CentOS 8.x clamav

From Notes_Wiki

Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x clamav

Install Clamav and do basic scan

  1. Install required packages using: 
    dnf install -y epel-release
    

    dnf -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
  2. If SELinux is installed / enabled use following to allow clamav to scan system: 
    setsebool -P antivirus_can_scan_system 1
  3. Run freshclam to get the signatures 
    freshclam
  4. To scan entire filesystem use: 
    clamscan -o --recursive / | grep -v 'Symbolic link\|Empty file'
    Doing clamcan on / generates lot of errors such as: 
    Total errors: 27224
  5. To avoid errors while scanning / exclude /dev, /sys and /proc from scan using 
    clamscan -o --recursive  --exclude='^/proc/.*' --exclude='^/sys/.*' --exclude='^/dev/.*' / 2>&1 | grep -v 'Symbolic link\|Empty file\|: Excluded$'


Test antivirus functionality

To validate whether antivirus scanning is really working or not, use:

  1. Install wget and download a virus file in /root folder 
    dnf -y install wget
    

    cd /root/
    

    wget https://www.ikarussecurity.com/wp-content/downloads/eicar_com.zip
    The above command downloads virus zip file. So it may not work if the same is blocked by some other security mechanism
  2. Scan /root folder for virus using 
    clamscan -o --recursive /root/ 2>&1 | grep -v 'Symbolic link\|Empty file'


To perform daily scans add appropriate script in /etc/cron.daily with required commands and execute permissions


Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x Security tools > CentOS 8.x clamav

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=CentOS_8.x_clamav&oldid=6305"