Using ClamAV (AntiVirus)
ClamAV | Open-source antivirus engine
Overview
ClamAV is an open source anti-virus toolkit, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.
- https://docs.clamav.net/
ClamAV is an open-source, cross-platform antimalware toolkit that can detect many types of malware, including viruses. ClamAV can be installed on your Linux, Windows, and Docker.
In this article, we will try to use scenario Client-Server ClamAV Scanning with the architecture below.
Step-by-step
Installation ClamAV daemon
Installation
~# sudo apt update~# sudo apt install clamav clamav-daemon -y
Check service status
~# sudo systemctl status clamav-freshclam
Download and Update ClamAV Signature Database
~# sudo systemctl stop clamav-freshclam~# sudo freshclam~# sudo systemctl start clamav-freshclam
Verify clamd log files
~# tail /var/log/clamav/clamav.logMon May 9 09:14:33 2022 -> Portable Executable support enabled.
Mon May 9 09:14:33 2022 -> ELF support enabled.
Mon May 9 09:14:33 2022 -> Mail files support enabled.
Mon May 9 09:14:33 2022 -> OLE2 support enabled.
Mon May 9 09:14:33 2022 -> PDF support enabled.
Mon May 9 09:14:33 2022 -> SWF support enabled.
Mon May 9 09:14:33 2022 -> HTML support enabled.
Mon May 9 09:14:33 2022 -> XMLDOCS support enabled.
Mon May 9 09:14:33 2022 -> HWP3 support enabled.
Mon May 9 09:14:33 2022 -> Self checking every 3600 seconds.
Testing ClamAV
~# cd /tmp~# wget http://www.eicar.org/download/eicar.com~# clamscan --infected --remove eicar.com/tmp/eicar.com: Win.Test.EICAR_HDB-1 FOUND/tmp/eicar.com: Removed.----------- SCAN SUMMARY -----------Known viruses: 8616169
Engine version: 0.103.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 21.098 sec (0 m 21 s)
Start Date: 2022:05:09 09:40:36
End Date: 2022:05:09 09:40:57```
Client-Server Scenario
- Server Node
Open ClamAV Configuration
~# nano /etc/clamav/clamd.conf
Add on the end file bellow
TCPSocket 3310
Restart Service
systemctl restart clamav-freshclam.servicesystemctl restart clamav-daemon.service
- Client Node
Open ClamAV Configuration
~# nano /etc/clamav/clamd.conf
Add on the end file bellow
TCPSocket 3310
TCPAddr 172.100.1.200
Restart Service
systemctl restart clamav-freshclam.servicesystemctl restart clamav-daemon.service