dimitris kalamaras

math, social network analysis, web dev, free software…

Bash scripting

A simple Bash script to clamdscan your /var/www files

Here’s a very simple Bash script that scans for viruses in files inside all folders in /var/www. I use it primarily to scan uploaded files on websites hosted there.

If a folder hosts a standard Drupal or a WordPress CMS, then the script uses the clamdscan utility (the ClamAV scanner client) to scan only the public/uploaded files (sites/default/files or wp-content respectively). Otherwise, it scans the whole folder.

It is assumed that clamdscan is installed and that the CMS codebase is inside a web/ or a docroot/ subfolder. Here it is:

#!/bin/bash
  
#
# create array of www dirs
#
myarray=();
for d in /var/www/*/;
do
  myarray+=( $d );
done;


#
# traverse www dirs
#
for d in ${myarray[@]};
do
  echo ""
  echo "Checking $d size...";
  du -sh $d;
  drupal_files=${d}/web/sites/default/files;
  drupal_files_alt=${d}/docroot/sites/default/files;
  wp_files=${d}/web/wp-content;
  if [[ -d ${drupal_files} ]];
  then
    echo "Drupal here. Scanning ${drupal_files} ... "
    du -sh ${drupal_files};
    /usr/bin/clamdscan -m --fdpass ${drupal_files}
  elif [[ -d ${drupal_files_alt} ]];
  then
    echo "Drupal here. Scanning ${drupal_files} ... "
    du -sh ${drupal_files_alt};
    /usr/bin/clamdscan -m --fdpass ${drupal_files_alt}
  elif [[ -d ${wp_files} ]];
  then
    echo "Wordpress here. Scanning ${wp_files} ..."
    du -sh ${wp_files};
    /usr/bin/clamdscan -m --fdpass ${wp_files}
  elif [[ ! -d  ${drupal_files} ]] && [[ !  -d ${wp_files} ]];
  then
    echo "Not Drupal or WordPress here. Scanning whole ${d} ..."
    /usr/bin/clamdscan -m --fdpass ${d}
  fi;
done;

Note that I use the --fdpass parameter to pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. For instance, you might want to use a version of the script above in your crontab to periodically scan files in websites hosted in your /var/www for common viruses:

00 00 * * *   /path_to/clamdscan-www.sh &> /path_to/scan.log

Previous

Metallica: Blackened 2020, the social-distanced version

Next

Summer’s Rain

1 Comment

  1. xABBAAA

    … I like C++ Qt, and Linux Ubuntu…

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress & Theme by Anders Norén