CodeSnippets: antivirus code

Never been to CodeSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

Older Snippets »

2 total

Compile ClamAV from source on Mac OS X

to shell osx mac bash unix compile antivirus clamav virus by jv on Mar 11, 2008

The following instructions for compiling & installing the ClamAV virus scanner on Mac OS X require an admin user account and Xcode. Works despite some compiler warnings. Use at your own risk!

1. disable an already installed ClamAV system

clamconf      # get your ClamAV configuration
clamconf -n
clamconf | grep DatabaseOwner


# the following applies to the already installed ClamAV system of user clamavadmin at /private/var/clamavadmin
# cf. Run ClamAV from a system service agent account, http://textsnippets.com/posts/show/1406
# cf. Automated virus scanning with ClamAV on Mac OS X 10.4, http://textsnippets.com/posts/show/1357


# view clamd.log in another Terminal window
open /bin/bash
sudo tail -n 50 -f /private/var/clamavadmin/log/clamd.log

# SHUTDOWN clamd 
# cf. man clamd
(sleep 3; echo PING; sleep 3; echo exit) | telnet -u /private/var/clamavadmin/tmp/clamd
(sleep 3; echo SHUTDOWN; sleep 3; echo exit) | telnet -u /private/var/clamavadmin/tmp/clamd

# alternative: sudo /opt/local/bin/port install socat
echo PING | /opt/local/bin/socat - /private/var/clamavadmin/tmp/clamd     
echo SHUTDOWN | /opt/local/bin/socat - /private/var/clamavadmin/tmp/clamd  

# alternative
function clamd_local_socket() {

   local_socket="$(/usr/local/bin/clamconf -n | awk -F '"' '/LocalSocket/ {print $2}')"

   if [[ -z "$local_socket" ]] || [[ ! -S "$local_socket" ]]; then    # cf. help test
      printf "No such local unix socket: $local_socket \n"
      return 1
   fi

   #printf -- "$@\x00$local_socket" | /usr/bin/sudo ruby -rsocket -n -e '
   printf -- "$@\x00$local_socket" | ruby -rsocket -n -e '
      args = $_.split(/\000/, 2)
      unix_socket = UNIXSocket::open(args.last)
      unix_socket.send(args.first, 0)
      print unix_socket.recvfrom(1000).first
      unix_socket.close
   '

return 0
}

clamd_local_socket PING
clamd_local_socket SHUTDOWN


function clamavadmin_perms() {

   if [[ -d "/private/var/clamavadmin" ]]; then
      printf '\nSetting permissions in the clamavadmin directory: /private/var/clamavadmin\n\n'
   else
      printf '\nNo clamavadmin directory at: /private/var/clamavadmin\n\n'
      return 1
   fi

   declare sudo=/usr/bin/sudo

   $sudo /bin/mkdir -p /private/var/clamavadmin/log
   $sudo /bin/mkdir -p /private/var/clamavadmin/tmp
   $sudo /bin/mkdir -p /private/var/clamavadmin/share/clamav   # ClamAV database directory
   $sudo /usr/bin/touch /private/var/clamavadmin/log/clamd.log 
   $sudo /usr/bin/touch /private/var/clamavadmin/log/freshclam.log

   $sudo /usr/sbin/chown -R clamavadmin:clamavadmin /private/var/clamavadmin
   $sudo /bin/chmod -R 0750 /private/var/clamavadmin 
   #$sudo /bin/chmod -R 0770 /private/var/clamavadmin   # for debugging only
   $sudo /bin/chmod 0777 /private/var/clamavadmin/tmp/clamd 2>/dev/null  # local unix socket file
   $sudo /usr/bin/find /private/var/clamavadmin -print0 | /usr/bin/xargs -0 $sudo /bin/ls -ldG
   return 0
}


# restart clamd after SHUTDOWN (socket file removed)
#if [[ -e "/private/var/clamavadmin/tmp/clamd" ]]; then sudo /bin/rm -f "/private/var/clamavadmin/tmp/clamd" ; fi
#sudo "$(/usr/bin/which clamd)" -c /private/var/clamavadmin/clamd.conf
#clamavadmin_perms


# get running clamav launchd services
launchctl list | grep -i clam
sudo launchctl list | grep -i clam

launchctl unload -w ~/Library/LaunchAgents/net.clamav.dirwatcher.plist 2>/dev/null
sudo launchctl unload -w /Library/LaunchDaemons/net.clamav.dirwatcherd.plist 2>/dev/null
sudo launchctl unload -w /Library/LaunchDaemons/net.clamav.clamd.plist 2>/dev/null
sudo launchctl unload -w /Library/LaunchDaemons/net.clamav.update.clamd.db.plist 2>/dev/null

# check for: <key>Disabled</key><true/>
open -e ~/Library/LaunchAgents/net.clamav.dirwatcher.plist
sudo nano /Library/LaunchDaemons/net.clamav.dirwatcherd.plist
sudo nano /Library/LaunchDaemons/net.clamav.clamd.plist
sudo nano /Library/LaunchDaemons/net.clamav.update.clamd.db.plist


sudo reboot

export PATH=/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/local/include:/usr/bin:/bin:/usr/sbin:/sbin

2. compile & install gawk on Mac OS X

# http://www.gnu.org/software/gawk/
cd ~/Desktop
curl -L -O http://ftp.gnu.org/pub/gnu/gawk/gawk-3.1.6.tar.gz
tar -xzf gawk-3.1.6.tar.gz
cd gawk-3.1.6
./configure --help
./configure --disable-nls --prefix=/usr/local
make
sudo make install
/usr/local/bin/gawk --version

3. compile & install the GNU Multiple Precision Arithmetic Library

# http://gmplib.org
# http://gmplib.org/macos.html

cd ~/Desktop
curl -L -O ftp://ftp.gnu.org/gnu/gmp/gmp-4.2.2.tar.gz   # cf. fwftp, http://textsnippets.com/posts/show/1284
tar -xzf gmp-4.2.2.tar.gz
cd gmp-4.2.2

./configure --help
./configure

make
make check
sudo make install

# test
sudo find /usr/local -iregex ".*gmp.*" -print0 | xargs -0 sudo ls -ldG
otool -Lv /usr/local/lib/libgmp.3.4.2.dylib

4. create ClamAV user & group

# to set up a ClamAV user & group run the first script from: http://textsnippets.com/posts/show/1405

#--------------------------------------------------

You are going to create a system service agent account!

Enter first name: clamavadmin

Note: The last name is optional and defaults to "agent" if you just press <return>!
Enter last name: 

Note: The user shell is optional and defaults to "/usr/bin/false" if you just press <return>!
Enter user shell: /bin/bash

Note: The home directory is optional and defaults to "/private/var/empty" if you just press <return>!
Enter home directory: /private/var/clamavadmin

System service agent account:  clamavadmin  successfully created!

#--------------------------------------------------


sudo mkdir -p /private/var/clamavadmin/log
sudo touch /private/var/clamavadmin/log/clamd.log 
sudo touch /private/var/clamavadmin/log/freshclam.log
sudo mkdir -p /private/var/clamavadmin/tmp

# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above


# add clamavadmin to group admin and group $(logname)
# add $(logname) to group clamavadmin
sudo dscl . -append /Groups/admin GroupMembership clamavadmin
sudo dscl . -append /Groups/$(logname) GroupMembership clamavadmin
sudo dscl . -append /Groups/clamavadmin GroupMembership $(logname)

#sudo dscl . -delete /Groups/admin GroupMembership clamavadmin 
#sudo dscl . -delete /Groups/$(logname) GroupMembership clamavadmin  
#sudo dscl . -delete /Groups/clamavadmin GroupMembership $(logname)   

# test
dscl . -list /Users  | grep -i clamav
dscl . -list /Groups  | grep -i clamav

dscl . -read  /Users/clamavadmin uid
dscl . -read  /Groups/clamavadmin gid

dscl . -search /Groups GroupMembership clamavadmin
printf -- "$(dscl . -search /Groups GroupMembership clamavadmin | awk '{print $1}' | tr '\n' ' ')\n"
id -Gn clamavadmin

5. compile & install ClamAV

# http://wiki.clamav.net/Main/InstallFromSource
# http://downloads.topicdesk.com/docs/Updating_clamav_on_OS_X_Server.pdf
# http://downloads.topicdesk.com/docs/clamav_extras.tar.gz

cd ~/Desktop
open http://freshmeat.net/projects/clamav/
curl -L -O http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.92.1.tar.gz
tar -xzf clamav-0.92.1.tar.gz
cd clamav-0.92.1

./configure --help

# Compile bug for clamav 0.92 with latest xcode 
# http://discussions.apple.com/thread.jspa?messageID=6190171
# http://www.mail-archive.com/clamav-users@lists.clamav.net/msg28420.html

CFLAGS="-O0" ./configure \
--prefix=/usr/local --mandir=/usr/local/share/man --sysconfdir=/private/var/clamavadmin \
--with-dbdir=/private/var/clamavadmin/share/clamav --with-datadir=/private/var/clamavadmin/share/clamav \
--with-user=clamavadmin --with-group=clamavadmin \
--enable-bigstack --enable-static --disable-shared

make

sudo make install


# test
man -w    # show directories searched for man pages
man -aW clamd 2>/dev/null
man -aW clamdscan 2>/dev/null
man -aW clamscan 2>/dev/null
man -aW freshclam 2>/dev/null
man -aW clamconf 2>/dev/null


# get an overview of your ClamAV file & folder permissions in /usr/local
sudo find /usr/local -iregex ".*clam.*" -print0 | xargs -0 sudo ls -ldG
#sudo find /usr/local \( -type f -or -type d \) -iregex ".*clam.*" -print0 | xargs -0 sudo ls -ldG

# set ClamAV file & folder permissions in /usr/local
# note: you may not need: -not -name "*.png"
sudo find /usr/local -not -name "*.png" -iregex ".*clam.*" -print0 | xargs -0 sudo chown clamavadmin:clamavadmin
sudo find /usr/local -not -name "*.png" -iregex ".*clam.*" -print0 | xargs -0 sudo chmod 0750

# reset permissions in /usr/local
# note: you may not need: -not -name "*.png"
#sudo find /usr/local  -not -name "*.png" -iregex ".*clam.*" -print0 | xargs -0 sudo chown root:wheel  
#sudo find /usr/local  -not -name "*.png" -iregex ".*clam.*" -print0 | xargs -0 sudo chmod 0755



# /private/var/clamavadmin/clamd.conf

sudo cp -p /private/var/clamavadmin/clamd.conf /private/var/clamavadmin/clamd.conf.orig

sudo sh -c '
cat << EOF > /private/var/clamavadmin/clamd.conf

LogFileMaxSize 10M
LogTime yes
FixStaleSocket yes
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 20
ExitOnOOM yes
ScanOLE2 yes  # Microsoft Office documents and .msi files
ScanPDF yes
ArchiveMaxFileSize 100M
ArchiveMaxCompressionRatio 0
#VirusEvent echo virus: %v >> /path/to/file.txt

DatabaseDirectory /private/var/clamavadmin/share/clamav    # hardcoded
LogFile /private/var/clamavadmin/log/clamd.log
TemporaryDirectory /private/var/clamavadmin/tmp
LocalSocket /private/var/clamavadmin/tmp/clamd

EOF
'

sudo nano /private/var/clamavadmin/clamd.conf


# /private/var/clamavadmin/freshclam.conf

sudo cp -p /private/var/clamavadmin/freshclam.conf /private/var/clamavadmin/freshclam.conf.orig 

sudo sh -c '
cat << EOF > /private/var/clamavadmin/freshclam.conf

UpdateLogFile /private/var/clamavadmin/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogVerbose yes
DatabaseOwner clamavadmin
Debug yes
NotifyClamd /private/var/clamavadmin/clamd.conf   # send the RELOAD command to clamd
DatabaseDirectory /private/var/clamavadmin/share/clamav    # hardcoded
DatabaseMirror database.clamav.net

#Checks 24   # number of database checks per day
#OnUpdateExecute command
#OnErrorExecute command
#OnOutdatedExecute command   # run command when freshclam reports outdated version
#ConnectTimeout 60
#ReceiveTimeout 60

EOF
'

sudo nano /private/var/clamavadmin/freshclam.conf


/usr/local/bin/clamconf
/usr/local/bin/clamconf -n


# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above


# view clamd.log in another Terminal window
open /bin/bash
sudo tail -n 50 -f /private/var/clamavadmin/log/clamd.log

# view freshclam.log in another Terminal window
open /bin/bash
sudo tail -n 50 -f /private/var/clamavadmin/log/freshclam.log


# test
sudo /usr/local/bin/freshclam -u clamavadmin   # update virus database
sudo /usr/local/bin/clamscan ~/Desktop/clamav-0.92.1/test/*
sudo /usr/local/bin/clamdscan ~/Desktop/clamav-0.92.1/test/*

# now start clamd
if [[ -e "/private/var/clamavadmin/tmp/clamd" ]]; then sudo /bin/rm -f "/private/var/clamavadmin/tmp/clamd" ; fi
sudo /usr/local/sbin/clamd -c /private/var/clamavadmin/clamd.conf

# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above


#--------------------------------------------------


# set up ClamAV launchd items

sudo nano /Library/LaunchDaemons/net.clamav.clamd.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabled</key>
        <true/>
        <key>GroupName</key>
        <string>clamavadmin</string>
        <key>Label</key>
        <string>net.clamav.clamd</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/clamd</string>
                <string>-c</string>
                <string>/private/var/clamavadmin/clamd.conf</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>UserName</key>
        <string>clamavadmin</string>
</dict>
</plist>

if [[ -e "/private/var/clamavadmin/tmp/clamd" ]]; then sudo /bin/rm -f "/private/var/clamavadmin/tmp/clamd" ; fi
sudo launchctl load -w /Library/LaunchDaemons/net.clamav.clamd.plist 2>/dev/null
#sudo launchctl unload -w /Library/LaunchDaemons/net.clamav.clamd.plist 2>/dev/null

# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above


#--------------------------------------------------


sudo nano /Library/LaunchDaemons/net.clamav.update.clamd.db.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabled</key>
        <true/>
        <key>GroupName</key>
        <string>clamavadmin</string>
        <key>Label</key>
        <string>net.clamav.update.clamd.db</string>
        <key>ProgramArguments</key>
        <array>
                <string>/private/var/clamavadmin/update_clamd_db.sh</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StartInterval</key>
        <integer>20000</integer>
        <key>UserName</key>
        <string>clamavadmin</string>
</dict>
</plist>

sudo launchctl load -w /Library/LaunchDaemons/net.clamav.update.clamd.db.plist 2>/dev/null
#sudo launchctl unload -w /Library/LaunchDaemons/net.clamav.update.clamd.db.plist 2>/dev/null

# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above


#--------------------------------------------------


sudo nano /private/var/clamavadmin/update_clamd_db.sh

#!/bin/bash

/bin/sleep 120

# write stdout & stderr to console.log
# alternative: man logger
exec >/dev/console 2>&1   

/usr/bin/curl -I -L -s --max-time 15 database.clamav.net 1>/dev/null

if [[ $? -eq 0 ]]; then 

   /bin/sleep 3

   /usr/local/bin/freshclam -u clamavadmin

   /bin/sleep 3

   # cf. /private/var/clamavadmin/freshclam.conf above:
   # NotifyClamd /private/var/clamavadmin/clamd.conf   # send the RELOAD command to clamd

   #echo RELOAD | /opt/local/bin/socat - /private/var/clamavadmin/tmp/clamd
   #/bin/sleep 3
   #echo PING | /opt/local/bin/socat - /private/var/clamavadmin/tmp/clamd
   #/bin/sleep 3

   echo -e "\n$(/bin/date "+%Y-%m-%d %H:%M:%S %Z"): clamd virus database successfully updated\n"
   exit 0

else

   echo -e "\n$(/bin/date "+%Y-%m-%d %H:%M:%S %Z"): updating the clamd virus database failed; no internet connection to database.clamav.net established\n"
   exit 0   # leave launchd item /Library/LaunchDaemons/net.clamav.update.clamd.db.plist undisturbed

fi


#--------------------------------------------------


# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above


#--------------------------------------------------


# cf. http://textsnippets.com/posts/show/1357

sudo nano ~/Documents/ClamAV/watchdirs.sh     

# ...

find=/usr/bin/find
clamdscan=/usr/local/bin/clamdscan
clamscan=/usr/local/bin/clamscan

#clamdscan=/opt/local/bin/clamdscan
#clamscan=/opt/local/bin/clamscan

# ...


#--------------------------------------------------


# cf. http://textsnippets.com/posts/show/1400
open ~/Library/Workflows/Applications/Finder/virusscan.workflow

/usr/local/bin/clamdscan --quiet "$f" 2>/dev/null
#/opt/local/bin/clamdscan --quiet "$f" 2>/dev/null


#--------------------------------------------------

launchctl load -w ~/Library/LaunchAgents/net.clamav.dirwatcher.plist 2>/dev/null
#sudo launchctl load -w /Library/LaunchDaemons/net.clamav.dirwatcherd.plist 2>/dev/null
sudo launchctl load -w /Library/LaunchDaemons/net.clamav.clamd.plist 2>/dev/null
sudo launchctl load -w /Library/LaunchDaemons/net.clamav.update.clamd.db.plist 2>/dev/null


sudo reboot


open -a Console

open /bin/bash
sudo tail -n 50 -f /private/var/clamavadmin/log/clamd.log

open /bin/bash
sudo tail -n 50 -f /private/var/clamavadmin/log/freshclam.log

# make sure permissions are set correctly in /private/var/clamavadmin
clamavadmin_perms   # see function above

sudo find /private/var/clamavadmin -print0 | xargs -0 sudo ls -ldG
sudo find /usr/local -iregex ".*clam.*" -print0 | xargs -0 sudo ls -ldG

Automated virus scanning with ClamAV on Mac OS X 10.4

to shell osx mac launchd bash unix scan antivirus clamav launchagent virus automated by jv on Jan 17, 2008

Author: jv
License: The MIT License, Copyright (c) 2008 jv
Description: basic setup to scan files added to specified directories automatically for viruses using ClamAV; for instructions on how to run ClamAV from a system service agent account (non-root) see here; use at your own risk
Platform: Mac OS X 10.4.11 Client
Requirements: sudo port install clamav (after installing MacPorts); to fix the command search path, insert the following statement at the end of your ~/.bash_login file: export PATH="/opt/local/bin:/opt/local/sbin:$PATH" and then: source ~/.bash_login


# download ClamAV
sudo port install clamav      # requires open firewall port 873
#sudo port uninstall clamav

man clamd
man clamd.conf
man clamdscan
man clamscan
man freshclam


# configure /opt/local/etc/freshclam.conf

sudo cp -p /opt/local/etc/example-freshclam.conf /opt/local/etc/freshclam.conf
sudo sed -i "" -e 's/^Example/#Example/' /opt/local/etc/freshclam.conf              # comment out 'Example' line
#sudo sed -i "" -e 's/^#Example/Example/' /opt/local/etc/freshclam.conf              # uncomment 'Example' line
sudo nano /opt/local/etc/freshclam.conf


# make sure you are a member of the wheel and admin group
id -G -n $(whoami) | grep -Eo 'wheel|admin'
dseditgroup -o checkmember -m $(whoami) wheel; echo $?
dseditgroup $(whoami)
dseditgroup wheel
dseditgroup admin

sudo dscl . -append /Groups/wheel GroupMembership $(whoami)      # add user to group if necessary
#sudo dseditgroup -o edit -a $(whoami) -t user wheel             # add user to group
#sudo dscl . -delete /Groups/wheel GroupMembership $(whoami)     # delete user from group
#sudo dseditgroup -o edit -d $(whoami) -t user wheel             # delete user from group


sudo chown -R root:wheel /opt/local/share/clamav  
sudo chmod -R 0770 /opt/local/share/clamav

freshclam       # update virus database

# test some clamav commands
clamscan /path/to/file
sudo clamscan -r /tmp
sudo clamscan -r /private/var/tmp
clamscan -r ~/Library/Caches
clamscan -r ~/Library/Caches/java
sudo clamscan -r ~/Library/Mail
clamscan -r ~/Library


# configure /opt/local/etc/clamd.conf
# open /opt/local/etc
# sudo nano /opt/local/etc/clamd.conf
# cf. http://www.silvester.org.uk/OSX/configuring_clamd.html

sudo cp -p /opt/local/etc/clamd.conf /opt/local/etc/clamd.conf.orig

sudo sh -c '
cat << EOF > /opt/local/etc/clamd.conf
LogFile /private/var/log/clamd.log
LogFileMaxSize 10M
LogTime yes
TemporaryDirectory /private/var/tmp
DatabaseDirectory /opt/local/share/clamav
LocalSocket /tmp/clamd
FixStaleSocket yes
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 20
ExitOnOOM yes
ScanOLE2 yes  # Microsoft Office documents and .msi files
ScanPDF yes
ArchiveMaxFileSize 100M
ArchiveMaxCompressionRatio 0
#VirusEvent echo virus: %v >> /path/to/file.txt
EOF
'

sudo chown root:wheel /opt/local/etc/clamd.conf
sudo chmod 750 /opt/local/etc/clamd.conf

Create the launchd item /Library/LaunchDaemons/net.clamav.clamd.plist


sudo nano /Library/LaunchDaemons/net.clamav.clamd.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
   <dict>
	<key>Disabled</key>
	<true/>
        <key>Label</key>
        <string>net.clamav.clamd</string>
        <key>ProgramArguments</key>
        <array>
                <string>/opt/local/sbin/clamd</string>
		<string>-c</string>
		<string>/opt/local/etc/clamd.conf</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>UserName</key>
        <string>root</string>
   </dict>
</plist>


sudo chown root:wheel /Library/LaunchDaemons/net.clamav.clamd.plist
sudo chmod 0644 /Library/LaunchDaemons/net.clamav.clamd.plist

sudo launchctl load -w /Library/LaunchDaemons/net.clamav.clamd.plist
#sudo launchctl unload -w /Library/LaunchDaemons/net.clamav.clamd.plist

Create watchdirs.sh


# create ClamAV directories
mkdir -p "$HOME/Documents/ClamAV/Quarantine"
mkdir -p "$HOME/Documents/ClamAV/Downloads"           # Safari -> Preferences ... -> Save downloaded files to: <directory>
mkdir -p "$HOME/Documents/ClamAV/EmailAttachments"
sudo chown -R $(whoami):wheel "$HOME/Documents/ClamAV"
sudo chmod -R 770 "$HOME/Documents/ClamAV"

# create a timestamp file
touch ~/.clamav_ timestamp
sudo chown $(whoami):wheel "$HOME/.clamav_timestamp"
sudo chmod 400 "$HOME/.clamav_timestamp"
stat -x $HOME/.clamav_timestamp


#---------------------------------


# Create a BASH script that will - controlled by ~/Library/LaunchAgents/net.clamav.dirwatcher.plist below - run 
# a clamdscan or clamscan command on files that have been changed or modified in the specified directories

# nano $HOME/Documents/ClamAV/watchdirs.sh

#!/bin/bash

# write stdout & stderr to console.log in /Library/Logs/Console/
# alternative: man logger
exec >/dev/console 2>&1   

echo -e "\n$(/bin/date "+%Y-%m-%d %H:%M:%S %Z"): ... WATCHDIRS.SH for ClamAV ... STARTED ...\n"


# All files added to the watched directories during the specified sleep period (in seconds) will be scanned for viruses.
# Files added to the directories while a virus scan is being done may not be included in the current virus scan, but
# they will get scanned next time a virus scan is scheduled to run which can, for example, be determined by the launch agent 
# variable StartInterval. Increase the value of the specified sleep period (in seconds) if you expect large files or 
# directories to be copied or downloaded to the watched directories.

/bin/sleep 60


SCANDIR1="$HOME/Documents/ClamAV/Downloads" 
SCANDIR2="$HOME/Documents/ClamAV/EmailAttachments"
QUARANTINEDIR="$HOME/Documents/ClamAV/Quarantine"
TOUCHFILE="$HOME/.clamav_timestamp"

find=/usr/bin/find
clamdscan=/opt/local/bin/clamdscan
clamscan=/opt/local/bin/clamscan

if [[ ! -e "$TOUCHFILE" ]]; then 
   /usr/bin/touch -afm "$TOUCHFILE"
   /usr/sbin/chown $(whoami):$(whoami) "$TOUCHFILE"
   /bin/chmod 400 "$TOUCHFILE"
   $clamdscan --copy="$QUARANTINEDIR" "$SCANDIR1" || $clamscan -i --copy="$QUARANTINEDIR" -r "$SCANDIR1"
   $clamdscan --copy="$QUARANTINEDIR" "$SCANDIR2" || $clamscan -i --copy="$QUARANTINEDIR" -r "$SCANDIR2"
   exit 0
fi


timestamp=$(/bin/date "+%Y%m%d%H%M.%S")    # store timestamp before starting the virus scan


if /bin/ps -ax | /usr/bin/grep clamd | /usr/bin/grep -v grep > /dev/null; then        

   # run clamdscan
   # scan all files that have been changed or modified after the $TOUCHFILE timestamp of the last virus scan
   # optional: $find -x "$SCANDIR1" "$SCANDIR2" -type f ... (but mind the 'sysctl kern.argmax' limit for xargs!)
   # optional: to exclude .DS_Store files add: \! -name ".DS_Store"

   # alternative: first find changed or modified directories
   # find -x "$SCANDIR1" "$SCANDIR2" -type d \( -newercm "$TOUCHFILE" -or -newermm "$TOUCHFILE" \) -print0 | while read -d $'\0' scandir; do echo "find -x $scandir -maxdepth 1 -type f ..."; done

   $find -x "$SCANDIR1" -type f \( -newercm "$TOUCHFILE" -or -newermm "$TOUCHFILE" \) -print0 | xargs -0 $clamdscan --copy="$QUARANTINEDIR"
   $find -x "$SCANDIR2" -type f \( -newercm "$TOUCHFILE" -or -newermm "$TOUCHFILE" \) -print0 | xargs -0 $clamdscan --copy="$QUARANTINEDIR"

else 

   # run clamscan
   $find -x "$SCANDIR1" -type f \( -newercm "$TOUCHFILE" -or -newermm "$TOUCHFILE" \) -print0 | xargs -0 $clamscan -i --copy="$QUARANTINEDIR"
   $find -x "$SCANDIR2" -type f \( -newercm "$TOUCHFILE" -or -newermm "$TOUCHFILE" \) -print0 | xargs -0 $clamscan -i --copy="$QUARANTINEDIR"

fi


# update the $TOUCHFILE timestamp with the pre-scan $timestamp
/usr/bin/touch -f -t $timestamp "$TOUCHFILE"    

echo -e "\n$(/bin/date "+%Y-%m-%d %H:%M:%S %Z"): ... WATCHDIRS.SH for ClamAV ... DONE ...\n"

exit 0


#---------------------------------


sudo chown root:wheel ~/Documents/ClamAV/watchdirs.sh 
sudo chmod 0770 ~/Documents/ClamAV/watchdirs.sh

Create the ~/Library/LaunchAgents/net.clamav.dirwatcher.plist launch agent


# nano ~/Library/LaunchAgents/net.clamav.dirwatcher.plist
# open -e ~/Library/LaunchAgents/net.clamav.dirwatcher.plist


# Note: Don't use $HOME or any other variables in the file paths you have to specify in the .plist files below! 
#       Use the full file paths without any variables!


# WatchPaths virus scanner launch agent (combined with StartInterval)
# scan the directories specified the same in watchdirs.sh and this .plist file when they are modified or after a specified time interval respectively

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disabled</key>
	<true/>
	<key>Label</key>
	<string>net.clamav.dirwatcher</string>
	<key>LowPriorityIO</key>
	<true/>
	<key>OnDemand</key>
	<true/>
	<key>ProgramArguments</key>
	<array>
		<string>/full/path/to/Documents/ClamAV/watchdirs.sh</string>
	</array>
        <key>StartInterval</key>
        <integer>1800</integer>
	<key>WatchPaths</key>
	<array>
		<string>/full/path/to/Documents/ClamAV/Downloads</string>
		<string>/full/path/to/Documents/ClamAV/EmailAttachments</string>
	</array>
        <!-- optional: <key>Debug</key><true/> -->
	<!-- optional: <key>Nice</key><integer>1</integer> -->
</dict>
<

CodeSnippets

Related Tags

Never been to CodeSnippets before?

On This Page:

Compile ClamAV from source on Mac OS X

Automated virus scanning with ClamAV on Mac OS X 10.4

Joyent

CodeSnippets

Related Tags

Never been to CodeSnippets before?

On This Page:

Compile ClamAV from source on Mac OS X

Automated virus scanning with ClamAV on Mac OS X 10.4