php malware detect sh cron job send email

phpmalwaredetect.sh

#!/bin/bash
# This runs the php malware finder scripts and sends an email of the log out
# First Install this project & dependencies (yara): https://github.com/nbs-system/php-malware-finder
# Modify the script as needed and set up the crontab if you wish to automate it.
#
# Example Crontab: 0 1 * * * /root/php-malware-finder/run-php-malware-finder
LOGFILE="/var/log/malwaredetect/phpmalwarefinder-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached.";
EMAIL_FROM="cron@someserver";
EMAIL_TO="your@email";
DIRTOSCAN="/var/www/vhosts";

# Set this to 1 to only scan the files modified in the last 24 hours.
ONLY_MODIFIED_IN_LAST_24_HOURS=1;

# Remove previous log file for the day.
BEFORECHECK=0;
SEND_EMAIL=0;

for S in ${DIRTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 #echo "Starting a daily scan of "$S" directory.
 #Amount of data to be scanned is "$DIRSIZE".\n\n" >> "$LOGFILE";
 # TODO: Is there a smart way to tell if it has generated output?
 # Piping to a file and checking disk size does not appear to be flushed immediatly.

 # Run only on files that have changed in last n days?
 if [ "$ONLY_MODIFIED_IN_LAST_24_HOURS" -eq '1' ];then
 	for F in ${find "$S" -mtime 0 -name '*.php'}; do
      /root/php-malware-finder/php-malware-finder/phpmalwarefinder "$F" >> "$LOGFILE";
    done
 else
 	/root/php-malware-finder/php-malware-finder/phpmalwarefinder "$S" >> "$LOGFILE";
 fi


done

 sleep 1;

if [ -e "$LOGFILE" ]; then
   AFTERCHECK=$(du -k "$LOGFILE" | cut -f1);

   # If the log file size has increased since the last check then send mail.
   if [ "$AFTERCHECK" -gt "$BEFORECHECK" ];then
    SEND_EMAIL=1;
   fi

  if [ "$SEND_EMAIL" -eq "1" ];then
   # using heirloom-mailx below
#   echo "Sending malware log email.";
   echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";
  fi


  # Remove the log file when we are done.
  rm "$LOGFILE";
fi

exit 0