Instructions to install and use ClamAV 2

When the Server is infected with viruses/trojans/malware, we need software to detect and remove viruses, and ClamAV is one of the most popular and effective software. The following article will guide you on Instructions to install and use ClamAV on Linux to scan for viruses/malware/trojans

 

What is ClamAV?

ClamAV (Clam Anti Virus) is an open source engine (software core) dedicated to detecting trojans, viruses, malware and other threats.

Screenshot 1

AntiVirus programs all depend on a database containing virus identification signs such as: signature, checksum…, so we need to regularly update the database of Anti-Virus programs to increase the effectiveness of virus detection and killing.

Instructions to install and use ClamAV on Linux to scan for viruses/malware/trojans

Instructions to install ClamAV on Linux to scan for viruses/malware/trojans

Screenshot 2

  1. Log in to VPS via SSH

You need a VPS running Ubuntu 20.4, register for a free account and buy VPS Ubuntu 20.4 here.

  1. Install ClamAV on Linux

  • Install ClamAV from the CentOS or Ubuntu Repository via the command ‘yum‘ on CentOS/RHEL or ‘apt-get‘ on Debian/Ubuntu.

+ Centos/RHEL

# yum install -y clamav clamd

#yum install -y clamav-server clamav-server-systemd clamav-scanner-systemd clamav-data clamav-update clamav-filesystem clamav clamav-devel clamav-lib

+ Debian/Ubuntu

# apt-get install -y clamav clamav-daemon

Instructions to install and use ClamAV on Linux

  • Check ClamAV version after installation.

# clamscan --version

2 1

 

Instructions to use ClamAV on Linux to scan for viruses/malware/trojans

  1. Start the ClamAV service

Normally, ClamAV is only used for normal scanning. But when activating the service mechanism, ClamAV will be loaded into RAM and other services can access the ClamAV service port to use the virus scanning feature quickly.

The ClamAV service (clamd or clam-daemon), is often used for advanced operations such as scanning incoming emails for viruses. So do we need to start this service?! The answer is no, if you do not use the advanced features combined. But how to start this service?

+ Init system (CentOS/RHEL 6 Ubuntu 14.04)

# /etc/init.d/clamd start

# chkconfig clamd on

+ Systemd system (CentOS/RHEL 7 Ubuntu 16.04

# systemctl start clamd

# systemctl enable clamd

  1. Update Virus sample databases

As mentioned at the beginning of the article, you need to regularly update the database containing virus/malware identification samples so that ClamAV can scan and detect them, we use the following command:

# freshclam

The updated database files will be saved at:

/var/lib/clamav/daily.cvd

/var/lib/clamav/main.cvd

  1. Proceed to use ClamAV Scan Virus

‘Clamscan’ is the main binary program of ClamAV used to scan for malware. To see the usage options of ‘clamscan‘, use the option ‘–help‘.

# clamscan –help

Instructions to install and use ClamAV on Linux

ClamAV can scan one or more specified files or an entire specified directory.

# clamscan eicar

# clamscan --recursive=yes --infected --exclude-dir='^/etc' /

#clamscan -r <path you want to scan>

Notes:

  • –infected or -i: only print output of files suspected of being infected with malware.
  • –recursive or -r: scan all folders or files inside the parent directory.
  • –remove=[yes/no]: delete all files suspected of being infected with malware.
  • –no-summary: do not print summary.
  • –log=/file.log: write scan log to specific file.
  • –mv=/path: move all files suspected of being infected with malware to another directory.
  1. Download a Virus Sample

This is a sample that contains only common signatures and no malware.

# wget –O- http://www.eicar.org/download/eicar.com.txt | clamscan -

4 2

You can write a shell script to automatically scan for viruses at a specific time of day using the “cron” service.

  1. Configure ClamAV cronjobs

To configure the system to scan for malware periodically by cronjob, do the following:

# crontab -e

0 0 * * * clamscan --recursive=yes --infected /home/

With the above cronjob configuration, every day at 00:00 in the morning, the ClamAV program will scan for malware and trojans in the /home/ directory

The above are instructions for installing ClamAV on Linux to scan for viruses/malware/trojans. Wish you a successful operation.

If you have any questions about VPS services, please contact us for advice and register for a free VPS account.