[Script] ClamAV active scanning downloads

Share your own howto's etc. Not for support questions!

[Script] ClamAV active scanning downloads

Postby O'Niel » 2017-01-21 19:36


I think it's very good to have an anti-virus installed on your system, even Linux systems!
ClamAV is of course the Numéro 1 choice, however the thing that bothered my was that ClamAV
is not an active anti-virus but a passive one (it only scans when you tell it to do so manually).

So I thought of a way to make it more 'active'. When you download something it gets stored in the Downloads folder,
so IF you'd download malware it would at least be stored there in the beginning. Manually scanning each time would
be a pain.
So I made a script that automatically scans newly downloaded files.

Code: Select all

inotifywait ~/Downloads -m -r -e modify -e moved_to --format '%w%f' | while read file
   clamscan --bell --recursive --max-filesize=99999999 --log $HOME/.custom_security/logs/download_logs.txt $file
   if [ $CLAMSCAN_OUT -eq 1 ]; then
      /usr/bin/X11/xmessage -buttons Ok:0,"Delete":1,"Logs":2 -default Ok -center "Infected file: $file found!" -display $DISPLAY -bg black -fg green -bd white

      if [ $USER_CHOICE -eq 1 ]; then
         rm -r $file
      elif [ $USER_CHOICE -eq 2 ]; then
         /usr/bin/X11/xmessage -buttons Ok:0,"Clear":1,"Open":2 -default Ok -center -file $HOME/.custom_security/logs/download_logs.txt -display $DISPLAY -bg black -fg green -bd white
         if [ $USER_CHOICE -eq 1 ]; then
            rm $HOME/.custom_security/logs/download_logs.txt
         elif [ $USER_CHOICE -eq 2 ]; then
            dolphin --select $file ~/Downloads
   elif [ $CLAMSCAN_OUT -eq 0 ]; then
      /usr/bin/X11/xmessage -buttons Ok:0,"Open":1 -default Ok -center "$file is scanned and secure." -display $DISPLAY -bg black -fg green -bd white
      if [ $USER_CHOICE -eq 1 ]; then
         dolphin --select $file ~/Downloads

How to install?
Code: Select all
cd ~/
mkdir .custom_security
cd .custom_security
mkdir logs
#Save the code as Downloads_sec.sh
chmod +x Downloads_sec.sh
crontab -e

To add in crontab:
Code: Select all
@reboot sh $HOME/.custom_security/Downloads_sec.sh &

You might need to change the DISPLAY variable-value in crontab and the script, do echo $DISPLAY to check that out.

How to test?
Download this innocent AV-test file: https://secure.eicar.org/eicar.com.txt (Eicar test file)
Then download an innocent image.

If successful, you get messages saying if your download was secure or not, you can delete if not, open if it was, view logs,...
Not perfect but I like it a lot and sharing never hurts!

Posts: 28
Joined: 2016-08-20 20:49

Return to Docs, Howtos, Tips & Tricks

Who is online

Users browsing this forum: No registered users and 3 guests