CLAMAV ANTIVIRUS
- Layout for this exercise:
- ClamAntiVirus (ClamAV) is a free, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, worms, etc ...
https://www.clamav.net/
https://en.wikipedia.org/wiki/Clam_AntiVirus
- Installing clamav and clamav-daemon:
- Searching information for clamav packages:
- freshclam is the tool for clamav virus database update. However, when trying to use freshclam it might be possible to get this error message:
- Detecting any running process related to freshclam:
- Stopping clamav-freshclam service:
- Running again, now the database update is successful:
- Reading freshclam.conf:
- It is interesting to notice that the configuration indicates to check for new databases every 1 hour, what could be considered too much for the CPU performance. It may be changed to just 1 by day, or similar:
- Options for clamscan, the scanning tool of ClamAV:
- Let's scan the home directory of user johndoe. In this case the number of found virus is null:
- Another interesting option would be to move the potential found viruses to a folder created for that purpose (/virus in this case):
- Also, directly removing malware could be an option:
- Searching for malware in the whole system would take a lot of time:
- Sending bell alerts whenever a virus is found:
