Last active
January 24, 2026 20:32
-
-
Save LautyDev/a0c912b14c11297d5dbbf1ce09b1cfae to your computer and use it in GitHub Desktop.
ClamAV Protector
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| WATCH_DIRS=( | |
| "$HOME/Downloads" | |
| "$HOME/Documents" | |
| "$HOME/Desktop" | |
| ) | |
| STATE_DIR="$HOME/.local/state/clamav-protector" | |
| DATA_DIR="$HOME/.local/share/clamav-protector" | |
| DB="$STATE_DIR/scanned.db" | |
| QUARANTINE="$DATA_DIR/quarantine" | |
| mkdir -p "$STATE_DIR" "$QUARANTINE" | |
| touch "$DB" | |
| log() { | |
| echo "$(date '+%Y-%m-%d %H:%M:%S') [$1] $2" | |
| } | |
| log INFO "ClamAV Protector started" | |
| scan_file() { | |
| FILE="$1" | |
| [ -f "$FILE" ] || return | |
| [ -r "$FILE" ] || { log ERROR "Unreadable file: $FILE"; return; } | |
| HASH=$(sha256sum "$FILE" | awk '{print $1}') | |
| if grep -q "^$HASH$" "$DB"; then | |
| log SKIP "Already scanned: $FILE" | |
| return | |
| fi | |
| log INFO "Scanning: $FILE" | |
| if clamscan --no-summary "$FILE" | grep -q FOUND; then | |
| BASENAME=$(basename "$FILE") | |
| TS=$(date '+%Y%m%d-%H%M%S') | |
| DEST="$QUARANTINE/${TS}_$BASENAME" | |
| mv "$FILE" "$DEST" 2>/dev/null | |
| chmod 600 "$DEST" | |
| chmod -x "$DEST" 2>/dev/null | |
| log ALERT "Malware detected: $FILE -> quarantine" | |
| notify-send "ClamAV Protector" \ | |
| "Infected file:\n$BASENAME\nMoved to quarantine" | |
| else | |
| echo "$HASH" >> "$DB" | |
| log OK "Clean: $FILE" | |
| fi | |
| } | |
| log INFO "Initial scan started" | |
| for DIR in "${WATCH_DIRS[@]}"; do | |
| [ -d "$DIR" ] || continue | |
| find "$DIR" -type f 2>/dev/null | while read -r FILE | |
| do | |
| scan_file "$FILE" | |
| done | |
| done | |
| log INFO "Initial scan completed" | |
| log INFO "Real-time monitoring enabled" | |
| inotifywait -m -r \ | |
| -e close_write,moved_to \ | |
| --format '%w%f' \ | |
| "${WATCH_DIRS[@]}" 2>/dev/null | while read -r FILE | |
| do | |
| log EVENT "New or modified file: $FILE" | |
| scan_file "$FILE" | |
| done |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ClamAV Protector
ClamAV Protector is a lightweight, user-level real-time file monitoring script for Linux desktops.
It performs an initial recursive scan of selected directories at startup and then continuously monitors them for new or modified files using
inotify. Files are scanned with ClamAV only once per unique content using a hash-based database, avoiding unnecessary rescans.When malware is detected, the infected file is moved to a secure quarantine directory, renamed with a timestamp, stripped of executable permissions, and the user is notified via desktop notifications.
Features
Requirements
Usage
Make the script executable:
Run it manually:
Or configure it to start automatically at login (recommended).