2015-10-16

[SOLVED]scan-av-and-send-mail.sh

#Source: https://hacking.im/automated-clam-antivirus-scanning-for-centos-servers
#!/bin/bash

# Email alert cron job script for ClamAV
# Original, unmodified script by: Deven Hillard
#(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html)
# Modified to show infected and/or removed files

# Directories to scan
#SCAN_DIR="/home /tmp /var"
SCAN_DIR="/home /tmp /var /opt"

# Location of log file
#LOG_FILE="/var/log/clamav/manual_clamscan.log"
LOG_FILE="/var/log/clamav/manual_clamscan_daily.log"

# Uncomment to have scan remove files
#AGGRESSIVE=1
# Uncomment to have scan not remove files
AGGRESSIVE=0

# Email Subject
SUBJECT="Infections detected on `hostname`"
# Email To
EMAIL="tinhcx@gmail.com"
# Email From
EMAIL_FROM="info@nguoichungcu.com"

check_scan () {
    # If there were infected files detected, send email alert

    if [ `tail -n 12 ${LOG_FILE}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
    # Count number of infections
        SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files')
        INFECTIONS=${SCAN_RESULTS##* }

        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: ${EMAIL_FROM}" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
    
        if [ $AGGRESSIVE = 1 ]
        then
                echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE}
        else
                echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE}
        fi

        sendmail -t < ${EMAILMESSAGE}
    fi
}

if [ $AGGRESSIVE = 1 ]
then
        /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE
else
        /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE
fi

check_scan

No comments:

Post a Comment