteaud <daniel@firewall-services.com>
|
|
# Inspired by Clam Temps Reel from Hackurx
|
|
# http://hackurx.wordpress.com
|
|
# Licence: GPL v3
|
|
|
|
exec 2>&1
|
|
|
|
CLAMD=$(/sbin/e-smith/db configuration getprop clamd status || \
|
|
echo 'disabled')
|
|
if [ "$CLAMD" = "disabled" ]; then
|
|
sv d .
|
|
exit
|
|
fi
|
|
|
|
MAIL=$(/sbin/e-smith/db configuration getprop clamrt SendEmail || \
|
|
echo 'enabled')
|
|
MAIL_MSG=$(/sbin/e-smith/db configuration getprop clamrt EmailMessage || \
|
|
echo 'A virus was found in ${!FILE}. This file has been moved to quarantine')
|
|
MAIL_SUBJ=$(/sbin/e-smith/db configuration getprop clamrt EmailSubject || \
|
|
echo 'A virus was found')
|
|
MAIL_DEST=$(/sbin/e-smith/db configuration getprop clamrt EmailDest || \
|
|
echo 'admin')
|
|
QUARANTINE=$(/sbin/e-smith/db configuration getprop clamav QuarantineDirectory || \
|
|
echo '/var/spool/clamav/quarantine')
|
|
|
|
/usr/bin/inotifywait -q -m -r -e create,modify,access --fromfile=/etc/clamrt.list \
|
|
--timefmt %M --format '%w%f|%T|%e' | \
|
|
perl -laF: -ne '$| = 1; print unless $_{$F[0]}++' | \
|
|
sed --unbuffered 's/|.*//g' |
|
|
|
|
while read FILE; do
|
|
echo "Scanning: $FILE"
|
|
[ -e "$FILE" ] && clamdscan --fdpass --quiet -m --move=$QUARANTINE "$FILE"
|
|
if [ "$?" == "1" ]; then
|
|
echo "Malware found: $FILE quarantined ($QUARANTINE/$(basename $FILE))"
|
|
[ "$MAIL" = "enabled" ] && echo $MAIL_MSG | mail -s "$MAIL_SUBJ" $MAIL_DEST
|
|
fi
|
|
done
|
|
|
|
|