clamav cpanel plugin notify if infection found

[jeffschips]

Hello.

Wondering if it's possible to have cpanel clamav plugin install notify something anything whatever when it finishes the scan? Currently is just finishes without any notices whatsoever which is not very useful. I've installed eircar.com in various locations in my home directory to test it and 1) it doesn't seem to recognize it as found nor 2) do any notifications.

I know the scan is running because ps | grep clam shows the process then it is gone a while later.

Thanks.

 

[cPanelAnthony]

Hello! While there's no innate way within cPanel to have a notification send every time a scan finishes regardless of results, it should be easy to configure a cronjob that does this. First, the following article should help with the base of the cronjob.

https://support.cpanel.net/hc/en-us/articles/1500006380841-How-to-Schedule-ClamAV-Scans-

Then, I found a UnixExchange discussion that very usefully discusses how to have notifications sent upon a process completing.

Is there a program that can send me a notification e-mail when a process finishes?

I am a computational scientist, and I run a lot of lengthy calculations on Linux. Specifically, I run molecular dynamics (MD) simulations using the GROMACS package. These simulations can take day...

unix.stackexchange.com

Let me know if you have any questions.

 

[jeffschips]

thank you @cPanelAnthony

A script I found that works but only when I manually run from the command line is this one:

ClamAV script for automatic scanning and email notifications

I will give an example of a script for scanning and email notifications when infected files are detected.

ixnfo.com

I believe that was NOT written for Centos. Nevertheless is works fine from command line changing the directory to scan to /home/domain/public_html in the script and changing the location of the log file. Mail is dispatched and eicar files are reported.

However, issues arise when trying to automate the process with a cron job.

runing crontab -e
and entering the following line does not kick off the script:

minute hour * * * /root/scripts/clamscan.sh > /dev/null 2>&1

I have a feeling there is a setting unique to Centos that I'm missing here.

 

[jeffschips]

Almost there:

Made a tweak to the clamscan.sh file changing:

clamscan -ri "$S" >> "$LOGFILE";

to

/usr/local/cpanel/3rdparty/bin/clamscan -ri "$S" >> "$LOGFILE";

and now the process does not fail and proceeds. However, this introduces another problem.

root 10104 1.4 31.7 1589716 1232960 ? Ssl Nov01 37:17 /usr/local/cpanel/3rdparty/bin/clamd -F
root 23330 0.0 0.0 113280 780 ? Ss 19:04 0:00 /bin/sh -c /root/clamscan.sh > /dev/null 2>&1
root 23331 0.0 0.0 113284 936 ? S 19:04 0:00 /bin/bash /root/clamscan.sh
root 23340 98.7 30.7 1303868 1191424 ? R 19:04 0:33 /usr/local/cpanel/3rdparty/bin/clamscan -ri /home/domain/public_html/

There appears to be two instances of clamscan.sh running

 

[cPanelAnthony]

Hello! I did some testing on my end using the exact same command and am only seeing one instance of ClamAV running. Could there be another cronjob running the clamscan? You can check with,

crontab -l

 

[jeffschips]

I will check and report back.

The only thing runing with the phrase "clam" is:

/usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

 

[cPanelAnthony]

Thank you for the heads up! I will await your response.