ClamAV is a free AV program for Linux and Windows. It is often recommended by Linux users because it is open source. But it is not that easy install point and click software. It may or may not be possible to install clamtk on your distro which gives you a GUI. But nevertheless you must edit the config files to make it work. |
I installed clamAV and looked for the files /etc/clamav/freshclam.conf and /etc/clamav/clamd.conf, which are the ones that need to be altered.
So happily I entered
Code: Select all
sudo nano /etc/clamav/freshclam.conf
I did have /etc/clamav/freshclam.conf.sample and /etc/clamav/clamd.conf.sample so I copied them over to freshclam.conf and clamd.conf
Code: Select all
cp /etc/clamav/freshclam.conf.sample /etc/clamav/freshclam.conf
and
Code: Select all
cp /etc/clamav/clamd.conf.sample /etc/clamav/clamd.conf
Now I could enter the file and comment out the word "Example" at the beginning of the file:
Code: Select all
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.
#Example <--- this needs to be commented out for clamAV to work
# Path to the database directory.
# WARNING: It must match clamd.co.......
Same procedure in clamd.conf and I was ready to go.
The first thing I wanted to do was to update the virus definitions so I did this in a terminal:
Code: Select all
freshclam
I got this error
Code: Select all
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!
So I chmoded the directory to 777
Code: Select all
chmod -R 777 /var/lib/clamav/
Maybe I could have used sudo - and 755 would probably be sufficient - but that is what I did.
I repeated freshclam in a terminal and the virus database was refreshed.
You need to do this even if you have the clam GUI - clamtk - installed.
So time for my first scan then. I wanted to scan my mail so I scanned the .thunderbird directory :
Code: Select all
clamscan -r -i .thunderbird
The -r or--recursive Scans directories recursively. All the subdirectories in the given directory will be scanned and the -i or --infectedOnly print infected files.
You can simply do a
Code: Select all
clamsan .thunderbird
And true enough if found a (Windows)virus:
Code: Select all
[viking@thomas-pc ~]$ clamscan -r -i .thunderbird
.thunderbird/0xsvi6ot.default/Mail/mail.bjoernvold-1.com/Inbox: Email.Trojan-465 FOUND
So to remove it I repeated the command and added
Code: Select all
--remove
Code: Select all
clamscan -r -i .thunderbird --remove
And that went like a charm:
Code: Select all
[viking@berserk-pc ~]$ clamscan -r -i .thunderbird --remove
.thunderbird/0xsvi6ot.default/Mail/mail.bjoernvold-1.com/Inbox: Email.Trojan-465 FOUND
.thunderbird/0xsvi6ot.default/Mail/mail.bjoernvold-1.com/Inbox: Removed.
I could have entered that command in the first place to scan and remove the viruses in one operation - but I like to see the findings first since there is such a thing as false positives.
So yes ClamAV is a good AV even if it is not the easiest to set up - once you have done it - it works.
You can start it as a service(daemon) - with:
Code: Select all
sudo systemctl enable clamd.service
and then start it with:
Code: Select all
sudo systemctl start clamd.service
This does not apply for Ubuntu but for all the other systemd distros out there.