Debianhelp.co.uk


ClamAV Installation and Configuration

What is clamAV ?

Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and an advanced tool for automatic database updating via Internet. The package also includes a virus scanner shared library.

Download clamAV

http://www.clamav.net/

ClamAV Documentation

http://www.clamav.net/doc/

ClamAV FAQ

http://www.clamav.net/faq.html#pagestart

Install ClamAV in Debian

If you want to install clamav in debian you need to add the any one of the following source list to your /etc/sources.list file

deb http://ftp2.de.debian.org/debian-volatile sarge/volatile main

or

deb http://people.debian.org/~sgran/debian sarge main
deb-src http://people.debian.org/~sgran/debian sarge main

Once you add the above souce list run the following commad

# apt-get update

#apt-get install clamav

this will install following packages

clamav clamav-base clamav-freshclam libbz2-1.0 libclamav1 libcurl3 libgmp3 libidn11 ucf

at the time of installation it will prompt for the following questions

Virus database update method:daemon

Local Database mirror site:db.local.clamav.net

HTTP proxy information (leave blank for none):none

Should clamd be notified after updates? yes

Manually update virus databases

#freshclam

ClamAV update process started at Mon Sep 11 16:27:40 2006
main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
daily.cvd is up to date (version: 1859, sigs: 4556, f-level: 8, builder: ccordes)

Auto-updating Virus Databases

freshclam is the default database updater for Clam AntiVirus. It can work in two modes

interactive - from command line, verbosely

daemon - alone, silently

When started by a superuser it drops privileges and switches to the clamav user. freshclam uses the database.clamav.net round-robin DNS which automatically selects a database mirror9.1. freshclam is an advanced tool: it supports database version verification through DNS, proxy servers (with authentication), digital signatures and various error scenarios. Quick test: run freshclam (as superuser) with no parameters and check the output. If everything is OK you may create the log file in /var/log (owned by clamav or another user freshclam will be running as (--user)

#touch /var/log/freshclam.log

#chmod 600 /var/log/freshclam.log

#chown clamav /var/log/freshclam.log

Now you should edit the configuration file (freshclam.conf or clamd.conf if they're merged) and configure the UpdateLogFile directive to point to the created log file. Finally, to run freshclam in the daemon mode, execute

#freshclam -d

The other method is to use the cron daemon. You have to add the following line to the crontab of the root or clamav users

N * * * * /usr/local/bin/freshclam --quiet

to check for a new database every hour. N should be a number between 3 and 57 of your choice. Please don't choose any multiple of 10, because there are already too many clients using those time slots. Proxy settings are only configurable via the configuration file and freshclam will require strict permissions on the config file when HTTPProxyPassword is enabled.

HTTPProxyServer myproxyserver.com
HTTPProxyPort 1234
HTTPProxyUsername myusername
HTTPProxyPassword mypass

Manually scan files/folders for viruses

#clamscan -r /location_of_files_or_folders

Example:-

#clamscan /

Output

/root/.profile: OK
/root/.bashrc: OK
/root/dbootstrap_settings: OK
/root/install-report.template: OK
/root/.viminfo: OK

----------- SCAN SUMMARY -----------
Known viruses: 68694
Engine version: 0.88.4
Scanned directories: 1
Scanned files: 5
Infected files: 0
Data scanned: 0.00 MB
Time: 1.808 sec (0 m 1 s)

Automatically scan files/folders for viruses

e.g. Automatically scan files/folders for viruses at midnight everyday

* * * * * means minute hour date month year

you need to edit your crontab file

#crontab -e

Append the following line at the end of file

00 00 * * * clamscan -r /location_of_files_or_folders

For more information and documentation check here