Solved

configure clamav to automatically move files to an quarantine folder

Posted on 2014-03-06
6
4,098 Views
Last Modified: 2014-03-09
I inherited a system with clamav on ubuntu 12.04 and I am trying to get it to scan whenever a file is uploaded and move the infected file to a quarantine folder.  I am researching on line for a php plugin for clamav but I still thought clamav should be working in the background.

Please share any examples on how to configure clamav to automatically move files to an quarantine folder
clamd.txt
0
Comment
Question by:cesemj
  • 2
  • 2
  • 2
6 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39912325
The moving part has to be part of your scripts logic.
Assign the status of running clamdscan filename to a variable.  Then check the status and on this basis, you change the location where the file goes.
Have not used clam recently, but do not believe it has an option I.e "clamdscan filename good_folder quarantine" which is what would be needed.  Note also that an automatic handling by the scanner, will not provide feedback to the user.
0
 
LVL 62

Accepted Solution

by:
btan earned 350 total points
ID: 39912332
Ref - http://askubuntu.com/questions/250290/how-do-i-scan-for-viruses-with-clamav/

Check to find if Clamscan is running
https://help.ubuntu.com/community/ClamAV#Check_to_find_if_Clamscan_is_running

To check files in the USER home directory and move infected files to another folder:
clamscan -r --move=/home/USER/VIRUS /home/USER

there is also ClamTk which is a frontend for ClamAV. for quarantine can see below but do ntoe the on demand scan
http://clamtk.sourceforge.net/help/quarantine-clamtk.html

Why isn't there on-access virus scanning?
Several reasons:
First, it would rely on the Dazuko program, and there are no widely available binary packages for it. Second, if there were packages available, such a functionality is probably not needed in Linux and would serve mostly as a memory hog if you were watching the entire system. A workaround would be to only watch each user's home directory while they were logged in. Third, you would have to run clamd as root in this kind of situation, and that is a security risk.
The good news is that there is a Perl interface for Dazuko, so if things did change and this became a desirable functionality, it could probably be implemented.

you may want to see the add-on for on access filesystem scan
http://www.clamav.net/lang/en/download/third-party-tools/3rdparty-fs/

Avfs, a true on-access anti-virus file system that incrementally scans files and prevents infected data from being committed to disk. Avfs is a stackable file system and therefore can add virus detection to any other file system: Ext3, NFS, etc. Avfs supports forensic modes that can prevent a virus from reaching the disk or automatically create versions of potentially infected files to allow safe recovery. Avfs can also quarantine infected files on disk and isolate them from user processes.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 39912336
Rechecked the man pages, which you ....

 It has the ---remove option caution is advised
It also have the --move=/path/to/directory
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:cesemj
ID: 39912911
Thanks for your input: I found the following article and are testing the following cron command I entered as root:

echo "*/5 * * * * /usr/bin/find /var/www/testbuild.tv/site/fileuploads/* -mmin -7 -type f -exec /usr/bin/clamdscan --remove {} \ --log=/var/log/clamav/removedfiles.log;  > /dev/null 2>&1" >> /var/spool/cron/root

I restarted the cron service and did crontab -l but do not see the cronjob.  I did not receive an error when I typed the command..

The goal of the cronjob syntax is to run clamdscan every 5 mins against a specific directory tree and remove all infected files and log the results.
Please tell me what you think.
0
 
LVL 62

Expert Comment

by:btan
ID: 39913936
can also check out this script as reference for scheduled task via cron, grep infected and piped to your desired quarantine folde using --move=DIRECTORY where this option will move infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

https://code.google.com/p/clamav-cron/
https://hacking.im/automated-clam-antivirus-scanning-for-centos-servers
man - http://linux.die.net/man/1/clamscan
0
 

Author Comment

by:cesemj
ID: 39915844
thanks for the update
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sql query on a varchar that is numeric. 8 26
MySQL Grouping 2 22
how to rebuild XFS volume from LV 19 38
VMware Workstation 12 Player 16 36
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The viewer will learn how to count occurrences of each item in an array.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now