ShirazOnline
نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: Automate ClamAV to Perform Daily System Scan and Send Email Notifications on Linux

  1. #1
    کاربر ممتاز حرفه ای shiraz آواتار ها
    تاریخ عضویت
    Apr 2007
    نوشته ها
    2,481
    تشکرها / پسندها

    پیش فرض Automate ClamAV to Perform Daily System Scan and Send Email Notifications on Linux

    [فقط اعضا می توانند لینک ها را مشاهده کنند برای ثبت نام اینجا را کلیک کنید] is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats.Today’s plan is to install and configure ClamAV software to perform automatic daily system scans and send emails when malware is detected.
    Install ClamAV

    We’re using a Debian Wheezy server:
    کد:
    # uname -rv
    3.2.0-4-686-pae #1 SMP Debian 3.2.51-1
    Install ClamAV:
    کد:
    # apt-get update && apt-get install clamav clamav-freshclam -y
    Start ClamAV virus database updater if it wasn’t started automatically:
    کد:
    # service clamav-freshclam start
    Or alternatively do:
    کد:
    # /etc/init.d/clamav-freshclam start
    The above commands will start freshclam in a daemon mode:
    کد:
    # ps -ef | grep fresh | grep clam
    clamav  1951   1  1 17:19 ?  00:00:03 /usr/bin/freshclam -d --quiet
    By default, freshclam will look for new updates every hour:
    کد:
    # cat /etc/clamav/freshclam.conf | grep -i check
    # Check for new database 24 times a day
    Checks 24
    Note that we can always update ClamAV manually by typing the following command:
    کد:
    # freshclam -v
    Install SSMTP

    To be able to send email, we’ll need something simple, somehting like [فقط اعضا می توانند لینک ها را مشاهده کنند برای ثبت نام اینجا را کلیک کنید]:
    کد:
    # apt-get install ssmtp
    Open the configuration file:
    کد:
    کد:
    # vim /etc/ssmtp/ssmtp.conf
    Change the following settings appropriately (make sure the details are correct):
    کد:
    root=sandy@example.com
    mailhub=mail.example.com:465
    AuthUser=[USERNAME]
    AuthPass=[********]
    UseTLS=YES
    AuthMethod=LOGIN
    RewriteDomain=example.com
    Hostname=debian
    FromLineOverride=yes #enables to use mail -r option
    SSMTP configuration file contains our email login details, therefore it’s a good practice to restrict access for regular users:
    کد:
    # chmod 0600 /etc/ssmtp/ssmtp.conf
    Test if we are able to send an email:
    # echo test | mail -v -s "testing ssmtp setup" sandy@example.com
    [<-] 220 mail.example.com ESMTP [->] EHLO debian
    [<-] 250 HELP [->] AUTH LOGIN
    [<-] 334 VXNlcm5hbWU6 [->] d2VibWFzdGVyQG5ldmFyLmx0
    [<-] 334 UGFzc3dvcmQ6
    [<-] 235 Authentication succeeded [->] MAIL FROM:<root@debian>
    [<-] 250 OK [->] RCPT TO:<sandy@example.com>
    [<-] 250 Accepted [->] DATA
    [<-] 354 Enter message, ending with "." on a line by itself [->] Received: by debian (sSMTP sendmail emulation);
    [->] From: "root" <root@debian>
    [->] Date: Fri, 17 Jan 2014 17:28:17 +0000
    [->] To: sandy@example.com
    [->] Subject: testing ssmtp setup
    [->] User-Agent: Heirloom mailx 12.5 6/20/10
    [->] MIME-Version: 1.0
    [->] Content-Type: text/plain; charset=us-ascii
    [->] Content-Transfer-Encoding: 7bit
    [->]
    [->] test
    [->] .
    [<-] 250 OK id=1W4Cl1-0002SM-RO [->] QUIT
    [<-] 221 mail.example.com closing connection
    All looks good so far.
    Create the Daily Scan Script

    We will create a new directory to store script files:
    کد:
    # mkdir -m 0755 /root/.myscripts
    Now open a new file for the script:
    کد:
    # vim /root/.myscripts/clamscan_daily.sh
    And add the following code:
    کد:
    #!/bin/bash
    # written by Tomas Nevar (http://www.lisenet.com)
    # copyleft free software
    LOGFILE=/var/log/clamav/clam-daily.log
    EMAIL_MSG="Please see the log file attached."
    EMAIL_FROM=clamav@example.com
    EMAIL_TO=sandy@example.com
    
    # be nice to others while scanning the entire root
    nice -n 5 clamscan -ri / --exclude-dir=/sys/ > $LOGFILE 2>&1
    
    # get the value of "Infected lines"
    MALWARE=`tail -n 4 $LOGFILE|grep Infected|cut -d" " -f3`
    
    # if the value is not equal to zero, send an email with the log file attached
    if [ "$MALWARE" -ne "0" ]; then
      echo $EMAIL_MSG|mail -a $LOGFILE -s "ClamAV: Malware Found" -r $EMAIL_FROM $EMAIL_TO
    else
      exit 0
    fi
    exit 0
    Save the file. Make sure it’s executable:
    کد:
    # chmod 0755 /root/.myscripts/clamscan_daily.sh
    Add Script to Cron.daily

    Now when we have the script, we want it to be automatically executed every day.This can be easily achieved by creating a daily cron job. It is assumed that the system is online 24/7 (server in this case) or at least most of the time. Otherwise anacron might be a better choice.Let’s create a hard link as below:
    کد:
    # ln /root/.myscripts/clamscan_daily.sh /etc/cron.daily/clamscan_daily
    Check to make sure that the hard link was created:
    کد:
    # ls -li /etc/cron.daily/clamscan_daily
    44626 -rwxr-xr-x 2 root root 493 Jan 17 16:28 /etc/cron.daily/clamscan_daily
    There is one main advantage of creating a hard link instead of a symbolic link in my particular case.I tend to keep all custom scripts in one place for the sake of convenience and they sometimes get renamed. I usually don’t have time to walk around fixing all broken symlinks.Nevertheless, there are quite a few other alternatives available:
    1. Create a symbolic link.
    2. Move the script file to cron.daily folder.
    3. Use crontab for script execution.

    You should always choose what suits you best in one or another situation.
    Troubleshoting

    If you get the following error:
    LibClamAV Error: cli_loaddb(): No supported database files found in /var/lib/clamav/
    Update the database manually:
    کد:
    # freshclam -v
    کد:
    https://www.lisenet.com/2014/01/17/automate-clamav-to-perform-daily-system-scan-and-send-email-notifications-on-linux/

  2. # ADS
    Circuit advertisement
    تاریخ عضویت
    Always
    نوشته ها
    Many
     

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

موضوعات مشابه

  1. How to send bulk mail and track who clicked on your email
    توسط vdpchecker در انجمن نرم افزار های عمومی
    پاسخ ها: 0
    آخرين نوشته: 2012/10/01, 11:21 AM
  2. Using Secondary Email Address to Send Emails in Exchange 2007
    توسط patris_70 در انجمن Exchange 2007
    پاسخ ها: 0
    آخرين نوشته: 2010/06/19, 04:43 PM
  3. پاسخ ها: 0
    آخرين نوشته: 2010/04/25, 02:33 PM
  4. SharePoint 2007 couldn’t send any email, when using Exchange 2007
    توسط patris_70 در انجمن Sharepoint Server
    پاسخ ها: 0
    آخرين نوشته: 2010/04/06, 02:44 AM

علاقه مندی ها (Bookmarks)

علاقه مندی ها (Bookmarks)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •