ClamAV Installation and Configuration
What is clamAV ?
Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and an advanced tool for automatic database updating via Internet. The package also includes a virus scanner shared library.
Download clamAV
http://www.clamav.net/
ClamAV Documentation
http://www.clamav.net/doc/
ClamAV FAQ
http://www.clamav.net/faq.html#pagestart
Install ClamAV in Debian
If you want to install clamav in debian you need to add the any one of the following source list to your /etc/sources.list file
deb http://ftp2.de.debian.org/debian-volatile sarge/volatile main
or
deb http://people.debian.org/~sgran/debian sarge main
deb-src http://people.debian.org/~sgran/debian sarge main
Once you add the above souce list run the following commad
# apt-get update
#apt-get install clamav
this will install following packages
clamav clamav-base clamav-freshclam libbz2-1.0 libclamav1 libcurl3 libgmp3 libidn11 ucf
at the time of installation it will prompt for the following questions
Virus database update method:daemon
Local Database mirror site:db.local.clamav.net
HTTP proxy information (leave blank for none):none
Should clamd be notified after updates? yes
Manually update virus databases
#freshclam
ClamAV update process started at Mon Sep 11 16:27:40 2006
main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
daily.cvd is up to date (version: 1859, sigs: 4556, f-level: 8, builder: ccordes)
Auto-updating Virus Databases
freshclam is the default database updater for Clam AntiVirus. It can work in two modes
interactive - from command line, verbosely
daemon - alone, silently
When started by a superuser it drops privileges and switches to the clamav user. freshclam uses the database.clamav.net round-robin DNS which automatically selects a database mirror9.1. freshclam is an advanced tool: it supports database version verification through DNS, proxy servers (with authentication), digital signatures and various error scenarios. Quick test: run freshclam (as superuser) with no parameters and check the output. If everything is OK you may create the log file in /var/log (owned by clamav or another user freshclam will be running as (--user)
#touch /var/log/freshclam.log
#chmod 600 /var/log/freshclam.log
#chown clamav /var/log/freshclam.log
Now you should edit the configuration file (freshclam.conf or clamd.conf if they're merged) and configure the UpdateLogFile directive to point to the created log file. Finally, to run freshclam in the daemon mode, execute
#freshclam -d
The other method is to use the cron daemon. You have to add the following line to the crontab of the root or clamav users
N * * * * /usr/local/bin/freshclam --quiet
to check for a new database every hour. N should be a number between 3 and 57 of your choice. Please don't choose any multiple of 10, because there are already too many clients using those time slots. Proxy settings are only configurable via the configuration file and freshclam will require strict permissions on the config file when HTTPProxyPassword is enabled.
HTTPProxyServer myproxyserver.com
HTTPProxyPort 1234
HTTPProxyUsername myusername
HTTPProxyPassword mypass
Manually scan files/folders for viruses
#clamscan -r /location_of_files_or_folders
Example:-
#clamscan /
Output
/root/.profile: OK
/root/.bashrc: OK
/root/dbootstrap_settings: OK
/root/install-report.template: OK
/root/.viminfo: OK
----------- SCAN SUMMARY -----------
Known viruses: 68694
Engine version: 0.88.4
Scanned directories: 1
Scanned files: 5
Infected files: 0
Data scanned: 0.00 MB
Time: 1.808 sec (0 m 1 s)
Automatically scan files/folders for viruses
e.g. Automatically scan files/folders for viruses at midnight everyday
* * * * * means minute hour date month year
you need to edit your crontab file
#crontab -e
Append the following line at the end of file
00 00 * * * clamscan -r /location_of_files_or_folders
For more information and documentation check here