{"id":240,"date":"2019-12-08T16:52:30","date_gmt":"2019-12-08T16:52:30","guid":{"rendered":"http:\/\/snehpatel.com\/?p=240"},"modified":"2019-12-08T16:52:30","modified_gmt":"2019-12-08T16:52:30","slug":"clamav-installation-and-email-the-scan-result","status":"publish","type":"post","link":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/","title":{"rendered":"ClamAV installation and email the scan result"},"content":{"rendered":"\n<p>ClamAV has been the most used antivirus for Linux. And being open source can add the advantage of modifying the scan and display results as per the needs. Here is a link that explains more about ClamAV &#8211; <a href=\"https:\/\/www.clamav.net\/\">Link<\/a>. Installing ClamAV is one of the easiest tasks that can be performed to get one step towards security. In this post, I have mentioned instructions to install ClamAV and script to send an email when malware is found. Let&#8217;s get started.<\/p>\n\n\n\n<p>Note: This a script for Redhat based Linux distro.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Install Epel repository. More info on Epel repo &#8211; <a href=\"https:\/\/fedoraproject.org\/wiki\/EPEL\">Link<\/a><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo yum -y install epel-release<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Now it will install ClamAV and it&#8217;s optional components. Feel free to only install ClamAV.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Now let&#8217;s edit freshclam config file using the following command to remove &#8220;Example&#8221; word from it.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i '\/^Example$\/d' \/etc\/freshclam.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>This command will edit another freshclam file to start an auto-update for definition files.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i '\/REMOVE ME\/d' \/etc\/sysconfig\/freshclam<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>If you have installed the ClamAV daemon. Use this command to remove the word &#8220;Example&#8221; from the config file.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i '\/^Example$\/d' \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>This command will update the scan.conf file to define the local socket file location.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i -e 's\/#LocalSocket \\\/var\\\/run\\\/clamd.scan\\\/clamd.sock\/LocalSocket \\\/var\\\/run\\\/clamd.scan\\\/clamd.sock\/g' \/etc\/clamd.d\/scan.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Now let&#8217;s update the ClamAV malware definition.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo freshclam<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>For example, if you want to scan the \/home directory use the following command.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo clamscan -r \/home<\/code><\/pre>\n\n\n\n<p>Now here are some links that can be helpful for installation and scan technics. <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>https:\/\/linux.die.net\/man\/1\/clamscan<\/li><li>https:\/\/hostpresto.com\/community\/tutorials\/how-to-install-clamav-on-centos-7\/<\/li><\/ul>\n\n\n\n<p>Let&#8217;s head for the script to send mail about ClamAV scan results. Note: You have to do the email settings first. Here is my instructions for email settings &#8211; <a href=\"https:\/\/github.com\/sneh-p\/email-settings\/blob\/master\/mail-setup-script.sh\">Link<\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#!\/bin\/bash\nLOGFILE=\"\/var\/log\/clamav\/clamav-$(date +'%Y-%m-%d').log\";\nEMAIL_MSG=\"Please see the log file attached.\";\nEMAIL_FROM=\"clamav-daily@example.com\";\nEMAIL_TO=\"you-email@example.com\";\nDIRTOSCAN=\"\/home\/user\";\n\nfor S in ${DIRTOSCAN}; do\n DIRSIZE=$(du -sh \"$S\" 2>\/dev\/null | cut -f1);\n\n echo \"Starting a daily scan of \"$S\" directory.\n Amount of data to be scanned is \"$DIRSIZE\".\";\n\n clamscan -ri \"$S\" >> \"$LOGFILE\";\n\n # get the value of \"Infected lines\"\n MALWARE=$(tail \"$LOGFILE\"|grep Infected|cut -d\" \" -f3);\n\n # if the value is not equal to zero, send an email with the log file attached\n if &#91; \"$MALWARE\" -ne \"0\" ];then\n # using heirloom-mailx below\n echo \"$EMAIL_MSG\"|mail -a \"$LOGFILE\" -s \"Malware Found\" -r \"$EMAIL_FROM\" \"$EMAIL_TO\";\n fi \ndone\n\nexit 0<\/code><\/pre>\n\n\n\n<p>EMAIL_MSG=&#8221;Please see the log file attached.&#8221;;<br> EMAIL_FROM=&#8221;clamav-daily@example.com&#8221;;<br> EMAIL_TO=&#8221;you-email@example.com&#8221;;<br> DIRTOSCAN=&#8221;\/home\/user&#8221;;<\/p>\n\n\n\n<p>Change following the above variables as per your ClamAV environment. <\/p>\n\n\n\n<p>For help with this post email me:- x786@protonmail.ch<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ClamAV has been the most used antivirus for Linux. And being open source can add the advantage of modifying the scan and display results as per the needs. Here is a link that explains more about ClamAV &#8211; Link. Installing ClamAV is one of the easiest tasks that can be performed to get one step &#8230; <a title=\"ClamAV installation and email the scan result\" class=\"read-more\" href=\"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/\" aria-label=\"Read more about ClamAV installation and email the scan result\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13,17,9],"tags":[25,34,51],"class_list":["post-240","post","type-post","status-publish","format-standard","hentry","category-clamav","category-linux","category-systme","tag-clamav","tag-linux","tag-system"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ClamAV installation and email the scan result - Sneh Patel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ClamAV installation and email the scan result - Sneh Patel\" \/>\n<meta property=\"og:description\" content=\"ClamAV has been the most used antivirus for Linux. And being open source can add the advantage of modifying the scan and display results as per the needs. Here is a link that explains more about ClamAV &#8211; Link. Installing ClamAV is one of the easiest tasks that can be performed to get one step ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/\" \/>\n<meta property=\"og:site_name\" content=\"Sneh Patel\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-08T16:52:30+00:00\" \/>\n<meta name=\"author\" content=\"Sneh Patel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sneh Patel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/\"},\"author\":{\"name\":\"Sneh Patel\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"headline\":\"ClamAV installation and email the scan result\",\"datePublished\":\"2019-12-08T16:52:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/\"},\"wordCount\":304,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"keywords\":[\"clamav\",\"Linux\",\"System\"],\"articleSection\":[\"ClamAV\",\"Linux\",\"System\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/\",\"name\":\"ClamAV installation and email the scan result - Sneh Patel\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\"},\"datePublished\":\"2019-12-08T16:52:30+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/12\\\/08\\\/clamav-installation-and-email-the-scan-result\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/\",\"name\":\"Sneh Patel\",\"description\":\"Cyber Security Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/snehpatel.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\",\"name\":\"Sneh Patel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"width\":672,\"height\":222,\"caption\":\"Sneh Patel\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/snehpatel.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ClamAV installation and email the scan result - Sneh Patel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/","og_locale":"en_US","og_type":"article","og_title":"ClamAV installation and email the scan result - Sneh Patel","og_description":"ClamAV has been the most used antivirus for Linux. And being open source can add the advantage of modifying the scan and display results as per the needs. Here is a link that explains more about ClamAV &#8211; Link. Installing ClamAV is one of the easiest tasks that can be performed to get one step ... Read more","og_url":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/","og_site_name":"Sneh Patel","article_published_time":"2019-12-08T16:52:30+00:00","author":"Sneh Patel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sneh Patel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/#article","isPartOf":{"@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/"},"author":{"name":"Sneh Patel","@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"headline":"ClamAV installation and email the scan result","datePublished":"2019-12-08T16:52:30+00:00","mainEntityOfPage":{"@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/"},"wordCount":304,"commentCount":2,"publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"keywords":["clamav","Linux","System"],"articleSection":["ClamAV","Linux","System"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/","url":"https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/","name":"ClamAV installation and email the scan result - Sneh Patel","isPartOf":{"@id":"https:\/\/snehpatel.com\/#website"},"datePublished":"2019-12-08T16:52:30+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/snehpatel.com\/index.php\/2019\/12\/08\/clamav-installation-and-email-the-scan-result\/"]}]},{"@type":"WebSite","@id":"https:\/\/snehpatel.com\/#website","url":"https:\/\/snehpatel.com\/","name":"Sneh Patel","description":"Cyber Security Blog","publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/snehpatel.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73","name":"Sneh Patel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","url":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","contentUrl":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","width":672,"height":222,"caption":"Sneh Patel"},"logo":{"@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1"},"sameAs":["http:\/\/snehpatel.com"]}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":0,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/240\/revisions"}],"wp:attachment":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/media?parent=240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/categories?post=240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/tags?post=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}