Email/SYSLOG notifications for ClamAV


#1

Hi all

We are currently looking at OwnCloud Uninvention Edition as a file sharing solution, we have installed ClamAV and have tested uploading the EICAR test string which is detected and blocked as expected. What we really need is some additional actions for this event, ideally to send an email to a specified address and also to send a SYSLOG to a designated SYSLOG server in our environment.

Can anyone offer any advice or point us in the general direction as to how we might achieve this?

Thanks for your help…


#2

I don’t think it’s possible with the current code, maybe @vicdeo knows better. You might want to open a feature request in https://github.com/owncloud/files_antivirus/issues or submit a pull request if you want to do it yourself.

As a workaround, I think you can use your own command wrapper and use it in ownCloud. Basically, your script should run the clamAV binary, check if there is any error and conditionally submit the email and log while returning the exit status of the clamAV binary.


#3

Thanks for taking time to respond. I’ve actually managed to get syslogs working from ownCloud by modifying the ownCloud config.php file to send all log file information to the built-in syslog client (RSYSLOG on this distribution). RSYSLOG is then configured to send these onto our SYSLOG server.
These ownCloud syslogs contain the logs from ClamAV including detection’s, from here we can utilise a monitoring platform to generate emails from the received syslogs.

I’m still testing at the moment but these seems to give us what we require.