Differences

This shows you the differences between two versions of the page.

--- linux_wiki:clamav [2018/03/23 15:28]
billdozor [Operation]
+++ linux_wiki:clamav [2019/05/25 23:50]
@@ Line 1: / Line 1: @@
-====== Clamav ======
-**General Information**
-ClamAV is "an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats."
-Official Site: [[http://www.clamav.net/index.html]]
-**Checklist**
-  * Distro(s): Enterprise Linux 6
-  * Repo: EPEL
-----
-====== Installation ======
-  * Add the [[linux_wiki:repos#epel|EPEL repo]].
-  * Install ClamAV<code bash>yum -y install clamav</code>
-----
-====== Configuration ======
-===== freshclam =====
-Virus definition updater for ClamAV.
-    * Config: /etc/freshclam.conf
-    * Daily Cron: /etc/cron.daily/freshclam
-/etc/freshclam.conf - Ensure Database Mirrors are correct
-<code bash>
-DatabaseMirror db.us.clamav.net
-DatabaseMirror db.local.clamav.net
-</code>
-If you have a Squid proxy
-<code bash>
-HTTPProxyServer myserverhostname
-HTTPProxyPort 3128
-</code>
-Run manual virus updates
-<code bash>
-freshclam -v
-</code>
-----
-====== Operation ======
-===== Application Users =====
-ClamAV software runs as non-privileged user(s).
-**EL 6**
-  * Freshclam runs as: clam
-  * Clamd runs as: clam
-**EL 7**
-  * Freshclam runs as: clamupdate
-  * Clamd runs as: clamscan
-----
-===== clamscan =====
-Clamscan is the utility that scans files and directories for viruses.
-Scan a single file
-<code bash>
-clamscan myfile
-</code>
-Scan the current working directory
-<code bash>
-clamscan
-</code>
-Scan a directory recursively
-<code bash>
-clamscan -r /home/rjones
-</code>
-Scan a stream
-<code bash>
-cat myfile | clamscan -
-</code>
-Clamscan return codes
-  * 0 => no virus found
-  * 1 => virus(es) found
-  * 2 => Some error(s) occured
-----
-===== clamdscan =====
-The clamd service allows for faster scanning of directories and files.
-One off system scan of /home using clamdscan<code bash>/usr/bin/time nice clamdscan --fdpass --log=/root/clamdscan-report-$(date +%Y%m%d) /home</code>
-  * /usr/bin/time => Times how long the scan takes
-  * nice => Less CPU priority for the scan
-  * --fdpass => Pass file descriptor permissions to clamd (allows for a faster scan when clamd is running as a different user)
-  * --log=/root/clamdscan-report-$(date +%Y%m%d) => Create log file here
-----
-===== Whitelist Files/Signatures =====
-Whitelisting files/signatures allows for ClamAV to ignore them during scans.
-\\
-==== Whitelist a File ====
-To whitelist a file:
-  * Generate a md5 signature for the file and append it to the file whitelist<code bash>sigtool --md5 /data/testfile >> /var/lib/clamav/whitelist-files.fp</code>
-    * The entry will look like this<code bash>cat /var/lib/clamav/whitelist-files.fp
-d41d8cd98f00b204e9800998ecf8427e:0:testfile</code>
-      * Fields are -> MD5sum:Filesize:Comment
-\\
-==== Whitelist a Signature ====
-Whitelisting a signature should be performed with caution, as it has the potential to ignore legitimate virus's.
-To whitelist a signature and add the signature name:
-  * Edit the signature white list file<code bash>vim /var/lib/clamav/whitelist-signatures.ign2
-Signature.Ignore-1</code>
-----