Phone : 00212606688080
Knowledgebase

Install ClamAV on CentOS 6 - 64 bit + Configure Daily Scanning

A. Install ClamAV

1. Install EPEL repo

Before we can do proceed, you must ensure that you have the EPEL yum repository enabled.

The EPEL repo is enabled by simply installing an RPM. Please use the command below to install the EPEL repository on your CentOS server. If you are unsure of your CentOS version or architecture, please use one of these commands.

echo "I am running: `cat /etc/redhat-release` (`arch`)"
cat /etc/issue
cat /etc/redhat-release
arch
uname -r -v -p

Now choose and install your RPM:

CentOS 6 – 64-bit
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

After running the above commands for your relevant CentOS version, the following file is created:

/etc/yum.repos.d/epel.repo

The above file can be edited directly to enable or disable the EPEL repo.

2. Install required ClamAV packages

yum install clamav clamd

3. Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on
/etc/init.d/clamd start

4. Update ClamAV’s signatures

/usr/bin/freshclam

Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

5. Manual Scan:

clamscan --infected --recursive /home/*/PATH/

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:
1. Create cron file:

vim /etc/cron.daily/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:

#!/bin/bash
SCAN_DIR="/home"
LOG_FILE="/var/log/clamav/manual_clamscan.log"
/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions:

chmod +x /etc/cron.daily/manual_clamscan

You can even run the above script to ensure that it works correctly.

And you’re done!

C. Configuring scheduled daily scans with email notifications on infection

# Using your favorite text editor (such as nano or vim), place the following in the file "/etc/cron.daily/manual_clamscan" to create a cron job for a daily scan or "/etc/cron.hourly/manual_clamscan" for an hourly scan.

Configuration options:

    SCAN_DIR - Directory or directories to scan recursively
    LOG_FILE - Location of the log file on your system
    AGGRESSIVE - Set to 0 to leave infected files for manual removal, set to 1 to automatically delete infected files
    SUBJECT - Subject of the email notice
    EMAIL - Email you wish to have the notice sent to
    EMAIL_FROM - Address which the email should be sent from
    
#!/bin/bash
 
# Email alert cron job script for ClamAV
# Original, unmodified script by: Deven Hillard
#(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html)
# Modified to show infected and/or removed files
 
# Directories to scan
SCAN_DIR="/home /tmp /var"
 
# Location of log file
LOG_FILE="/var/log/clamav/manual_clamscan.log"
 
# Uncomment to have scan remove files
#AGGRESSIVE=1
# Uncomment to have scan not remove files
AGGRESSIVE=0
 
# Email Subject
SUBJECT="Infections detected on `hostname`"
# Email To
EMAIL="your.email@your.domain.com"
# Email From
EMAIL_FROM="clamav@server.hostname.com"
 
check_scan () {
    # If there were infected files detected, send email alert
 
    if [ `tail -n 12 ${LOG_FILE}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
    # Count number of infections
        SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files')
        INFECTIONS=${SCAN_RESULTS##* }
 
        EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
        echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
        echo "From: ${EMAIL_FROM}" >>  ${EMAILMESSAGE}
        echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
        echo "Importance: High" >> ${EMAILMESSAGE}
        echo "X-Priority: 1" >> ${EMAILMESSAGE}
     
        if [ $AGGRESSIVE = 1 ]
        then
                echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE}
        else
                echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE}
        fi
 
        sendmail -t < ${EMAILMESSAGE}
    fi
}
 
if [ $AGGRESSIVE = 1 ]
then
        /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE
else
        /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE
fi
 
check_scan

# Make the script executable by changing its permissions
    
chmod +x /etc/cron.daily/manual_clamscan

Now if you have an infection you will receive an email notification. There will be no notification if there is no infection detected.




Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article

Also Read

Language: