Open in app

Sign in

Write

Sign in

Using ClamAV (AntiVirus)

ClamAV | Open-source antivirus engine

Btech Engineering
btech-engineering
2 min readOct 14, 2022

--

ClamAV

Overview

ClamAV is an open source anti-virus toolkit, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.
- https://docs.clamav.net/

ClamAV is an open-source, cross-platform antimalware toolkit that can detect many types of malware, including viruses. ClamAV can be installed on your Linux, Windows, and Docker.

In this article, we will try to use scenario Client-Server ClamAV Scanning with the architecture below.

Step-by-step

Installation ClamAV daemon

Installation

~# sudo apt update~# sudo apt install clamav clamav-daemon -y

Check service status

~# sudo systemctl status clamav-freshclam

Download and Update ClamAV Signature Database

~# sudo systemctl stop clamav-freshclam~# sudo freshclam~# sudo systemctl start clamav-freshclam

Verify clamd log files

~# tail /var/log/clamav/clamav.logMon May  9 09:14:33 2022 -> Portable Executable support enabled.
Mon May  9 09:14:33 2022 -> ELF support enabled.
Mon May  9 09:14:33 2022 -> Mail files support enabled.
Mon May  9 09:14:33 2022 -> OLE2 support enabled.
Mon May  9 09:14:33 2022 -> PDF support enabled.
Mon May  9 09:14:33 2022 -> SWF support enabled.
Mon May  9 09:14:33 2022 -> HTML support enabled.
Mon May  9 09:14:33 2022 -> XMLDOCS support enabled.
Mon May  9 09:14:33 2022 -> HWP3 support enabled.
Mon May  9 09:14:33 2022 -> Self checking every 3600 seconds.

Testing ClamAV

~# cd /tmp~# wget http://www.eicar.org/download/eicar.com~# clamscan --infected --remove eicar.com/tmp/eicar.com: Win.Test.EICAR_HDB-1 FOUND/tmp/eicar.com: Removed.----------- SCAN SUMMARY -----------Known viruses: 8616169
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 21.098 sec (0 m 21 s)
Start Date: 2022:05:09 09:40:36
End Date:   2022:05:09 09:40:57```

Client-Server Scenario

  • Server Node

Open ClamAV Configuration

~# nano /etc/clamav/clamd.conf

Add on the end file bellow

TCPSocket 3310

Restart Service

systemctl restart clamav-freshclam.servicesystemctl restart clamav-daemon.service
  • Client Node

Open ClamAV Configuration

~# nano /etc/clamav/clamd.conf

Add on the end file bellow

TCPSocket 3310
TCPAddr 172.100.1.200

Restart Service

systemctl restart clamav-freshclam.servicesystemctl restart clamav-daemon.service

Reference

https://docs.clamav.net/

Our Tagline

# Together is Better & Continuous Learning

Author:

Muhammad Fauzan Rafi, Staff of Research | LinkedIn

Based On Documentation Research:

M. Luthfi As Syafii, Research Manager | LinkedIn

Research
Engineering
Clamav
Antivirus
Malware

--

--

Btech Engineering
btech-engineering

Written by Btech Engineering

175 Followers
Editor for

Our mission is continuous learning and remember together is better.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams