Wondering which one and how to install. Would like to have it around as I have some files I would like to give to a friend who is Windows bound and don't want to take a chance with his computer.
Wondering which one and how to install. Would like to have it around as I have some files I would like to give to a friend who is Windows bound and don't want to take a chance with his computer.
The easiest thing to do is just go get Clamav and use clamscan as an on demand scanner (command line). Just scan the directories.
It compiles easily... ./configure, make, make install. It'll go to /usr/local
http://www.clamav.net/download/sources
Get ClamAV 0.90.3
To update it... simply type freshclam as root. There are usually updates at least a few times a day.
To scan something:
clamscan <file or directory>
You don't need to start the clamd daemon if you're just running it like that.
Ran ./configure but it complained that I had not created a user or group.
Tried compiling with --disable-clamav
Then, during make. Nothing to be done for all.
Last edited by BlackHawk; 06-09-2007 at 05:30 PM.
Oh shit, sorry. You'll have to create a user and group for it. I sometimes forget that things aren't so obvious to everyone. (or that they'll read the readmes lol)
Code:groupadd clamavThe account will be in a disabled state because the passwd command hasn't been run on it. That's what we want, nobody will ever log in as this user (only root launching processes as that user). You need the account, because the virus databases are owned by clamav:clamavCode:useradd -m -c 'ClamAV User' -d /home/clamav -g clamav clamav
So get that group and user created with those commands, then ./configure, make, make install-strip
Also, something else I forgot to mention. It installs config files in /usr/local/etc by default but you have to comment out the "example" line for them to be active.
Open /usr/local/etc/freshclam.conf and put a comment in front of the line that says Example (near the top)
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
#Example
Do the same with /usr/local/etc/clamd.conf
Also, in freshclam.conf you really should uncomment this line, and change it to:
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
#DatabaseMirror db.XY.clamav.net
But you don't have to. It will fall back to database.clamav.net for mirror redirecting.Code:DatabaseMirror db.us.clamav.net
I just ran through the install on my machine (never had this before... I normally just install this for mail servers) and it werks.
After fixing up my config files, I typed freshclam and it updated the databases.
I scanned a directory I have that's named shit
clamscan shit
This is the kind of results you'll see:
----------- SCAN SUMMARY -----------
Known viruses: 124379
Engine version: 0.90.3
Scanned directories: 1
Scanned files: 143
Infected files: 0
Data scanned: 80.88 MB
Time: 11.984 sec (0 m 11 s)
This is a good scanner, it's got a lot of definitions and they are updated 'round the clock. It sure does catch things when used in conjunction with mail scanning, I know that from personal experience.
One last thing I should mention (obvious to me, but will give you a confusing error message about libclamav.so.2)
After make install-strip, type ldconfig to update shared library links before trying to run freshclam or clamscan
Hey, when you scan a directory, make sure you use the -r switch if it's got subdirectories (to scan recursively)
clamscan -r directoryname
So, a safe bet is to use -r for any directory you scan so you don't have to think about it.
Definitely the shiznickle, G!
----------- SCAN SUMMARY -----------
Known viruses: 124399
Engine version: 0.90.3
Scanned directories: 114
Scanned files: 453
Infected files: 0
Data scanned: 1353.12 MB
Time: 504.517 sec (8 m 24 s)
Will teach me to take the docs for granted.
btw... if the scrollback list in your terminal is too long to scroll up and read all of it (e.g. if it reports infected files and you want to see what they are), redirect to a text file.
clamscan -r directoryname > filename.txt
Example:
[grogan@cramit grogan]$clamscan -r sylmail
.
.
.
.
----------- SCAN SUMMARY -----------
Known viruses: 124379
Engine version: 0.90.3
Scanned directories: 13
Scanned files: 894
Infected files: 1
Data scanned: 16.50 MB
Time: 8.561 sec (0 m 8 s)
Whoops! An infected file in my mail boxes. Too much scrolling. I better see what it is. I'll repeat the scan:
[grogan@cramit grogan]$ clamscan -r sylmail > scan.txt
You can go through the text file to see all the output or grep for it.
[grogan@cramit grogan]$ grep FOUND scan.txt
sylmail/outbox/409: Eicar-Test-Signature FOUND
I forgot to delete a test message from when I was testing ClamAV on a server.
For that matter you could skip the text file and Just pipe it through grep:
[grogan@cramit grogan]$ clamscan -r sylmail | grep FOUND
sylmail/outbox/409: Eicar-Test-Signature FOUND
Oh, and don't worry. I don't read docs either, unless I have to
Ah, but in your case the instructions are mostly unnecessary. In my case they are sometimes confusing.Oh, and don't worry. I don't read docs either, unless I have to
It, uhh, helps to read man pages sometimes though
For example, I didn't think to try something like the -i switch to make it print only infected files. (switches can be combined as below... but don't take that for granted with all command line utils)
[grogan@cramit grogan]$ clamscan -ri sylmail
sylmail/outbox/409: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 124435
Engine version: 0.90.3
Scanned directories: 13
Scanned files: 894
Infected files: 1
Data scanned: 16.50 MB
Time: 8.593 sec (0 m 8 s)
[grogan@cramit grogan]$
Posting Permissions
Reply With Quote
Bookmarks