What is ClamAV?
Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, OS X, OpenVMS, OSF (Tru64) and Solaris.
ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine.
It is widely used for mail gateway scanning software. ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates which makes it power full.
# STEP 1
Download & install ClamAV
Let’s update the repository for packages lists by issuing the following command in the terminal. It’s a good practice to do so. But it is not mandatory.
sudo apt-get update
To install ClamAV, issue the following command in the terminal. This will also install clamav-freshclam in your system automatically.
sudo apt-get install clamav clamav-daemon
# STEP 2
By this time, ClamAV is already installed on your system. But we need to update the virus definition database or virus signature. This is the database used by the clamAV to search for a virus or threat. Issue the following command in the terminal to update your database . You will see that it will download the latest database to match any virus. It will download main.cvd and daily.cvd files.
# STEP 3
Scanning files by using ClamAV from terminal by using command line interface.
To check files in the all users home directories issue the following command in the terminal.
clamscan -r /home
To check all files on the computer, issue the following command in the terminal.
clamscan -r /
Note: Above command will slows down your server performance and may take a long time depending on the size of the disk and the capacity of the disk.
Please issue the following command in the terminal to check all files on the computer, but only display infected files and ring a bell when found a threat.
clamscan -r --bell -i /
After finishing the scanning, it will show a summary report of the scanning just like below.
To put all the infected files list on a particular file, please issue the following command in the terminal.
sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/report/myfile.txt
The above command will take the output of the clamscan command and put it for the input for grep command by using pipe command and which will match the word “FOUND” and redirects all those infected files list to a file named myfile.txt by appending it.
To know the version of ClamAV, please issue the below command in the terminal.
For scheduling ClamAV for running on a particular time, issue the following command in the terminal.
This will open cronjob for you.
Now append the file by putting following line at the bottom of the file.
00 00 * * * clamscan -r /location_of_files_or_folder
The above cronjob will run ClamAV for scanning that particular folder directory everyday at midnight. I hope you know about cronjob.