#!/bin/bash # ============LICENSE_START======================================================= # Copyright (C) 2019 The Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # # This script runs a virus scan on a Linux client using clamav. It is stored in # /etc/cron.daily so that it does a scan daily. Once an initial scan is # performed, the script only scans changed files. Files and directories can be # excluded by updating the etc/clamav/clamscan_excludes.conf file. # # Use notify-send to put a message on the user's display function notify-send-user() { #Detect the name of the display in use local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)" #Detect the user using such display local user=$(who | grep '('$display')' | awk '{print $1}') #Detect the id of the user local uid=$(id -u $user) sudo -u $user DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus notify-send "$@" } # Set the various configuration variables for the script SCANLOG="/var/log/clamav/scan.log" ERRORLOG="/var/log/clamav/error.log" SCANEXC="/etc/clamav/clamscan_excludes.conf" SCANQNT="/var/.quatrantine" # Check if clamav is installed DATE=`date -u` if ( [ ! -f /var/lib/clamav/daily.cld ] && [ ! -f /var/lib/clamav/daily.cvd ] ) || [ ! -x /usr/bin/clamscan ] || [ ! -d /var/log/clamav ] then echo "$DATE: clamav is not installed or is incorrectly installed." >> $ERRORLOG notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical "clamav: software not installed correctly" chmod a+r $ERRORLOG exit 1 fi # Check if the excludes file exists if [ ! -f $SCANEXC ] then echo "$DATE: File $SCANEXC does not exist." >> $ERRORLOG chmod a+r $ERRORLOG notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical "clamav: File $SCANEXC not found" exit 2 fi # Read and set up the path and file excludes . $SCANEXC >/dev/null 2>&1 # Create the scan log file if it doesn't exist if [ -f $SCANLOG ] then # Compress the previous scan log TIMESTAMP=`date +"%Y-%m-%d_%T"` gzip -9 -c $SCANLOG > ${SCANLOG}-${TIMESTAMP}.gz else touch -t 000001010000 $SCANLOG fi # Find the files that should be scanned in this scan SCANFIL=`mktemp "/tmp/clamscan_files.XXXXXX"` ionice -c 3 nice find / "${FIND_PRUNE_FILTER_ARRAY[@]}" -newer ${SCANLOG} -type f "${FIND_FILE_FILTER_ARRAY[@]}" >> $SCANFIL # Clear the daa for the previous scan rm $SCANLOG # Run the scan mkdir -p $SCANQNT ionice -c 3 nice /usr/bin/clamscan --file-list=$SCANFIL --log=$SCANLOG --infected --copy=$SCANQNT >/dev/null 2>&1 echo "Finish time: $DATE" >> $SCANLOG chmod a+r $SCANLOG # Check if any viruses were found INFECTED_FILE_COUNT=`grep '^Infected files: ' /var/log/clamav/scan.log | sed 's/^Infected files: //'` if [ "$INFECTED_FILE_COUNT" -gt "0" ] then notify-send-user -i /usr/share/pixmaps/clamtk.png -u critical "clamav: $INFECTED_FILE_COUNT infected files found" "see $SCANLOG for details" exit 3 fi rm -f $SCANFIL exit 0