This is an old revision of the document!
Clamav
General Information
ClamAV is “an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats.”
Official Site: http://www.clamav.net/index.html
Checklist
- Distro(s): Enterprise Linux 6
- Repo: EPEL
Installation
- Add the EPEL repo.
- Install ClamAV
yum -y install clamav
Configuration
freshclam
Virus definition updater for ClamAV.
- Config: /etc/freshclam.conf
- Daily Cron: /etc/cron.daily/freshclam
/etc/freshclam.conf - Ensure Database Mirrors are correct
DatabaseMirror db.us.clamav.net DatabaseMirror db.local.clamav.net
If you have a Squid proxy
HTTPProxyServer myserverhostname
HTTPProxyPort 3128
Run manual virus updates
freshclam -v
Operation
clamscan
Clamscan is the utility that scans files and directories for viruses.
Scan a single file
clamscan myfile
Scan the current working directory
clamscan
Scan a directory recursively
clamscan -r /home/rjones
Scan a stream
cat myfile | clamscan -
Clamscan return codes
- 0 ⇒ no virus found
- 1 ⇒ virus(es) found
- 2 ⇒ Some error(s) occured
clamdscan
The clamd service allows for faster scanning of directories and files.
One off system scan of /home using clamdscan
/usr/bin/time nice clamdscan --fdpass --log=/root/clamdscan-report-$(date +%Y%m%d) /home
- /usr/bin/time ⇒ Times how long the scan takes
- nice ⇒ Less CPU priority for the scan
- –fdpass ⇒ Pass file descriptor permissions to clamd (allows for a faster scan when clamd is running as a different user)
- –log=/root/clamdscan-report-$(date +%Y%m%d) ⇒ Create log file here