Differences

This shows you the differences between two versions of the page.

--- linux:antivirus [2025/05/16 09:49]
manu
+++ linux:antivirus [2025/05/16 10:55] (current)
manu
@@ Line 64: / Line 64: @@
 Start scanning:
   * One time: clamscan --recursive /
-  * Memory: clamscan --memory
+  * Memory: clamscan --memory --infected
   * On access: clamonacc
@@ Line 72: / Line 72: @@
 # clamscan --version
 ClamAV 0.103.2
+# clamscan --version
+ClamAV 1.0.8/27636/Tue May 13 10:40:46 2025
 </cli>
+Only scan one file
+<cli prompt='#'>
+# clamscan Downloads/LOS.zip
+</cli>
+To check all files on the computer, displaying the name of each file:
+<cli prompt='#'>
+# clamscan -r /
+</cli>
+To check all files on the computer, but only display infected files and ring a bell when found:
+<cli prompt='#'>
+# clamscan -r --bell -i /
+</cli>
+To check files in the USER home directory and move infected files to another folder:
+<cli prompt='#'>
+# clamscan -r --move=/home/USER/VIRUS /home/USER
+</cli>
+To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
+<cli prompt='#'>
+# clamscan -r --remove /home/USER
+</cli>
+To scan all folders in your computer (except /sys):
+<cli prompt='#'>
+# clamscan -r -i --exclude-dir="^/sys" --bell /
+</cli>
+To scan specific folders or files, you have to create a file in which you list out which files/folders you want to scan, and tell clamav where to find that file:
+<cli prompt='#'>
+# clamscan -r -i --bell --file-list=/home/nav/ClamScanTheseFolders.txt
+</cli>
+My ClamScanTheseFolders.txt contained:
+<code>
+/media/nav/someFolder1
+/media/nav/someFolder2
+/opt/someFolder/somefile
+</code>
+/etc/clamav/clamd.conf
+<code>
+LogFile /var/log/clamav/clamd.log
+LogTime yes
+PidFile /run/clamav/clamd.pid
+TemporaryDirectory /tmp
+LocalSocket /run/clamav/clamd.ctl
+ExcludePath ^/home/user/.mozilla/
+ExcludePath ^/etc/hosts
+ExcludePath ^/dev/
+ExcludePath ^/proc/
+ExcludePath ^/sys/
+OnAccessExcludePath /run
+OnAccessExcludePath /sys
+OnAccessExcludePath ^/home/user/.mozilla/
+OnAccessExcludePath ^/etc/hosts
+OnAccessExcludePath /proc
+OnAccessMountPath /
+OnAccessIncludePath /home/user/Desktop
+OnAccessExcludeUID 0
+OnAccessPrevention false
+OnAccessExtraScanning true
+OnAccessExcludeUname clamav
+User clamav
+# Enable verbose logging.
+# Default: no
+LogVerbose yes
+# Enable debug messages in libclamav.
+# Default: no
+Debug yes
+</code>
+Then you can run it with:
+clamdscan --multiscan --fdpass --quiet /
+  --multiscan will speed up the processing because it uses multiple threads.
+  --fdpass will allow you to scan files as the clamd user that the clamav-daemon.service runs as.
+  --quiet should suppress all output except infected files. At least that's what it seems to do on my system but that isn't how it is described in the documentation.
+If you want to save to file you can just redirect the output clamdscan <options> > /save/file.txt
+Or save it to file with the --log=FILE option.
+Example of script
+<code>
+#!/bin/bash
+logname=/var/log/clamav/clamav.log
+CURRTIME=$(date +"%Y-%m-%d_%H_%M")
+clamlog=/var/log/clamav/clamav_${CURRTIME}.log
+quarantine=/var/clamav/infected
+main()
+{
+touch $clamlog
+nice -n5 clamscan --recursive --infected / --excluded-dir=/proc --exclude-dir=/sys --exclude-dir=/dev --exclude-dir=/media --exclude-dir=/mnt -l $clamlog
+MALWARE=$(tail "$clamlog"|grep Infected|cut -d" " -f3) && if [ "$MALWARE" -ne "0" ];
+    then mail -s "Malware Found $(hostname -i; uname -a)" $(cat ~/.env/EMAIL) <<<
+    $(cat $clamlog); fi
+}
+main > $logname 2>&1
+</code>
+<cli prompt='#'>
+# clamconf -n
+Checking configuration files in /etc/clamav
+Config file: clamd.conf
+-----------------------
+PreludeAnalyzerName = "ClamAV"
+LogFile = "/var/log/clamav/clamav.log"
+LogFileMaxSize = "209715200"
+LogTime = "yes"
+LogRotate = "yes"
+ExtendedDetectionInfo = "yes"
+LocalSocket = "/var/run/clamav/clamd.ctl"
+LocalSocketGroup = "clamav"
+LocalSocketMode = "666"
+MaxConnectionQueueLength = "15"
+StreamMaxLength = "26214400"
+MaxThreads = "12"
+ReadTimeout = "180"
+SendBufTimeout = "200"
+ExcludePath = "/.git/", "lost+found", "^/run/", "^/sys/", "^/dev/", "^/proc/", "^/var/log/", "^/home/adoyle/", "^/ssd", "^/hdd", "^/mnt
+"
+SelfCheck = "3600"
+User = "clamav"
+BytecodeTimeout = "60000"
+ScanHTML disabled
+ScanOLE2 disabled
+ScanPDF disabled
+MaxScanTime = "120000"
+MaxScanSize = "104857600"
+MaxFileSize = "26214400"
+MaxRecursion = "16"
+MaxEmbeddedPE = "10485760"
+MaxHTMLNormalize = "10485760"
+MaxHTMLNoTags = "2097152"
+MaxScriptNormalize = "5242880"
+PCREMatchLimit = "10000"
+PCRERecMatchLimit = "5000"
+PCREMaxFileSize = "26214400"
+OnAccessMountPath = "/"
+OnAccessExcludePath = "/.git/", "lost+found", "/run", "/sys/", "/dev/", "/proc/", "/var/log/", "/home/adoyle/", "/ssd", "/hdd", "/mnt"
+OnAccessExcludeRootUID = "yes"
+OnAccessExcludeUname = "clamav"
+Config file: freshclam.conf
+---------------------------
+LogFileMaxSize = "4294967295"
+LogTime = "yes"
+LogRotate = "yes"
+UpdateLogFile = "/var/log/clamav/freshclam.log"
+Checks = "24"
+DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
+MaxAttempts = "5"
+ReceiveTimeout disabled
+clamav-milter.conf not found
+Software settings
+-----------------
+Version: 1.0.1
+Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
+Database information
+--------------------
+Database directory: /var/lib/clamav
+daily.cld: version 26925, sigs: 2036167, built on Thu Jun  1 15:27:46 2023
+bytecode.cvd: version 334, sigs: 91, built on Thu Feb 23 05:33:21 2023
+main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 20:32:42 2021
+Total number of signatures: 8683685
+Platform information
+--------------------
+uname: Linux 6.1.0-0.deb11.7-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-2~bpo11+1 (2023-04-23) x86_64
+OS: Linux, ARCH: x86_64, CPU: x86_64
+Full OS version: No LSB modules are available.
+Debian GNU/Linux 12 (bookworm)
+zlib version: 1.2.13 (1.2.13), compile flags: a9
+platform id: 0x0a21a1a108000000000c0200
+Build information
+-----------------
+GNU C: 12.2.0 (12.2.0)
+sizeof(void*) = 8
+Engine flevel: 161, dconf: 161
+</cli>

wiki

User Tools

Site Tools

Differences

Page Tools