Differences

This shows you the differences between two versions of the page.

--- anti_virus:install_clamav [2016/07/04 08:19] – created peter
+++ anti_virus:install_clamav [2019/11/25 22:19] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Anti Virus - Install ClamAV ======
-===== Install ClamAV =====
-First we update the package repository:
-<code bash>
-sudo apt-get update
-</code>
-Now we install the clamav scanner, the daemon and the database updater.
-<code bash>
-sudo apt-get install clamav clamav-daemon clamav-freshclam
-</code>
-You can also install the **clamav-data** package, but the clamav-freshclam package is another (easier) way to update your virus definitions.
-On RHEL, CentOS or Scientific Linux, you only need to install the clamav package:
-<code bash>
-yum install clamav
-</code>
-===== Update the database =====
-The below two commands will restart the freshclam daemon (which auto updates the database) and then does a manual update of the definitions.
-<code bash>
-sudo /etc/init.d/clamav-freshclam restart
-sudo /usr/bin/freshclam
-</code>
-===== The daily scan =====
-The below cronjob will run a virus database definition update (so that the scan always has the most recent definitions) and afterwards run a full scan which will only report when there are infected files on the system.  It also does not remove the infected files automatically, you have to do this manually.  This way you make sure that it does not delete **/bin/bash** by accident.
-<code bash>
-## This should be a root cronjob.
-01 * * * /usr/bin/freshclam --quiet; /usr/bin/clamscan --recursive --no-summary --infected / 2>/dev/null
-</code>
-The **2>/dev/null** options keeps the **/proc** and such access denied errors out of the report.  The infected files however are still found and reported.
-Also make sure that your cron is configured so that it mails you the output of the cronjobs.  The manual page will help you with that.
-This is how a sample email looks if you have an infection:
-<code bash>
-/tmp/eicar.zip: Eicar-Test-Signature FOUND
-/tmp/eicar.com: Eicar-Test-Signature FOUND
-</code>
-===== Extra: the targeted scan =====
-The below cronjob is an example and you should adapt it as required.  It updates the virus definitions and scans the folder /var/www/sites/uploader.com/public-html/uploads/ two times per hour, and if it found any files it removes them.
-<code bash>
-## This should be a root cronjob.
-*/29 * * * * /usr/bin/freshclam --quiet; /usr/bin/clamscan --recursive --no-summary --infected --remove /var/www/sites/uploader.com/public-html/uploads 2>/dev/null
-</code>
-This is how a sample email might look like:
-<code bash>
-/var/www/sites/uploader.com/public-html/uploads/eicar.zip: Eicar-Test-Signature FOUND
-/var/www/sites/uploader.com/public-html/uploads/eicar.zip: Removed.
-/var/www/sites/uploader.com/public-html/uploads/eicar.com: Eicar-Test-Signature FOUND
-/var/www/sites/uploader.com/public-html/uploads/eicar.com: Removed.
-</code>