Hi there -- I wrote a script that does an update to the virus database, and then runs a recursive check of all directories, with certain exceptions, on the system in question. Enclosed with this e-mail is the script in two versions. The first version excludes several directories, while the other does not use the exclusion option. The two versions of the script run respectively on a SuSE and Fedora server.
<<clamav_scan_version2.txt>> <<clamav_scan_version1.txt>> I upgraded clamav from version 0.94.2 to the 0.95 distribution last night. After completing the installation, I ran the ldconfig command to ensure all libraries were up to date. The script shown above was scheduled to run at 1:00 AM this morning. A check of my e-mail indicated that while the freshclam update was successful, the output files were totally blank. Does anyone have any idea as to why this happened, and what I can do to correct it? Thanks. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
#!/bin/bash # The purpose of this scipr is to initiate a scan of the # linux partitions, and if necessary, remove any files that # are suspected of being infected by viruses or trojans. # First run the freshclam utility to update the virus definition # files to the latest version available. NOTE: The system must # have a network, and by extension, Internet access in order for # this to work. /usr/local/bin/freshclam > /tmp/freshclam_update.txt ls -l /var/lib/clamav >> /tmp/freshclam_update.txt mailx -s "<Server Name> Freshclam Update Results" <system administrator> < /tmp/freshclam_update.txt # Initiate the antivirus scan on the linux partitions. The options # included in the command syntax will have the scan go recursively # through all directories, and if a suspect file is found, it will # be moved to quarantine. cd / /usr/local/bin/clamscan -r --move=/tmp/quarantine > /tmp/clamscan_output.txt # Go to the output file that was generated, and remove all lines that have # the status of OK and other extraneous entries. cd /tmp grep -v ' OK' clamscan_output.txt | grep -v 'Empty file' | grep -v 'Excluded' > /tmp/clamscan_outputsummary.txt # E-mail the results of the scan to the system administrator. mailx -s "<Server Name> Clamscan Results" <system administrator> < /tmp/clamscan_outputsummary.txt
#!/bin/bash # The purpose of this scipr is to initiate a scan of the # linux partitions, and if necessary, remove any files that # are suspected of being infected by viruses or trojans. # First run the freshclam utility to update the virus definition # files to the latest version available. NOTE: The system must # have a network, and by extension, Internet access in order for # this to work. /usr/local/bin/freshclam > /tmp/freshclam_update.txt ls -l /var/lib/clamav >> /tmp/freshclam_update.txt mail -s "<Server Name> Freshclam Update Results" <system administrator> < /tmp/freshclam_update.txt # Initiate the antivirus scan on the linux partitions. The options # included in the command syntax will have the scan go recursively # through all directories, and if a suspect file is found, it will # be moved to quarantine. # NOTE: The /proc, /sys, and /dev directories are excluded from the # scan due to their contents not being actual files but 'portals' to # internal data structures of the operating system. Scanning these # directories can cause adverse side-effects. cd / /usr/local/bin/clamscan -r --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/dev --move=/tmp/quarantine > /tmp/clamscan_output.txt # Go to the output file that was generated, and remove all lines that have # the status of OK. cd /tmp grep -v ' OK' clamscan_output.txt | grep -v 'Empty file' | grep -v 'Excluded' > /tmp/clamscan_outputsummary.txt # E-mail the results of the scan to the system administrator. mail -s "<Server Name> Clamscan Results" <system administrator> < /tmp/clamscan_outputsummary.txt
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
