Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Script] ClamAV active scanning downloads

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
O'Niel
Posts: 28
Joined: 2016-08-20 20:49

[Script] ClamAV active scanning downloads

#1 Post by O'Niel »

Hi!

I think it's very good to have an anti-virus installed on your system, even Linux systems!
ClamAV is of course the Numéro 1 choice, however the thing that bothered my was that ClamAV
is not an active anti-virus but a passive one (it only scans when you tell it to do so manually).

So I thought of a way to make it more 'active'. When you download something it gets stored in the Downloads folder,
so IF you'd download malware it would at least be stored there in the beginning. Manually scanning each time would
be a pain.
So I made a script that automatically scans newly downloaded files.

Script:

Code: Select all

#!/bin/bash
DISPLAY=':0'

inotifywait ~/Downloads -m -r -e modify -e moved_to --format '%w%f' | while read file
do
	clamscan --bell --recursive --max-filesize=99999999 --log $HOME/.custom_security/logs/download_logs.txt $file
	CLAMSCAN_OUT="$?"
		
	if [ $CLAMSCAN_OUT -eq 1 ]; then
		/usr/bin/X11/xmessage -buttons Ok:0,"Delete":1,"Logs":2 -default Ok -center "Infected file: $file found!" -display $DISPLAY -bg black -fg green -bd white
		USER_CHOICE="$?"

		if [ $USER_CHOICE -eq 1 ]; then
			rm -r $file
		elif [ $USER_CHOICE -eq 2 ]; then
			/usr/bin/X11/xmessage -buttons Ok:0,"Clear":1,"Open":2 -default Ok -center -file $HOME/.custom_security/logs/download_logs.txt -display $DISPLAY -bg black -fg green -bd white
			USER_CHOICE="$?"
			if [ $USER_CHOICE -eq 1 ]; then
				rm $HOME/.custom_security/logs/download_logs.txt
			elif [ $USER_CHOICE -eq 2 ]; then
				dolphin --select $file ~/Downloads
			fi
		fi
	elif [ $CLAMSCAN_OUT -eq 0 ]; then
		/usr/bin/X11/xmessage -buttons Ok:0,"Open":1 -default Ok -center "$file is scanned and secure." -display $DISPLAY -bg black -fg green -bd white
		USER_CHOICE="$?"
		if [ $USER_CHOICE -eq 1 ]; then
			dolphin --select $file ~/Downloads
		fi
	fi
done
How to install?

Code: Select all

cd ~/
mkdir .custom_security
cd .custom_security
mkdir logs
#Save the code as Downloads_sec.sh
chmod +x Downloads_sec.sh
crontab -e
To add in crontab:

Code: Select all

DISPLAY=':0'
@reboot sh $HOME/.custom_security/Downloads_sec.sh &

You might need to change the DISPLAY variable-value in crontab and the script, do echo $DISPLAY to check that out.

How to test?
Download this innocent AV-test file: https://secure.eicar.org/eicar.com.txt (Eicar test file)
Then download an innocent image.

If successful, you get messages saying if your download was secure or not, you can delete if not, open if it was, view logs,...
Not perfect but I like it a lot and sharing never hurts!

Thanks!

Post Reply