Skip to content

Instantly share code, notes, and snippets.

@kevinchappell

kevinchappell/clamav.cron

Created Dec 6, 2015
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
cPanel ClamAV Cron Job
Raw
clamav.cron
#!/bin/sh
for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do
SUBJECT="VIRUS SCAN ${i}"
EMAIL="youremail@yourdomain.com"
# Log location
LOG="/var/log/clamav/${i}-scan.log"
# Quarantine location
QUARANTINE="/home/${i}/quarantine/"
# make a directory for our log and quarantine if one does not exist
mkdir -p $QUARANTINE
mkdir -p "/var/log/clamav/"
# remove old log
rm $LOG &>/dev/null
#ready a new log
touch $LOG
check_scan () {
# Check if our "Infected" count is 0 and send an email if its not.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert-${i}`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From: alert@hostname.tld" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 100 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi
}
/usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i --exclude=${QUARANTINE} --quiet --infected --log=${LOG} --move=${QUARANTINE};
check_scan
done >> /root/infections&
@jrxpress

This comment has been minimized.

Sign in to view
Copy link

@jrxpress jrxpress commented Apr 1, 2019

this is my new version .. I've better adapted to work on my server... I would like to share with you !!

https://gist.github.com/jrxpress/8981f3d984eeff0578e1dfd995fb9b54

-- replaced "sendmail" to "mail"
-- DIRTOSCAN based to user account path like: /home, home2, home3 etc..
-- properly chmod permissions for user and logs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment