Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/axelhahn/clamd-syslog-watcher

Bash script to watch clamd messages in syslog and send desktop notifications on new found infections
https://github.com/axelhahn/clamd-syslog-watcher

bash bash-script clamav gnu-gplv3 opensource

Last synced: about 1 month ago
JSON representation

Bash script to watch clamd messages in syslog and send desktop notifications on new found infections

Awesome Lists containing this project

README 

          
# Clamd syslog watcher #



## Description



A bash script to watch the syslog for clamav messages.

It shows FOUND infections on terminal. If the found file is new then it sends a notification to the desktop (using ``notify-send``).



👤 Author: Axel Hahn\

📄 Source: \

📜 License: GNU GPL 3.0\

📗 Docs: TODO [www.axel-hahn.de/docs](https://www.axel-hahn.de/docs/)



## Help



```txt

./clamav-syslog-watcher.sh -h



  ---===<<<###|  CLAMD SYSLOG WATCHER  *  v0.2  |###>>>===--- 



HELP:

It is a cyclic watcher into journalctl and scans for clamd messages.

On detection it shows the log lines on terminal and sends a list of

infected files to the desktop using 'notify-send'.



The script writes a log with monthly log files with 1st occurrence

per infected file. See subdir ./logs/infections__*.txt



PARAMETERS:

    -h|--help     show this help

    -n|--nocolor  do not show colored output; NO_COLOR=1 is respected too.

    -q|--quiet    Do not show unneeded output

    -s|--sleep N  sleeptime in sec between checks; default: 30



EXITCODES:

    1 - Failed to source file 'color.class.sh'

    2 - unknown parameter was given

    3 - clamonacc not found (clamav was not installed yet)

    4 - unable to create log directory



EXAMPLES:

    clamav-syslog-watcher.sh -s 60   start scan and set scan interval to 60 sec

    clamav-syslog-watcher.sh -n -q   Show only found infections and no coloring

```



## Screenshots



After starting the syslog watcher interactively:



![Screenshot](docs/images/screenshot_interactive_start.png)



When I simulate a virus detection (using the eicar test file) it will be shown in the terminal. The First detection is marked with prefix "NEW". If the same file will be detected again, you get a prefix "OLD" and gray text.



![Screenshot](docs/images/screenshot_virus_detected.png)



Any 1st detection of a new (probably) infected file will be shown as notification:



![Screenshot](docs/images/screenshot_notification.png)



## Log



In the subdir "logs" a file named ``infections_[YEAR]-[MONTH].txt`` will be created.



```txt

$ cat logs/infections__23-09.txt 

Sep 06 18:32:45 linux-pc clamd[570]: Wed Sep  6 18:32:45 2023 -> /home/axel/Downloads/eicar.com.txt: Win.Test.EICAR_HDB-1 FOUND

```