Manjaro Difference between revisions of "ClamAV"

Difference between revisions of "ClamAV"

From Manjaro
imported>FadeMind
m (update clamtk homepage url)
 
(11 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[File:Clam.png|center]]
<languages/>
__TOC__


= About =
<translate>
= About = <!--T:1-->
 
<!--T:2-->
[[File:Clam.png|left]] [https://www.clamav.net/ ClamAV] is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64) and Solaris. As of version <code>0.97.5</code>, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge.


Clam AntiVirus (ClamAV) is a free, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, OS X, OpenVMS, OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge.
Sourcefire, now acquired by Cisco, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.
Sourcefire, now acquired by Cisco, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.


<!--T:3-->
ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine from a shared library.
ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine from a shared library.
The application also features a Milter interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF executables and Portable Executable (PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office, HTML, Rich Text Format (RTF) and Portable Document Format (PDF).
The application also features a Milter interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF executables and Portable Executable (PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office, HTML, Rich Text Format (RTF) and Portable Document Format (PDF).
The ClamAV virus database is updated several times each day and as of 30 October 2011 contained 1,063,024 virus signatures with the daily update Virus DB number at 13867.
The ClamAV virus database is updated several times each day and as of 30 October 2011 contained 1,063,024 virus signatures with the daily update Virus DB number at 13867.


<!--T:4-->
ClamAV is currently tested daily in comparative tests against other antivirus products on Shadowserver. In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products. Out of the 25 million samples tested, ClamAV scored 76.60% ranking 12 out of 19, a higher rating than some much more established competitors.
ClamAV is currently tested daily in comparative tests against other antivirus products on Shadowserver. In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products. Out of the 25 million samples tested, ClamAV scored 76.60% ranking 12 out of 19, a higher rating than some much more established competitors.
ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.
ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.
In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28% [http://en.wikipedia.org/wiki/Clam_AntiVirus]
In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28% [http://en.wikipedia.org/wiki/Clam_AntiVirus]


= Installing ClamAV =
= Install ClamAV = <!--T:5-->


ClamAV is available in official repository. You can install it by command:
<!--T:6-->
ClamAV is available in the <code>extra</code> repository[https://archlinux.org/packages/extra/x86_64/clamav/]. You can install it by command:


  sudo pacman -S clamav
  <!--T:7-->
<syntaxhighlight lang="shell">
sudo pacman -S clamav
</syntaxhighlight>


= Setup ClamAV =
= Set up ClamAV via CLI = <!--T:8-->


Prepare configuration files:
== Edit Config ==


sudo cp /etc/clamav/clamd.conf.sample /etc/clamav/clamd.conf
<!--T:9-->
Edit the contents of the configuration files to suit your preferences:


sudo cp /etc/clamav/freshclam.conf.sample /etc/clamav/freshclam.conf
<!--T:10-->
* <code>/etc/clamav/clamd.conf</code>
* <code>/etc/clamav/freshclam.conf</code>


Edit configuration files:
== Update Database ==


sudo gedit /etc/clamav/clamd.conf
<!--T:11-->
First update database:


sudo gedit /etc/clamav/freshclam.conf
<!--T:12-->
<syntaxhighlight lang="shell">
sudo freshclam
</syntaxhighlight>


Replace the contents of the configuration files as follows:
<!--T:13-->
You may get a notification that <code>clamd</code> was not notified.  This is normal because we haven't started the service yet.


* [https://pastebin.com/raw.php?i=PUS1RLFb Customized '''/etc/clamav/clamd.conf''' file for proper working.]<br/>
<!--T:18-->
* [https://pastebin.com/raw.php?i=xuWSWm3P Customized '''/etc/clamav/freshclam.conf''' file for proper working.]
Check database version:


Fix ''clamd.sock'' error:
<!--T:19-->
<syntaxhighlight lang="shell">
freshclam --version
</syntaxhighlight>


sudo touch /var/lib/clamav/clamd.sock
== Services ==


sudo chown clamav:clamav /var/lib/clamav/clamd.sock
=== clamav / freshclam ===


First update database:
<!--T:14-->
Start and enable service:
 
<syntaxhighlight lang="shell">
sudo systemctl enable --now clamav-daemon
sudo systemctl enable --now clamav-freshclam
</syntaxhighlight>
 
<!--T:16-->
Check status daemons:
 
<!--T:17-->
<syntaxhighlight lang="shell">
sudo systemctl status clamav-daemon && sudo systemctl status clamav-freshclam
</syntaxhighlight>
 
=== cron ===
Make sure a cron daemon (for example 'cronie') is installed, enabled and running, as cronjobs are used in this guide.
See also: [https://wiki.archlinux.org/title/Cron Cron]
 
Example with 'cronie' (install, enable+start and check status):
<syntaxhighlight lang="shell">
sudo pacman -S cronie
sudo systemctl enable --now cronie.service
sudo systemctl status cronie.service
</syntaxhighlight>
 
Alternative: Use systemd Timers. See: [https://wiki.archlinux.org/title/Systemd/Timers systemd/Timers]
 
== Schedule scans through 'cron' == <!--T:23-->
 
=== Edit 'crontab' ===
 
Run <code>crontab -e</code> to edit your <code>crontab</code> and add the following line, editing it to your needs:
 
<syntaxhighlight lang="cron">
53 8 * * 5 /usr/bin/clamdscan --fdpass --multiscan --move="$HOME/.clam/quarantine" --log="$HOME/.clam/logs/$(date +\%Y\%m\%d)-weekly.log" "$HOME" 2>/dev/null 1>&2
</syntaxhighlight>


sudo freshclam -v
This scans the entire <code>$HOME</code> directory every week on Saturday at 08:53. See <code>man 5 crontab</code> for more info on the formatting of this file and <code>man clamdscan</code> for an explanation of the options used.


Setup daemons:
=== Create directories 'logs' and 'quarantine' ===
sudo freshclam -d


sudo systemctl enable clamd && sudo systemctl enable freshclamd
If not already present, the directories for <code>'logs'</code> and <code>'quarantine'</code> are to be created in the <code>$HOME</code> directory:


sudo systemctl start clamd && sudo systemctl start freshclamd
<syntaxhighlight lang="shell">
mkdir -p "${HOME}/.clam/quarantine" && mkdir -p "${HOME}/.clam/logs"
</syntaxhighlight>


Check status daemons:
Otherwise, for example, creating the logfile may fail due to missing authorization.


sudo systemctl status clamd && sudo systemctl status freshclamd
=== Set ExcludePath for 'quarantine' folder ===


Check database version:
To exclude scanning the <code>'quarantine'</code> folder in the <code>$HOME</code> directory, add an <code>'ExcludePath'</code> to <code>'/etc/clamav/clamd.conf'</code> with your prefered editor, for example using 'vim':


freshclam -V
<syntaxhighlight lang="shell">
sudo vim /etc/clamav/clamd.conf
</syntaxhighlight>


= ClamTK - graphical interface of ClamAV =
Search for <code>ExcludePath</code> and add:
<code>ExcludePath ^/home/.*/\.clam/quarantine</code>


ClamTK is available in AUR. You can install it by command:
Alternative: you can provide a separate config-file.
For more Information see <code>man clamdscan</code> and <code>man clamd.conf</code>.


yaourt -S clamtk
== Schedule updates through 'cron' ==


TIP: ClamTK need full gnome icon theme installed. If some icon's are missing, then will don't start.  
A service should already be running for automatic updates, so that configuring updates via a cronjob are no longer necessary.
To check the service run:


* Fix for KFaenza icon theme:
<syntaxhighlight lang="shell">
Paste this code and save as file and execute in terminal as root.
systemctl status clamav-freshclam.service
</syntaxhighlight>
#!/bin/sh
sudo ln -s /usr/share/icons/KFaenza/places/16/network-workgroup.png /usr/share/icons/KFaenza/places/16/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/22/network-workgroup.png /usr/share/icons/KFaenza/places/22/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/32/network-workgroup.png /usr/share/icons/KFaenza/places/32/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/48/network-workgroup.png /usr/share/icons/KFaenza/places/48/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/64/network-workgroup.png /usr/share/icons/KFaenza/places/64/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/128/network-workgroup.png /usr/share/icons/KFaenza/places/128/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/256/network-workgroup.png /usr/share/icons/KFaenza/places/256/gtk-network.png
sudo ln -s /usr/share/icons/KFaenza/places/scalable/network-workgroup.png /usr/share/icons/KFaenza/places/scalable/gtk-network.png


=Support=
For config see <code>man freshclam.conf</code>.


Official forum topic: [http://forum.manjaro.org/index.php?topic=9638]
If the service is not available / can not be started and enabled on your system:
Then run <code>sudo crontab -e -u clamav</code> to set up automatic updates. (These should be run as the <code>clamav</code> user.) Add the following line to update these at 13 past every hour:


=See Also=
<syntaxhighlight lang="cron">
13 * * * * /usr/bin/freshclam --quiet
</syntaxhighlight>


[http://www.clamav.net/lang/en/ ClamAV Homepage]
= Set up ClamAV via GUI (ClamTK) = <!--T:20-->


[https://github.com/dave-theunsub/clamtk/ ClamTK Homepage]
<!--T:21-->
[https://archlinux.org/packages/community/any/clamtk/ ClamTK] is a graphical user interface to setup scheduled scans and updates as well as one-off scans. It's available in the <code>community</code> repository[https://archlinux.org/packages/community/any/clamtk/], you can install it with <code>pacman</code>:


[https://aur.archlinux.org/packages/clamtk/ AUR:clamtk]
<!--T:22-->
<syntaxhighlight lang="shell">
sudo pacman -S clamtk
</syntaxhighlight>


</translate>


[[Category:Contents Page]]
[[Category:Contents Page{{#translation:}}]]
[[Category:Applications{{#translation:}}]]

Latest revision as of 07:12, 2 March 2023

Other languages:
English • ‎Türkçe • ‎français • ‎русский

About

Clam.png

ClamAV is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge.

Sourcefire, now acquired by Cisco, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.

ClamAV includes a number of utilities: a command-line scanner, automatic database updater and a scalable multi-threaded daemon, running on an anti-virus engine from a shared library.

The application also features a Milter interface for sendmail and on-demand scanning. It has support for Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS formats, most mail file formats, ELF executables and Portable Executable (PE) files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor. It also supports many document formats, including Microsoft Office, HTML, Rich Text Format (RTF) and Portable Document Format (PDF).

The ClamAV virus database is updated several times each day and as of 30 October 2011 contained 1,063,024 virus signatures with the daily update Virus DB number at 13867.

ClamAV is currently tested daily in comparative tests against other antivirus products on Shadowserver. In 2011, Shadowserver tested over 25 million samples against ClamAV and numerous other antivirus products. Out of the 25 million samples tested, ClamAV scored 76.60% ranking 12 out of 19, a higher rating than some much more established competitors.

ClamAV was included in comparative tests against other antivirus products. In the 2008 AV-Test it rated: on-demand: very poor, false positives: poor, on-access: poor, response time: very good, rootkits: very poor.

In a Shadowserver six-month test between June and December 2011, ClamAV detected over 75.45% of all viruses tested, putting it in fifth place behind AhnLab, Avira, BitDefender and Avast. AhnLab, the top antivirus, detected 80.28% [1]

Install ClamAV

ClamAV is available in the extra repository[2]. You can install it by command:

sudo pacman -S clamav

Set up ClamAV via CLI

Edit Config

Edit the contents of the configuration files to suit your preferences:

  • /etc/clamav/clamd.conf
  • /etc/clamav/freshclam.conf

Update Database

First update database:

sudo freshclam

You may get a notification that clamd was not notified. This is normal because we haven't started the service yet.

Check database version:

freshclam --version

Services

clamav / freshclam

Start and enable service:

sudo systemctl enable --now clamav-daemon
sudo systemctl enable --now clamav-freshclam

Check status daemons:

sudo systemctl status clamav-daemon && sudo systemctl status clamav-freshclam

cron

Make sure a cron daemon (for example 'cronie') is installed, enabled and running, as cronjobs are used in this guide. See also: Cron

Example with 'cronie' (install, enable+start and check status):

sudo pacman -S cronie
sudo systemctl enable --now cronie.service
sudo systemctl status cronie.service

Alternative: Use systemd Timers. See: systemd/Timers

Schedule scans through 'cron'

Edit 'crontab'

Run crontab -e to edit your crontab and add the following line, editing it to your needs:

53 8 * * 5 /usr/bin/clamdscan --fdpass --multiscan --move="$HOME/.clam/quarantine" --log="$HOME/.clam/logs/$(date +\%Y\%m\%d)-weekly.log" "$HOME" 2>/dev/null 1>&2

This scans the entire $HOME directory every week on Saturday at 08:53. See man 5 crontab for more info on the formatting of this file and man clamdscan for an explanation of the options used.

Create directories 'logs' and 'quarantine'

If not already present, the directories for 'logs' and 'quarantine' are to be created in the $HOME directory:

mkdir -p "${HOME}/.clam/quarantine" && mkdir -p "${HOME}/.clam/logs"

Otherwise, for example, creating the logfile may fail due to missing authorization.

Set ExcludePath for 'quarantine' folder

To exclude scanning the 'quarantine' folder in the $HOME directory, add an 'ExcludePath' to '/etc/clamav/clamd.conf' with your prefered editor, for example using 'vim':

sudo vim /etc/clamav/clamd.conf

Search for ExcludePath and add: ExcludePath ^/home/.*/\.clam/quarantine

Alternative: you can provide a separate config-file. For more Information see man clamdscan and man clamd.conf.

Schedule updates through 'cron'

A service should already be running for automatic updates, so that configuring updates via a cronjob are no longer necessary. To check the service run:

systemctl status clamav-freshclam.service

For config see man freshclam.conf.

If the service is not available / can not be started and enabled on your system: Then run sudo crontab -e -u clamav to set up automatic updates. (These should be run as the clamav user.) Add the following line to update these at 13 past every hour:

13 * * * * /usr/bin/freshclam --quiet

Set up ClamAV via GUI (ClamTK)

ClamTK is a graphical user interface to setup scheduled scans and updates as well as one-off scans. It's available in the community repository[3], you can install it with pacman:

sudo pacman -S clamtk
Cookies help us deliver our services. By using our services, you agree to our use of cookies.