ClamAV

From LinuxReviews
Jump to navigationJump to search

clamav is a GPL licensed free software anti-virus solution for GNU/Linux and BSD systems. It has a command-line anti-virus scanner and a daemon which can update the anti-virus database automatically. clamav can and should be a standard part of e-mail and file server setups.

The Database

clamav comes with a handy program called freshclam which updates clamavs virus signature databases automatically. Distributions using systemd ship clamav with a clamav-freshclam.service which runs freshclam regularly.

The actual databases are stored in /var/lib/clamav/

Finding The Virus

The clamscan program can be used to locate the virus. A file or directory can be used as an argument. The -r option is needed to recursively scan directories.

Most of the virus signatures in the database are for Windows viruses. Some are for very old MS-Dos viruses. There are very few signatures for native Linux viruses in the database.

Testing ClamAV against a large collection of MS-DOS games revealed the presence of two different viruses.

It should be noted that ClamAV relies on signatures, it will not find a brand new unknown virus.

Vulnerabilities

Older (pre October 2019) versions of ClamAV will crash when scanning malicious .zip files[1]

Footnotes

Links