Anti-virus


Linux is a very good operating system. However, it's not unbreakable and it might be infected by some virus. One of the best open-source anti virus is clamAv. This is the most popular and the one I choose to use.


- Note -

There are a lot of pros and cons to the anti-virus. Some sysadmin are NOT using them and they are happy about it. So, unlike the firewall, you can live WITHOUT an anti-virus.


Installation of ClamAV

apt-get install -y clamav clamav-freshclam clamav-docs
# Daemon (auto-run and service management)
apt-get install -y clamav-daemon python3-clamav-daemon 
# Utilities (additional scans)
apt-get install -y libclamunrar7 clamassassin
# Frontend (optional)
apt-get install -y clamtk

The daemon will protected your computer in real time, while freshclam will get the updates of virus and threats definitions.

>> During the installation, you might get a warning about an out-of-date version. Don't panic! This is normal, it means that the virus definition within the package is not up-to-date.


Update ClamAV definitions

To finish the installation, you need to update the definitions

freshclam


Set the definition update rate

By default, freshclam will check for updates every hours. You can change this parameter:

vim /etc/clamav/freshclam.conf


Put the following

# Check for new database 24 times a day
Checks 24	          ## Edit this value as you wish. It will automatically calculate the time


Then, you need to restart freshclam

/etc/init.d/clamav-freshclam restart


Manual scan of the hard drive

If you want, you can scan your hard drive.

> I advise you to do this right after the installation.

clamscan -r /


Notes:

  • You can also scan for specific folders or drives with the same option (-r)
  • To improve the lisibility, use the infected only option (it display only the wrong files):
clamscan -r / -i


Set automatic scans of the hard drive

For a server, it's a good idea to often check for virus. You just have to update your crontab.

crontab -u root -e


Add the following line to scan each day the full disk, at 02:30

30 02 * * * clamscan -r -i --exclude-dir=^/sys /


Note: I exclude the /sys folder because of specific errors on my OVH distribution.