ClamAV leaverages the power of the command line by providing tools which you can execute using scripts and, from within terminals. It is popularly used to scan emails passing through mail gateways.
Tools in ClamAV
ClamAV antivirus software comprises of the following command line tools.
clamscan - A tool to scan files and directories for viruses.freshclam - A virus database update tool.sigtool - A signature and database management tool.clambc - A byte code testing tool.Usage of these command line tools is explained further below.
Installing ClamAV in Linux
You can install ClamAV antivirus software in most main stream Linux distributions using their respective package management tool.
For example, here is how you install ClamAV antivirus software in Fedora Linux.
$ sudo yum install clamav
If you are using Ubuntu or another Debian based Linux, you can install ClamAV as follows.
$ sudo apt-get install clamav
Optionally, you can also install
clamav-docs (ClamAV documentation) and clamtk (A GUI front-end for ClamAV).ClamAV package is available for Fedora, Red Hat, Gentoo, Debian, Ubuntu, openSUSE, Mandriva,and Pardus Linux.
You can also compile from source which is available for download at ClamAV website.
Update the Virus database
An antivirus tool is as good as its virus database. So it is very important that you update the virus database on a regular basis.
freshclam is used to update ClamAV's virus database.In its simplest form, you can use this tool to manually download the virus database to the default directory as follows.
$ freshclam
Or you can use cron job scheduler to update the virus database on a daily basis by entering the following line in your crontab file.
0 3 * * * `/usr/bin/freshclam`
It indicates the command should be executed daily at 3:00 AM. See crontab usage for the syntax.
Alternately, you can run
freshclam as a daemon -d and check -c 2 times a day for new database.$ freshclam -d -c 2
ClamAV Usage
The following examples show how to execute the most common tasks using ClamAV.
Scan a single file
$ clamscan filename
Scan a current working directory
$ clamscan
Recursively scan
-r all files in your HOME directory$ clamscan -r /home/ravi
clamscan will recurse through a maximum depth of 15 levels if the -r option is used.
Optionally, you can decide how deep clamscan should go by using
--max-dir-recursion.$ clamscan -r --max-dir-recursion=4 /home/ravi
Print only infected files
-i to the output.$ clamscan -i -r /home/ravi
Move infected files to a directory.
$ clamscan -i --move /tmp/quarantine -r /home/ravi
The directory /tmp/quarantine must be writable for a user running clamscan.
Remove infected files
$ clamscan -i --remove=yes -r /home/ravi
By default clamscan doesn't remove any infected files.
Save the scan report
-l to a file named logfile.$ clamscan -l logfile -r /home/ravi
Ring a bell
--bell each time a virus is found.$ clamscan --bell -r /home/ravi
Scan a mail spool directory
$ clamscan -r /var/spool/mail
Scan a tape archive (tar) file.
$ clamscan --tar=/bin/tar myfile.tgz
ClamAV can scan a wide variety of files such as - archives (rar, zip, tar, deb, jar, arj ), your mails, html files ... In fact just about any file on your system.
Scan all MS Word files in your HOME directory.
$ find /home/ravi -iname \*.doc -exec clamscan -i -r {} \;Main Features of ClamAV
- Free for personal and commercial use. Released under GPL.
- Multi architecture, and multi OS support. ClamAV is available for Mac OS X, Windows, Linux and other Unix variants.
- Simple command line usage.
- Create powerful filters by linking with other commands in Linux.
- Simple to install and remove.
- Lots of third party software with in-built support for ClamAV.
0 comments:
Post a Comment