#!/bin/bash

# Daniel Berteaud <daniel@firewall-services.com>
# Inspired by Clam Temps Reel from Hackurx
# http://hackurx.wordpress.com
# Licence: GPL v3

exec 2>&1

CLAMD=$(/sbin/e-smith/db configuration getprop clamd status || \
    echo 'disabled')
if [ "$CLAMD" = "disabled" ]; then
    sv d .
    exit
fi

MAIL=$(/sbin/e-smith/db configuration getprop clamrt SendEmail || \
    echo 'enabled')
MAIL_MSG=$(/sbin/e-smith/db configuration getprop clamrt EmailMessage || \
    echo 'A virus was found in ${!FILE}. This file has been moved to quarantine')
MAIL_SUBJ=$(/sbin/e-smith/db configuration getprop clamrt EmailSubject || \
    echo 'A virus was found')
MAIL_DEST=$(/sbin/e-smith/db configuration getprop clamrt EmailDest || \
    echo 'admin')
QUARANTINE=$(/sbin/e-smith/db configuration getprop clamav QuarantineDirectory || \
    echo '/var/spool/clamav/quarantine')

/usr/bin/inotifywait -q -m -r -e create,modify,access --fromfile=/etc/clamrt.list \
    --timefmt %M --format '%w%f|%T|%e' | \
    perl -laF: -ne '$| = 1; print unless $_{$F[0]}++' | \
    sed --unbuffered 's/|.*//g' |

while read FILE; do
    echo "Scanning: $FILE"
    [ -e "$FILE" ] && clamdscan --fdpass --quiet -m --move=$QUARANTINE "$FILE"
    if [ "$?" == "1" ]; then
        echo "Malware found: $FILE quarantined ($QUARANTINE/$(basename $FILE))"
        [ "$MAIL" = "enabled" ] && echo $MAIL_MSG | mail -s "$MAIL_SUBJ" $MAIL_DEST
    fi
done