[clamav-users] Question on GUI notifications of virus detection
Bryan C. Everly
bryan at bceassociates.com
Mon Jun 19 17:49:18 UTC 2017
Hi all,
I am running Arch Linux with ClamAV 0.99.2 on a Thinkpad X1 Carbon
(Skylake) using xorg and Gnome3. Anyhow, I have the ScanOnAccess
stuff configured to where the system will detect any activity on my
EICAR test file. My configuration is below:
LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /var/lib/clamav/clamd.sock
User root
ScanOnAccess yes
OnAccessMountPath /home
OnAccessPrevention yes
OnAccessExtraScanning yes
OnAccessExcludeUID 0
VirusEvent /opt/clamav-utils/clamd-response
My /opt/clamav-utils/clamd-response file is where I'm running into
trouble. I'd like to use it to trigger a GUI alert on my screen;
however, no matter what I do I cannot seem to get that to work. If I
run the script by hand (even with sudo) it works like a champ;
however, even though it is being ran (because I see the log activity
and the test file is deleted), I cannot for the life of me get it to
show anything on the screen. Here's the script:
#!/bin/sh
DISPLAY=:0.0
XAUTHORITY=/home/bceverly/.Xauthority
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
zenity --error --title="ClamAV Alert" --text "Virus Found
$CLAM_VIRUSEVENT_VIRUSNAME. $CLAM_VIRUSEVENT_FILENAME has been
removed"
#sudo -u DISPLAY=:0.0 /usr/bin/notify-send -u critical "Virus Found
$CLAM_VIRUSEVENT_VIRUSNAME" "$CLAM_VIRUSEVENT_FILENAME has been
removed"
echo "$(date) - $CLAM_VIRUSEVENT_VIRUSNAME >
$CLAM_VIRUSEVENT_FILENAME" >> /var/log/clamav/infected.log
rm $CLAM_VIRUSEVENT_FILENAME
I've tried it with both zenity and notify-send and get the same
results. I have a feeling there is some xorg fu that I need to do and
am just too ignorant to pull it off. Any help would be massively
appreciated!
Thanks,
Bryan
More information about the clamav-users
mailing list