CLAMAV ANTIVIRUS
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0orxgIpdwJFDH6QXhw-Z5JQWdRyKaz8f_GXQOI-ll1SN8ho6K43XNAODymXcvbQCdq9-z1NwPk2bZVb5m0CVWtAGRIzqLbikxbv3Yv6Mbcj0Gk4Gg_x8gUOXnsTN20Z2EdSfIPovDTPJu/s1600/debian.jpg)
- ClamAntiVirus (ClamAV) is a free, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, worms, etc ...
https://www.clamav.net/
https://en.wikipedia.org/wiki/Clam_AntiVirus
- Installing clamav and clamav-daemon:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9ZxVXOEV-gAXnoytreVd-DXXfcu38vpoZcA5qfg1uUz7ng4WxNL-7p68ddxwCi1jgjv25L-ki8zHkK3_PqZfC1GVpYLWsqWWbo3QVnrVyrm5QxSXGUX_8OtzCRAhOzJbUopBC7LEZlKU3/s1600/screenshot.4.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZL-uDZ-jWWQ4Ax_Uv9fYKdXOKGKA0oNH0RFD1ONIHc1qCk0SdqJMEH3ZoRt87FITIn3Nf5FvaDeYSmhbu-4vvjWwbNTm9vJREzg-LpQfBQiokIKiYv9KgDy29ndinJpYiKCRppwxX4grw/s1600/screenshot.25.jpg)
- Searching information for clamav packages:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh776TF1URys2Aaj1WfFq1N0dfPELJBVjVS0mYN0UlTQpYeDQgJrw3M4zHQgeL9WrKhcBPVokNU2tDFidIvXMuaJKKM5NszckztZbQ0AjY2fhXJLkaZwetfltxiyLlT95Z_fdbqebvXfEFZ/s1600/screenshot.1.jpg)
- freshclam is the tool for clamav virus database update. However, when trying to use freshclam it might be possible to get this error message:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvSwH-UfTq7gjC9CsPa8cC85_59t5_pT15-8tspkk06TWQUd_zxwruwXbrBshlXir8xaXeKqOAjBNr2NyHBM6n0ML9L1eHLMuqkp_qLUyORUarcj_0WI39vYw23w0Xo4XCnTc3KMs_HvNH/s1600/screenshot.8.jpg)
- Detecting any running process related to freshclam:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyJklDoTnU5rnJUrwoIJSmHvL8GkJoAO2coCe_RCjOlI3zHLH1uWh6q-8HYKIQSk7c4UDYuushlMnAorREPuzz7D5dlx_iPOIQoOjZ5ShWL0NLVF5hpZgmBQRXc1YmaNDJk2TnKxkxDR3i/s1600/screenshot.9.jpg)
- Stopping clamav-freshclam service:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-M1CqDYNHNbqSPSjidA9QndvmDwzWITRTPEFx9oC9e7ikfRRi6kOm68LghWu5Ur5-jxWcDCxGkQIl5by6yaGMoXU4pP4-cCJsO0lPEoE70dBati51ZoHR2C-CMoB1OJdd6suKQBOVSh7_/s1600/screenshot.10.jpg)
- Running again, now the database update is successful:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT61DJAFNHAi4F0gSYlt0nBrfzevT1TvsPEz5jBO1JcmSEeCMmYjBpMQih_JMRpcqatU09jCOvQhyWmeSPLTuH2lsc_ymOlgeBf4-rgaUVtxYukAhP-ETssliRq6MGHjKvBltrMdvIQJLb/s1600/screenshot.21.jpg)
- Reading freshclam.conf:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjem38RHNc9pxqNPVwWMc1VLk_BmNQWz9NwWw4UPxjowBd90HIl04nBFqj3v3ZVk6e51e4csf8Ba-fO4tHNJzZqUhDh2T9fuyOQd4f-BrvpRu77uxglzBJIqQEHg0BUiMzOTiBFnm5eSNzR/s1600/screenshot.3.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcwyQRrYkQjVtz4aDo74pEAYLEDoJH7sQwVGB6hYkDAMFBsvMTBPmAq1KRGG6cq_sQ6w9w-LFEKcuC9DLVof-SyElK2trqqlH2baoAqEHFuM86npUkqBxCzyN7HZ_-4N5wcCIQdpLp9yA5/s1600/screenshot.6.jpg)
- It is interesting to notice that the configuration indicates to check for new databases every 1 hour, what could be considered too much for the CPU performance. It may be changed to just 1 by day, or similar:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHeFPFiUUSLm_VaXipRXtvc6x-5uMMIsBLTP4rMIa6HOnyY3faj9B-J0_a3DD6tc-51-R8QCsDUMDC5Zvoph6pm7xAokEEcuqUv1Fy2LLk6vElTnP4aEcaBSRc_SWMkXehA2jY-OKvWX5x/s1600/screenshot.7.jpg)
- Options for clamscan, the scanning tool of ClamAV:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDdI-LY2Ttw1GDlbXzuC106K41xXx3t12kzCutk6Xv9ScGncgH7KjussW9L8XkHVMRcgPyRiGfJYZsecBIKv3pS065asNG3tBj-SNOeh_2sikXSHHaez6oTWBl3cTB1dbY0HpP5fnzfAUz/s1600/screenshot.12.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSNi_idE018FlD1FIy-5czSFlZHfOTmoydXfLSCh4e9n3zoTD2lc8D5tZ3zRI86AAWIrTIIkrMDwvpqZvKN8E11Y8APWRu1x_g7MnI9TqKO1unCbv484gD6OaQsat-M-1CbkzltR8VsdGI/s1600/screenshot.11.jpg)
- Let's scan the home directory of user johndoe. In this case the number of found virus is null:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu1TkxOQ0w-0I6CRy0QvjuQAD92yJSefIQlMO2RAT5g2_Ec1VT9Y5H5pVxe3PBvqpcbqaYGkQGALgjlPVkU7zu8kXiVVcXDNcnXJKf0LyvGxhOPdREgOWUD90-S8AEMB0uaBzMGdqXXv-e/s1600/screenshot.22.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-UMlhETkJJdSLt7Tb1_PdRUxHTafuiJqeXZgpQsIVZd-_51h4iYmZtxaBXpeniPJJNF0Vb_CxhRDoQ8-KKaaksH9gtH29sqWPgKDoYl4YXfNgjcElQlKaOp2Jc2ZSv03dyy141yq29N13/s1600/screenshot.23.jpg)
- Another interesting option would be to move the potential found viruses to a folder created for that purpose (/virus in this case):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTW7KgQdP_wQMPTO06HHH5hMfMz-FEM6qET4ib81aLA0iglTgwX51ghZZNv8znvTHvCiqUR57RN4abzPZ34AKrRIpVq_8pUlJUs7nCkZyS919CG1A93d6EON9LGMpDuRA8ZmlzBsBxVsRg/s1600/screenshot.15.jpg)
- Also, directly removing malware could be an option:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGp2Gy0nRwoXdDWW6AWsz-l-uNDNC2HRI1FdNBhWQeLMraZxwvLTx1RrKoYbYtuqda78JOu8_gezUW2i9jXBS1eWBmACDLsRv-IXHHe_ISs697lS5uyW9Dg0AQAQFFZ1B68Z64geFNbyiu/s1600/screenshot.16.jpg)
- Searching for malware in the whole system would take a lot of time:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTHvbX0oucdaSLUjzFsZhzqekxZdcpV-eKU7DljO7TOr81MUJAtgA29RAsSsl8IVHJSUSlLAe99XxDiPXWfsVh0EEwdPhH7val6zCdGnEZOKEnjunq_R_9a1A9HJVgq3kBg13nxsuYdozX/s400/screenshot.17.jpg)
- Sending bell alerts whenever a virus is found:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC9paeQFbmoOxuVXJfIeiBnBZyfbAKn0A4MdqeIxNo2-xUJZpT2luz0jPQVl23G0ta4HMtythxWUADZpvu_uFfGblc10joZQznQPFraPAjB7awIJmSwwyxPOB3u4FGnACKD5jv4BkB1vCb/s1600/screenshot.18.jpg)