Friday, September 1, 2017

12 - Linux Security: ClamAV antivirus


- Layout for this exercise:

- ClamAntiVirus (ClamAV) is a free, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, worms, etc ...

- Installing clamav and clamav-daemon:

- Searching information for clamav packages:

- freshclam is the tool for clamav virus database update. However, when trying to use freshclam it might be possible to get this error message:

- Detecting any running process related to freshclam:

- Stopping clamav-freshclam service:

- Running again, now the database update is successful:

- Reading freshclam.conf:

- It is interesting to notice that the configuration indicates to check for new databases every 1 hour, what could be considered too much for the CPU performance. It may be changed to just 1 by day, or similar:

- Options for clamscan, the scanning tool of ClamAV:

- Let's scan the home directory of user johndoe. In this case the number of found virus is null:

- Another interesting option would be to move the potential found viruses to a folder created for that purpose (/virus in this case):

- Also, directly removing malware could be an option:

- Searching for malware in the whole system would take a lot of time:

- Sending bell alerts whenever a virus is found: