# ClamAV antivirus management commands # Each function returns a bash command string that app.py executes via ssh_run() def status_cmd(): """Return bash cmd to check ClamAV install and service status.""" return ( "echo '=== ClamAV Installation ===' && " "dpkg -l | grep clamav | awk '{print $2, $3}' 2>/dev/null || echo 'ClamAV not installed' && " "echo '' && echo '=== Service Status ===' && " "systemctl is-active clamav-daemon 2>/dev/null && echo 'clamd: running' || echo 'clamd: not running' && " "systemctl is-active clamav-freshclam 2>/dev/null && echo 'freshclam: running' || echo 'freshclam: not running' && " "echo '' && echo '=== Virus DB ===' && " "if [ -f /var/lib/clamav/daily.cld ] || [ -f /var/lib/clamav/daily.cvd ]; then " " ls -lh /var/lib/clamav/*.{cld,cvd} 2>/dev/null; " " sigtool --info /var/lib/clamav/daily.cld 2>/dev/null | grep -E 'Version|Sigs|Build' || " " sigtool --info /var/lib/clamav/daily.cvd 2>/dev/null | grep -E 'Version|Sigs|Build'; " "else " " echo 'No virus database found'; " "fi && " "echo '' && echo '=== ClamAV Version ===' && " "clamscan --version 2>/dev/null || echo 'clamscan not found'" ) def install_cmd(): """Return bash cmd to install ClamAV and enable services.""" return ( "DEBIAN_FRONTEND=noninteractive apt-get update -qq && " "DEBIAN_FRONTEND=noninteractive apt-get install -y clamav clamav-daemon clamav-freshclam 2>&1 && " "systemctl stop clamav-freshclam 2>/dev/null; " "freshclam 2>&1; " "systemctl enable clamav-daemon clamav-freshclam 2>&1 && " "systemctl start clamav-freshclam 2>&1 && " "systemctl start clamav-daemon 2>&1 && " "echo 'ClamAV installed and services started'" ) def update_defs_cmd(): """Return bash cmd to update virus definitions.""" return ( "systemctl stop clamav-freshclam 2>/dev/null; " "freshclam 2>&1; " "systemctl start clamav-freshclam 2>&1 && " "echo '' && echo '=== Updated DB Info ===' && " "ls -lh /var/lib/clamav/*.{cld,cvd} 2>/dev/null" ) def scan_cmd(path, recursive=True): """Return bash cmd to scan a path with clamscan.""" flags = "-ri" if recursive else "-i" return ( f"echo '=== Scanning: {path} ===' && " f"echo 'Started: '$(date) && " f"clamscan {flags} --no-summary '{path}' 2>&1; " f"clamscan {flags} '{path}' 2>&1 | tail -8 && " f"echo 'Finished: '$(date)" ) def scan_quick_cmd(): """Return bash cmd for a quick scan of common attack targets.""" return ( "echo '=== Quick Scan: /tmp /var/tmp /dev/shm /var/www /home ===' && " "echo 'Started: '$(date) && " "clamscan -ri --no-summary /tmp /var/tmp /dev/shm /var/www /home 2>&1; " "clamscan -ri /tmp /var/tmp /dev/shm /var/www /home 2>&1 | tail -10 && " "echo 'Finished: '$(date)" ) def scan_full_cmd(): """Return bash cmd for full system scan (excludes /proc /sys /dev).""" return ( "echo '=== Full System Scan ===' && " "echo 'Started: '$(date) && " "clamscan -ri --exclude-dir='^/proc' --exclude-dir='^/sys' " "--exclude-dir='^/dev' --exclude-dir='^/run' " "--log=/var/log/clamav/lastscan.log / 2>&1 | tail -15 && " "echo 'Finished: '$(date)" ) def log_cmd(lines=50): """Return bash cmd to view ClamAV scan logs.""" return ( "echo '=== Last Scan Log ===' && " f"tail -{lines} /var/log/clamav/lastscan.log 2>/dev/null || echo 'No scan log found' && " "echo '' && echo '=== Freshclam Log ===' && " f"tail -20 /var/log/clamav/freshclam.log 2>/dev/null || echo 'No freshclam log found'" ) def quarantine_list_cmd(): """Return bash cmd to list quarantined files.""" return ( "echo '=== Quarantine ===' && " "if [ -d /var/lib/clamav/quarantine ]; then " " ls -lhR /var/lib/clamav/quarantine 2>/dev/null; " " echo '' && echo \"Total: $(find /var/lib/clamav/quarantine -type f | wc -l) files\"; " "else " " echo 'No quarantine directory (clean system)'; " "fi" ) def quarantine_scan_cmd(path, recursive=True): """Return bash cmd to scan and move infected files to quarantine.""" flags = "-ri" if recursive else "-i" return ( "mkdir -p /var/lib/clamav/quarantine && " f"echo '=== Scan + Quarantine: {path} ===' && " f"clamscan {flags} --move=/var/lib/clamav/quarantine " f"--log=/var/log/clamav/lastscan.log '{path}' 2>&1 | tail -15" ) def quarantine_delete_cmd(): """Return bash cmd to purge all quarantined files.""" return ( "if [ -d /var/lib/clamav/quarantine ]; then " " count=$(find /var/lib/clamav/quarantine -type f | wc -l) && " " rm -rf /var/lib/clamav/quarantine/* && " " echo \"Purged $count quarantined files\"; " "else " " echo 'No quarantine directory'; " "fi" ) def schedule_cmd(schedule="daily", paths="/"): """Return bash cmd to set up a cron job for scheduled scanning.""" if schedule == "daily": cron_time = "0 3 * * *" elif schedule == "weekly": cron_time = "0 3 * * 0" elif schedule == "monthly": cron_time = "0 3 1 * *" else: cron_time = "0 3 * * *" return ( f"(crontab -l 2>/dev/null | grep -v 'setec-clamscan'; " f"echo '{cron_time} clamscan -ri --exclude-dir=\"^/proc\" --exclude-dir=\"^/sys\" " f"--exclude-dir=\"^/dev\" --exclude-dir=\"^/run\" " f"--move=/var/lib/clamav/quarantine --log=/var/log/clamav/lastscan.log " f"{paths} # setec-clamscan') | crontab - 2>&1 && " f"echo 'Scheduled {schedule} scan of {paths}' && " f"crontab -l | grep setec-clamscan" ) def schedule_status_cmd(): """Return bash cmd to show current scan schedule.""" return ( "echo '=== Scan Schedule ===' && " "crontab -l 2>/dev/null | grep setec-clamscan || echo 'No scheduled scan'" ) def schedule_remove_cmd(): """Return bash cmd to remove scheduled scan.""" return ( "(crontab -l 2>/dev/null | grep -v 'setec-clamscan') | crontab - 2>&1 && " "echo 'Scheduled scan removed'" ) def config_cmd(): """Return bash cmd to show ClamAV config.""" return ( "echo '=== clamd.conf ===' && " "cat /etc/clamav/clamd.conf 2>/dev/null || echo 'Not found' && " "echo '' && echo '=== freshclam.conf ===' && " "cat /etc/clamav/freshclam.conf 2>/dev/null || echo 'Not found'" ) def uninstall_cmd(): """Return bash cmd to remove ClamAV.""" return ( "systemctl stop clamav-daemon clamav-freshclam 2>/dev/null; " "DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y clamav clamav-daemon clamav-freshclam 2>&1 && " "apt-get autoremove -y 2>&1 && " "echo 'ClamAV uninstalled'" )