Script and config file that use clamav to scan based on modification dates
This script was written for Ubuntu and is unlikely to work on other non-Debian distros like BSD, etc.
Please realize that this is not as complete of protection as scanning your entire system after every virus def update. If you have a file in the date_scan_array that is infected with a currently unknown virus, this file will not be rescanned when that virus definition happens to be added to the clamav definitions. Files in the full_scan_array will be scanned every time. Use at your own risk.
I created this because a full clamav scan takes upwards of 6 hours on my system. It will allow you to select directories that you want to run full scans on as well as ones in which you wish to only scan files that were modified since the last scan.
Additionally there is an option to set rollback time. Default is set to rollback=300 (5 min)
Rollback will allow you to rescan older files for a little redundancy if you like. For instance, you could set it to scan all files that are 24 hours older than last scan: rollback=86400
Install clamav clamav-base clamav-freshclam
apt install clamav
Do not insatll the daemons: clamdscan clamav-daemon
Disable the freshclam daemon from running at startup (optional).
I don't see any sense in updating virus defs every min when you don't scan that often.
/etc/init.d/clamav-freshclam stop
update-rc.d -f clamav-freshclam disable
Edit freshclam.conf and comment out NotifyClamd and Checks:
nano /etc/clamav/freshclam.conf
# NotifyClamd /etc/clamav/clamd.conf
# Checks 24
You don't need to notify clamd since you didn't install it.
Run freshclam to see if it is working
freshclam
Download both the clamscan.sh and clamscan.conf files from this git
You can locate these anywhere you like but you need to fix their permissions:
chmod 700 clamscan.sh
chmod 600 clamscan.conf
The config file is well commented. Add the directories you wish to scan to it.
Run your first scan. NOTE: this is probably going to take hours to finish.
/path/to/clamscan.sh /path/to/clamscan.conf &
The "&" runs the command in the background.
You can check if it has finished with the "jobs" or "top" command.
After the first run you should see an updated value for the variable "EPOCHTIME" in clamscan.conf
You can also check your clamscan.log file to see that the scans were completed.
Setup scans with cron at whatever intervals you like:
crontab -e
# Update freshclam virus defs & scan sensitive areas @2:54am
54 2 * * * /path/to/clamscan.sh /path/to/clamscan.conf
NOTE: In order to have this script email you when ClamAV encounters a virus or error you will need a properly installed and configured Mail Transfer Agent like postfix. You will also want to make sure your outgoing firewall rules allow it to send mail.