Mailing List Archive: [clamav-users] ClamAV - Configure the "clamd@scan" service to notify me by email

*Is it possible to configure the "clamd@scan" service to notify me by email
if any threats are found? If so how can I do this?*
*NOTE:* Examples and/or documentation are most welcome! By the way, I have
"sendmail" application configured on all servers in my infrastructure.

*IMPORTANT:* I noticed that there is a parameter called "VirusEvent" in the
"/etc/clamd.d/scan.conf" file...

"
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
"

... but it seems that its option is buggy and was only fixed in version
0.102-beta (
https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html
) and my version is this...

"
[root@localhost ~]# clamscan -V
ClamAV 0.101.5/25707/Sun Jan 26 08:40:28 2020
"

Thanks! =D

--
*Eduardo Lúcio*
LightBase Consultoria em Software Público
eduardo.lucio@LightBase.com.br
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
*Software livre! Abrace essa idéia!*
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*

*Abraham Lincoln*

Hi there,

On Sun, 26 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:

> *Is it possible to configure the "clamd@scan" service to notify me by email
> if any threats are found?

I am not familiar with the exact package that you are using, but I
believe that the service itself will not do that, and you will need to
arrange something yourself if you need that feature. Fundamentally
ClamAV is one tool in your toolkit. It detects things. If you want
it to send a mail message when it detects something, then you need
to interface it to another tool. This is the Unix Way of things.
See tha 'man' page for 'mail'.

> *NOTE:* Examples and/or documentation are most welcome! By the way, I have
> "sendmail" application configured on all servers in my infrastructure.

Sendmail is a Mail Transfer Agent, or MTA. You will probably need to
spend a few years working with Sendmail before you begin to understand
it but it is not intended as a mail client. Something like 'mail' can
send mail from the command line or a script but doing things like that
is beyond the scope of this list. It is not difficult for a competent
system administrator.

> *IMPORTANT:* I noticed that there is a parameter called "VirusEvent" in the
> "/etc/clamd.d/scan.conf" file...

The scan.conf file appears to be something provided by your package
maintainer, it does not exist in the upstream ClamAV sources, but see
the 'man' page for clamd.conf which describes how to use VirusEvent.

> [root@localhost ~]# clamscan -V
> ClamAV 0.101.5/25707/Sun Jan 26 08:40:28 2020

In general, for something like threat detection, you need the software
to be kept reasonably up to date. Packages are not always best for
that, but to use the upstream sources you need to be able to build
software from the sources and you need to be aware of the differences
and potential conflicts between packages which are provided by your
distribution and tools such as ClamAV which you might install yourself.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml