Comments on Configure Clamav for daily system scans and email notification on Debian

Today we take a look at the clamav antivirus software and how to use it to protect your server or desktop. I will show you how to configure Clamav to scan all system, website and email files daily and notify you by email in case that a virus gets detected.

23 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Chris hawkins
Reply  

Great Article!

Having a problem with the /root/clamscan_daily.sh script!

Error is:

"root@-office:~# /root/clamscan_daily.sh

Starting a daily scan of /var/www directory.

 Amount of data to be scanned is 20K.

/root/clamscan_daily.sh: line 13: : No such file or directory

tail: cannot open ‘’ for reading: No such file or directory"

/root/clamscan_daily.sh: line 19: [: : integer expression expected"

Any idea what's wrong?

Thanks again for the article

 

 

 

By: ethan
Reply  

Hey, did you ever get this resolved?

By: Adam
Reply  

The variable $LOGFILE is used in the script, but is never defined.  Add the following line to the script and you should be good to go.

To the end of the variable declaration section at the top, add:

LOGFILE="/path/to/log/file.log"; 

and you should be all set.  

Be sure that the path you set exists!

By: Patrik
Reply  

You probably do not have /var/log/clamav directory created (the clamav dir) create it or change the path and it will work.

By: diablo666
Reply  

Mmmm just retested but no error to me.

Can you please paste the code of your /root/clamscan_daily.sh ?

By: swedala
Reply  

Thanks for a good simple tutorial.

I have good knowledge about linux and had been able to develop it as well, but I'm lazy so I searched if someone else have done the job for me ;-)

Found this tutorial and when I checked the script and it was promising.

As I mentioned above, I'm lazy so I want to avoid attachments, guess I will change the script.

echo "$LOGFILE" | mail -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO"

By: diablo666
Reply  

Hi swedala, the idea of the script is that, if there's no error, no mail will be sent. So when it will be sent, i want to check fast what is the problem, so i've decide to attach the log.

But as you said, may be someone don't want the attachment, and your suggestion is welcome to us! :)

By: Rex
Reply  

Hi,

How can we set ClamAV scan & remove virus itself daily?

 

Thanks

By: Antony Rappai
Reply  

I am glad I stumbled upon this, I stumbled across this articles, I will be using bits and pieces for an article that will be writing on cloud server security.

I shall mention this link in the credits  :)

By: Davide Cester
Reply  

Hi, very useful script, thank you!

I would like to suggest a couple of improvements:

- truncate $LOGFILE just before the loop, to improve readability when testing the log:

> $LOGFILE

- replace echo commands with cat "..." >> $LOGFILE to have everything in the log file:

  echo "  ===== Scanning $S        Total size: "$DIRSIZE"." >> $LOGFILE;

The additional newline before ===== is because clamscan output has a blank line at the beginning, and the "Scanning..." header appears to belong to the previous block, reducing readability.

Bye :)

By: Olli
Reply  

i've just seen that on ubuntu 16.04 mail command has changed. now -a adds an header and -A attaches a file.

echo "$EMAIL_MSG"|mail -A "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";

By: Mashkoor Qadir
Reply  

Hi Team,

This is really very informative article. I am having one problem with daily auto scaning. the script is not scanning the multiple directories. such as I need to scan /home /usr /var and so on. but it doens't scan all the directories. I copied the above script and paste it in the same way.  individual directory containing sub directories scaning is working fine.

 

could you please help me .

By: Mashkoor Qadir
Reply  

Hi Team,

 

I got the solution of this now have an othre problem. Error message is as below . Please help me out of this issue.

"warning:LibClamAV Warning: cli_scanbzip: bzip2 support not compiled in "

Deuring the scan I got the above warning messgae, however it also gives us the scanning report for the directories.

 

By: Noman
Reply  

The script is working only when I execute it directly. After sometime, it does create a log file and I see some paths to malicious files. But problem is with cron job. Cron job is executed and it also creates log file but log file is empty and it is empty everyday since I setup cron job. Why is cron job not filling the log file?

By: Sudheer
Reply  

Is there any way not to scan already scanned items,

Because it's taking more time to scan already scanned files, (for the first scan it's ok to scan all the files, the second scan should scan only the new files which are not scanned.) 

Please suggest me any solution to scan only new files.

By: Kevin Ruffus
Reply  

There is an issue with compatibility with other mail utilities such as postfix. Attachments and commands to attach them vary, so to prevent this issue the script can be simplified:

remove EMAIL_MSG variable

add HOST variable

set HOST="$(hostname -f)"

change

    echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";

to

    cat "$LOGFILE" | mail -s "Malware Found on $HOST" -r "$EMAIL_FROM" "$EMAIL_TO";

That should be compatible across the board and tells you exactly which host is infected.

 

By: koushik
Reply  

run the below command

# find /home/COUTHIT.LOCAL/username/ -ctime -1 -print | xargs /usr/bin/clamscan -ri --log=/root/clamscan.log

By: Maximilian
Reply  

Hello,

how can I configure the shellscript without the email part and with a cam.log file in the home directory where the infected files will be write?

By: Holger
Reply  

For anybody who stumbles across this nice article: The service commands on recent (k)ubuntu for the freshclam virus-db-update service would be

 

 

# check service status

sudo systemctl status clamav-freshcla

# restart service

sudo systemctl restart clamav-freshclam

 

(note the spelling difference)

By: Mazufa
Reply  

Hello!

My ClamAV installation works otherwise but it doesn't send me a notification even if a virus is found. I have installed mailx on my Debian operating system, but even if a virus is found then no notification is sent to me. I downloaded an eicar site to test for a virus. What can I do to fix this problem? I would really like to receive email notifications.

By: MG
Reply  

Hello,

I am still having the similar issue as mentiond by Chris but a liilte different. Here is the o/p of run of the script

/root/clamscan_daily.sh: line 8: 30330 Killed                  clamscan -ri "$S" &> "$LOGFILE"

/root/clamscan_daily.sh: line 20: [: : integer expression expected

I do have the logfile folder as defined I can see the log file there with the appended date as defined as defination. I cannot figure out what is wrong - any suggestions. 

 

By: MG
Reply  

Hello,

I am still having the similar issue as mentiond by Chris but a liilte different. Here is the o/p of run of the script

/root/clamscan_daily.sh: line 8: 30330 Killed                  clamscan -ri "$S" &> "$LOGFILE"

/root/clamscan_daily.sh: line 20: [: : integer expression expected

I do have the logfile folder as defined I can see the log file there with the appended date as defined as defination. I cannot figure out what is wrong - any suggestions. 

 

By: Torben
Reply  

Hey, thanks for this tutorial. Unfortunatly heirloom have been deleted within the Ubuntu 18.04 release. Would be great if you consider to update ist tutorial with another mailing method. Thanks!