Differences
This shows you the differences between two versions of the page.
linux_wiki:clamav [2018/04/09 00:46] billdozor [Service] |
linux_wiki:clamav [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Clamav ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | ClamAV is "an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats." | ||
- | |||
- | * Official Site: [[http:// | ||
- | * Virus Database Mail List Archives: http:// | ||
- | * User Mailing List Archives: http:// | ||
- | |||
- | **Checklist** | ||
- | * Distro(s): Enterprise Linux 6 | ||
- | * Repo: EPEL | ||
- | |||
- | ---- | ||
- | |||
- | ====== Installation ====== | ||
- | |||
- | Installing ClamAV. | ||
- | |||
- | * Add the [[linux_wiki: | ||
- | * Install ClamAV Scanner and Auto Updater (Freshclam) | ||
- | * EL 6<code bash>yum install clamav</ | ||
- | * EL 7<code bash>yum install clamav clamav-update</ | ||
- | * Install ClamAV' | ||
- | * EL 6<code bash>yum install clamd</ | ||
- | * EL 7<code bash>yum install clamav-scanner-systemd</ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configuration ====== | ||
- | |||
- | Configuring ClamAV. | ||
- | |||
- | ---- | ||
- | |||
- | ===== freshclam ===== | ||
- | |||
- | Virus definition updater for ClamAV. | ||
- | * Config: / | ||
- | * Daily Cron: / | ||
- | |||
- | / | ||
- | <code bash> | ||
- | DatabaseMirror db.us.clamav.net | ||
- | DatabaseMirror db.local.clamav.net | ||
- | </ | ||
- | |||
- | If you have a Squid proxy | ||
- | <code bash> | ||
- | HTTPProxyServer myserverhostname | ||
- | HTTPProxyPort 3128 | ||
- | </ | ||
- | |||
- | Run manual virus updates | ||
- | <code bash> | ||
- | freshclam -v | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Operation ====== | ||
- | |||
- | Using ClamAV. | ||
- | |||
- | ---- | ||
- | |||
- | ===== Application Users ===== | ||
- | |||
- | ClamAV software runs as non-privileged user(s). | ||
- | |||
- | **EL 6** | ||
- | * Freshclam runs as: clam | ||
- | * Clamd runs as: clam | ||
- | |||
- | **EL 7** | ||
- | * Freshclam runs as: clamupdate | ||
- | * Clamd runs as: clamscan | ||
- | |||
- | ---- | ||
- | |||
- | ===== Service ===== | ||
- | |||
- | Freshclam is NOT a service. It is run via a daily cron script. | ||
- | |||
- | \\ | ||
- | Clamd (the scanning daemon) is run as a service. It does not scan anything by itself unless "on access scanning" | ||
- | * To scan certain directories regularly, either enable on access scanning, or create a cron that runs clamdscan against directories. | ||
- | |||
- | **Enable On Boot** | ||
- | |||
- | Service is enabled on boot | ||
- | * EL6<code bash> | ||
- | * EL7<code bash> | ||
- | |||
- | **Service Status** | ||
- | |||
- | * EL6<code bash> | ||
- | * EL7<code bash> | ||
- | |||
- | **Service Start** | ||
- | |||
- | * EL6<code bash> | ||
- | * EL7<code bash> | ||
- | |||
- | **Service Stop** | ||
- | |||
- | * EL6<code bash> | ||
- | * EL7<code bash> | ||
- | |||
- | ---- | ||
- | |||
- | ===== Log Files ===== | ||
- | |||
- | Log files are located: | ||
- | * Freshclam | ||
- | * EL 6: / | ||
- | * EL 7: / | ||
- | * Clamd | ||
- | * EL 6: / | ||
- | * EL 7: / | ||
- | |||
- | ===== Other Files ===== | ||
- | |||
- | * **Freshclam (Virus Definitions Database Updater)** | ||
- | * Application: | ||
- | * Configuration: | ||
- | * Auto Update job: / | ||
- | |||
- | * **Scanning Daemon (clamd)** | ||
- | * Configuration: | ||
- | * EL 6: / | ||
- | * EL 7: / | ||
- | |||
- | * **ClamAV Databases**: | ||
- | * bytecode.cvd - detailed bytecode signatures database for virus detection | ||
- | * daily.cld - daily definition database from deltas build throughout the day | ||
- | * main.cvd - main database of definitions | ||
- | |||
- | ---- | ||
- | |||
- | ===== clamscan ===== | ||
- | |||
- | Clamscan is the utility that scans files and directories for viruses. | ||
- | |||
- | Scan a single file | ||
- | <code bash> | ||
- | clamscan myfile | ||
- | </ | ||
- | |||
- | Scan the current working directory | ||
- | <code bash> | ||
- | clamscan | ||
- | </ | ||
- | |||
- | Scan a directory recursively | ||
- | <code bash> | ||
- | clamscan -r / | ||
- | </ | ||
- | |||
- | Scan a stream | ||
- | <code bash> | ||
- | cat myfile | clamscan - | ||
- | </ | ||
- | |||
- | Clamscan return codes | ||
- | * 0 => no virus found | ||
- | * 1 => virus(es) found | ||
- | * 2 => Some error(s) occured | ||
- | |||
- | ---- | ||
- | |||
- | ===== clamdscan ===== | ||
- | |||
- | The clamd service allows for faster scanning of directories and files. | ||
- | |||
- | One off system scan of /home using clamdscan< | ||
- | * / | ||
- | * nice => Less CPU priority for the scan | ||
- | * --fdpass => Pass file descriptor permissions to clamd (allows for a faster scan when clamd is running as a different user) | ||
- | * --log=/ | ||
- | |||
- | ---- | ||
- | |||
- | ===== Whitelist Files/ | ||
- | |||
- | Whitelisting files/ | ||
- | |||
- | \\ | ||
- | ==== Whitelist a File ==== | ||
- | |||
- | To whitelist a file: | ||
- | * Generate a md5 signature for the file and append it to the file whitelist< | ||
- | * The entry will look like this< | ||
- | |||
- | d41d8cd98f00b204e9800998ecf8427e: | ||
- | * Fields are -> MD5sum: | ||
- | |||
- | \\ | ||
- | ==== Whitelist a Signature ==== | ||
- | |||
- | Whitelisting a signature should be performed with caution, as it has the potential to ignore legitimate virus' | ||
- | |||
- | To whitelist a signature and add the signature name: | ||
- | * Edit the signature white list file< | ||
- | |||
- | Signature.Ignore-1</ | ||
- | |||
- | ---- | ||