Tuesday, 8 April 2014

Linux Antivirus (clamav, freshclam, clamscan, clamtk)

12:11  Unknown  No comments

Linux Antivirus (clamav, freshclam, clamscan, clamtk)

There are a number of commercial antivirus products available for Linux, but ClamAV is free and is easily installed on Fedora and Enterprise Linux distributions.
  • Installation
  • Update Virus Definitions (freshclam)
  • Performing Scans (clamscan)
  • ClamTk GUI

Installation

The installation of ClamAV is simple, regardless of the distribution you are using. For the basic ClamAV installation, simply use the following command.
# yum install clamav
The clamav package is part of the Fedora repository, but for Enterprise Linux distributions (RHEL, Oracle Linux, CentOS or Scientific Linux), you will need to enable the Extra Packages for Enterprise Linux (EPEL) yum repository before installing the package mentioned above. Use the relevant link to get the package to add the repository.
Edit the "/etc/freshclam.conf" file, commenting out the word "Example" on line 8.
Once installed you will be able to update the virus definitions using the freshclam command and initiate scans using the clamscan command.

Update Virus Definitions (freshclam)

Once ClamAV is installed you will need to update the virus definitions. This is done using the freshclam command.
# freshclam
This will need to be done on a regular basis, so it would be sensible to schedule it by including it in the crontab for the "root" user. The text shows a possible crontab entry to refresh the virus definitions every day at 10:00.
# Update ClamAV virus definitions
0 10 * * * /usr/bin/freshclam

Performing Scans (clamscan)

Scans are initiated from the command line using the clamscan command, as shown below.
# # Scan a specific file.
# clamscan /tmp/test.txt

# # Scan the contents of a directory.
# clamscan /u01

# # Scan the contents of a directory and all sub-directories.
# clamscan -r /u01
Regular scans can be scheduled by including these commands in the "root" users crontab. An example entry is shown below scans the "/u01" directory every day at 11:00.
# AntiVirus scan.
0 11 * * * /usr/bin/clamscan --detect-pua -i -r /u01 --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" 2>/dev/null
The clamscan command has many options to tailor the action of scans, so check the man pages.

ClamTk GUI

ClamTk provides a GUI front end for ClamAV. On Fedora it is installed using the following command.
# yum install clamtk
Remember to run ClamTk as the "root" user, either directly or using sudo.
# clamtk &

or

$ sudo clamtk &
The GUI is fairly self explanatory.
ClamTk

Posted in:

0 comments:

Post a Comment