ClamAV Installation and
Configuration
What is clamAV ?
Clam AntiVirus is an anti-virus toolkit for UNIX, designed for
e-mail scanning on mail gateways. It provides a flexible and
scalable multi-threaded daemon, a command line scanner, and an
advanced tool for automatic database updating via Internet. The
package also includes a virus scanner shared library.
Download clamAV
http://www.clamav.net/
ClamAV Documentation
http://www.clamav.net/doc/
ClamAV FAQ
http://www.clamav.net/faq.html#pagestart
Install ClamAV in
Debian
If you want to install clamav in debian you need to add the any
one of the following source list to your /etc/sources.list file
deb http://ftp2.de.debian.org/debian-volatile sarge/volatile
main
or
deb http://people.debian.org/~sgran/debian sarge main
deb-src http://people.debian.org/~sgran/debian sarge main
Once you add the above souce list run the following commad
# apt-get update
#apt-get install clamav
this will install following packages
clamav clamav-base clamav-freshclam libbz2-1.0 libclamav1
libcurl3 libgmp3 libidn11 ucf
at the time of installation it will prompt for the following
questions
Virus database update method:daemon
Local Database mirror site:db.local.clamav.net
HTTP proxy information (leave blank for none):none
Should clamd be notified after updates? yes
Manually update virus databases
#freshclam
ClamAV update process started at Mon Sep 11 16:27:40 2006
main.cvd is up to date (version: 40, sigs: 64138, f-level: 8,
builder: tkojm)
daily.cvd is up to date (version: 1859, sigs: 4556, f-level: 8,
builder: ccordes)
Auto-updating Virus Databases
freshclam is the default database updater for Clam AntiVirus. It
can work in two modes
interactive - from command line, verbosely
daemon - alone, silently
When started by a superuser it drops privileges and switches to
the clamav user. freshclam uses the database.clamav.net
round-robin DNS which automatically selects a database
mirror9.1. freshclam is an advanced tool: it supports database
version verification through DNS, proxy servers (with
authentication), digital signatures and various error scenarios.
Quick test: run freshclam (as superuser) with no parameters and
check the output. If everything is OK you may create the log
file in /var/log (owned by clamav or another user freshclam will
be running as (--user)
#touch /var/log/freshclam.log
#chmod 600 /var/log/freshclam.log
#chown clamav /var/log/freshclam.log
Now you should edit the configuration file (freshclam.conf or
clamd.conf if they're merged) and configure the UpdateLogFile
directive to point to the created log file. Finally, to run
freshclam in the daemon mode, execute
#freshclam -d
The other method is to use the cron daemon. You have to add the
following line to the crontab of the root or clamav users
N * * * * /usr/local/bin/freshclam --quiet
to check for a new database every hour. N should be a number
between 3 and 57 of your choice. Please don't choose any
multiple of 10, because there are already too many clients using
those time slots. Proxy settings are only configurable via the
configuration file and freshclam will require strict permissions
on the config file when HTTPProxyPassword is enabled.
HTTPProxyServer myproxyserver.com
HTTPProxyPort 1234
HTTPProxyUsername myusername
HTTPProxyPassword mypass
Manually scan files/folders for viruses
#clamscan -r /location_of_files_or_folders
Example:-
#clamscan /
Output
/root/.profile: OK
/root/.bashrc: OK
/root/dbootstrap_settings: OK
/root/install-report.template: OK
/root/.viminfo: OK
----------- SCAN SUMMARY -----------
Known viruses: 68694
Engine version: 0.88.4
Scanned directories: 1
Scanned files: 5
Infected files: 0
Data scanned: 0.00 MB
Time: 1.808 sec (0 m 1 s)
Automatically scan files/folders for
viruses
e.g. Automatically scan files/folders for viruses at midnight
everyday
* * * * * means minute hour date month year
you need to edit your crontab file
#crontab -e
Append the following line at the end of file
00 00 * * * clamscan -r /location_of_files_or_folders
For more information and documentation check
here
