wiki

User Tools

Site Tools

Trace:
linux:antivirus

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:antivirus [2025/05/16 09:46]
manu 		linux:antivirus [2025/05/16 10:55] (current)
manu
Line 64: Line 64:
 Start scanning: Start scanning:
   * One time: clamscan --recursive /   * One time: clamscan --recursive /
-  * Memory: clamscan --memory+  * Memory: clamscan --memory ​--infected
   * On access: clamonacc   * On access: clamonacc
  
 +Mail filtering configuration file is : clamav-milter.conf
  
-clamav-milter.conf+<cli prompt='#'>​ 
 +# clamscan --version 
 +ClamAV 0.103.2 
 +# clamscan --version 
 +ClamAV 1.0.8/​27636/​Tue May 13 10:40:46 2025 
 +</​cli>​ 
 + 
 + 
 +Only scan one file 
 +<cli prompt='#'>​ 
 +# clamscan Downloads/​LOS.zip 
 +</​cli>​ 
 +To check all files on the computer, displaying the name of each file: 
 +<cli prompt='#'>​ 
 +# clamscan -r / 
 +</​cli>​ 
 +To check all files on the computer, but only display infected files and ring a bell when found: 
 +<cli prompt='#'>​ 
 +# clamscan -r --bell -i / 
 +</​cli>​ 
 + 
 +To check files in the USER home directory and move infected files to another folder: 
 +<cli prompt='#'>​ 
 +# clamscan -r --move=/​home/​USER/​VIRUS /​home/​USER 
 +</​cli>​ 
 +To check files in the USER home directory and remove infected files (WARNING: Files are gone.): 
 +<cli prompt='#'>​ 
 +# clamscan -r --remove /​home/​USER 
 +</​cli>​ 
 +To scan all folders in your computer (except /sys): 
 +<cli prompt='#'>​ 
 +# clamscan -r -i --exclude-dir="​^/​sys"​ --bell /  
 +</​cli>​ 
 +To scan specific folders or files, you have to create a file in which you list out which files/​folders you want to scan, and tell clamav where to find that file: 
 +<cli prompt='#'>​ 
 +# clamscan -r -i --bell --file-list=/​home/​nav/​ClamScanTheseFolders.txt 
 +</​cli>​ 
 +My ClamScanTheseFolders.txt contained:​ 
 +<​code>​ 
 +/​media/​nav/​someFolder1 
 +/​media/​nav/​someFolder2 
 +/​opt/​someFolder/​somefile 
 +</​code>​ 
 + 
 + 
 +/​etc/​clamav/​clamd.conf 
 +<​code>​ 
 +LogFile /​var/​log/​clamav/​clamd.log 
 +LogTime yes 
 +PidFile /​run/​clamav/​clamd.pid 
 +TemporaryDirectory /tmp 
 +LocalSocket /​run/​clamav/​clamd.ctl 
 + 
 +ExcludePath ^/​home/​user/​.mozilla/​ 
 +ExcludePath ^/​etc/​hosts 
 +ExcludePath ^/dev/ 
 +ExcludePath ^/proc/ 
 +ExcludePath ^/sys/ 
 + 
 +OnAccessExcludePath /run 
 +OnAccessExcludePath /sys 
 +OnAccessExcludePath ^/​home/​user/​.mozilla/​ 
 +OnAccessExcludePath ^/​etc/​hosts 
 +OnAccessExcludePath /proc 
 +OnAccessMountPath / 
 + 
 +OnAccessIncludePath /​home/​user/​Desktop 
 + 
 +OnAccessExcludeUID 0 
 + 
 +OnAccessPrevention false 
 +OnAccessExtraScanning true 
 +OnAccessExcludeUname clamav 
 +User clamav 
 +# Enable verbose logging. 
 +# Default: no 
 +LogVerbose yes 
 + 
 +# Enable debug messages in libclamav. 
 +# Default: no 
 +Debug yes 
 +</​code>​ 
 + 
 +Then you can run it with: 
 + 
 +clamdscan --multiscan --fdpass --quiet / 
 + 
 +  --multiscan will speed up the processing because it uses multiple threads. 
 +  --fdpass will allow you to scan files as the clamd user that the clamav-daemon.service runs as. 
 +  --quiet should suppress all output except infected files. At least that's what it seems to do on my system but that isn't how it is described in the documentation. 
 + 
 +If you want to save to file you can just redirect the output clamdscan <​options>​ > /​save/​file.txt 
 +Or save it to file with the --log=FILE option.  
 + 
 +Example of script 
 +<​code>​ 
 +#​!/​bin/​bash 
 +logname=/​var/​log/​clamav/​clamav.log 
 + 
 +CURRTIME=$(date +"​%Y-%m-%d_%H_%M"​) 
 +clamlog=/​var/​log/​clamav/​clamav_${CURRTIME}.log 
 +quarantine=/​var/​clamav/​infected 
 + 
 +main() 
 +
 +touch $clamlog 
 + 
 +nice -n5 clamscan --recursive --infected / --excluded-dir=/​proc --exclude-dir=/​sys --exclude-dir=/​dev --exclude-dir=/​media --exclude-dir=/​mnt -l $clamlog 
 + 
 +MALWARE=$(tail "​$clamlog"​|grep Infected|cut -d" " -f3) && if [ "​$MALWARE"​ -ne "​0"​ ];  
 +    then mail -s "​Malware Found $(hostname -i; uname -a)" $(cat ~/​.env/​EMAIL) <<<​  
 +    $(cat $clamlog); fi 
 +
 +main > $logname 2>&​1 
 +</​code>​ 
 + 
 +<cli prompt='#'>​ 
 +# clamconf -n 
 + 
 +Checking configuration files in /​etc/​clamav 
 + 
 +Config file: clamd.conf 
 +----------------------- 
 +PreludeAnalyzerName = "​ClamAV"​ 
 +LogFile = "/​var/​log/​clamav/​clamav.log"​ 
 +LogFileMaxSize = "​209715200"​ 
 +LogTime = "​yes"​ 
 +LogRotate = "​yes"​ 
 +ExtendedDetectionInfo = "​yes"​ 
 +LocalSocket = "/​var/​run/​clamav/​clamd.ctl"​ 
 +LocalSocketGroup = "​clamav"​ 
 +LocalSocketMode = "​666"​ 
 +MaxConnectionQueueLength = "​15"​ 
 +StreamMaxLength = "​26214400"​ 
 +MaxThreads = "​12"​ 
 +ReadTimeout = "​180"​ 
 +SendBufTimeout = "​200"​ 
 +ExcludePath = "/​.git/",​ "​lost+found",​ "​^/​run/",​ "​^/​sys/",​ "​^/​dev/",​ "​^/​proc/",​ "​^/​var/​log/",​ "​^/​home/​adoyle/",​ "​^/​ssd",​ "​^/​hdd",​ "​^/​mnt 
 +
 +SelfCheck = "​3600"​ 
 +User = "​clamav"​ 
 +BytecodeTimeout = "​60000"​ 
 +ScanHTML disabled 
 +ScanOLE2 disabled 
 +ScanPDF disabled 
 +MaxScanTime = "​120000"​ 
 +MaxScanSize = "​104857600"​ 
 +MaxFileSize = "​26214400"​ 
 +MaxRecursion = "​16"​ 
 +MaxEmbeddedPE = "​10485760"​ 
 +MaxHTMLNormalize = "​10485760"​ 
 +MaxHTMLNoTags = "​2097152"​ 
 +MaxScriptNormalize = "​5242880"​ 
 +PCREMatchLimit = "​10000"​ 
 +PCRERecMatchLimit = "​5000"​ 
 +PCREMaxFileSize = "​26214400"​ 
 +OnAccessMountPath = "/"​ 
 +OnAccessExcludePath = "/​.git/",​ "​lost+found",​ "/​run",​ "/​sys/",​ "/​dev/",​ "/​proc/",​ "/​var/​log/",​ "/​home/​adoyle/",​ "/​ssd",​ "/​hdd",​ "/​mnt"​ 
 +OnAccessExcludeRootUID = "​yes"​ 
 +OnAccessExcludeUname = "​clamav"​ 
 + 
 +Config file: freshclam.conf 
 +--------------------------- 
 +LogFileMaxSize = "​4294967295"​ 
 +LogTime = "​yes"​ 
 +LogRotate = "​yes"​ 
 +UpdateLogFile = "/​var/​log/​clamav/​freshclam.log"​ 
 +Checks = "​24"​ 
 +DatabaseMirror = "​db.local.clamav.net",​ "​database.clamav.net"​ 
 +MaxAttempts = "​5"​ 
 +ReceiveTimeout disabled 
 + 
 +clamav-milter.conf ​not found 
 + 
 +Software settings 
 +----------------- 
 +Version: 1.0.1 
 +Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON 
 + 
 +Database information 
 +-------------------- 
 +Database directory: /​var/​lib/​clamav 
 +daily.cld: version 26925, sigs: 2036167, built on Thu Jun  1 15:27:46 2023 
 +bytecode.cvd:​ version 334, sigs: 91, built on Thu Feb 23 05:33:21 2023 
 +main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 20:32:42 2021 
 +Total number of signatures: 8683685 
 + 
 +Platform information 
 +-------------------- 
 +uname: Linux 6.1.0-0.deb11.7-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-2~bpo11+1 (2023-04-23) x86_64 
 +OS: Linux, ARCH: x86_64, CPU: x86_64 
 +Full OS version: No LSB modules are available. 
 +Debian GNU/Linux 12 (bookworm) 
 +zlib version: 1.2.13 (1.2.13), compile flags: a9 
 +platform id: 0x0a21a1a108000000000c0200 
 + 
 +Build information 
 +----------------- 
 +GNU C: 12.2.0 (12.2.0) 
 +sizeof(void*) = 8 
 +Engine flevel: 161, dconf: 161 
 +</​cli>​
linux/antivirus.1747381576.txt.gz · Last modified: 2025/05/16 09:46 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki