ClamAV Autoscan (Telegram and email alerts)

  • Bagikan

Daily virus and malware scan with ClamAV. This script will send notifications by Telegram and / or email when malware is detected.

This script is designed and tested in Debian 9.

Installation

  • Install ClamAV and all its components:
sudo apt-get update && apt-get install clamav clamav-docs clamav-daemon clamav-freshclam
  • Install different packages so that ClamAV can also analyze the compressed files:
sudo apt-get install arc arj bzip2 cabextract lzop nomarch p7zip pax tnef unrar-free unzip zoo
  • Install the sendmail package (to send notifications by email), curl package (to send notifications to Telegram) and cpulimit (so that the scan doesn’t consume all the CPU):
sudo apt-get install sendmail curl cpulimit

ClamAV configuration

  • Edit the /etc/clamav/freshclam.conf file and modify the number of daily checks (replace 24 by 1):
sudo vi /etc/clamav/freshclam.conf
...
Checks 1
...
  • Restart service:
sudo service clamav-freshclam restart

Install and configure the script

  • Insert the script “clam_scan.sh” in the /root directory.

  • Edit the configuration variables (sudo vi /root/clam_scan.sh):

    • LOG_FILE: Name for the log files.
    • HOST_NAME: Name of the host.
    • CPU_LIMIT: Maximum percentage of CPU to be consumed by malware scanning.
    • MSG_SUBJECT: Subject of notifications when malware is detected.
    • MSG_INFO: Notification information when malware is detected. Some HTML tags (those allowed by Telegram) can be used.
    • EMAIL: If an email notification should be sent when detecting malware (true) or not (false).
    • EMAIL_FROM: Sender email address.
    • EMAIL_TO: Recipient email address.
    • TELEGRAM: If a malware notification should be sent to Telegram (true) or not (false).
    • TELEGRAM_TOKEN: Token of the Telegram bot to be able to notifications.
    • TELEGRAM_CHATID: Id of the Telegram chat to send the notifications to.
    • DIR_TO_SCAN: Directory/s to scan. Several can be indicated separated by a blank space.
  • Give script permissions:

chmod 0755 /root/clam_scan.sh
  • Create a cron to run the script at the time you want:
crontab -e
00 03 * * * /root/clam_scan.sh
  • To verify that the script works correctly, run:
/root/clam_scan.sh
  • Bagikan