#!/bin/bash
export LOG="/var/log/clamav/scan.log"
export TARGET="/"
# Declare and assign separately to avoid masking return values
SUMMARY_FILE=$(mktemp)
export SUMMARY_FILE
FIFO_DIR=$(mktemp -d)
export FIFO_DIR
export FIFO="$FIFO_DIR/log"
export SCAN_STATUS
export INFECTED_SUMMARY
export XUSERS
mkfifo "$FIFO"
tail -f "$FIFO" | tee -a "$LOG" "$SUMMARY_FILE" &
echo "------------ SCAN START ------------" > "$FIFO"
echo "Running scan on $(date)" > "$FIFO"
echo "Scanning $TARGET" > "$FIFO"
clamdscan --infected --multiscan --fdpass --stdout "$TARGET" | grep -vE 'WARNING|ERROR|^$' > "$FIFO"
echo > "$FIFO"
SCAN_STATUS="${PIPESTATUS[0]}"
INFECTED_SUMMARY=$(grep "Infected files" "$SUMMARY_FILE")
rm "$SUMMARY_FILE"
rm "$FIFO"
rmdir "$FIFO_DIR"
if [[ "$SCAN_STATUS" -ne "0" ]] ; then
# Send the alert to systemd logger if exist
if [[ -n $(command -v systemd-cat) ]] ; then
echo "Virus signature found - $INFECTED_SUMMARY" | /usr/bin/systemd-cat -t clamav -p emerg
fi
# Send an alert to all graphical users.
mapfile -t XUSERS < <(who | awk '{print $1$NF}' | sort -u)
for XUSER in "${XUSERS[@]}"; do
IFS='(' read -ra NAME <<< "$XUSER"
DISPLAY=${NAME[1]/)/}
DBUS_ADDRESS=unix:path=/run/user/$(id -u "${NAME[0]}")/bus
echo "run ${NAME[0]} - $DISPLAY - $DBUS_ADDRESS -" >> /tmp/testlog
/usr/bin/sudo -u "${NAME[0]}" DISPLAY="$DISPLAY" \
DBUS_SESSION_BUS_ADDRESS="$DBUS_ADDRESS" \
PATH="$PATH" \
/usr/bin/notify-send -i security-low "Virus signature(s) found" "$INFECTED_SUMMARY"
done
fi