Yiannis128 · February 17, 2025 20:14
diff --git a/clamonacc-log-notifier.sh b/clamonacc-log-notifier.sh
 #/usr/bin/env bash

 # If the logs contain duplicate entries, they should be ignored to avoid spamming the user
 # with duplicate notifications.
 IGNORE_DUPLICATES=true

 # Keeps track of the journal for virus found events and manually invokes the VirusEvent
 # script because of https://github.com/Cisco-Talos/clamav/issues/1062
 while IFS= read LINE;do
    if [[ $LINE == *"FOUND"* ]]; then
        # Check that there is no duplicate reports by ClamAV OnAccessScan (I don't know why
        # this happens)
        if [[ !"$IGNORE_DUPLICATES" && "$PREVIOUS_LINE" == "$LINE" ]]; then
            continue
        fi
        export CLAM_VIRUSEVENT_FILENAME=$(echo $LINE | cut -d : -f 1 | xargs)
        SIG=$(echo $LINE | cut -d : -f 2 | xargs)
        export CLAM_VIRUSEVENT_VIRUSNAME="${SIG/ FOUND/}"
        echo "ClamAV OnAccessScan Notifier: Found Signature $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"
        /opt/clamav/virus-event.sh
    fi
    PREVIOUS_LINE="$LINE"
 done
	#/usr/bin/env bash

	# If the logs contain duplicate entries, they should be ignored to avoid spamming the user
	# with duplicate notifications.
	IGNORE_DUPLICATES=true

	# Keeps track of the journal for virus found events and manually invokes the VirusEvent
	# script because of https://github.com/Cisco-Talos/clamav/issues/1062
	while IFS= read LINE;do
	if [[ $LINE == "FOUND" ]]; then
	# Check that there is no duplicate reports by ClamAV OnAccessScan (I don't know why
	# this happens)
	if [[ !"$IGNORE_DUPLICATES" && "$PREVIOUS_LINE" == "$LINE" ]]; then
	continue
	fi
	export CLAM_VIRUSEVENT_FILENAME=$(echo $LINE \| cut -d : -f 1 \| xargs)
	SIG=$(echo $LINE \| cut -d : -f 2 \| xargs)
	export CLAM_VIRUSEVENT_VIRUSNAME="${SIG/ FOUND/}"
	echo "ClamAV OnAccessScan Notifier: Found Signature $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"
	/opt/clamav/virus-event.sh
	fi
	PREVIOUS_LINE="$LINE"
	done