Tel.: +49 9152 408 639 4 - Mail: info (at) danielwenzlik.com

Install ClamAV as an antivirus via SSH

ssh-termius

In this article I show you how to install ClamAV on a server with Ubuntu and Plesk via SSH and use it for mail / domain.

Step 1: install ClamAV

After you are logged in to the server with the command ssh “user”@”Server-IP”, you have to install ClamAV first. Simply copy this line into your terminal and press the enter key:

sudo apt-get install clamav clamav-freshclam

During the installation you may be asked for confirmation, then you simply press the letter “Y” and press the Enter key again.

Next you have to install the “Deamon”. This Deamon always runs in the background and constantly monitors your system. To do this, copy the following command into the terminal and press the Enter key again:

sudo apt-get install clamav-daemon

Again, you may be asked for confirmation while the Deamon is being installed, just press the letter “Y” and then press the Enter key again.

Step 2: create the script

Now you create a script, in which the instructions are set, what ClamAV should do with infected files and which email address should be notified when a virus or a malicious file was found.

To do this, copy the following command into the terminal (necessarily, as with everything in this article, with superuser authorization) and press the Enter key:

nano /root/clamscan_daily.sh

Now you see an empty “area” in front of you. This is the empty script file. You fill this with the following content and do not change anything except lines 3-6:

#!/bin/bash
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="[email protected]";
EMAIL_TO="[email protected]";
DIRTOSCAN="/var/www /var/qmail";

for S in ${DIRTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 echo "Starting a daily scan of "$S" directory.
 Amount of data to be scanned is "$DIRSIZE".";

 clamscan -ri "$S" >> "$LOGFILE";

 # get the value of "Infected lines"
 MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
 # using heirloom-mailx below
 echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";
 fi 
done

exit 0

For servers that use Plesk and Ubuntu, you can simply copy the file, for servers with other file structures you have to adjust the directories in line 6. So that you can always understand what the script has done, a file is created in the directory / var / log / clamav / with the scan result.

You now have to assign file permission 755 to the script, you do this with the following line:

chmod 0755 /root/clamscan_daily.sh

Step 3: create cronjob

So that you don’t have to run the script every day by hand, you create a conjob with the next terminal command:

ln /root/clamscan_daily.sh /etc/cron.daily/clamscan_daily

Step 4: testing

That’s it already. Finally, you can test whether the script runs as expected. The feedback in the terminal can take a while, depending on the directory sizes:

/root/clamscan_daily.sh

Additional info:

You can also have ClamAV scan your entire server and display the infected files in the event of a find, this can be done with this command:

clamscan -r --bell -i /

Picture: © Daniel Wenzlik

Total
0
Shares
Related Posts
wordpress
Read More

Secure WordPress in 2020

Based on the CMS WordPress, more than 30% of all websites currently run on the Internet. Therefore, increased security measures apply to WordPress websites.