linux_wiki:clamav

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux_wiki:clamav [2018/03/23 15:28]
billdozor [Operation]
linux_wiki:clamav [2019/05/25 23:50] (current)
Line 5: Line 5:
 ClamAV is "an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats." ClamAV is "an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats."
  
-Official Site: [[http://www.clamav.net/index.html]]+  * Official Site: [[http://www.clamav.net/index.html]] 
 +  * Virus Database Mail List Archives: http://www.gossamer-threads.com/lists/clamav/virusdb/ 
 +  * User Mailing List Archives: http://www.gossamer-threads.com/lists/clamav/users/
  
 **Checklist** **Checklist**
Line 14: Line 16:
  
 ====== Installation ====== ====== Installation ======
 +
 +Installing ClamAV.
  
   * Add the [[linux_wiki:repos#epel|EPEL repo]].   * Add the [[linux_wiki:repos#epel|EPEL repo]].
-  * Install ClamAV<code bash>yum -install clamav</code>+  * Install ClamAV Scanner and Auto Updater (Freshclam) 
 +    * EL 6<code bash>yum install clamav</code> 
 +    * EL 7<code bash>yum install clamav clamav-update</code> 
 +  * Install ClamAV's Scanning Daemon (clamd) 
 +    * EL 6<code bash>yum install clamd</code> 
 +    * EL 7<code bash>yum install clamav-scanner-systemd</code>
  
 ---- ----
  
 ====== Configuration ====== ====== Configuration ======
 +
 +Configuring ClamAV.
 +
 +----
  
 ===== freshclam ===== ===== freshclam =====
Line 49: Line 62:
 ====== Operation ====== ====== Operation ======
  
 +Using ClamAV.
  
 +----
  
 ===== Application Users ===== ===== Application Users =====
Line 62: Line 77:
   * Freshclam runs as: clamupdate   * Freshclam runs as: clamupdate
   * Clamd runs as: clamscan   * Clamd runs as: clamscan
 +
 +----
 +
 +===== Service =====
 +
 +Freshclam is NOT a service. It is run via a daily cron script.
 +
 +\\
 +Clamd (the scanning daemon) is run as a service. It does not scan anything by itself unless "on access scanning" is enabled.
 +  * To scan certain directories regularly, either enable on access scanning, or create a cron that runs clamdscan against directories.
 +
 +**Enable On Boot**
 +
 +Service is enabled on boot
 +  * EL6<code bash>chkconfig clamd on</code>
 +  * EL7<code bash>systemctl enable clamd@scan</code>
 +
 +**Service Status**
 +
 +  * EL6<code bash>service clamd status</code>
 +  * EL7<code bash>systemctl status clamd@scan</code>
 +
 +**Service Start**
 +
 +  * EL6<code bash>service clamd start</code>
 +  * EL7<code bash>systemctl start clamd@scan</code>
 +
 +**Service Stop**
 +
 +  * EL6<code bash>service clamd stop</code>
 +  * EL7<code bash>systemctl stop clamd@scan</code>
 +
 +----
 +
 +===== Log Files =====
 +
 +Log files are located: 
 +    * Freshclam
 +      * EL 6: /var/log/clamav/freshclam.log
 +      * EL 7: /var/log/freshclam.log
 +    * Clamd
 +      * EL 6: /var/log/clamav/clamd.log
 +      * EL 7: /var/log/clamd.scan
 +
 +===== Other Files =====
 +
 +  * **Freshclam (Virus Definitions Database Updater)**
 +    * Application: freshclam (/usr/bin/freshclam)
 +    * Configuration: /etc/freshclam.conf 
 +    * Auto Update job: /etc/cron.daily/freshclam
 +
 +  * **Scanning Daemon (clamd)**
 +    * Configuration:
 +      * EL 6: /etc/clamd.conf
 +      * EL 7: /etc/clamd.d/scan.conf
 +
 +  * **ClamAV Databases**: /var/lib/clamav
 +    * bytecode.cvd - detailed bytecode signatures database for virus detection
 +    * daily.cld - daily definition database from deltas build throughout the day
 +    * main.cvd - main database of definitions
  
 ---- ----
Line 105: Line 180:
   * --fdpass => Pass file descriptor permissions to clamd (allows for a faster scan when clamd is running as a different user)   * --fdpass => Pass file descriptor permissions to clamd (allows for a faster scan when clamd is running as a different user)
   * --log=/root/clamdscan-report-$(date +%Y%m%d) => Create log file here   * --log=/root/clamdscan-report-$(date +%Y%m%d) => Create log file here
 +
 +----
 +
 +===== Scan Regularly with clamdscan =====
 +
 +To scan systems regularly, use clamdscan and either
 +  * Enable on access scanning
 +  * Create a cron to launch clamdscan
 +
 +Example: Enable on access scanning
 +  * FIXME -> Show this example
 +
 +Example: Create a cron to launch clamdscan
 +  * FIXME -> Show this example
  
 ---- ----
  • linux_wiki/clamav.1521833315.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)