Hello all. “scanvirus” is a script application that has clamscan as its anti-virus engine. It has minimal functions to learn and it only has two dependencies (udisks2 and clamav). It makes virus scans of multiple drives/devices much easier. It requires no graphical interface, but has some optional gfx functions. It’s command line is simple and easy to use with a configuration file. It’s a has good configurable logging system.
It’s been throughly tested for bugs and design flaws. However, any bugs or design flaws report them here. Follow the instructions in the script.
Design Flaw: needs more error checking, only basic checks.
Upgrading: Overwrite old file. Check CFG for differences
______________________________scanvirus configuration______________________________
date +'%Y-%m-%d %I:%M:%S%P'
TimeStamp= %I:%M:%S%P
DateStamp= %Y-%m-%d
______________________________________________________________________________
ExcludedScanFolders= dev etc kdeinit5__0 proc tmp srv sys var .snapshots
___________________________________________________________________________________
Bash Suspend Command
1= 'systemctl suspend' - openSUSE, Ubuntu, Fedora, Arch, Debian, etc
2= 'pm-suspend' - Void, Gentoo, Devuan etc - pm-utils power management suite
SuspendCommand= 1
___________________________________________________________________________________
Suspend or power-off lock screen - GNOME KDE
LockScreenCommand= 0
___________________________________________________________________________________
MSWIN scan - partition file system types
ScanPartitionFileSystems= ntfs vfat
___________________________________________________________________________________
List users group filter
UserGroupFilter= users
___________________________________________________________________________________
Scan Log Format
%o OS Type %s Virus Status
%f Scan Folder %n Scan Time
%c Command Options %t Time Stamp
%d Date Stamp %p Partition Log
%% Print %
ScanLogFormat= %o %s %f %n %c %t %d %p
___________________________________________________________________________________
No such file or directory
WARNING: : Can't access file
Ignore: clamscan engine issue, unknown
There is an error sometimes when scanvirus completes, some kind of bash bug unrelated to scanvirus or other system bug.
Future Fix: There is possible problem with someone altering the config file to remove ‘virus’ or ‘clean’. There is no current way to log changes to that file.
===== Security Patch =====
Now checks and corrects for missing virus status ‘%s’.
Make changes as noted. If you have done it correctly, the sha256 and sha512 should match. If not, make sure there are no extra lines at the end of the script. Also, spacing could make shasums incorrect.
Code patch → build date top – > build date version bottom
if "$ScanLogFormat" == '' ]];then
printf "cfg error: ScanLogFormat NULL
"
exit 1
fi
if "$ScanLogFormat" != *"%s"* ]];then
printf "cfg error: ScanLogFormat missing virus status
"
printf "Adding Virus status to ScanLogFormat
"
ScanLogFormat+=" %s"
fi
Virus_Vault_Folder='/var/log/VirusVault'
#exit 1
===== Security Patch =====
Adds warning to scanlogs about missing virus status.
Make changes as noted. If you have done it correctly, the sha256 and sha512 should match. If not, make sure there are no extra lines at the end of the script. Also, spacing could make shasums incorrect.
Code patch → build date top – > build date version bottom
if "$ScanLogFormat" == '' ]];then
printf "cfg error: ScanLogFormat NULL
"
exit 1
fi
if "$ScanLogFormat" != *"%s"* ]];then
printf "cfg error: ScanLogFormat missing virus status
"
printf "Adding Virus status to ScanLogFormat
"
ScanLogFormat+=" %s"
Current_Date=$(date +'%m/%d/%Y')
printf "%s WARNING: ScanLogFormat missing virus status
" "$Current_Date" >> /var/log/VirusVault/VirusScanLog.txt
fi
Virus_Vault_Folder='/var/log/VirusVault'
Drovorub may be an early indicator that some hackers are recognizing that even if Linux doesn’t exist in large Desktop/Workstation numbers, it can still be a worthwhile target because critical high value systems often run on Linux.
If we continue to see more exploits like Drovorub that specifically target Linux machines, then anti-malware in general and anti-virus in particular could become essential rather than merely optional.
I’ve done my best to get out any security flaws in scanvirus. But, I’m still limited by the engine being out of date.
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.3 Recommended version: 0.102.4
I would release scanvirusbin, but it has too many potential flaws. Not to mention memory leaks and filename overflows. On the good side, I have completed ‘scanvirusbin -l f bin’. Scanning and saving the log in the virus scan folder.
Any virus can be detected? Some viruses have a special app to detect them.
I have secure boot disabled. Can I just do an update install to enable?
For your information, I’ve been taking a very hard college class and are very busy.
I have come up with some new function ideas, based on my use of it. Again, suggestions post here.
The "scan interrupted’ log messages are useful, but tend to clutter the logs. So, a cleaning function needs to be added. Since, I am constantly deleting them from the logs.
Sometime in the future, a sort logs into folders function will be added. I think it might be useful. Also, a compress folder similar to an existing function.
A log separate function to use a ‘--------------------------------’ to separate by year – > month for easier viewing of the full log.
For those reading this thread, this a pre-release beta. Just one new feature, ‘clean logs’. No text replace, full download, This will be available for 3 months.
I’m thinking of some ways to sort and archive the scanlogs into a compressed zip file.
I have a simple idea to make the logs more human readable. You run the command and it formats the current logs something like this. Any new log entries are still the same. I’ll have to add code to support the new format or a separate formatted file with a command to view it.
Year2020
January
scanlog1
scanlog2
scanlog3
February
scanlog4
scanlog5
Year2021
January
scanlog6
scanlog7
scanlog8
The ‘-cl’ command can clear lines with ‘virus found’. Filenames with same name, ‘Scan Interrupted’, might cause a problem. I need to think about it more. Scans can be interrupted after a virus found line. This is serious security issue.
Solution, I just skip ‘scan interrupted’ line with ‘virus found’. You can still delete the line manually while having the handy clean function. I should be able to create a simple fix and post the code.
The filename issue needs to be researched. For now, filenames don’t usually have spaces before and after. The search uses spaces before and after. As far as I know, search ’ scan interrupted ’ should work without any security issues.
I need to test this before I release any new beta. Always check the build #, not the version #.
I’m working on a fix. I found that ‘scan interrupted’ doesn’t use the the standard output. So, it doesn’t display ‘virus’ in the line, but it does move the folder if virus is found. So, I need to review how the control-c cancel scan works.
I can use the standard output and add ‘interrupted’ to the line to remind you of an canceled scan. I can add ‘virus’ to the line only.
I think I have simple design change that works. It will change the formatting of ‘control-c’ output. So, there is a need for an optional upgrade function. It won’t be in the help menu.
scanvirus --upgrade
The upgrade will do various tasks, depending on the version. ----- Don’t use it more than one time---- Putting in safeguards will be too much coding. Use more than twice at you own risk. First time, use ‘-u’ at your own risk
fixes: next --upgrade
interrupted spelling error
possible conversion of old ‘scan interrupted’ to new format
fixes the formatting error in the scanlog: ‘start/end date:’ to ‘start/end:’ (scanvirus bug fix in next beta release)
scanlog.txt
completed scan:
date {formatted line}
interrupted scan:
date canceled {formatted line}
date interrupted {formatted line}
I’ll may add this to the config file. For, now i’ll just point out the line to change. (if you want your own word)
Once it passes the tests, will be the beta release. Sometime next month,
I was able to create a simple change to ‘update_scanlog’ to allow it to include ‘$cancel_scan_string’. Adding it to the trap – >control_c → call update_scanlog is complex, but not impossible. I could just correct the bad formatting and leave out missing data, but this will make the output cleaner.
I have finished the final design and coding for ‘scan interrupted’. There some security issues with the ‘-cl’ function that need to be worked out.
Start: date and time
End: date and time
Calc: Total Scan Time
typical line:
ostype virus/clean total_scan_time TIme Date {folder_list}
canceled ostype virus/clean interrupted_scan_time tIme date {folder_list}
Not knowing the date and time a scan was canceled could be security issue.
Replacing interrupted_scan_time with time_date_canceled is a good security fix,
Using CFG file to remove scan interrupted might cause security issues. But, if I just add the ‘-cl’ clean logs functions, it might be the better solution.
Cleaning the logs also adds a time and date logs were cleaned, another security fix.
Bug fix: ‘Start date:’ → ‘Start:’ and fix ‘End date’.
The control-c code had some major design problems, because of my lack of understanding of how trap works. I’m doing a complete redesign of control-c. The output is much cleaner after using control-c in the scanlogs and after the current scan is canceled. Both linux and mswin scans will have this upgrade.
canceled: linux clean bin 0h:0m:1s none 08:39:51pm 2021-02-11 {}
canceled: linux clean / 0h:0m:34s none 09:17:55pm 2021-02-11 {.Trash-0;bin;boot;home;lib}
For security reasons, the ‘canceled:’ variable will not be in the config file. You will be able to set this var at the beginning of the script. Later, you can set it’s position as start ‘0’ or end ‘1’ either in the config file or in the script as another var (next to canceled_var).
__________________________________________________
Scanning lib
No such file or directory
WARNING: : Can't access file
751^Cexiting...
__________________________________________________
I can’t find a reason for the above bug. Instead, I’m going to try fix the ‘start date:’ bug and finish the upgrade to control-c.
I’ve completed the upgrades to the linux scans if you press control-c. I’ve run into some error in the mswin scan. It could be a system bug. So, I’m going to wait a few days for the problem to be fixed.