Home linux commands security clam av

clam av

How To Install and Configure Clam AV

http://www.rackspace.com/knowledge_center/article/installing-rhel-epel-repo-on-centos-5x-or-6x

How to Install ClamAV and Configure Daily Scanning on CentOS

Install required packages

yum install clamav clamd

Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on

/etc/init.d/clamd start
Update ClamAV’s signatures
/usr/bin/freshclam

Configure Weekly Scan

vi /etc/cron.weekly/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan

#!/bin/bash
SCAN_DIR=”/”
LOG_FILE=”/var/log/clamav/manual_clamscan.log”

/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions

chmod +x /etc/cron.weekly/manual_clamscan

Run a scan and place the contents in a new directory

clamscan / -r -l /var/log/clamav/manual_clamscan.log

Run a Manual Scan

./manual_clamscan
to run
clamscan
or
clamscan / -r -l /var/log/clamav/manual_clamscan.log
clamscan -r / > ./clamav.log
better option: clamscan / -r -l /var/log/clamav/manual_clamscan.log
tail -f /var/log/clamav/manual_clamscan.log
grep FOUND 50 /var/log/clamav/manual_clamscan.log
clamscan /var/qmail/ -r –remove=yes /var/log/clamav/manual_lamscan.log

Delete the infected files from Clam AV

clamscan -r -i / –remove -l /var/log/clamav/manual_clamscan.log

tail /var/log/clamav/manual_clamscan.log – view the end of the file
cat /var/log/clamav/manual_clamscan.log | grep FOUND > /tmp/clamav_infected.txt – create a file with the known infections to the temp dir called clamav_infected.txt

less /tmp/clamav_infected.txt – view the file page at a time

Change the email address

If you ever need this changed , you will need to open up /home/scheduled_clamscan.sh and change the report_recipient field

Update ClamAV

freshclam – Will download & update all the new virus definitions.
clamscanri /home – To run ClamAV and show the infected files.
clamscanri –remove /home – To remove the infected files and emails etc…
crontab -e f – To run as a daily Cron Job. To run ClamAV as a Cron Job (daily automatically scan)

Then you should add the following command line and then save the file. This should add it to my root crontab for the below example.

05 2 * * * root clamscan -R /var/www This should run the Cron Job daily at 2.05 AM scanning the public_html files. You should be able to change the folder to whichever folder you prefer.
00 10 * * * * root freshclam This command will update ClamAV database at 10 am every day.

See more at: http://datlinux.blogspot.co.uk/2013/03/how-to-install-clamav-on-linux-centos.html

How to do quarantine or delete with ClamAV?

http://askubuntu.com/questions/171441/how-to-do-quarantine-or-delete-with-clamav

Remove Viruses

clamscan /var/qmail/ -r –remove=yes /var/log/clamav/manual_lamscan.log