Install Clam-AV And Setup Daily Automated Scans

In this post I will be showing you how to setup Clam-AV on an Ubuntu server as-well as how to run automated daily scans with email alerting. This may sound like it’s complicated but its really not, you can have everything setup within 5 minutes so no need to fear!

Lets start by installing the actual software packages for Clam-AV.

sudo apt-get install clamav clamav-daemon

Next we will want to make sure the the detection rules/definitions are up to date by running freshclam, you may get an error if it runs itself. If you want to then you can kill the process and start it manually to confirm updates work.

sudo killall freshclam # Only need to run this if you get an error when you run freshclam
sudo freshclam

Now lets setup the automated daily scans, we will do this by installing a script. You can place this script wherever you would like however I like to keep scripts inside /root/scripts/.

sudo mkdir /root/scripts
sudo vi /root/scripts/clam-av.sh && sudo chmod 711 /root/scripts/clam-av.sh

Then lets create the script using vi, if you don’t know how to use vi then I will explain otherwise feel free to skip ahead. Once vi is open press the “i” button on your keyboard to enter insert mode and then paste the script below (make sure to change the email settings at the top of the script!).

#!/bin/bash
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="clamav-daily@example.com"; # YOU NEED TO CHANGE THIS TO YOUR DOMAIN NAME
EMAIL_TO="username@example.com"; # YOU NEED TO CHANGE THIS TO YOUR EMAIL ADDRESS
DIRTOSCAN="/var/www /var/vmail";

for S in ${DIRTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 echo "Starting a daily scan of "$S" directory.
 Amount of data to be scanned is "$DIRSIZE".";

 clamscan -ri "$S" >> "$LOGFILE";

 # get the value of "Infected lines"
 MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
   echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";
 else  # COMMENT OUT THIS LINE AND THE ONE BELOW IF YOU ONLY WANT NOTIFICATIONS WHEN SOMETHING IS DETECTED
   echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "No Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO"; 
 fi 
done

exit 0

Now simply press the escape button (esc) and then enter in “:wq” followed by enter to save the script file.

Last but not least we will create a cron job for the script, we can do this by adding an actual cronjob to the crontab file or by creating a symbolic link.

Lets use a symbolic link to make things easier, you can create one by using the following command:

ln /root/scripts/clam-av.sh /etc/cron.daily/clam-av.sh

Thats it, you have fully installed Clam-AV and setup automatic daily scans with email reporting. I hope you enjoyed this quick and easy guide, please don’t forget to like/share/comment! Thanks!

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *