I´m currently writing a script that checks USB Sticks for malicious files that runs on a Raspberry Pi.
For AV Checking I´m using clamscan like this:
clamscan --infected --allmatch --detect-pua --block-macros --recursive --block-encrypted $start_directory
where $start_directory is the mount point of the USB-Drive.
clamscan has a --move option for infected files. But how can I automatically copy files that clamscan tests as OK to a desired directory?
I don't think there is a negate option clamscan so you could
do something like
declare -a infectedlist=( $(clamscan --infected --allmatch --detect-pua --block-macros --recursive --block-encrypted "$start_directory") )
shopt -s globstar
for i in "$start_directory"/**
do
[[ ! -f "$i" ]] && continue # If not a file then next item !!
found=0
for j in "${infectedlist[@]}"
do
[[ "$i" = "$j" ]] && found=1
done
[ "$found" -eq 0 ] && mv "$i" /desired/directory
done
shopt -u globstar #unset globstar
As a sidenote doublequote the variables ie do "$start_directory" to avoid word splitting.