Install ClamAV antivirus in Ubuntu
What is ClamAV ?
ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates. The core ClamAV library provides numerous file format detection mechanisms, file unpacking support, archive support, and multiple signature languages for detecting threats.
You can directly download the latest Source form the official site and compile and install it.
To install ClamAV on an Ubuntu server we start by installing ClamAV and the daemon by executing the following commands.
apt-get install clamav clamav-daemon
Next we need to reconfigure the ClamAV base package, update the virus definitions and start the daemon. Execute the following commands
# set the maximum directory recursion to 50 such that all directories are getting scanned # set to follow directory sym links to true sudo dpkg-reconfigure clamav-base sudo freshclam sudo /etc/init.d/clamav-daemon start
Next we need to create a shell script which scans a specific directory and sends an email if a virus is found. Place that shell script inside the user home of the root user or somewhere else. I placed it inside /home/clamav. Ok now create a file with the command ‘sudo vi clamav-scan.sh’ and enter the following content
#!/bin/sh # Emtpy the old scanlog and do a virus scan rm -R /home/root/clamav/clamav-scan.log touch /home/root/clamav/clamav-scan.log clamdscan /home/ /etc/ /opt/ --fdpass --log=/home/root/clamav/clamav-scan.log --infected --multiscan # Send the email if grep -rl 'Infected files: 0' /home/root/clamav/clamav-scan.log then echo "No virus found inside /home." else cat /home/root/clamav/clamav-scan.log | mail -s "Virus warning inside folder /home" root fi
Next we need to make the file executable with the following command
sudo chmod +x clamav-scan.sh
After that we add this file as a cronjob which executes every night at 3am
sudo crontab -e # enter the following line 00 03 * * * {PATH-TO-SCRIPT}/clamav-scan.sh
Substitute the {PATH-TO-SCRIPT} placeholder with the path where the clamav-scan.sh script is stored
Next we infect the folder you want to scan with the EICAR test virus. For that create a text file and add the following content to it
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Store it and then run the created clamav-scan.sh to see if the virus is found and the mail is sent. After everything worked as it should, delete the test virus text file
Note : The clamav-scan.sh script identifies the viruses and doesn’t delete them, that has to be done manually.
View more posts in this category !!!
Install clamav antivirus in Centos/RHEL