Here’s a very simple Bash script that scans for viruses in files inside all folders in /var/www. I use it primarily to scan uploaded files on websites hosted there.
If a folder hosts a standard Drupal or a WordPress CMS, then the script uses the clamdscan utility (the ClamAV scanner client) to scan only the public/uploaded files (sites/default/files or wp-content respectively). Otherwise, it scans the whole folder.
It is assumed that clamdscan is installed and that the CMS codebase is inside a web/ or a docroot/ subfolder. Here it is:
#!/bin/bash
#
# create array of www dirs
#
myarray=();
for d in /var/www/*/;
do
myarray+=( $d );
done;
#
# traverse www dirs
#
for d in ${myarray[@]};
do
echo ""
echo "Checking $d size...";
du -sh $d;
drupal_files=${d}/web/sites/default/files;
drupal_files_alt=${d}/docroot/sites/default/files;
wp_files=${d}/web/wp-content;
if [[ -d ${drupal_files} ]];
then
echo "Drupal here. Scanning ${drupal_files} ... "
du -sh ${drupal_files};
/usr/bin/clamdscan -m --fdpass ${drupal_files}
elif [[ -d ${drupal_files_alt} ]];
then
echo "Drupal here. Scanning ${drupal_files} ... "
du -sh ${drupal_files_alt};
/usr/bin/clamdscan -m --fdpass ${drupal_files_alt}
elif [[ -d ${wp_files} ]];
then
echo "Wordpress here. Scanning ${wp_files} ..."
du -sh ${wp_files};
/usr/bin/clamdscan -m --fdpass ${wp_files}
elif [[ ! -d ${drupal_files} ]] && [[ ! -d ${wp_files} ]];
then
echo "Not Drupal or WordPress here. Scanning whole ${d} ..."
/usr/bin/clamdscan -m --fdpass ${d}
fi;
done;
Note that I use the --fdpass parameter to pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. For instance, you might want to use a version of the script above in your crontab to periodically scan files in websites hosted in your /var/www for common viruses:
00 00 * * * /path_to/clamdscan-www.sh &> /path_to/scan.log
xABBAAA
… I like C++ Qt, and Linux Ubuntu…