Difference between revisions of "CentOS 8.x clamav"

From Notes_Wiki
(Created page with "<yambe:breadcrumb self="clamav">CentOS 8.x Security tools|Security tools</yambe:breadcrumb> =CentOS 8.x clamav= ==Install Clamav and do basic scan== # Install required packa...")
 
m
 
Line 1: Line 1:
<yambe:breadcrumb self="clamav">CentOS 8.x Security tools|Security tools</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x Security tools]] > [[CentOS 8.x clamav]]
=CentOS 8.x clamav=
 


==Install Clamav and do basic scan==
==Install Clamav and do basic scan==
Line 55: Line 53:




<yambe:breadcrumb self="clamav">CentOS 8.x Security tools|Security tools</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 8.x]] > [[CentOS 8.x Security tools]] > [[CentOS 8.x clamav]]

Latest revision as of 17:13, 15 May 2022

Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x clamav

Install Clamav and do basic scan

  1. Install required packages using:
    dnf install -y epel-release
    dnf -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
  2. If SELinux is installed / enabled use following to allow clamav to scan system:
    setsebool -P antivirus_can_scan_system 1
  3. Run freshclam to get the signatures
    freshclam
  4. To scan entire filesystem use:
    clamscan -o --recursive / | grep -v 'Symbolic link\|Empty file'
    Doing clamcan on / generates lot of errors such as:
    Total errors: 27224
  5. To avoid errors while scanning / exclude /dev, /sys and /proc from scan using
    clamscan -o --recursive --exclude='^/proc/.*' --exclude='^/sys/.*' --exclude='^/dev/.*' / 2>&1 | grep -v 'Symbolic link\|Empty file\|: Excluded$'


Test antivirus functionality

To validate whether antivirus scanning is really working or not, use:

  1. Install wget and download a virus file in /root folder
    dnf -y install wget
    cd /root/
    wget https://www.ikarussecurity.com/wp-content/downloads/eicar_com.zip
    The above command downloads virus zip file. So it may not work if the same is blocked by some other security mechanism
  2. Scan /root folder for virus using
    clamscan -o --recursive /root/ 2>&1 | grep -v 'Symbolic link\|Empty file'


To perform daily scans add appropriate script in /etc/cron.daily with required commands and execute permissions


Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x clamav