Clamscan Script

Often with a compromised web server it’s always nice to set the infected files to be immutable.   Here’s my way of doing things.

Starting with an install of clamAV and running an update

yum install clamscan -y

freshclam

Scan to file and send to background

clamscan /var/www/vhosts/ -r > ~/clamscan &

Search for infected files (FOUND) and set them to be immutable

 chmod 000 `grep FOUND ~/clamscan.20130319 | awk ‘{print $1}’ | cut -d: -f1`