Created
February 8, 2020 04:30
-
-
Save ChadDevOps/dc5428e8d816344f68b03c99359731f9 to your computer and use it in GitHub Desktop.
clamonacc for Ubuntu 18.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/clamav/clamd.conf | |
| #Used with Virtualmin | |
| #Tweak as needed | |
| TCPSocket 3333 | |
| TCPAddr 127.0.0.1 | |
| User root | |
| ScanMail true | |
| ScanArchive true | |
| ArchiveBlockEncrypted false | |
| MaxDirectoryRecursion 15 | |
| FollowDirectorySymlinks false | |
| FollowFileSymlinks false | |
| ReadTimeout 180 | |
| MaxThreads 12 | |
| MaxConnectionQueueLength 15 | |
| LogSyslog false | |
| LogRotate true | |
| LogFacility LOG_LOCAL6 | |
| LogClean false | |
| LogVerbose false | |
| PreludeEnable no | |
| PreludeAnalyzerName ClamAV | |
| DatabaseDirectory /var/lib/clamav | |
| OfficialDatabaseOnly false | |
| SelfCheck 3600 | |
| Foreground false | |
| Debug false | |
| ScanPE true | |
| MaxEmbeddedPE 10M | |
| ScanOLE2 true | |
| ScanPDF true | |
| ScanHTML true | |
| MaxHTMLNormalize 10M | |
| MaxHTMLNoTags 2M | |
| MaxScriptNormalize 5M | |
| MaxZipTypeRcg 1M | |
| ScanSWF true | |
| ExitOnOOM false | |
| LeaveTemporaryFiles false | |
| AlgorithmicDetection true | |
| ScanELF true | |
| IdleTimeout 30 | |
| CrossFilesystems true | |
| PhishingSignatures true | |
| PhishingScanURLs true | |
| PhishingAlwaysBlockSSLMismatch false | |
| PhishingAlwaysBlockCloak false | |
| PartitionIntersection false | |
| DetectPUA false | |
| ScanPartialMessages false | |
| HeuristicScanPrecedence false | |
| StructuredDataDetection false | |
| CommandReadTimeout 30 | |
| SendBufTimeout 200 | |
| MaxQueue 100 | |
| ExtendedDetectionInfo true | |
| OLE2BlockMacros false | |
| AllowAllMatchScan true | |
| ForceToDisk false | |
| DisableCertCheck false | |
| DisableCache false | |
| MaxScanTime 120000 | |
| MaxScanSize 100M | |
| MaxFileSize 25M | |
| MaxRecursion 16 | |
| MaxFiles 10000 | |
| MaxPartitions 50 | |
| MaxIconsPE 100 | |
| PCREMatchLimit 10000 | |
| PCRERecMatchLimit 5000 | |
| PCREMaxFileSize 25M | |
| ScanXMLDOCS true | |
| ScanHWP3 true | |
| MaxRecHWP3 16 | |
| StreamMaxLength 25M | |
| LogFile /var/log/clamav/clamav.log | |
| LogTime true | |
| LogFileUnlock false | |
| LogFileMaxSize 0 | |
| Bytecode true | |
| BytecodeSecurity TrustSigned | |
| BytecodeTimeout 60000 | |
| OnAccessMaxFileSize 5M | |
| OnAccessMountPath /home | |
| OnAccessIncludePath /home | |
| OnAccessExcludeUname root | |
| OnAccessPrevention true | |
| OnAccessExtraScanning false | |
| VirusEvent /etc/clamav/detected.sh | |
| OnAccessExcludeRootUID yes | |
| OnAccessRetryAttempts 3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/clamonacc.service | |
| [Unit] | |
| Description=ClamAV On Access Scanner | |
| Requires=clamav-daemon.service | |
| After=clamav-daemon.service syslog.target network.target | |
| [Service] | |
| Type=simple | |
| User=root | |
| ExecStart=/usr/bin/clamonacc -F --log=/var/log/clamav/clamonacc --move=/root/quarantine | |
| Restart=on-failure | |
| RestartSec=120s | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #/etc/clamav/detected.sh | |
| #modify reply and to addresses | |
| PATH=/usr/bin | |
| alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME" | |
| logtail="$(tail -n 50 /var/log/clamav/clamav.log | tac)" | |
| # send email | |
| export HOME=/root | |
| /usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50 /var/log/clamav/clamav.log\n\n\n$logtail" | /usr/bin/mailx -s "VIRUS ALERT - $HOSTNAME" -r [email protected] "[email protected]" | |
| # Send the alert to systemd logger if exist, othewise to /var/log | |
| if [[ -z $(command -v systemd-cat) ]]; then | |
| echo "$(date) - $alert" >> /var/log/clamav/detections.log | |
| else | |
| echo "$alert" | /usr/bin/systemd-cat -t clamav -p emerg | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment