Clamxav antivirus11/29/2023 ![]() ![]() Where DATE is the timestamp of the file you need to view. If your server isn’t set up, such that it can actually send out email, you’ll then need to manually view the generated log file with the command: Sudo chmod u+x /usr/local/bin/clamscan_daily.shĪt the bottom of the file, add the following line to run the scan every day at 1 am:ġ 1 * * * /usrlocal/bin/clamscan_daily.sh > /dev/null 2>&1Īt this point, ClamAV will automatically scan the /var/www/html directory for malicious files and alert you if it finds anything. Give that file executable permissions with the command: Where is the FROM address and is the email address any alerts will be sent to. MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3) Įcho "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO" LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log" ĮMAIL_MSG="Please see the log file S in $ The example below will use the mail command.įirst, create the script with the command: Now we’ll create a bash script that will scan the /var/If so, you might be able to use the script as is, or you might have to modify it, based on what SMTP server you’ve set up on the server. Run the scan on the downloaded file with the command: sudo clamscan -infected -remove -recursive ~/ĬlamAV should detect the malicious file and remove it. Move that file into your home directory with the command: mv ~/ ![]() If you want to make sure that ClamAV is working properly, follow the steps below.ĭownload the Eicar file with the command: wget -P ~/ ![]() The above command will run a recursive scan on /var/When the scan completes it should, hopefully, return nothing suspect found. ![]() Sudo clamscan -infected -detect-pua=yes -recursive /var/www/html/ You can run a manual scan on that directory with a command like: Say your server is a web server and everything is housed in the standard Apache document root. Let’s run a quick manual scan on our system. Sudo systemctl start clamav-freshclam How to manually scan a directory Start the freshclam daemon with the command: When freshclam completes, download the latest database signature file with the command:Ĭopy that file into the necessary directory with the command: With the daemon stopped, update ClamAV with the command: Sudo apt-get install clamav clamav-daemon mailutils -yĪfter the installation is complete, you’ll need to stop the daemon, so you can update the ClamAV database manually. To install everything necessary, log in to your Ubuntu Server instance and issue the command:
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |