ClamAv ile otomatik tarama yapıp sonuçları mail atmak için uygulayabilirsiniz.
İlk Önce ClamAv Kuruyoruz, Whm Cpanel kullananlar kurulum işlemini panelden yapabilirler.
[sourcecode language=”powershell”]
yum install clamav clamav-db clamd
/etc/init.d/clamd start
[/sourcecode]
Günlük tarama
[sourcecode language=”powershell”]
emacs /etc/cron.daily/clamscan_daily
[/sourcecode]
[sourcecode language=”powershell”]
#!/bin/bash
# email subject
SUBJECT=”VIRUS DETECTED ON `hostname`!!!”
# Email To ?
EMAIL=”me@domain.com”
# Log location
LOG=/var/log/clamav/scan.log
check_scan () {
# Check the last set of results. If there are any “Infected” counts that aren’t zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo “To: ${EMAIL}” >> ${EMAILMESSAGE}
echo “From: alert@domain.com” >> ${EMAILMESSAGE}
echo “Subject: ${SUBJECT}” >> ${EMAILMESSAGE}
echo “Importance: High” >> ${EMAILMESSAGE}
echo “X-Priority: 1” >> ${EMAILMESSAGE}
echo “`tail -n 50 ${LOG}`” >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi
}
clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
[/sourcecode]
[sourcecode language="powershell"]
chmod +x /etc/cron.daily/clamscan_daily
[/sourcecode]
Saatlik tarama
[sourcecode language=”powershell”]
emacs /etc/cron.hourly/clamscan_hourly
[/sourcecode]
[sourcecode language=”powershell”]
#!/bin/bash
# email subject
SUBJECT=”VIRUS DETECTED ON `hostname`!!!”
# Email To ?
EMAIL=”me@domain.com”
# Log location
LOG=/var/log/clamav/scan.log
check_scan () {
# Check the last set of results. If there are any “Infected” counts that aren’t zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo “To: ${EMAIL}” >> ${EMAILMESSAGE}
echo “From: alert@domain.com” >> ${EMAILMESSAGE}
echo “Subject: ${SUBJECT}” >> ${EMAILMESSAGE}
echo “Importance: High” >> ${EMAILMESSAGE}
echo “X-Priority: 1” >> ${EMAILMESSAGE}
echo “`tail -n 50 ${LOG}`” >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi
}
find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
[/sourcecode]
[sourcecode language="powershell"]
chmod +x /etc/cron.hourly/clamscan_hourly
[/sourcecode]