CentOS 8.x clamav

From Notes_Wiki

Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x clamav

Install Clamav and do basic scan

  1. Install required packages using:
    dnf install -y epel-release
    dnf -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
  2. If SELinux is installed / enabled use following to allow clamav to scan system:
    setsebool -P antivirus_can_scan_system 1
  3. Run freshclam to get the signatures
    freshclam
  4. To scan entire filesystem use:
    clamscan -o --recursive / | grep -v 'Symbolic link\|Empty file'
    Doing clamcan on / generates lot of errors such as:
    Total errors: 27224
  5. To avoid errors while scanning / exclude /dev, /sys and /proc from scan using
    clamscan -o --recursive --exclude='^/proc/.*' --exclude='^/sys/.*' --exclude='^/dev/.*' / 2>&1 | grep -v 'Symbolic link\|Empty file\|: Excluded$'


Test antivirus functionality

To validate whether antivirus scanning is really working or not, use:

  1. Install wget and download a virus file in /root folder
    dnf -y install wget
    cd /root/
    wget https://www.ikarussecurity.com/wp-content/downloads/eicar_com.zip
    The above command downloads virus zip file. So it may not work if the same is blocked by some other security mechanism
  2. Scan /root folder for virus using
    clamscan -o --recursive /root/ 2>&1 | grep -v 'Symbolic link\|Empty file'


To perform daily scans add appropriate script in /etc/cron.daily with required commands and execute permissions


Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x clamav