Pazartesi, Mart 14, 2011

Simple OnAccess Scan Solution For Clamav in Redhat

Clamav is powerfull antivir solution for linux. But if you wantto add onaccess scan functionality of clamav you maus re-compile your kernel with DazukoFS. I think it is quite diffucult process for running systems.


There is another alternative for this with inotify tools. Here is the steps;

1. Instal ClamAv for linux.
2.Install intotify tools for linux
2.1. wget http://sourceforge.net/projects/inotify-tools/files/inotify-tools/3.13/inotify-tools-3.13.tar.gz/download
2.2 goto inotify source inotifywait.c line 310
2.3 add this lines before " fflush( NULL );" atom

static char * scanfiles;
nasprintf( &scanfiles, "%s%s",inotifytools_filename_from_wd( event->wd ), event->name );
char command[1000];
strcpy (command,"/usr/local/clamav/bin/clamscan -r --remove ");
strcat (command,scanfiles);
system(command);

2.4 goto instalation dir of inotify tools
2.5 run
./configure
make
make install
2.6 goto rc.local add this line

nohup /usr/local/bin/inotifywait -qq -r -m -e create,close_write /watch_folder_name/ > /dev/null &


also you can add these parameters before folder name , if you have joomla or another application

--exclude "refTableSQL/* --exclude "cache/*" (quotas must be include)

and that's it. When new file created or replaced , or whatever event ocuured, clamav scan these files.

I hope that this is helpfull for anyone.