Ads 468x60px

Showing posts with label ClamAV. Show all posts
Showing posts with label ClamAV. Show all posts

Monday, 5 July 2010

Install Clam AV on Lucid Lynx

Proyecto ClamAVImage via Wikipedia


 I always find it comical when I hear people say that they live in such a safe neighborhood that they rarely lock their doors.  Yes it is true, you may have a lower crime rate, but it does not mean that it cannot happen. What the hell does this have to do with Linux and viruses?
It means even Linux users need anti-virus software.  But of course it’s no where near as bad or a “necessity” like it is on any of the Microsoft Windows platforms.  As an example, back in 2005 Kaspersky reported that the number of Linux malware jumped from 422 to 863 known viruses.  Those numbers pale in comparison to the reported 11,000 newly discovered viruses in the last half of 2005 for Windows operating systems.  However the threat still exists. And will only continue to grow as time goes on.  So don’t go thinking you are invincible because you run OS X or any flavor of Linux.  Because it is simply not true.
So what can you do? Install some sort of anti-virus software. Which is what I will be covering here today.  Luckily this day in age you have some great options to protect yourself with.  Just off the top of my head I can think of Avast!, AVG, ClamAV, and F-Prot.  I’ve chosen to cover ClamAV due to the fact of it’s simplicity and other effective uses with things like Squid and dansguardian.  Things that I will be writing some guides for in the very near future.
And just for some entertainment value, here’s a couple features of ClamAV.
Linux For The Home PC - 4681
  • Command-line scanner
  • Quick, multi-threaded daemon with support for on-access scanning
  • milter interface for sendmail
  • Advanced db updater with support for scripted updates and digital signatures
  • C library virus scanner
  • On-access scanning (Linux® and FreeBSD®)
  • Virus db updated multiple times per day
  • Built-in support for various archive formats, including RAR, Tar, Gzip, Zip, Bzip2, OLE2, Cabs, CHM, BinHex, SIS and others I dont know
  • Built-in support for many mail file formats
  • Built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
  • Built-in support for popular document formats like MS Office and MacOffice files, HTML, RTF and PDF
So lets do it already! But before we start ClamAV is in the Universe repository.  If you do not already have this enabled you should do so now before you continue.  If you are unfamiliar with how to do this, please check the Ubuntu community documentation on how to enable the Universe Repository.
What we’ll be installing are the clamav engine, clamav-daemon for on access scanning, and clamav-freshclam for automated internet updates.  If you do not wish to have automatic updates via clamav-freshclam I believe you can use clamav-data as an alternative.  However I will not cover how to do that in this guide.
  1. Install ClamAV, the daemon, and freshclam.
  2. $ sudo apt-get install clamav clamav-daemon clamav-freshclam
  3. Just as it finishes installing it will of course warn you that the virus database is older than 7 days and that it will need updating.
  4. $ sudo freshclam
  5. You may notice that it will bark at you because the ClamAV installation is outdated. As of the time that I am writing this, ClamAV has released a new version however it has not yet been tested and released to the Ubuntu public.  Please see this for more information. http://www.clamav.net/support/faq
For simple command line scanning features, that covers it right then and there.  I’ll demonstrate how to perform a scan and how to schedule regular scan’s.  I’ll also cover how to add a gui frontend for those who wish to use it within Gnome or KDE.
  1. Perform a internet update
  2. $ sudo freshclam
    ClamAV update process started at Wed Jul 22 00:31:50 2009
    main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cvd is up to date (version: 9604, sigs: 56154, f-level: 43, builder: ccordes)
  1. Proxy settings can be added if needed in the file /etc/clamav/freshclam.conf by adding the following info
  2. HTTPProxyServer YOURPROXYIPADDRESS
    HTTPProxyPort YOURPROXYPORT
  1. Perform a scan for viruses in your home folder only in verbose mode.
  2. $ sudo clamscan -r /home/YOURHOMEFOLDER
  3. or to perform a scan on all system files, only printing infected files to the screen.
  4. $ sudo clamscan -r -i /
  5. When it completes you should be presented with a Scan Summary similar to the one below.
  6. ----------- SCAN SUMMARY -----------
     Known viruses: 600570
     Engine version: 0.95.1
     Scanned directories: 1
     Scanned files: 14
     Infected files: 0
     Data scanned: 5.36 MB
     Data read: 0.54 MB (ratio 9.94:1)
     Time: 3.170 sec (0 m 3 s)
  1. Remove files infected with viruses. Be careful with this one.  False positives do exist!
  2. $ sudo clamscan -r --remove /
  1. Schedule clamscan to run with the ‘at’ command
  2. 1
    2
    3
    4
    $ sudo at 1:00 tomorrow
    at> clamscan -i /home/YOURUSERNAME | mail YOUR@EMAIL.com
    at> <PRESS CTRL-D TO END 'at' AND SAVE>
    job 1 at Wed Jul 22 01:00:00 2009
  3. You could also use crontab, but for simplicity sake I’ve only demonstrated with the ‘at’ command
  1. To install a gui to use in Gnome or KDE you can install ‘clamtk’
  2. $ sudo apt-get install clamtk
  3. Go to Applications > Accessories > Virus Scanner
That should cover the basics!  I would highly suggest that you read man clamscan to see all the other bells and whistles at your disposal to make clamscan work best for you.


Need extra help understanding Ubuntu? Let the team at Ubuntu Dan give you the edge and purchase a one on one support block. Click here for personal support

share
Enhanced by Zemanta

Recent Posts

 
Blogger Templates