CAVLite is a wrapper around ClamAV and Lynis designed specifically for servers with limited resources (e.g., 4GB RAM or less). It orchestrates the scanning process to ensure maximum memory efficiency without sacrificing security.

The standard clamscan utility is resource-intensive. Every time it runs, it loads the entire virus database (600MB–900MB+) into RAM, performs the scan, and then unloads it. On a server with limited memory, this sudden spike can cause:

• System slowdowns.
• OOM (Out of Memory) kills.
• Service interruptions.

CAVLite solves this by using clamd (the ClamAV daemon) intelligently. Instead of letting clamscan load the DB repeatedly or keeping clamd running 24/7 (wasting RAM when not scanning), CAVLite:

1. Starts the daemon only when a scan is requested.
2. Uses the daemon (via clamdscan) to scan efficiently.
3. Stops the daemon immediately after the scan to free up resources.

This approach gives you the speed of the daemon without the permanent memory footprint.

CAVLite performs a security audit by :

1. Checks: Verifies root privileges and ensures no other scan is running.
2. Daemon Startup & Config: Starts clamav-daemon and injects exclusion paths dynamically into /etc/clamav/clamd.conf.
3. Security Scan:
   • Runs ClamAV using the daemon to scan files, respecting the injected exclusions.
   • Moves infected files to the quarantine directory (/var/quarantine by default).
   • Runs Lynis for a system-wide security audit.
4. Cleanup: Stops clamav-daemon and cleans up the configuration file to restore original state.
5. Reporting: Generates a summary log and sends a notification (if configured).

You can install CAVLite with a single command:

curl -fsSL https://raw.githubusercontent.com/HexmosTech/CAVLite/main/install.sh | sudo bash

To install a specific version (e.g., v0.0.2), run:

curl -fsSL https://raw.githubusercontent.com/HexmosTech/CAVLite/main/install.sh | sudo bash -s -- --v0.0.2

This script will:

• Check for dependencies (python3, curl, clamav, lynis).
• Install CAVLite to /usr/local/bin/CAVLite.
• Install helper scripts and configurations.
• Configure ClamAV with optimized settings.

Run CAVLite as root:

sudo CAVLite [COMMAND]

Configuration is loaded from /etc/CAVLite/CAVLite.conf.

# /etc/cavlite/cavlite.conf

# Discord Webhook URL for notifications
WEBHOOK_URL="https://discord.com/api/webhooks/..."

# Root Directory to scan
SCAN_PATH="/" 

# Directory to move infected files
QUARANTINE_DIR="/var/quarantine"

# Paths to exclude from scanning (Space separated elements)
EXCLUDE_PATHS=("/proc")

# Log Configuration
# Logs are moved to day-based files (e.g., monday.log) in this directory
LOG_FILE="/var/log/cavlite"

# Enable/Disable Scanners
LYNIS=True
CLAMDSCAN=True

CAVLite automatically manages log files based on the day of the week.

• Logs are stored in the directory specified by LOG_FILE (default: /var/log/cavlite).
• Files are named monday.log, tuesday.log, etc.
• Logs are overwritten weekly (e.g., next Monday's scan overwrites the previous Monday's log).

Hexmos

This project is licensed under the MIT License - see the LICENSE file for details.