Clamav Linux Anti-virus

Clamav Linux Anti-virus
First Install Clamav:
Install clamav in Archlinux:
$ sudo pacman -Sy clamav
Install clamav in Slackware from a slackbuild script from slackbuilds.org
Install clamav in Debian:
$ sudo apt-get install clamav 
Install clamav in OpenSUSE:
$ zypper install clamav 
Check the clamav version:
$ clamdscan -V

Terminal Usage:

At first you have to update the virus definitions with:
# freshclam
Then you can scan for viruses.
# clamscan OPTIONS File/Folder 
If necessary start with root permissions: sudo clamscan.
Examples:
  • To check all files on the computer, displaying the name of each file:
    # clamscan -r /
    
  • To check all files on the computer, but only display infected files and ring a bell when found:
    # clamscan -r --bell -i /
    
  • To scan all files on the computer but only display infected files when found and have this run in the background:
    # clamscan -r -i / &
    
    Note - Display background process's status by running the jobs command.
  • To check files in the all users home directories:
    # clamscan -r /home
    
  • To check files in the USER home directory and move infected files to another folder:
    # clamscan -r --move=/home/USER/VIRUS /home/USER
    
  • To check files in the USER home directory and remove infected files (WARNING: Files will be removed):
    # clamscan -r --remove /home/USER
  • Another possibility is to move the infected files to another folder with the option --move=FOLDER, so you can later check which files of them maybe not infected or a virus.  example:  
    # mkdir -p home/USER/QUARANTINED && clamscan -r --move=/home/USER/QUARANTINED /home/USE
  • To see more options:  
     # clamscan --help 
     
To put all the infected files list on a particular file: 
# clamscan -r /path-to-folder-to-scan/ | grep FOUND >> /path-to-file/clamav-log.txt


Updating Clamav:

Update clamav in command line:

# freshclam 



Clamav Common Update Problems and Troubleshooting:


1.) If you get an error saying something like:

ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

The Fix is - Check file permissions and make clamav runnable with your user or better run it with sudo or as root


2.) If you get an error like this despite running as root or with sudo with freshclam update command:

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
The Fix is - Delete the file ( /var/log/clamav/freshclam.log) with this command:
# rm -rf /var/log/clamav/freshclam.log

for a GUI for clamav, install clamtk (debian)


# apt-get install clamtk
Clamav Config Files: 
The Config file of clamav updater is in etc/clamav/freshclam.conf 
The Config file of the main clamav scanner is in /etc/clamav/clamd.conf

0 comments:

Post a Comment