ClamAV is an open-source antivirus engine widely used in Linux and Unix-like operating systems. Here’s how to install and use ClamAV:
Installing ClamAV
On Debian/Ubuntu systems:
Update package list:sudo apt update
Install ClamAV:sudo apt install clamav
On CentOS/RHEL systems:
Update package list:sudo yum update
Install ClamAV:sudo yum install clamav
On Fedora systems:
Update package list:sudo dnf update
Install ClamAV:sudo dnf install clamav
Updating Virus Database
After installation, you need to update the virus database:
sudo Freshclam
Basic Usage
Scanning Files or Directories
Use the clamscan command to scan files or directories:
clamscan /path/to/file_or_directory
For example, scan the home directory:
clamscan ~
Recursive Directory Scanning
To recursively scan an entire directory and its subdirectories, use the -r option:
clamscan -r /path/to/directory
Displaying Infected Files
To display only infected files, use the --infected option:
clamscan --infected /path/to/file_or_directory
Removing Infected Files
Use the --remove option to automatically delete infected files:
clamscan --remove /path/to/file_or_directory
Or, use the --move option to move infected files to a specified directory:
clamscan --move=/path/to/quarantine /path/to/file_or_directory
Watch Mode
ClamAV can also run in daemon mode, continuously monitoring file system changes and scanning. This is typically used in server environments.
Start the ClamAV daemon:
sudo systemctl start clamav-daemon
Set to start on boot:
sudo systemctl enable clamav-daemon
Configuration
The main configuration files for ClamAV are /etc/clamav/clamd.conf and /etc/clamav/freshclam.conf.
clamd.conf: Used to define the behavior of the clamd daemon.freshclam.conf: Used to define the behavior of Freshclam, such as the frequency and source of virus database updates.
Examples
Scan the home directory and display infected files:
clamscan -r --infected ~
Delete infected files:
clamscan -r --remove ~
Move infected files to the quarantine directory:
clamscan -r --move=~/quarantine ~
Important Considerations
- Performance: ClamAV is a signature-based detection engine, and may require more resources and tuning in large enterprise environments.
- Timely Updates: Regularly update the virus database to maintain the latest protection capabilities.
- Integration with Other Tools: In some environments, ClamAV can be integrated with mail servers (such as Postfix or Sendmail) to provide virus scanning of email content.
With these steps, you can install and configure ClamAV on your Linux system, and perform basic virus scanning and handling.
