CentOS 8.x clamav
From Notes_Wiki
<yambe:breadcrumb self="clamav">CentOS 8.x Security tools|Security tools</yambe:breadcrumb>
CentOS 8.x clamav
Install Clamav and do basic scan
- Install required packages using:
- dnf install -y epel-release
- dnf -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
- If SELinux is installed / enabled use following to allow clamav to scan system:
- setsebool -P antivirus_can_scan_system 1
- Run freshclam to get the signatures
- freshclam
- To scan entire filesystem use:
- clamscan -o --recursive / | grep -v 'Symbolic link\|Empty file'
- Doing clamcan on / generates lot of errors such as:
- Total errors: 27224
- To avoid errors while scanning / exclude /dev, /sys and /proc from scan using
- clamscan -o --recursive --exclude='^/proc/.*' --exclude='^/sys/.*' --exclude='^/dev/.*' / 2>&1 | grep -v 'Symbolic link\|Empty file\|: Excluded$'
Test antivirus functionality
To validate whether antivirus scanning is really working or not, use:
- Install wget and download a virus file in /root folder
- dnf -y install wget
- cd /root/
- wget https://www.ikarussecurity.com/wp-content/downloads/eicar_com.zip
- The above command downloads virus zip file. So it may not work if the same is blocked by some other security mechanism
- Scan /root folder for virus using
- clamscan -o --recursive /root/ 2>&1 | grep -v 'Symbolic link\|Empty file'
To perform daily scans add appropriate script in /etc/cron.daily with required commands and execute permissions
Refer:
<yambe:breadcrumb self="clamav">CentOS 8.x Security tools|Security tools</yambe:breadcrumb>
