ClamAV

From MEPIS Documentation Wiki

Jump to: navigation, search

ClamAV anti-virus is free, opensource and easy to install, so you may want to use it on your Linux box to scan files for infections by various pest permeating the Windows world. While viruses are not a real concern in Linux, you may still want to limit inbound nonsense email traffic created by viruses or help some of your friends who happen to use Windows.

Contents

Installation

ClamAV is in the repositories and can be installed using Synaptic. However you have to enable the volatile repository which is not enabled by default. Anti-virus software needs quick updates to be able to find quickly evolving viruses and the volatile repository is a place for such packages. In Synaptic, go to Settings --> Repositories, select line containing volatile and press OK. Then press Reload button to fetch enlarged selection of packages and search for clamav. For first tests, install clamav and clamav-freshclam packages.

Basic usage from command line

Update virus description database (as root): 

 freshclam

Then scan a directory containing files from Windows: 

 clamscan -r /location/of/files 2 > scan-errlog | tee scan-log

The recursive option -r makes it scan subdirectories, and tee saves the results while also showing them on screen. Report may end with something like: 

 ----------- SCAN SUMMARY -----------
 Known viruses: 678708
 Engine version: 0.95.3
 Scanned directories: 5961
 Scanned files: 76934
 Infected files: 1
 Data scanned: 31150.10 MB
 Data read: 29141.68 MB (ratio 1.07:1)
 Time: 4335.571 sec (72 m 15 s)

To inspect the results, use e.g.: 

 fgrep -v OK scan-log |fgrep -v Empty

This will likely show you just the real problems. (If you happen to see 'ClamAV engine is outdated' in scan-errlog, take seriously the 'volatile' hint above.)

Related Mepis Wiki Links

Other Related Resources

Retrieved from "http://www.mepis.org/docs/en/index.php?title=ClamAV"
Personal tools