ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine from a shared library. The application also features a Milter interface for sendmail and on-demand scanning. Clamav Scan Docker Image.
Skip to main contentClamAV installation and daily scan + report on Ubuntu
Published: 01-12-2012 | Author: Remy van Elst | Text only version of this article
Table of Contents
ClamAV is a virus scanner for Linux/Unix like systems. This tutorial will showyou how to install it and how to set it up to auto-update and do a daily scan.It will only report if threats are found. It is tested on Ubuntu 10.04 and up.It also covers if, and why you might need a virus scanner for Linux/Unix. As anextra, it also covers scans for specific folders which remove infected filesautomatically.
Do you need a virus scanner on Linux/Unix?
Short answer, it depends on your situation.
Long answer: You might want to run a virus scanner on a server where files areuploaded, or where users login and manipulate files. Lets say you host a fileupload site, you want to run a scan on the upload folder which auto removesinfected files. It can also be that your mailserver runs Linux, but peoplesometimes mail executables or infected pdf files. Then you also want a scanner.Or you might run a source control server (gitolite, mercurial) where sometimesbinary files are checked in. (although ClamAV might not find things in bare-gitrepositories, only in working directories.)
If you however only run a static HTML website, or an rsync backup server, or aRougelike via telnet, where there are no uploads or like, you might be wastingresources.
My advice is to look at your situation and then decide if you need ClamAV, andif you only need to scan a few folders, the entire system and if you want toauto-remove the virusses or not.
Install ClamAV
First we update the package repository:
Now we install the clamav scanner, the daemon and the database updater.
You can also install the clamav-data package, but the clamav-freshclam packageis another (easier) way to update your virus definitions.
On RHEL, CentOS or Scientific Linux, you only need to install the clamavpackage:
Update the database
The below two commands will restart the freshclam daemon (which auto updates thedatabase) and then does a manual update of the definitions.
The daily scan
The below cronjob will run a virus database definition update (so that the scanalways has the most recent definitions) and afterwards run a full scan whichwill only report when there are infected files on the system. It also does notremove the infected files automatically, you have to do this manually. This wayyou make sure that it does not delete /bin/bash by accident.
The 2>/dev/null options keeps the /proc and such access denied errors out ofthe report. The infected files however are still found and reported.
Also make sure that your cron is configured so that it mails you the output ofthe cronjobs. The manual page will help you with that.
This is how a sample email looks if you have an infection:
Extra: the targeted scan
The below cronjob is an example and you should adapt it. It updates the virusdefinitions and scans the folder /var/www/sites/uploader.com/public-html/uploads/ two times per hour, and if it found any files it removes them.
This is how a sample email might look like:
Tags: anti-virus, clamav, malware, tutorials, ubuntu, virusClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats.
Today’s plan is to install and configure ClamAV software to perform automatic daily system scans and send emails when malware is detected.
Install ClamAV
On Debian/Ubuntu, do:
On CentOS, do:
On Debian, start ClamAV virus database updater if it wasn’t started automatically:
Or alternatively do:
The above commands will start freshclam in a daemon mode:
By default, freshclam will look for new updates every hour:
Note that we can always update ClamAV manually by typing the following command:
Install SSMTP
To be able to send email, we’ll need something simple, something like SSMTP.
On Debian/Ubuntu, do:
On CentOS, do:
Clamav Mac Os
Open the configuration file:
Change the following settings appropriately (make sure the details are correct):
SSMTP configuration file contains our email login details, therefore it’s a good practice to restrict access for regular users:
Test if we are able to send an email:
All looks good so far.
Create the Daily Scan Script
We will create a new directory to store script files:
Now open a new file for the script:
And add the following code:
Save the file. Make sure it’s executable:
You can get the most recent version of the script from GitHub (you need to have git installed):
Add Script to Cron.daily
Now when we have the script, we want it to be automatically executed every day.
This can be easily achieved by creating a daily cron job. It is assumed that the system is online 24/7 (server in this case) or at least most of the time. Otherwise anacron might be a better choice.
Let’s create a hard link as below:
Check to make sure that the hard link was created:
There is one main advantage of creating a hard link instead of a symbolic link in my particular case.
I tend to keep all custom scripts in one place for the sake of convenience and they sometimes get renamed. I usually don’t have time to walk around fixing all broken symlinks.
Nevertheless, there are quite a few other alternatives available:
- Create a symbolic link.
- Move the script file to
cron.dailyfolder. - Use crontab for script execution.
You should always choose what suits you best in one or another situation.
Troubleshoting
If you get the following error:
Clamav Download For Windows 10
Update the database manually: