Install ClamAV antivirus in Ubuntu

What is ClamAV ?

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates. The core ClamAV library provides numerous file format detection mechanisms, file unpacking support, archive support, and multiple signature languages for detecting threats.

You can directly download the latest Source form the official site and compile and install it.

To install ClamAV on an Ubuntu server we start by installing ClamAV and the daemon by executing the following commands.

apt-get install clamav clamav-daemon

Next we need to reconfigure the ClamAV base package, update the virus definitions and start the daemon. Execute the following commands

# set the maximum directory recursion to 50 such that all directories are getting scanned
# set to follow directory sym links to true
sudo dpkg-reconfigure clamav-base
sudo freshclam
sudo /etc/init.d/clamav-daemon start

Next we need to create a shell script which scans a specific directory and sends an email if a virus is found. Place that shell script inside the user home of the root user or somewhere else. I placed it inside /home/clamav. Ok now create a file with the command ‘sudo vi clamav-scan.sh’ and enter the following content

#!/bin/sh 
# Emtpy the old scanlog and do a virus scan
rm -R /home/root/clamav/clamav-scan.log
touch /home/root/clamav/clamav-scan.log
clamdscan /home/ /etc/ /opt/ --fdpass --log=/home/root/clamav/clamav-scan.log --infected --multiscan
 
# Send the email
if grep -rl 'Infected files: 0' /home/root/clamav/clamav-scan.log
then echo "No virus found inside /home."
else cat /home/root/clamav/clamav-scan.log | mail -s "Virus warning inside folder /home" root
fi

Next we need to make the file executable with the following command

sudo chmod +x clamav-scan.sh

After that we add this file as a cronjob which executes every night at 3am

sudo crontab -e
# enter the following line
00 03 * * * {PATH-TO-SCRIPT}/clamav-scan.sh

Substitute the {PATH-TO-SCRIPT} placeholder with the path where the clamav-scan.sh script is stored

Next we infect the folder you want to scan with the EICAR test virus. For that create a text file and add the following content to it

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Store it and then run the created clamav-scan.sh to see if the virus is found and the mail is sent. After everything worked as it should, delete the test virus text file

Note : The clamav-scan.sh script identifies the viruses and doesn’t delete them, that has to be done manually.

View more posts in this category !!!

Install clamav antivirus in Centos/RHEL

Balvinder Singh

Hello, I am Balvinder Singh - DevOps Engineer with 2.5+ year of working experience with different server environments. Tag Line:-Linux | AWS| WHM |Monitoring | Virtualization | Optimization | Performance | Security | Release & Deployment. I love helping companies / clients to deploy their code / applicateions to well managed, optimized, secure server and can go extra mile to satisfy.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *