#!/bin/bash

# Define directories to scan
DIRECTORIES=("/home" "/etc" "/var" "/usr" "/tmp" "/opt" "/srv")

# Define known malware signatures
SIGNATURES=("eicar_test_file.com" "Linux.Rst-B" "Phalanx" "Lupper" "Adore" "Kaiten" "Linux.Backdoor.Linux.Ebury" "Linux.Darlloz" "Linux.Encoder")



# Log file for scan results
LOGFILE="/var/log/antivirus_scan.log"

# ANSI color codes
RED='\033[0;31m'
NC='\033[0m' # No Color

# Function to scan files
scan_file() {
    local file="$1"
    local filename=$(basename "$file")  # Extract filename
    local found=0

    # Check if the file is a binary file
    if [[ $(file -b --mime-type "$file" 2>/dev/null) == "application/octet-stream" ]]; then
        echo "Skipping binary file (detected by file command): $file"
        return
    fi

    echo "Scanning file: $file"

    # Read file content
    local content
    content=$(<"$file")

    # Check for each signature
    for signature in "${SIGNATURES[@]}"; do
        if grep -q "$signature" <<< "$content" || [[ "$filename" == *"$signature"* ]]; then
            echo -e "${RED}[INFECTED] $file contains $signature${NC}"
            echo "[INFECTED] $file contains $signature" >> "$LOGFILE"
            found=1
            break
        fi
    done

    # Log clean file if no signature found
    if [ $found -eq 0 ]; then
        echo "[CLEAN] $file"
        echo "[CLEAN] $file" >> "$LOGFILE"
    fi
}

# Function to scan directories
scan_directory() {
    local directory="$1"
    echo "Scanning directory: $directory"
    echo "Scanning directory: $directory" >> "$LOGFILE"
    find "$directory" -type f | while read -r file; do
        scan_file "$file"
    done
}

# Main scanning loop
echo "Starting antivirus scan..."
echo "Starting antivirus scan..." > "$LOGFILE"
for directory in "${DIRECTORIES[@]}"; do
    if [ -d "$directory" ]; then
        scan_directory "$directory"
    else
        echo "[ERROR] Directory $directory does not exist."
        echo "[ERROR] Directory $directory does not exist." >> "$LOGFILE"
    fi
done
echo "Antivirus scan completed."
echo "Antivirus scan completed." >> "$LOGFILE"

exit 0
