Anti-virus

Revision as of 20:55, 7 June 2014 by WikiFreak (talk | contribs)

Linux is a very good operating system. However, it's not unbreakable and it might be infected by some virus. One of the best open-source anti virus is clamAv. This is the most popular and the one I choose to use.


- Note -

There are a lot of pros and cons to the anti-virus. Some sysadmin are NOT using them and they are happy about it. So, unlike the firewall, you can live WITHOUT an anti-virus.


Installation of ClamAV

apt-get install clamav-daemon clamav-freshclam clamav-docs libclamunrar6

The daemon will protected your computer in real time, while freshclam will get the updates of virus and threats definitions.

>> During the installation, you might get a warning about an out-of-date version. Don't panic! This is normal, it means that the virus definition within the package is not up-to-date.


Update ClamAV definitions

To finish the installation, you need to update the definitions 

freshclam


Set the definition update rate=

By default, freshclam will check for updates every hours. You can change this parameter: 

vim /etc/clamav/freshclam.conf


Put the following 

# Check for new database 24 times a day
Checks 24	          ## Edit this value as you wish. It will automatically calculate the time


Then, you need to restart freshclam 

/etc/init.d/clamav-freshclam restart


Manual scan of the hard drive

If you want, you can scan your hard drive.

> I advise you to do this right after the installation. 

clamscan -r /
<syntaxhighlight lang="bash">


Notes:

* You can also scan for specific folders or drives with the same option (-r)

* To improve the lisibility, use the infected only option (it display only the wrong files):

<syntaxhighlight lang="bash">
clamscan -r / -i


Set automatic scans of the hard drive

For a server, it's a good idea to often check for virus. You just have to update your crontab. 

crontab -u root -e


Add the following line to scan each day the full disk, at 02:30

<syntaxhighlight lang="bash"> 30 02 * * * clamscan -r -i --exclude-dir=^/sys / <syntaxhighlight lang="bash">


Note: I exclude the /sys folder because of specific errors on my OVH distribution.

Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Anti-virus&oldid=545"