A quick hack wrapper script to allow for clamscan to run with some error checkign and send a report to a specified email address ( uses ssmtp rather than mail for leaf node servers)

clamscan.sh

 #!/bin/sh

# Script scans system using clamAV
# (c) 2023 bvi at moria.org
# v0.1.1 - typo cleanup

#check required files are present
if [ ! -f /usr/bin/clamscan ];  then
        echo ERROR
        echo clamscan binary not found: /usr/bin/clamscan
        echo Please check ClamAV is installed and paths are correct
        exit 1
fi

if [ ! -f /usr/sbin/ssmtp ]; then
        echo ERROR
        echo ssmtp not found: /usr/sbin/ssmtp
        echo Unable to send email, please check smtp is correclty installed and configured
        exit 1
fi

logfile=/var/log/clamscan.log
# Who to send email to
target=recipient@email.domain
# How many days worth of logs to keep
maxlogdays=15 #notimplemented

## no further configuration below here
date=$(date  '+%Y%M%d')
yesterday=$(date -d yesterday   '+%Y%M%d')
host=$(hostname)
rfcdate=$(date -R)
#
# --infected            -i             Only print infected files
# --suppress-ok-results -o             Skip printing OK files
# --stdout                             Write to stdout instead of stderr. Does not affect 'debug' messages.
# --log=FILE            -l FILE        Save scan report to FILE

# make sure that logs are named properly
if [ -f $logfile ]; then
        mv $logfile $logfile.yesterday
fi
# delete any logs older than $maxlogdays
#find $logfile.* -ctime $maxlogdays -del {}

# run clam scan but suppress any file that is 'OK' ie oly list infected and errtos
#/usr/bin/clamscan -o --stdout -l  $logfile.$date
/usr/bin/clamscan --stdout -o --quiet  --exclude-dir=/proc\/* --exclude-dir=/run\/* --exclude-dir=/var/run\/ --exclude-dir=/dev\/ --exclude-dir=/sys\/ --exclude-dir=/usr  -l  $logfile -r  /


#catch the returncode from clamav
result=$?

#check exit code based on documentation
# 0 = Ok
# 1 = Match found
# 2 = error

status=""
case $result in
0)
        status="[OK]" # all good
        ;;
1)
        status="[Malware FOUND]" #infection found
        ;;
2)
        status="[Error - Manual Check required!]" #Error present
        ;;
*)
        status="[Unknown Case]" #something very odd happended
        ;;

esac


## construct and send email
echo -n "Date: $rfcdate" >  /tmp/clamscanemail.$$
#date -R >>  >  /tmp/clamscanemail.$$
echo "From: Clamav Scanner <postmaster@localhost>" >>    /tmp/clamscanemail.$$
echo "To: $target"  >> /tmp/clamscanemail.$$
echo "Subject: [$host] Clamav Scan $status" >>    /tmp/clamscanemail.$$

if [ $result -eq 1 ]  # MALWARE found so hilight it.
then
        echo "=-=-=-=-=-  MALWARE FOUND -=-=-=-=-="  >>    /tmp/clamscanemail.$$
        grep "FOUND$" $logfile >>     /tmp/clamscanemail.$$
        echo "=-=-=-=-=-  MALWARE FOUND -=-=-=-=-="  >>    /tmp/clamscanemail.$$
fi


tail -12 $logfile >>  /tmp/clamscanemail.$$
echo "\nFurther details:\n============================\n" >>    /tmp/clamscanemail.$$
cat $logfile | grep -v "Empty file"  | grep -v "Symbolic link" | grep -v "FOUND$"| head -n 11 >>    /tmp/clamscanemail.$$


## send email
cat /tmp/clamscanemail.$$ | /usr/sbin/ssmtp $target

if [ $? -eq 0 ];
then
        rm  /tmp/clamscanemail.$$
        mv $logfile $logfile.$date
        exit
else
        echo An error may have occured sending email.
        echo Manual inspection of log files should take place
        echo see:  /tmp/clamscanemail.$$ and $logfile and/or $logfile.$date
        exit 1
fi