feat(setup): add anti-malware module with freshclam cron job

Adds clamav, clamtk, rkhunter, chkrootkit and installs a twice-daily /etc/cron.d/freshclam entry for automatic virus definition updates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 19:58:35 +02:00 · 2026-05-19 19:58:35 +02:00 · 33934f633d
parent c7511b750a
commit 33934f633d
2 changed files with 28 additions and 0 deletions
--- a/setup/install-modules.sh
+++ b/setup/install-modules.sh
@ -93,6 +93,7 @@ count_steps() {
    [[ "$sel" == *"llama-cpp"*       ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$sel" == *"open-webui"*      ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$sel" == *"claude"*          ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$sel" == *"anti-malware"*     ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$sel" == *"networking-cli"*  ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$sel" == *"disk-recovery"*   ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$sel" == *"himalaya"*        ]] && TOTAL=$(( TOTAL + 1 ))
@ -176,6 +177,7 @@ SELECTED=$(dialog --backtitle "$BACKTITLE" \
    "llama-cpp"       "llama.cpp         standalone inference CLI + server"      off \
    "open-webui"      "Open WebUI        browser UI for Ollama / LLM backends"  off \
    "claude"          "Claude Code       Anthropic CLI via npm"                 off \
    "anti-malware"    "Anti-Malware      clamav · clamtk · rkhunter · chkrootkit" off \
    "networking-cli"  "Networking CLI    nmap · nethogs · mitmproxy · httpie"  off \
    "disk-recovery"   "Disk Recovery     ddrescue · f3"                         off \
    "himalaya"        "Himalaya          terminal email client (AUR)"           off \
@ -241,6 +243,7 @@ SUMMARY=""
 [[ "$SELECTED" == *"llama-cpp"*      ]] && SUMMARY+="  ✦ llama.cpp\n"
 [[ "$SELECTED" == *"open-webui"*     ]] && SUMMARY+="  ✦ Open WebUI\n"
 [[ "$SELECTED" == *"claude"*         ]] && SUMMARY+="  ✦ Claude Code\n"
 [[ "$SELECTED" == *"anti-malware"*   ]] && SUMMARY+="  ✦ Anti-Malware (clamav, clamtk, rkhunter, chkrootkit)\n"
 [[ "$SELECTED" == *"networking-cli"* ]] && SUMMARY+="  ✦ Networking CLI (nmap, nethogs, mitmproxy, httpie)\n"
 [[ "$SELECTED" == *"disk-recovery"*  ]] && SUMMARY+="  ✦ Disk Recovery (ddrescue, f3)\n"
 [[ "$SELECTED" == *"himalaya"*       ]] && SUMMARY+="  ✦ Himalaya\n"
@ -307,6 +310,7 @@ DE_DIR="$MODULES/Desktop-Environments"
 [[ "$SELECTED" == *"llama-cpp"*      ]] && run_module "llama.cpp"         "$APPS/llama-cpp.sh"
 [[ "$SELECTED" == *"open-webui"*     ]] && run_module "Open WebUI"        "$APPS/open-webui.sh"
 [[ "$SELECTED" == *"claude"*         ]] && run_module "Claude Code"       "$APPS/claude.sh"
 [[ "$SELECTED" == *"anti-malware"*   ]] && run_module "Anti-Malware"      "$APPS/anti-malware.sh"
 [[ "$SELECTED" == *"networking-cli"* ]] && run_module "Networking CLI"    "$APPS/networking-cli.sh"
 [[ "$SELECTED" == *"disk-recovery"*  ]] && run_module "Disk Recovery"     "$APPS/disk-recovery.sh"
 [[ "$SELECTED" == *"himalaya"*       ]] && run_module "Himalaya"          "$APPS/himalaya.sh"
--- a/setup/modules/optional-Modules/apps/anti-malware.sh
+++ b/setup/modules/optional-Modules/apps/anti-malware.sh
@ -0,0 +1,24 @@
 #!/bin/bash
 set -euo pipefail
 sudo pacman -S --noconfirm --needed \
    clamav clamtk rkhunter
 yay -S --aur --noconfirm --needed chkrootkit
 # initialise ClamAV database (first run)
 if [[ ! -f /var/lib/clamav/main.cvd ]] && [[ ! -f /var/lib/clamav/main.cld ]]; then
    echo "Running initial freshclam..."
    sudo freshclam
 fi
 # cron job: update virus definitions twice a day
 CRON_FILE=/etc/cron.d/freshclam
 if [[ ! -f "$CRON_FILE" ]]; then
    echo "Installing freshclam cron job..."
    sudo tee "$CRON_FILE" > /dev/null <<'EOF'
 # Update ClamAV virus definitions twice a day
 0 */12 * * * root /usr/bin/freshclam --quiet 2>/dev/null
 EOF
    sudo chmod 644 "$CRON_FILE"
 fi