I think it's very good to have an anti-virus installed on your system, even Linux systems!
ClamAV is of course the Numéro 1 choice, however the thing that bothered my was that ClamAV
is not an active anti-virus but a passive one (it only scans when you tell it to do so manually).
So I thought of a way to make it more 'active'. When you download something it gets stored in the Downloads folder,
so IF you'd download malware it would at least be stored there in the beginning. Manually scanning each time would
be a pain.
So I made a script that automatically scans newly downloaded files.
Script:
Code: Select all
#!/bin/bash
DISPLAY=':0'
inotifywait ~/Downloads -m -r -e modify -e moved_to --format '%w%f' | while read file
do
clamscan --bell --recursive --max-filesize=99999999 --log $HOME/.custom_security/logs/download_logs.txt $file
CLAMSCAN_OUT="$?"
if [ $CLAMSCAN_OUT -eq 1 ]; then
/usr/bin/X11/xmessage -buttons Ok:0,"Delete":1,"Logs":2 -default Ok -center "Infected file: $file found!" -display $DISPLAY -bg black -fg green -bd white
USER_CHOICE="$?"
if [ $USER_CHOICE -eq 1 ]; then
rm -r $file
elif [ $USER_CHOICE -eq 2 ]; then
/usr/bin/X11/xmessage -buttons Ok:0,"Clear":1,"Open":2 -default Ok -center -file $HOME/.custom_security/logs/download_logs.txt -display $DISPLAY -bg black -fg green -bd white
USER_CHOICE="$?"
if [ $USER_CHOICE -eq 1 ]; then
rm $HOME/.custom_security/logs/download_logs.txt
elif [ $USER_CHOICE -eq 2 ]; then
dolphin --select $file ~/Downloads
fi
fi
elif [ $CLAMSCAN_OUT -eq 0 ]; then
/usr/bin/X11/xmessage -buttons Ok:0,"Open":1 -default Ok -center "$file is scanned and secure." -display $DISPLAY -bg black -fg green -bd white
USER_CHOICE="$?"
if [ $USER_CHOICE -eq 1 ]; then
dolphin --select $file ~/Downloads
fi
fi
done
Code: Select all
cd ~/
mkdir .custom_security
cd .custom_security
mkdir logs
#Save the code as Downloads_sec.sh
chmod +x Downloads_sec.sh
crontab -e
Code: Select all
DISPLAY=':0'
@reboot sh $HOME/.custom_security/Downloads_sec.sh &
How to test?
Download this innocent AV-test file: https://secure.eicar.org/eicar.com.txt (Eicar test file)
Then download an innocent image.
If successful, you get messages saying if your download was secure or not, you can delete if not, open if it was, view logs,...
Not perfect but I like it a lot and sharing never hurts!
Thanks!