Virus scanner for samba file server

Scott Lawson s.lawson at
Thu Jan 11 10:22:55 GMT 2001

Guys here are my scripts for you. Obviously you will have to download the Mcafee
anti virus
software first and install it in /usr/local/uvscan (It's the default location

There are four scripts that I use (You could do it in one but this is nice n

First one I run as a cron job like so.


# Download McAfee Unix DAT Files and Scan User File systems for Viruses
20 0 * * * /usr/local/scripts/ftp-daily-uvscan-dats.exp
25 0 * * * /usr/local/scripts/ > /dev/null 2>&1
15 1 * * * /usr/local/scripts/

Script : : This calls the actual virus scan script for each file
system. I use a separate
script for each file system as I have 4 RAID arrays on separate SCSI channels and
a 4 CPU system
so I scan all file systems simultaneously.

export PATH
/usr/local/scripts/ &
/usr/local/scripts/ &
/usr/local/scripts/ &
/usr/local/scripts/ &

Script : homedirs2 : Just copy this for each filesystem that you want to scan, it
does a recursive
clean on all files. It also creates a log file which gets mailed to my sysadmin
team each morning.
It also generates a count of viruses found for a statistics web page that we

# To scan /homedirs2 for viruses and mail output to sysadmin team
export PATH
uvscan -c -r --summary /homedirs2 > /tmp/homedirs2_scan 2>&1
echo >> /tmp/scanned2
echo "Virus Scan of /homedirs2 on Infoserv `cat /tmp/homedirs2_scan`" >>
mail nospam at < /tmp/scanned2
echo >> /var/uvscan/uvscan.homedirs2.log
echo "Virus scan for `date`" >> /var/uvscan/uvscan.homedirs2.log
echo "-------------------------------------------------------" >>
cat /tmp/scanned2 >> /var/uvscan/uvscan.homedirs2.log
rm /tmp/homedirs2_scan
rm /tmp/scanned2
# Generate daily log entry for virus count statistics for stats web site
X=`tail -2 /var/uvscan/uvscan.homedirs2.log | grep "Cleaned:"`
VIRUSNO=`echo $X | awk '{print $3}'`
echo "`date +%y%m%d` $VIRUSNO" >> /var/uvscan/virus.stats.homedirs2

Script : ftp-mcafee-dats.exp : This script gets the daily dat files from mcafee
for automatically
updating our virus scan software. This script requires the expect language to be
installed. (I think
it comes by default with most linuxes, you need to download it for Solaris)

# ftp-mcafee-dats.exp
# Ftp's McAfee DAT tar files from
exp_version -exit 5.0
log_user 0
set timeout 60

# proc copied (and modified) from the O'Reilly Expect book to handle
# good and bad returns from ftp commands
proc sendexpect {cmd msg} {
     send "$cmd\r"
     expect {
         "Password:" {}
        -re "\n2.. (\[^\r]*\r\n)*ftp> " {}
        -re "\n... (\[^\r]*\r\n)*ftp> " {
            send_error "!!! FAILED: $msg\n"
         "ftp> " {}

spawn ftp
expect "Name*:"
# I have changed the username and password lines to remove our licensed username
and password.
sendexpect "username"
sendexpect "password"
sendexpect "bin" "change to binary"
sendexpect "prompt" "turn off prompt"
sendexpect "cd /licensed/antivirus/datfiles/4.x" "cd to
sendexpect "lcd /usr/local/uvscan" "lcd to /usr/local/uvscan"
sendexpect "mget *.tar" "mget *.zip"
sendexpect "quit" "quit"

Script : : This decompresses the new dat files
ready for use.

# Sort out DAILYDATs after FTP from NAI
export PATH
cd /usr/local/uvscan
tar xvf *.tar
chown daemon:bin *.dat
chmod 444 *.dat
uvscan --version > /tmp/uvscan_version
mail sysadmin at < /tmp/uvscan_version
rm /tmp/uvscan_version

I hope you find these useful.



PS. If you have any other questions drop me a line.

PPS. If use these scripts for anything I would be interested in knowing about it

Martin Radford wrote:

> [McAfee Anti virus software]
> > Do you have a product name and URL?  I searched around and cannot find any
> > of their products for anything except the Win platforms.  I'm interested in
> > the linux version.  -m
> The product is called VirusScan, you can download an evaluation from:
> Martin
> --
> Martin Radford              |   "Only wimps use tape backup: _real_
> martin at | men just upload their important stuff  -o)
> Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
> - see |       mirror it ;)"  - Linus Torvalds _\_V



Scott Lawson
Systems Manager
Department Of Information Services
St. George's Hospital Medical School
London SW17 0RE

P: 44 (0)208 725 2896
F: 44 (0)208 725 3583

mailto:s.lawson at

Quote of the week :

"The difference between 'involvement' and 'commitment' is like a
bacon-and-eggs breakfast: the chicken was 'involved' - the pig was


-------------- next part --------------
A non-text attachment was scrubbed...
Name: s.lawson.vcf
Type: text/x-vcard
Size: 319 bytes
Desc: Card for Scott Lawson
Url :

More information about the samba mailing list