Perform Directory Virus Scan Using ClamAV

Posted by Van Glass on Jul 25, 2018 12:38:23 PM

This custom trigger action performs a virus scan against a directory using ClamAV anti-virus software, specifically the clamscan command.  Arguments supplied to the clamscan command may be used to quarantine or delete files upon detection of infected files.

 

Downloads

Source code and build instructions

 

How to scan a directory and move infected file using ClamAV

 Let me now show you how to implement that.

 

1. Make sure you have already ClamAV installed in the server

Before creating a custom trigger action, you need to have ClamAV anti-virus software installed in the server where JSCAPE MFT Server is running.

 

2. Create a Trigger for ClamAV Scan and move Infected Files

Login into admin console of JSCAPE MFT Server > Triggers and Click Add to create a Trigger

Give the trigger a Name and then select the Current Time event type from the drop-down list. 

 

clamav_directory_scan_img1

 

Click Next to Step 2 where a condition can be set to execute the trigger.

Below screen shows a condition that the trigger should execute at 22 Hours 30 minute . Set the condition as Hour =22 AND Minute 30 ( Directory Scan will be performed every day at 22 hours 30 minutes )

Once the condition is set Click Next to proceed

 

clam_av_virus_update_img2

 

The step 3 asks to add an action, Add the action "Clam Av virus Scan" from drop down list. If the action not found read the build instructions (Source code and build instructions) .

Click OK to proceed

 

clamav_remove_file_infected_img2

The Parameters for the action "Clam Av virus Scan" are ;

  • Location 
  • Arguments
  • Output Log

 

As the name indicates, Location is the path where "clamscan" process is located. Arguments represent the parameters needed for "clamscan" command line to work. Multiple arguments can be passed using comma separator. For moving infected files use the parameter as ;

 

<directory-to-scan>,--move=<directory-to-move-infected-files>

 

Output log is the file where all scan information will be written.

 

Here, we have used directory to scan to be "/home/ec2-user/JSCAPE_MFT_Server/" and for directory to move infected files to be as "/home/ec2-user/claminfectd". The parameter finally will be;

 

" /home/ec2-user/JSCAPE_MFT_Server/,--move=/home/ec2-user/claminfectd"

 

Click OK to save the settings

 

clamav_directory_scan_img2  

 That's it. Now you know how to create a trigger to move infected files on Directory Scan Using ClamAV

 

Topics: JSCAPE MFT Server, Triggers, Actions