Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:clamav [2016/03/18 23:15] billdozor [Clamav] |
linux_wiki:clamav [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 5: | Line 5: | ||
ClamAV is "an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats." | ClamAV is "an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats." | ||
- | Official Site: [[http:// | + | * Official Site: [[http:// |
+ | * Virus Database Mail List Archives: http:// | ||
+ | * User Mailing List Archives: http:// | ||
**Checklist** | **Checklist** | ||
Line 15: | Line 17: | ||
====== Installation ====== | ====== Installation ====== | ||
- | | + | Installing ClamAV. |
- | * Install ClamAV< | + | |
+ | | ||
+ | * Install ClamAV | ||
+ | * EL 6<code bash> | ||
+ | * EL 7<code bash>yum install clamav clamav-update</ | ||
+ | * Install ClamAV' | ||
+ | * EL 6<code bash>yum install clamd</ | ||
+ | * EL 7<code bash> | ||
---- | ---- | ||
====== Configuration ====== | ====== Configuration ====== | ||
+ | |||
+ | Configuring ClamAV. | ||
+ | |||
+ | ---- | ||
===== freshclam ===== | ===== freshclam ===== | ||
Line 42: | Line 55: | ||
Run manual virus updates | Run manual virus updates | ||
<code bash> | <code bash> | ||
- | freshclam | + | freshclam |
</ | </ | ||
Line 48: | Line 61: | ||
====== Operation ====== | ====== Operation ====== | ||
+ | |||
+ | Using ClamAV. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Application Users ===== | ||
+ | |||
+ | ClamAV software runs as non-privileged user(s). | ||
+ | |||
+ | **EL 6** | ||
+ | * Freshclam runs as: clam | ||
+ | * Clamd runs as: clam | ||
+ | |||
+ | **EL 7** | ||
+ | * Freshclam runs as: clamupdate | ||
+ | * Clamd runs as: clamscan | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Service ===== | ||
+ | |||
+ | Freshclam is NOT a service. It is run via a daily cron script. | ||
+ | |||
+ | \\ | ||
+ | Clamd (the scanning daemon) is run as a service. It does not scan anything by itself unless "on access scanning" | ||
+ | * To scan certain directories regularly, either enable on access scanning, or create a cron that runs clamdscan against directories. | ||
+ | |||
+ | **Enable On Boot** | ||
+ | |||
+ | Service is enabled on boot | ||
+ | * EL6<code bash> | ||
+ | * EL7<code bash> | ||
+ | |||
+ | **Service Status** | ||
+ | |||
+ | * EL6<code bash> | ||
+ | * EL7<code bash> | ||
+ | |||
+ | **Service Start** | ||
+ | |||
+ | * EL6<code bash> | ||
+ | * EL7<code bash> | ||
+ | |||
+ | **Service Stop** | ||
+ | |||
+ | * EL6<code bash> | ||
+ | * EL7<code bash> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Log Files ===== | ||
+ | |||
+ | Log files are located: | ||
+ | * Freshclam | ||
+ | * EL 6: / | ||
+ | * EL 7: / | ||
+ | * Clamd | ||
+ | * EL 6: / | ||
+ | * EL 7: / | ||
+ | |||
+ | ===== Other Files ===== | ||
+ | |||
+ | * **Freshclam (Virus Definitions Database Updater)** | ||
+ | * Application: | ||
+ | * Configuration: | ||
+ | * Auto Update job: / | ||
+ | |||
+ | * **Scanning Daemon (clamd)** | ||
+ | * Configuration: | ||
+ | * EL 6: / | ||
+ | * EL 7: / | ||
+ | |||
+ | * **ClamAV Databases**: | ||
+ | * bytecode.cvd - detailed bytecode signatures database for virus detection | ||
+ | * daily.cld - daily definition database from deltas build throughout the day | ||
+ | * main.cvd - main database of definitions | ||
+ | |||
+ | ---- | ||
===== clamscan ===== | ===== clamscan ===== | ||
Line 77: | Line 168: | ||
* 1 => virus(es) found | * 1 => virus(es) found | ||
* 2 => Some error(s) occured | * 2 => Some error(s) occured | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== clamdscan ===== | ||
+ | |||
+ | The clamd service allows for faster scanning of directories and files. | ||
+ | |||
+ | One off system scan of /home using clamdscan< | ||
+ | * / | ||
+ | * nice => Less CPU priority for the scan | ||
+ | * --fdpass => Pass file descriptor permissions to clamd (allows for a faster scan when clamd is running as a different user) | ||
+ | * --log=/ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Scan Regularly with clamdscan ===== | ||
+ | |||
+ | To scan systems regularly, use clamdscan and either | ||
+ | * Enable on access scanning | ||
+ | * Create a cron to launch clamdscan | ||
+ | |||
+ | Example: Enable on access scanning | ||
+ | * FIXME -> Show this example | ||
+ | |||
+ | Example: Create a cron to launch clamdscan | ||
+ | * FIXME -> Show this example | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Whitelist Files/ | ||
+ | |||
+ | Whitelisting files/ | ||
+ | |||
+ | \\ | ||
+ | ==== Whitelist a File ==== | ||
+ | |||
+ | To whitelist a file: | ||
+ | * Generate a md5 signature for the file and append it to the file whitelist< | ||
+ | * The entry will look like this< | ||
+ | |||
+ | d41d8cd98f00b204e9800998ecf8427e: | ||
+ | * Fields are -> MD5sum: | ||
+ | |||
+ | \\ | ||
+ | ==== Whitelist a Signature ==== | ||
+ | |||
+ | Whitelisting a signature should be performed with caution, as it has the potential to ignore legitimate virus' | ||
+ | |||
+ | To whitelist a signature and add the signature name: | ||
+ | * Edit the signature white list file< | ||
+ | |||
+ | Signature.Ignore-1</ | ||
---- | ---- | ||