ClamAV is an open-source Antivirus tool available for Linux distributions. It integrates Mail servers to scan attachments received. In addition to scanning mail attachments, it provides protection to corporate networks. Other functions also include web scanning.
In this article, we would discuss how to install ClamAV Antivirus in Ubuntu.
Features of ClamAV:
- built-in support for various archive formats, including Zip, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others.
- built-in support for almost all mail file formats
- built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others;
- built-in support for popular document formats including Microsoft Office and Mac Office files, HTML, RTF and PDF.
- support multiple signature languages such as hash-based signature matching, wildcards, boolean logic and any custom rules written in Bytecode language.
ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. One of its main uses is on mail servers as a server-side email virus scanner.
[ads]
Install and use ClamAV on Ubuntu 20.04
Type the following command to update and install repositories and ClamAV Antivirus respectively.
$ sudo apt update $ sudo apt install clamav clamav-daemon
After the installation is complete, you’ll need to stop the daemon, so you can update the ClamAV database manually. Stop the daemon with the command:
$ sudo systemctl stop clamav-freshclam
With the daemon stopped, update ClamAV with the command:
$ sudo freshclam
When freshclam completes, download the latest database signature file with the command:
$ sudo wget https://database.clamav.net/daily.cvd
Copy that file into the necessary directory with the command:
$ sudo cp daily.cvd /var/lib/clamav/
Start the freshclam daemon with the command:
$ sudo systemctl start clamav-freshclam
How to manually scan a directory
To scan directories we need to type the following command in terminal:
$ clamscan -r -i --bell /home/
where:
-r, to scan sub directories recursively,
-i, to print infected files,
–bell, a bell sound if it detects a virus,
/home/, directory we intend to scan – you can use directories of your choice
[ads1]
This command only scan directories and provides us with the list of infected files. But, what if we plan to move infected files to some other directory. It could be a better choice as removing an infected file may break our system. Hence, we tread with caution and move the infected file to some other directory. We need to type the following command in terminal:
$ clamscan -i -r --move="/home//Downloads/" /home
The above command will scan the directory /home/
and if infected files are detected then, it will move those files to the directory /home/<home-directory>/Downloads/
.
Type clamscan -h
for more options.
How to set ClamAV to scan automatically
Now we’ll create a bash script that will scan the /var/www/html/
directory and then create a cron job to run it nightly. How you do this will depend on if you can send email from the machine. If so, you might be able to use the script as is, or you might have to modify it, based on what SMTP server you’ve set up on the server. The example below will use the mail command.
First, create the script with the command:
$ nano /usr/local/bin/clamscan_daily.sh
In that file, paste the following:
#!/bin/bash
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log";
EMAIL_MSG="Please see the log file attached";
EMAIL_FROM="admin@example.com";
EMAIL_TO="user@example.com";
DIRTOSCAN="/var/www/html";
for S in ${DIRTOSCAN}; do
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
echo "Starting scan of "$S" directory.
Directory size: "$DIRSIZE".";
clamscan -ri --remove --detect-pua=yes "$S" >> "$LOGFILE";
#find /var/log/clamav/ -type f -mtime +30 -exec rm {} \;
MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3);
if [ "$MALWARE" -ne "0" ];then
echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found" -r "$EMAIL_FROM" "$EMAIL_TO";
fi
done
exit 0
Where admin@example.com
is the FROM address and user@example.com
is the email address any alerts will be sent to.
Give that file executable permissions with the command:
$ sudo chmod u+x /usr/local/bin/clamscan_daily.sh
Create the cron job with the command:
$ sudo crontab -e
At the bottom of the file, add the following line to run the scan every day at 1 am:
1 1 * * * /usrlocal/bin/clamscan_daily.sh > /dev/null 2>&1
Save and close the file.
At this point, ClamAV will automatically scan the /var/www/html
directory for malicious files and alert you if it finds anything. If your server isn’t set up, such that it can actually send out email, you’ll then need to manually view the generated log file with the command:
less /var/log/clamav/clamav-DATE
Where DATE is the timestamp of the file you need to view. If you aren’t setting this up for manual email alerts, make sure you routinely check the ClamAV log file.
Conclusion
I to je sve što treba za postavljanje ClamAV-a na vašem Ubuntu poslužitelju, kako bi se otkrilo i zaštitilo od zlonamjernih datoteka. If you have any questions, feel free to leave a comment.