Tech > ClamAV

ClamAV

Installing (Linux)

  1. Download the latest stable release from the ClamAV Site. Full documentation for the install process is included with the distribution in the file named ./doc/clamdoc.pdf.

  2. De-compress the archive and change your working folder to the de-compressed folder

Installing for All Users

Note: the 'All Users' instructions have not been confirmed. They are a summary of the instructions included in the distribution.

  1. Add a clamav user and group

    # groupadd clamav
    # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
  2. Build and install

    $ ./configure --sysconfdir=/etc
    $ make
    # make install
  3. Edit /etc/clamd.conf setting the options to suit

    # vi /etc/clamd.conf
  4. Edit the configuration file, ensuring you set the location of the database (DatabaseDirectory option)

    # vi /etc/freshclam.conf
  5. Run the clamd daemo

    $ clamd

Installing for Shell Account

  1. Build, specifying an install location, then install

    $ ./configure --prefix=/home/myname/clamav --disable-clamav
    $ make; make install
  2. Edit the configuration file, ensuring you set the location of the database (DatabaseDirectory option)

    $ vi ./etc/freshclam.conf
  3. Update the virus database

    $ ~/clamav/bin/freshclam
  4. Check the database is up-to-date by examining the date shown with the version option

    $ ~/clamav/bin/clamscan --version --database=./${DATABASE_LOCATION}
  5. Test the installation

    $ ~/clamav/bin/clamscan --database=./${DATABASE_LOCATION} ~

Scan

The following will provide a default recursive scan of /media/sda1 with logging and copying of files found to be infected.

  $ mkdir infected
  $ clamscan --recursive --suppress-ok-results --log=scan.log --copy=./infected/ /media/sda1

False Positives

Use VirusTotal.com to check how likely the file is a false positive.

If you think it is, submit it to ClamAV using the virus submission form.

References


-- Frank Dean - 15 Mar 2010

Related Topics: LinuxHintsAndTips, WindowsXP