Skip to main content

A handy and simple tool for sending ClamAV notifications.

Project description

ClamNotif: Monitor ClamAV Health Reports Automatically

ClamNotif, a.k.a ClamAV Notification, is a handy and simple tool written in Python, which is able to forward notifications to different recipients categorised by two severity levels of the regular health reports produced by clamscan bundled with the ClamAV antivirus engine.

What challenge we had faced

We, PiSoft Company Ltd., is a software company based in Macao S.A.R. For more than a decade, we have been developing , operating and maintaining software systems for many clients. For system security, we use ClamAV to scan the server regularly.

Usually, that is done in the form of a daily heath check on the server. Because ClamAV is an antivirus engine only, in order to make our operation as automatic as possible, we have to find a solution to forward those health reports automatically.

As part of our daily operations, if ClamAV doesn't find any thing infected, a health report should be forwarded to our maintenance team as a heart-beating signal. This is quite important, especially during the pilot period, which is the very beginning of a new system running in Production.

On the other hand, if ClamAV finds some files infected, the health report shall be forwarded to our maintenance team as well as the representative of our client as an alert.

We googled for a solution with no luck, only some pieces of bash scripts cooperating with mailx available. Perhaps, building a tool ourselves for our requirement seems unavoidable.

Installation

First of all, we can install ClamNotif by

$ pip3 install clamnotif

let's check if it works properly

$ python3 -m clamnotif

We should see

$ python3 -m clamnotif
  Welcome for using ClamNotif v0.0.5 from PiSoft Company Ltd.
  Usage: python3 -m clamnotif [--test-smtp|--check-report]

Configuration

Prepare Our Configurations

The configuration file of ClamNotif is an ini file designed with intuitive variable names. Please make sure to save the configuration file as ~/.clamnotif/clamnotif.cfg.

ClamNotif always reads all configurations under the home folder of the current user. Thus the read permission of the configuration file needs to be granted to ClamNotif, which should be the default in most cases.

Once our configuration completes, please make sure the ClamAVReportFolder as well as the files inside the folder can be read by the current user. In the following case, we have to check the directory ~/.ClamAV/daily/.

When the system is getting more and more stable, a daily notification would not be necessary. We can fine-tune how often a heart-beat is sent by setting HeartbeatDayGap. In the following example, suppose ClamNotif forwarded a heart-beat on 17/Apr, the next heart-beat would be sent on 19/Apr, i.e., 2 days later. This value has no impact on the sending of alerts. Once an alert is detected, it will be sent to the recipients immediately.

[SMTP]
SMTPServerHost = smtp.gmail.com
SMTPServerPort = 465
SMTPTLSEnabled = false

[Notification]
SenderAddress = foo@gmail.com
SenderPasswd = $@SendPwd
AlertSubject = My System Antivirus Notification - Alert !!!
AlertReceiverAddresses = alice@gmail.com,robert@gmail.com,sysadmin@gmail.com
HeartbeatSubject = My System Antivirus Heartbeating Notification
HeartbeatReceiverAddresses = sysadmin@gmail.com
HeartbeatDayGap = 2

[ClamAV]
ClamAVReportFolder = ~/.ClamAV/daily/

Test Our Configurations

Let's send a testing email to all recipients defined in the configuration file above by turning on the flag --test-smtp. Check our email box to see if we can receive the email for testing.

$ python3 -m clamnotif --test-smtp
  Successfully sent a testing email with title 'ClamNotif Testing' to foo@gmail.com and alice@gmail.com,robert@gmail.com,sysadmin@gmail.com.

If it works, we can go further. The flag --check-report tells ClamNotif to check the ClamAVReportFolder and to send a notification to the appropriate recipients.

$ python3 -m clamnotif --check-report
  [Should add the command outputs later]

python3 -m clamnotif --check-report is the most common usage of ClamNotif.

Run ClamNotif Daily

We are able to run clamnotif regularly by registering it as a schedule job with crontab.

Here is an article Complete Beginners Tutorial for your reference.

Bash Scripts

There are some handy bash scripts which we use to wrap clamscan and clamnotif under the bash folder. Just see if they are helpful.

Acknowledgement

We built this tool in memory of Mr Brain Iu, who was a visionary in the field of software development and had been promoting the Python Programming Language in Macao long before it became all the rage .

Hope you find it useful. Drop me a line if you like it!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

clamnotif-0.1.0.tar.gz (15.0 kB view details)

Uploaded Source

Built Distribution

clamnotif-0.1.0-py3-none-any.whl (19.4 kB view details)

Uploaded Python 3

File details

Details for the file clamnotif-0.1.0.tar.gz.

File metadata

  • Download URL: clamnotif-0.1.0.tar.gz
  • Upload date:
  • Size: 15.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for clamnotif-0.1.0.tar.gz
Algorithm Hash digest
SHA256 aa8f6c295323256d316685443a60b26b7b5efc9ddd295ff234c530bca44fe1de
MD5 8e4f76d1994f0c540ea2b103ea307b5e
BLAKE2b-256 65807bfc63fccced46f8e322ee7c30215ce04ab1d87a29423ac6387343b1119c

See more details on using hashes here.

File details

Details for the file clamnotif-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: clamnotif-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 19.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for clamnotif-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0bc61453e6701476aa6009b67b2613760edfa5d237009eb4b7aca91701a479b8
MD5 521e6db2cfab8e2d4b6be998129f7cc2
BLAKE2b-256 21710ef66d3b4b6fb1bccfe91c216cec8a5b455f515094a4c288c452a65537c7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page