Simple Script Analysis

Simple Script Analysis

If you are new to Linux (or any Unix, like Apple BSD – yes…Apple OS is based on BSD and has a command line terminal option too),

you may not be aware how many switches some commands can have or how to find them.

The simple equivalent of scripts in older Windows is a Batch file (.bat) or Command file (.com) which is a list of shell commands that get run in order.

The man command (for user manual), is the best place for a detailed cmd description for most linux commands (not all have been documented) with options and maybe examples, or try using the –h or –-help switch on any command for a quick look at its options.

This will become clearer below if you are lost already.

The last Post covered a simple but useful script to send a report by mail, after a directory scan by ClamAV.

So how does it work?

The script is between the lines:



rm -f /root/clamscan-report.log

/usr/bin/clamscan -i -r /home/ –move=/tmp/virusfile/ -l clamscan-report.log

cat clamscan-report.log | mail -s "Clamscan Report from HPbox"


So what is this script doing? Commands are in blue, screen output is in red.

line1:     /usr/bin/freshclam

This starts freshclam which updates the clamav sigs database:

root@HPbox:~# /usr/bin/freshclam

ClamAV update process started at Tue Apr 8 17:46:32 2014

main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)

daily.cld is up to date (version: 18756, sigs: 874769, f-level: 63, builder: neo)

bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)

line2     rm -f /root/clamscan-report.log

This force removes the previous clamscan-report.log from the root folder. Check its contents:

root@HPbox:~# ls /root/

.aptitude/ .gnome2/ .rnd .xsession-errors

.bash_history .config/ .gnome2_private/ Some

.bashrc .dbus/ .gvfs/ .ssh/

.cache/ Desktop/ .pki/ .viminfo

clamscan-report.log .gconf/ .profile .Xauthority

root@HPbox:~# rm –help

Usage: rm [OPTION]… FILE…

Remove (unlink) the FILE(s).

-f, –force ignore nonexistent files, never prompt

-i prompt before every removal

-I prompt once before removing more than three files, or

when removing recursively. Less intrusive than -i,

while still giving protection against most mistakes

–interactive[=WHEN] prompt according to WHEN: never, once (-I), or

always (-i). Without WHEN, prompt always

–one-file-system when removing a hierarchy recursively, skip any

directory that is on a file system different from

that of the corresponding command line argument

–no-preserve-root do not treat /' specially

--preserve-root do not remove /' (default)

-r, -R, –recursive remove directories and their contents recursively

-v, –verbose explain what is being done

–help display this help and exit

–version output version information and exit

By default, rm does not remove directories. Use the –recursive (-r or -R)

option to remove each listed directory, too, along with all of its contents.

To remove a file whose name starts with a -', for example -foo',

use one of these commands:

rm — -foo

rm ./-foo

Note that if you use rm to remove a file, it might be possible to recover

some of its contents, given sufficient expertise and/or time. For greater

assurance that the contents are truly unrecoverable, consider using shred.

Report rm bugs to

GNU coreutils home page: <>

General help using GNU software: <>

For complete documentation, run: info coreutils 'rm invocation'

line3 part 1     /usr/bin/clamscan -i -r /home/

This scans the /home/ directory recursively (-r), and only prints infected files found (-i)

root@HPbox:~# clamscan -h

Clam AntiVirus Scanner 0.98.1

By The ClamAV Team:

(C) 2007-2009 Sourcefire, Inc.


–help -h Print this help screen

–version -V Print version number

–verbose -v Be verbose

–archive-verbose -a Show filenames inside scanned archives

–debug Enable libclamav's debug messages

–quiet Only output error messages

–stdout Write to stdout instead of stderr

–no-summary Disable summary at end of scanning

–infected -i Only print infected files

–recursive[=yes/no(*)] -r Scan subdirectories recursively

line3 part 2     /usr/bin/clamscan -i -r /home/ –move=/tmp/virusfile/ -l clamscan-report.log

The –move switch of clamscan moves the infected files to a "quarantine" directory = /tmp/virusfile/

root@HPbox:~# clamscan -h

–move=DIRECTORY Move infected files into DIRECTORY

The -l switch writes a log text file named clamscan-report.log (in this case) which is created in root's home directory (as clamscan was run as root in this case).

line4     cat clamscan-report.log | mail -s "Clamscan Report"

As the clamscan-report.log has now been created in the root (current root user) directory by line 3, part2, it is first opened (streamed serially start to end of file) by cat (concatenate).

man cat


Concatenate FILE(s), or standard input, to standard output.

The cat output is piped ( | )as input to the mail cmd, (already seen as mailx in the LMD Post) and becomes the mail message body.

man mail


mail, mailx, Mail â send and receive mail

The -s switch is followed by the mail Subject text in "apostrophes":

-s subject

Specify subject on command line (only the first argument after

the -s flag is used as a subject; be careful to quote subjects

containing spaces). 

The recipient email address is the last part that mail sends to (calling all the mail script code parameters setup during the Exim dpkg-reconfigure process to make Exim a smarthost client, so it knows how to talk and authenticate to Gmail on port 587 etc.).

The recipient(s) do not need a switch in this case, just a space (de-limiter), and more recipients can be added separated by another space.

As you can see, even a small 4 line script that just uses individual commands stacked together can accomplish a lot.