cysec-all-in-one(A.R)

ClamAV

ClamAV is an open-source antivirus engine designed for detecting many types of malicious software, including viruses, trojans, botnets, rootkits, malware, etc.

Installation and Setup

aptitude search clamav
sudo apt-get install clamav-daemon

Enable and start the ClamAV daemon service:

sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon

Updating Virus Definitions

Use freshclam to update ClamAV’s virus signature database:

sudo freshclam

You can specify a daily update schedule in /etc/clamav/freshclam.conf:

sudo nano /etc/clamav/freshclam.conf
# Add or modify:
Check 1

Running a Scan

To perform a manual scan:

sudo clamscan --fdpass

To scan a specific directory:

sudo clamscan --fdpass -r /path/to/directory

To move infected files to a quarantine directory:

sudo clamscan --fdpass -r /path/to/directory --move=/path/to/quarantine

To remove infected files instead of moving them:

sudo clamscan --fdpass -r /path/to/directory --remove

To scan and alert only when infected files are found:

sudo clamscan --fdpass -r /path/to/directory --bell -i

Checking ClamAV Status

To check if ClamAV is running:

ps aux | grep clamd

To view ClamAV logs:

tail /var/log/clamav/clamav.log

Checking ClamAV Alert

This command is useful for quickly checking if there are any infected files in the specified directory without actually removing or moving them. It’s a good way to get an initial assessment of potential security issues without causing unintended changes to your system.

clamscan -r --bell -i /home/path

Finding ClamAV Version

To check the ClamAV version:

clamav-milter --version

This section provides a comprehensive overview of ClamAV installation, configuration, and usage. It covers essential commands for updating virus databases, performing scans, and managing infected files. Remember to adjust file paths and options according to your specific system setup.

Citations: [1] https://docs.clamav.net/manual/Usage/Configuration.html [2] https://github.com/aosm/clamav/blob/master/clamav.Conf/freshclam.conf.default [3] https://manpages.debian.org/unstable/clamav-freshclam/freshclam.conf.5.en.html [4] https://linux.die.net/man/5/freshclam.conf [5] https://docs.clamav.net/manual/Usage/SignatureManagement.html [6] https://aaronbrighton.medium.com/installation-configuration-of-clamav-antivirus-on-ubuntu-18-04-a6416bab3b41 [7] https://docs.clamav.net/faq/faq-freshclam.html [8] https://gist.github.com/1086ae53b7501a8c76b4 [9] https://askubuntu.com/questions/589318/freshclam-error-clamd-conf-file-not-found [10] https://ubuntuforums.org/archive/index.php/t-2422702.html