User Tools

Site Tools


operating_systems:linux:debian:cleanmachine

cleanMachine.sh

A small script to perform virus analysis with clamscan on NTFS formated hard disk (useful with nfsbooted distribution)

The necessary packages is:

aptitude install ntfsprogs

and finally the script:

#!/bin/bash
SRC=/dev/sda1
TARGET=/mnt
TYPE=ntfs
IP=`ifconfig eth0 | grep inet | awk '{ print $2 }' | sed 's/addr://' | grep .`
TODAY=`date +%F_%R`
CLAMTMPDIR=/var/lib/clamav/tmp
CLAMLOG="$CLAMTMPDIR/$IP""_$TODAY.log"
 
echo -n "Mounting $SRC on $TARGET... "
if ! mount -l | grep -c $SRC >/dev/null; then
        mount -t $TYPE $SRC $TARGET 2>&1 >/dev/null
        if [ $? == 0 ]; then
                echo "SUCCESS"
        else
                echo "FAILED"
                echo "ABORTING!"
                exit
        fi
else
        echo "ALREADY MOUNTED"
fi
 
#/etc/init.d/clamav-freshclam restart
touch $CLAMLOG
echo "Analysis started..." > $CLAMLOG
 
echo "The analysis will start soon..."
echo -n "If you want to follow the work in progress, use: "
echo "tail -n 30 -f $CLAMLOG"
echo
 
echo -n "Checking for viruses..."
VIRUS=0
clamscan -ri --quiet --tempdir=$CLAMTMPDIR --log=$CLAMLOG $TARGET >>$CLAMLOG 2>&1
if [ $? == 1 ]; then
        VIRUS=1
        echo ":-("
else
        echo ":-)"
fi
 
echo -n "Unmounting $SRC from $TARGET... "
umount $TARGET
if [ $? == 0 ]; then
        echo "SUCCESS"
else
        echo "FAILED"
        exit
fi
 
#prepare this to remove eventual viruses
#aptitude install ntfsprogs -- THE PRESENCE OF ntfsmount IS NOT YET CHECKED
if [ $VIRUS ]; then
        echo -n "Mounting $SRC on $TARGET with ntfsmount..."
        ntfsmount $SRC $TARGET
        if [ $? == 0 ]; then
                echo "SUCCESS"
                echo "Use clamscan --remove $SRC/.../theInfectedFile to remove viruses found (see $CLAMLOG)!"
        else
                echo "FAILED"
        fi
fi
 
exit
operating_systems/linux/debian/cleanmachine.txt · Last modified: 2011/08/15 05:37 by sbolay