How to scan only last 24 hours files with clamav

anti-virusclamavcommand-line-interface

I've create a bash script to scan whole server for virus via clamav. The script has been running via cron every night. Because of this I want to scan only the files that has been added last 24 hours.
For now I am using this command in my script:

find /home -type f -mmin -1440  -print0 | xargs -0 -r clamscan --infected

But it's too slow, is the find command the reason of being slow?
If so what is the better way to scan only last 24 hours files with clamscan?
Does clamav have any option to doing this?

Any Help would be much appreciated.

Best Answer

I stumbled onto this page, when I was looking for a clamscan script. I followed above advice and got it working with:

#!/usr/bin/bash
# Create Hourly Cron Job With Clamscan

# Directories to scan
scan_dir="/home"

# Temporary file
list_file=$(mktemp -t clamscan.XXXXXX) || exit 1

# Location of log file
log_file="/var/log/clamav/hourly_clamscan.log"

# Make list of new files
if [ -f  "$log_file" ]
then
        # use newer files then logfile
        find "$scan_dir" -type f -cnewer "$log_file" -fprint "$list_file"
else
        # scan last 60 minutes
        find "$scan_dir" -type f -cmin -60 -fprint "$list_file"
fi

if [ -s "$list_file" ]
then
        # Scan files and remove (--remove) infected
        clamscan -i -f "$list_file" --remove=yes > "$log_file"

        # If there were infected files detected, send email alert
        if [ `cat $log_file | grep Infected | grep -v 0 | wc -l` != 0 ]
        then
                HOSTNAME=`hostname`
                echo "$(egrep "FOUND" $log_file)" | mail -s "VIRUS PROBLEM on $HOSTNAME" -r     clam@nas.local you@yourhost.com
        fi
else
        # remove the empty file, contains no info
        rm -f "$list_file"
fi
exit

It was an hourly script in my case, but should work for daily (modify the second find).

Related Solutions

Linux – find only files in directory with permissions not set to 644 on linux

The ! operator returns true when a condition is false.

So while -perm 0644 matches files that have rw-r--r-- permissions set, ! -perm 0644 matches those that don't have those permissions.

The command you need is:

find /path/to/dir/ -type f ! -perm 0644 -print0 | xargs -0 chmod 644

Centos – Using the antivirus clamav with clamfs in order to scan a file system

I've noticed the trouble might come from apparmor. I was trying to setup clamfs for my home dir and it just kept complaining. Then I created an apparmor config file for it worked :)

$ cat /etc/apparmor.d/usr.bin.clamfs

In simplicity I copied clamav armor and modified to clamfs - guesswork:

#include <tunables/global>

/usr/bin/clamfs {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  # LP: #433764:
  capability dac_override,

  @{PROC}/filesystems r,
  owner @{PROC}/[0-9]*/status r,

  /etc/clamfs/* r,
  /etc/fuse.conf r,

  /usr/bin/clamfs mr,

  /tmp/ rw,
  /tmp/** krw,

  /var/run/clamav/clamd.ctl rw,

  # Allow home dir to be scanned
  /media/disk/* rw,
  /media/disk/** rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.bin.clamfs>
}

I also copied the /etc/init.d/skeleton to /etc/init.d/clamfs-home and edited to my intuition's best liking, made it executable and called update-rc.d clamfs-home defaults. Then executed with /etc/init.d/clamfs-home start and yay! Let's see if it comes back after reboot. What I'm wondering about is how to run clamfs with a non-root user...

Best Answer

Related Solutions

Linux – find only files in directory with permissions not set to 644 on linux

Centos – Using the antivirus clamav with clamfs in order to scan a file system

Related Topic