Configuring ClamAV Antivirus Scanner on Debian/Ubuntu

    Since there are problems with insecure customer websites from time to time, which are then misused as SPAM or virus viruses, we have developed a small shell script for our customers, with which you can check the web server every night for viruses. The script automatically sends an e-mail to the system administrator if the virus is detected successfully.


    Here’s how it works:

    First, the appropriate tools must be installed

    apt-get install mailutils clamav

    Mailutils are required for sending emails via the Linux shell, clamav is the anti-virus program that we prefer to use on Linux servers. If no current ClamAV version is available, you can find the sources to install the current version at www.clamav.net.

     

    Then we create the directory where ClamAV stores the nightly scan logs.

    mkdir /home/clamav/

    Now we come to the shell script, which we store in the root directory.

    nano /root/clam-scan.sh

     

    Scripting content:

    #!/bin/sh
### Allgemeine Angaben
mailbetreff="Root-Server 123456 Virenwarnung"
administratormail="info@ip-projects.de"

### Script
### Auslösen des Scans
rm -R /home/clamav/scanlog-www.log
clamscan /var/www/virtual/ --recursive=yes --log=/home/clamav/scanlog-www.log --infected --scan-html=yes --scan-pdf=yes --exclude=backups --exclude=logs --exclude=errors
rm -R /home/clamav/scanlog-mail.log
clamscan /var/mail/ --recursive=yes --log=/home/clamav/scanlog-mail.log --infected --scan-html=yes --scan-pdf=yes --exclude=new

### Versenden der E-Mail
if grep -rl 'Infected files: 0' /home/clamav/scanlog-www.log
then echo "kein Virus auf www gefunden"
else cat /home/clamav/scanlog-www.log | mail -s "$mailbetreff" $administratormail
fi
if grep -rl 'Infected files: 0' /home/clamav/scanlog-mail.log
then echo "kein Virus auf mail gefunden"
else cat /home/clamav/scanlog-mail.log | mail -s "$mailbetreff" $administratormail
fi
    The value for the e-mail subject and the e-mail address of the administrator is defined under the area  ### General information".


    In order for our little script to start working every night, all you have to do is create a cronjob:
    crontab -e
    ## Virenscan
30 3 * * * /bin/bash /root/clam-scan.sh

    Jetzt noch die Schreibrechte korrekt setzen, da sonst ein Ausführen nicht möglich ist:

    chmod 755 /root/clam-scan.sh


    In this case, the scan will run at 3:30 every day.

    This small script took me about 2 hours and brings a massive advantage especially in web server operation. We deliberately excluded the backups from the shell script, I think that checking backups only unnecessarily prolongs the scanning process, because the backups are generated every night anyway. By adding -remove=yes to the scan parameter, you could also have the viruses deleted automatically. However, this should be done with caution, because, for example, in the mail virus scan, the e-mails may be stored in system files that should not be deleted.

    The virus warnings are not always true, because ClamAV also searches for security vulnerabilities in the website code, so it is better to delete it by the website administrators.
    When scanning the mails, trash folders are also scanned, so it may be that a customer has already moved the virus mail to a folder to delete, here the deletion can be carried out safely.
    Tags
    clamav viren antiviren antivirus
    Published