ClamAV
 | |
 ClamAV reporting that it failed to find any virus. | |
| Developer(s) | Cisco Systems |
|---|---|
| Repository | github.com/Cisco-Talos/clamav-devel |
| Written in | C, C++ |
| Type | Antivirus software |
| License | GNU GPL v2 |
| Website | www.clamav.net |
ClamAV is a free GPL-licensed anti-virus solution for GNU/Linux, *BSD, Windows and macOS. It has a command-line utility that lets you scan for viruses, a on-access scanner daemon called clamonacc and a virus-database update daemon called freshclam.
The Database[edit]
ClamAV comes with a handy tool for updating virus signatures called freshclam. It can be ran manually or regularly using either a cron job or a systemd service. Distributions using systemd ship ClamAV with a clamav-freshclam.service which can be used to run freshclam regularly.
The actual virus signature databases are stored in /var/lib/clamav/.
Finding The Virus[edit]
The clamscan program is used to locate the virus. It can take a single file or a folder, or multiple files and/or folders, as arguments. The -r option is needed to recursively scan directories. You will also likely want -i because clamscan will, by default, print list of every file scanned with a OK or Infected next to it and not print the names of infected files in the report it generates. You will only get something like this if a virus is found:
----------- SCAN SUMMARY -----------
Known viruses: 8519188
Engine version: 0.103.2
Scanned directories: 1
Scanned files: 359
Infected files: 2
You will be able to see what files are infected with the virus if you run clamscan -i so it only prints the files that have the virus when it scans.
clamscan -r -i reporting that it found two viruses lurking in a folder full of cheats for old MS-DOS games.
Most of the virus signatures in its database are for Windows viruses. Some are for the now very old MS-DOS viruses. There are only a few signatures for Linux-native viruses in the ClamAV database.
It should be noted that ClamAV relies entirely on signature files for known viruses, it will not find or detect a brand new, to it unknown, virus.
ClamAV should be a basic building block in any production mail setup; it is designed to work well with all the commonly used mail filters.
clamonacc[edit]
clamonacc, ClamAV On Access, is a Linux-only system daemon that can be used to scan files in real-time as they are accessed. It can be enabled on distributions using systemd using the clamonacc.service service file.
Links[edit]
- ClamAV homepage: www.clamav.net
- Arch Wiki Entry: clamav
- Manual pages:
Enable comment auto-refresher