Experimental, on access AV scanner for SME Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

41 lines
1.4 KiB

#!/bin/bash
# Daniel Berteaud <daniel@firewall-services.com>
# Inspired by Clam Temps Reel from Hackurx
# http://hackurx.wordpress.com
# Licence: GPL v3
exec 2>&1
CLAMD=$(/sbin/e-smith/db configuration getprop clamd status || \
echo 'disabled')
if [ "$CLAMD" = "disabled" ]; then
sv d .
exit
fi
MAIL=$(/sbin/e-smith/db configuration getprop clamrt SendEmail || \
echo 'enabled')
MAIL_MSG=$(/sbin/e-smith/db configuration getprop clamrt EmailMessage || \
echo 'A virus was found in ${!FILE}. This file has been moved to quarantine')
MAIL_SUBJ=$(/sbin/e-smith/db configuration getprop clamrt EmailSubject || \
echo 'A virus was found')
MAIL_DEST=$(/sbin/e-smith/db configuration getprop clamrt EmailDest || \
echo 'admin')
QUARANTINE=$(/sbin/e-smith/db configuration getprop clamav QuarantineDirectory || \
echo '/var/spool/clamav/quarantine')
/usr/bin/inotifywait -q -m -r -e create,modify,access --fromfile=/etc/clamrt.list \
--timefmt %M --format '%w%f|%T|%e' | \
perl -laF: -ne '$| = 1; print unless $_{$F[0]}++' | \
sed --unbuffered 's/|.*//g' |
while read FILE; do
echo "Scanning: $FILE"
[ -e "$FILE" ] && clamdscan --fdpass --quiet -m --move=$QUARANTINE "$FILE"
if [ "$?" == "1" ]; then
echo "Malware found: $FILE quarantined ($QUARANTINE/$(basename $FILE))"
[ "$MAIL" = "enabled" ] && echo $MAIL_MSG | mail -s "$MAIL_SUBJ" $MAIL_DEST
fi
done