SCANVIRUS application layer for clamscan - alpha 8 - suggestion box

English Applications
1

Hello. I would have normally uploaded changes just before January. I usually add new features that might be handy. However, I’ve run out of ideas for features to add. It’s easy to use, saves all the data I need, simple commands, and quick to use any features.

The only problem I’ve had is forgetting to back the virus vault. Future: USB backup command for virus vault. For those who want to keep the info for authorities, such as USA - FBI. Internet Crime Complaint center.

Also, be warned clamscan engine may flag false positives. So, be careful with the move command. I may have corrupted my win10 system, more than once.

2

I’ll reply to this about once a week or to remind users, the suggestion box is open for a few weeks

Since, i’v had problems with win10 using the ‘move to virus vault’. Sometimes clamscan reads false positives. So, i’v figured out a useful function that’s not to hard to add.

Expanded function: copy files to virus vault
scanvirus -m c

Normal common usage:
scanvirus -m mup

scan mswin partitions (ntfs,vfat)
update clamscan
high priority scan then power-down
move infected files to virus vault

scanvirus -m cup
changed: copy files to virus vault

scanvirus -backup [file path]

Backup virus vault. Function will check for a valid destination.

I’ll need to run some tests before I release a A7 version.

3

Suggestion:
If you’re reasonably sure your codebase should run without error,
Take it out of Alpha and make it a Beta!

Besides,
If part of your codebase has been developed for a long time and the core is relatively stable but you’re changing/adding/removing features, if you designed your app properly from the beginning the stable code should be naturally separate from the changes you’re working on, ie a “modular” or “plugin” architecture.

Being willing to take your core code to the next level and consider it stable is significant and will encourage more people to use it.

TSU

4

Yes, it’s stable as v1.0 and v2.0 I keep uncovering yet another missed error check or flaw in the design. The reason why I keep saying it’s an alpha version. :stuck_out_tongue:

I just noticed another missing error check on first install. It sets up folders and files, but doesn’t check for any errors. You can easely add new file types to windows scan.

It already it somewhat modular. I can split it up more. I have the structured programing training, but not much time to fix them.

Version 2.00 A7b If I call it beta, it now gets the official v1.00 beta1 Once I fix the folder error check, fix the control-z check so nothing happens, and folder buildup in ‘virus vault’. That should be the last of design flaws.

If someone presses control-c, you might have folder with a virus found. So, I can’t delete it, unless i’m sure the log has no virus entries. I think I have quick solution, block folder erase. Something that I have to do anyway. Maybe grep the log for virus found.

I’m been very busy lately with classes, not related to programing.

Thanks for the tip.

FYI, I just finished the copy anti-virus folder. Fairly easy, since it’s structured already. Ten minutes to complete.

5

The scan for mswin virus is working.

I did a test with clamscan on downloads with a sample virus. It found the virus.

I did a full linux system scan. It came up with no virus’s!

It seems something is not working, right.

6

It’s the clamscan engine command line causing the problem for the linux scan. The mswin scan seems to be unaffected.

I’m working on it and asking for help. I can’t offer a workaround or patch at this time. I have no idea how to fix it.

Even a standard scan from root directory, ‘clamscan -r -i’, doesn’t find this virus in the downloads in username directory. A separate home directory has no effect.

I’ll post more info as I find out more.

7

For those of you scanvirus users paying attention, I found the problem. ‘clamscan’ is not scanning the home folder. It’s nothing in my code. I should have done real virus testing from the start. I didn’t foresee this of kind bug, feature, or flaw in the design of clamscan.

So, I’ll have a simple text replace patch soon and that will fix the issue. Just find and replace all the text or just make those changes. Adding the mswin copy scan will require two text replaces.

I’m trying to fix the multiplying linux folders. This is a much harder fix. You will have to just update scanvirus the usually way (overwrite the old file) when the stable release comes out.

FYI, I can’t get clamscan to scan the home folder. So, I patched it so it will ‘scan system files’ then ‘scan home folder’. All the logs will show the changes.

I’m almost done. It’s not neat and clean code, but it gets the job done.

Stay tuned to this channel for the patches…

8

Critical patch

This will now scan system files and the home directory. Fixing this critical security flaw.

To patch scanvirus, make a backup copy in case you make a mistake in patching it. Also, there is a random glitch error. Usually, it disappears when you do the same command again.

Replace this if command sequence:

    #scan linux partitions
    elif  "$1" == '-l' ]] ||  "$1" == '-linux' ]]; then         
        linecount=$( pgrep -xc scanvirus )
        #if  "$linecount" -ge 2 ]];then  
        #    printf "scanvirus running
"
        #    exit
        #fi

        #partition_scan 'linux' false 'btrfs' 'xfs';
        #exit

        if  "$2" == *"u"* ]]; then
           freshclam
        fi

        Current_Vault_Folder="$Virus_Vault_Folder/linux "
        Current_Vault_Folder+="$Time_Date_Stamp"
        mkdir "${Current_Vault_Folder}"

        #clamscan priority
        CS_Priority=0
        if  "$2" == *"l"* ]]; then
           CS_Priority=19
           printf "Low-priority active
"
        fi
        if  "$2" == *"p"* ]]; then
           CS_Priority=-20
           printf "Shutdown high-priority active
"
        fi

        printf "
"
        
        printf ".....Scanning linux - Clamscan Engine.....

" | tee "${Current_Vault_Folder}/scanresults.log"

        printf "Scanning system files
" | tee -a "${Current_Vault_Folder}/scanresults.log"
        
        nice -"$CS_Priority" clamscan -r --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no / | Scan_Results_Filter
 
        printf "
Scanning home folder
" | tee -a "${Current_Vault_Folder}/scanresults.log"

        nice -"$CS_Priority" clamscan -r --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no /home | Scan_Results_Filter

        printf "__________________________________________________
" | tee -a "${Current_Vault_Folder}/scanresults.log"

        Update_Scanlog;

I need to run some more tests. The copy mswin function is working. I need to fix a few more things before I can make a stable release.

You can post any suggestions before the next release.

9

I’ve fixed most of the bugs and added new features.

The patch doesn’t work. I put the test virus into the scanvirus vault. ‘scanvirus -l h’ doesn’t detect it in ‘scanning system files’, but it does detect the virus in ‘scanning home folder’.

back to the drawing board… :stuck_out_tongue:

10

For those reading this, I am nearly complete. All the major bugs and design flaws are fixed. Lots of new features. I’m still running more field tests to find the last of them.

Version: 1.00 stable

Here’s the new help file, including new features.

Scan Virus
help commands
-------------
virus scan linux files
    p1: -l or linux
    p2: u   freshclam update      (optional)
    p2: l   low system priority   (optional)
    p2: h   high system priority  (optional)
    p2: p   high system priority + shutdown on finish (optional)
    p2: f   scan folder           (optional)

virus scan windows files
    p1: -m or -mswin
    p2: c   copy infected files to vault     (optional)
    p2: m   move infected files to vault     (optional)
    p2: u   freshclam update                 (optional)
    p2: l   low system priority   (optional)
    p2: h   high system priority  (optional)
    p2: p   high system priority + shutdown on finish (optional)
open virus vault (KDE)
    p1: -vf
view logs
    p1: -vl
    p2: l or m  mask by linux/mswin scans   (optional)
    p2: d       mask by date                (optional)  
    p3: year                                (optional)
    p4: month                               (optional)
view virus reports + virus files
    p1: -vr or -viewvirusreports
view version information
    p1: -v or --version

You now a cfg file for excluded system folders and a time date stamp.

____________________scanvirus configuration____________________
No more spaces or ' or "
Date[space]Time or Time[space]Date
_______________________________________________________________
ExcludedScanFolders= dev etc kdeinit5__0 proc tmp srv sys .snapshots
_______________________________________________________________
DateTimeStamp= +%Y-%m-%d +%I:%M:%S%P
_______________________________________________________________

Suggestion box is still open. I might add ‘high priority + suspend’.

11

Yet another design flaw and many more bugs are fixed.

Upgrades
power off + suspend
vl command will include filter for day.

The suggestion box is still open. :slight_smile:

12

Completed:
vl command extended to include day.
version information command includes output of CFG file.

scanvirus has redesigned at various levels.

Scan Virus
help commands

virus scan linux files
p1: -l or linux
p2: u freshclam update (optional)
p2: l low system priority (optional)
p2: h high system priority (optional)
p2: p shutdown on end (optional)
p2: f scan folder (optional)

virus scan windows files
p1: -m or -mswin
p2: c copy infected files to vault (optional)
p2: m move infected files to vault (optional)
p2: u freshclam update (optional)
p2: l low system priority (optional)
p2: h high system priority (optional)
p2: p shutdown on end (optional)
open virus vault (KDE)
p1: -vf
view logs
p1: -vl
p2: l or m mask by linux/mswin scans (optional)
p2: d mask by date (optional)
p3: year (optional)
p4: month (optional)
p4: day (optional)
view virus reports + virus files
p1: -vr or -viewvirusreports
view version information + view cfg file
p1: -v or --version

scanvirus configuration
Date[space]Time or Time[space]Date
date +’%Y-%m-%d %I:%M:%S%P’
DateTimeStamp= %Y-%m-%d %I:%M:%S%P

ExcludedScanFolders= dev etc kdeinit5__0 proc tmp srv sys .snapshots

Suspend system option might be added. Any suggestions and comment welcome at this time.

13

Hello. I’v succeeded in removing all the bugs and design flaws that prevented me from doing a stable release.

I’m currently working out some security issues.

Scan Virus
help commands

virus scan linux files
p1: -l or --linux
p2: u freshclam update (optional)
p2: l low system priority (optional)
p2: h high system priority (optional)
p2: p suspend on end (optional)
p2: p shutdown on end (optional)
p2: f scan folder (optional)

virus scan windows files
p1: -m or --mswin
p2: c copy infected files to vault (optional)
p2: m move infected files to vault (optional)
p2: u freshclam update (optional)
p2: l low system priority (optional)
p2: h high system priority (optional)
p2: p shutdown on end (optional)

open virus vault (Desktop: KDE & GNOME)
p1: -vf or --viewfolder

view logs
p1: -vl or --viewlogs
p2: l or m mask by linux/mswin scans (optional)
p2: d mask by date (optional)
p3: year (optional)
p4: month (optional)
p5: day (optional)

view virus reports + virus files
p1: -vr or --viewvirusreports

view version information + configuration file
p1: -v or --version

Copy virus vault to user #
p1: l list users
p2: user number

view help file
p1: -h or --help

scanvirus configuration
Date[space]Time or Time[space]Date
date +’%Y-%m-%d %I:%M:%S%P’
DateTimeStamp= %Y-%m-%d %I:%M:%S%P

ExcludedScanFolders= dev etc kdeinit5__0 proc tmp srv sys .snapshots

Bash Suspend Command
1= ‘systemctl suspend’ - openSUSE, Ubuntu, Fedora, Arch, Debian, etc
2= ‘pm-suspend’ - Void, Gentoo, Devuan etc - pm-utils power management suite
SuspendCommand= 1

Suggestions are welcome for now…

14

I found another possible security issue. When you use the suspend or power off command, You will leave the system unattended to do something else. That might include leaving the room or the area. In some cases, a locked room. In other cases, someone else could get access. So, I’m working on a fix to exit the terminal and leave scanvirus running. As long as the linux system isn’t shutdown before its finished, scanvirus will continue running in the background.

I’m working on problem…

15

I’ve made the breakthrough in fixing the security hole for suspend and power off.

In the linux scan, scanvirus will now shift into the background, allowing you to ‘exit’ from terminal superuser mode and close the window. Fixing the windows scan will soon follow.

This is how it will work: high-priority update suspend

[Terminal Window]
su
[password]
#scanvirus -l hus
#exit
#exit

[window closed]
[system will suspend when scanvirus completes it’s scan]

As long as you don’t suspend or power off the system, it will shutdown or power off by itself.

I’m trying to get the script do the ‘exit’ ‘exit’ for you.

16

Security updates:

scanlogs now include power-off and suspend requests.
scanvirus folders and files are secured for root only users.
Security checks are now performed at any function.

linux scan upgrades are now complete.

Suspend and poweroff now send the scan to background. Optional for KDE, close all terminal windows.

After ‘exit’ ‘exit’ or changing the cfg file, the system will work as normal until the scan is complete.

If you logout, the shutdown or suspend will work.

On suspend or power-off close all terminal windows (KDE)
CloseTerminalWindows= 0

Working on being able to use the above with gnome as well.

I should be finished similar mswin upgrades in a few days.

17

I finished all the main upgrades. I’m currently running tests. A beta will be available for limited release for 24 hours. I have no method to test the gnome functions. So, I’ll need you people to test it and report any problems with gnome or anything else.

Don’t upload this beta anywhere. Keep only until the stable release. I might add features, fixes, and other code upgrades I don’t post on here.

18

https://paste.opensuse.org/1848c754

For those paying attention, this is the beta test version of stable v1.00 release.

It’s been been tested for bugs and smooth operation. Any problems, bugs, or to just complement me. Hint Hint. :slight_smile:

There are many unfinished functions and design improvements. So, don’t upload it anywhere else! Don’t keep it after the stable release.

The app will upgrade itself. Later versions will require use of ‘su -’. This doesn’t. Expect changes in the new cfg file.

19

Here’s a security patch upgrade for the beta test. Replace all permissions lines. If you have the last version, you will need to replace similar lines. You will still have to make scanvirus executable before you overwrite it.

After

# if clamscan not installed 
clamscan --help > /dev/null 2>&1
if  $? == 127 ]]; then
   echo "clamscan not installed" 1>&2
   exit 1
fi

# if clamscan not installed 
udisksctl --help > /dev/null 2>&1
if  $? == 127 ]]; then
   echo "udisks2 not installed" 1>&2
   exit 1
fi

#chmod u=rwx,g=,o= [folder/file]
umask 077

#export TERM=vt100

Before

     #read configuration file lines into array
     while read -r line
     do
          #check for varible lines
          if  "$line" == 'DateTimeStamp='* ]];then
               #remove all past ';'
               #printf "%s
" "$line"
               DTS_tmp1=${line#DateTimeStamp= *}
               #printf "%s
" "$DTS_tmp1"
               DTS_Format=${DTS_tmp1%%;*}
               #printf "%s
" "$DTS_tmp2"

               #check for valid date and time
               Date_Time_Stamp=$( date +"$DTS_Format" )
               if  $? != 0 ]]; then
                    echo "----- Date time stamp error -----"
                    exit 1
               fi
 
          elif  "$line" == 'ExcludedScanFolders='* ]];then
               shopt -s lastpipe;printf "%s" "${line#ExcludedScanFolders= *}" | read -a ExcludedScanFolders;shopt -u lastpipe
          elif  "$line" == 'SuspendCommand='* ]];then
               shopt -s lastpipe;printf "%s" "${line#SuspendCommand= *}" | read SuspendCommand;shopt -u lastpipe
          elif  "$line" == 'LockScreenCommand='* ]];then
               shopt -s lastpipe;printf "%s" "${line#LockScreenCommand= *}" | read LockScreenCommand;shopt -u lastpipe
          fi
     done < /var/log/VirusVault/scanvirus.cfg
     
     #printf "%s
" "$Date_Time_Stamp"
     #printf "%s
" "${ExcludedScanFolders@]}"
     #printf "SuspendCommand= %s
" $SuspendCommand
     #exit 1

     Virus_Vault_Folder='/var/log/VirusVault' 



#check file permissions and ownership
check_permissions_ownership()
{
     #check if file or folder or executable
     if  "$2" == 'x' ]]; then
          Read_Permissions='-rwx------'
          Write_Permissions='u=rwx,g=,o='
     elif  -f "$1" ]]; then
          Read_Permissions='-rw-------'
          Write_Permissions='u=rw,g=,o='
     elif  -d "$1" ]]; then
          Read_Permissions='drwx------'
          Write_Permissions='u=rwx,g=,o='
     else
          printf "Not folder or file or executable
"
          exit
     fi

     #printf "%s
" $(stat -c '%A' "$1")
     #printf "%s
" $Read_Permissions
     
     #check file permissions
     if  "$(stat -c '%A' "$1" )" != "$Read_Permissions" ]]; then
          printf "Setting permissions --> %s
" $1
          chmod "$Write_Permissions" "$1"
     #else
     #     printf "Permissions verified --> %s 
" $1
     fi

     #check owner and group name
     if  "$(stat -c '%U %G' "$1")" != 'root root' ]]; then
          printf "Setting ownership and group name --> %s
" $1
          chown root:root "$1"
     #else
     #     printf "Ownership and group name verified --> %s
" $1
     fi
}

check_permissions_ownership '/usr/bin/scanvirus' x
check_permissions_ownership '/var/log/VirusVault'
check_permissions_ownership '/var/log/VirusVault/VirusFound'
check_permissions_ownership '/var/log/VirusVault/scanvirus.cfg'
check_permissions_ownership '/var/log/VirusVault/VirusScanLog.txt'

Change these lines:

#: Last Edit   : Mon  Jun 16  01:00 PST 2020
         printf "Build #2020.06.16.01.00
"
20

For those paying attention to this blog, another beta test version is available. Don’t upload file anywhere! Don’t keep it! The official version may have upgrades and bug fixes not stated.

https://paste.opensuse.org/f948c74f

Available for one day only.

Any comments,suggestions,bugs,security issues, or just plain complements post on here. Hint Hint. :wink:

Upgrades: total scan time in logs and in virus reports. Nothing new after that.

Design flaw: It stalls on every directory scan. The scan has to restart on every folder. I’v not found a way to make clamscan in this version to scan specific folders. It’s likely likely a bug in the current engine.

copy to: /usr/bin/scanvirus & enable executable