Hello
I got the following init clamonacc script from
https://www.chaddevops.com/2020/02/ubuntu-1804-installing-clamav-with.html
# /etc/systemd/system/clamonacc.service
[Unit]
Description=ClamAV On Access Scanner
Requires=clamav-daemon.service
After=clamav-daemon.service syslog.target network.target
[Service]
Type=simple
User=root
ExecStart=/usr/sbin/clamonacc -F --log=/var/log/clamav/clamonacc
--move=/root/quarantine
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target
added this to /etc/clamav/clamd.conf .
OnAccessMaxFileSize 5M
OnAccessMountPath /home
OnAccessIncludePath /home
OnAccessExcludeUname root
OnAccessPrevention true
OnAccessExtraScanning false
VirusEvent /etc/clamav/detected.sh
OnAccessExcludeRootUID yes
OnAccessRetryAttempts 3
and did these
mkdir /root/quarantine
added /etc/clamav/detected.sh :
#!/bin/bash
#/etc/clamav/detected.sh
#modify reply and to addresses
PATH=/usr/bin
alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in
$CLAM_VIRUSEVENT_FILENAME"
logtail="$(tail -n 50 /var/log/clamav/clamav.log | tac)"
# send email
export HOME=/root
/usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50
/var/log/clamav/clamav.log\n\n\n$logtail" | /usr/bin/mailx -s "VIRUS
ALERT - $HOSTNAME" -r
re...@yourdomain.com "ale...@yourdomnain.com"
# Send the alert to systemd logger if exist, othewise to /var/log
if [[ -z $(command -v systemd-cat) ]]; then
echo "$(date) - $alert" >> /var/log/clamav/detections.log
else
echo "$alert" | /usr/bin/systemd-cat -t clamav -p emerg
fi
Note , we still have apparmor issues so I disabled clamonacc for now.
