Search:  
Gentoo Wiki

TIP_Windows_Share_with_Antivirus

This article is part of the Tips & Tricks series.
Terminals / Shells Network X Window System Portage System Filesystems Kernel Other

This explains how to install a windows share that is scanned when files are uploaded or changed there.

Contents

Features

Alternatives

Starting point

You already installed

  1. clamav
  2. inotify-tools

You already set up

From there

Script description

What the script does is:

Installing

  1. Save the script below to something in your $PATH, like /usr/local/bin/scanshares
  2. (Set the variables according to your setup)
  3. Make sure $SHARE and $VIRUSDIR is owned by the user "nobody"
  4. Call it using
    sudo -u nobody scanshares >/var/log/scanshares
  5. Watch /var/log/scanshares while you put a test virus file from [EICAR into your share. After some seconds, it should be replaced by a text file.
File: /usr/local/bin/scanshares
#!/bin/bash

# if you manage to create a file containing a virus, 
# which filename signatures a virus, you will send this script
# in a infinite loop ;-)

TMPFILE=/tmp/lastscanresult.txt

SHARE=/srv/samba/
VIRUSDIR=/srv/samba/hasvirus/

VIRUSDB=/var/clamav/

#INOTIFYWAIT=/home/johannes/inotify-tools-3.13/src/inotifywait
INOTIFYWAIT=inotifywait

# if you have no clamd
CLAMSCAN="clamscan --database $VIRUSDB --block-encrypted -i"
# if you have clamd (faster)
CLAMSCAN="clamdscan"

{
        # initial check
        find $SHARE -type f | while read line; do echo "$line|CLOSE_WRITE"; done;
        # await changes
        # we need to listen to create, otherwise inotifywait doesn't follow in subdirs :-(
        $INOTIFYWAIT -q -m -r -e create -e close_write "$SHARE" --format '%w%f|%e';
} |
grep '|CLOSE_WRITE' --line-buffered | sed -u 's/|.*//g' | # remove create events again
grep -v $VIRUSDIR --line-buffered | # we know THOSE have virus
while read file; do
        echo "scanning $file" 
        $CLAMSCAN --no-summary "$file" > $TMPFILE
        if [ "$?" == "1" ]; then
                mv "$file" $VIRUSDIR
                {
                        echo 'The file contained a virus and was therefore removed.'
                        cat $TMPFILE
                } > "$file.txt"
        fi
        echo "scanning $file done."
done


Links

Retrieved from "http://www.gentoo-wiki.info/TIP_Windows_Share_with_Antivirus"

Last modified: Fri, 05 Sep 2008 05:27:00 +0000 Hits: 1,051