This is an old revision of the document!
Linux antivirus
ClamAV
Packages are available for Linux, MacOS and Windows
ClamAV can be updated offline or online
Offline DB update:
https://database.clamav.net/daily.cvd https://database.clamav.net/main.cvd https://database.clamav.net/bytecode.cvd
Stop every clam process, then copy theses 3 definitions file into /var/lib/clamav and check permissions
chown clamav:clamav /var/lib/clamav/*cvd chmod 644 /var/lib/clamav/*cvd
A Linux package install will probably go in /usr, with:
applications in /usr/bin daemons in /usr/sbin libraries in /usr/lib headers in /usr/include configs in /etc/clamav databases in /var/lib/clamav
The full list of packages includes:
clamav - command-line interface clamav-base - base package clamav-daemon - scanner daemon clamav-docs - documentation clamav-freshclam - virus database update utility clamav-milter - sendmail integration clamdscan - A command-line client for clamd similar to clamscan clamav-testfiles - test files libclamav-dev - development files libclamav9 - library libclamunrar9 - unrar support
For Redhat like distribution, you'll find it in EPEL repo
EPEL offers a selection of packages to install ClamAV:
clamd - The Clam AntiVirus Daemon clamav - End-user tools for the Clam Antivirus scanner clamav-data - Virus signature data for the Clam Antivirus scanner clamav-devel - Header files and libraries for the Clam Antivirus scanner clamav-lib - Dynamic libraries for the Clam Antivirus scanner clamav-milter - Milter module for the Clam Antivirus scanner clamav-update - Auto-updater for the Clam Antivirus scanner data-files
Most users will only need to run:
dnf install -y clamav clamd clamav-update
Run these to generate example configs in /etc/clamav/, if needed:
clamconf -g freshclam.conf > freshclam.conf clamconf -g clamd.conf > clamd.conf clamconf -g clamav-milter.conf > clamav-milter.conf
To allow ClamAV to operate under SELinux, run the following:
setsebool -P antivirus_can_scan_system 1
Start scanning:
- One time: clamscan –recursive /
- Memory: clamscan –memory
- On access: clamonacc
Mail filtering configuration file is : clamav-milter.conf
# clamscan --version ClamAV 0.103.2
Only scan one file
# clamscan Downloads/LOS.zip
To check all files on the computer, displaying the name of each file:
# clamscan -r /
To check all files on the computer, but only display infected files and ring a bell when found:
# clamscan -r --bell -i /
To check files in the USER home directory and move infected files to another folder:
# clamscan -r --move=/home/USER/VIRUS /home/USER
To check files in the USER home directory and remove infected files (WARNING: Files are gone.):
# clamscan -r --remove /home/USER
To scan all folders in your computer (except /sys):
# clamscan -r -i --exclude-dir="^/sys" --bell /
To scan specific folders or files, you have to create a file in which you list out which files/folders you want to scan, and tell clamav where to find that file:
# clamscan -r -i --bell --file-list=/home/nav/ClamScanTheseFolders.txt
My ClamScanTheseFolders.txt contained:
/media/nav/someFolder1 /media/nav/someFolder2 /opt/someFolder/somefile
