Linux Anti Virus 1 – ClamAV

https://www.virustotal.com/
"You can submit the file to Virustotal to have it scanned by over 30 different malware scanners. If the report indicates that several of these scanners think the file is infected, take their word for it. If only one or very few of the scanners report an infection in the file, then two things are possible: it really is a false positive or it is malware that is so new it's not yet being picked up by the majority of antivirus scanners."

Linux Anti Virus 1 - ClamAV

The well known and obvious first install is Clamav for linux based systems, and useful for scanning Win systems over a network. I don't use personally it as it doesn't remove virii, just finds them. Now with Mint, I use CAV - see the later Post. 

For Windows systems, I like the free version of Immunet which is also based on ClamAV, and has a worldwide shared system of virus logging:

http://www.immunet.com/

A relative newcomer, Linux Malware Detect (maldetect) seems popular and worth investigating.
https://www.rfxn.com/projects/linux-malware-detect/

It has a reciprocal arrangement for shared malware signatures with ClamAV so it's worth installing both to check them out.

ClamAV Basics

www.clamav.net/lang/en/download/packages/packages-linux/

Manual here:

https://github.com/vrtadmin/clamav-faq/blob/master/manual/clamdoc.pdf

apt-get install clamav clamav-daemon

To update the sig DB:

freshclam

To scan a dir verbosely and recursively showing only infected files, even a network share:

clamscan –vri /Storebird

The verbose option shows the files scanned, and if an infected file is found the scanning will show it as below with or without the –v option used.

If you want to see infected files, use the –i without the –v option.

Read the man files:

man clamscan, man freshclam, man clamd etc.

and look at the conf files in

vi /etc/clamav/clamd.conf

and

vi /etc/clamav/freshclam.conf

to get an idea of what is where and some important scan options, like when scanning .html files, you may want to find nasty embedded scripts, so the option:

clamscan --scan-html[=yes(*)/no]

may be in order

To test your AV is working, you could create the Eicar virus test file on a PC (in Notepad) that is not running any AV software - or make it an exception - then mount and scan the file with ClamAV.

This file text line can be copied and pasted from the Eicar.org site:

http://www.eicar.org/86-0-Intended-use.html

Now run clamscan on the shared directory test file to show the AV is working:

clamscan -v --stdout /Storebird/Eicar/EicarTest.txt

You can run clamscan recursively and use wildcards, for example, scan all subdirectory files on a net share drive, for all folders beginning with A:

clamscan -vr /Storebird/A*/

DirsubA.jpg

Read the PDF for all the automation options like auto updates for freshclam, and setting up clamd for sockets, and Data Loss Protection like credit card info in files etc.:

dpkg-reconfigure clamav-base
clamdtop
apt-get install clamav-milter
dpkg-reconfigure clamav-milter

6.2.5 Data Loss Prevention
Libclamav includes a DLP module which can detect credit card and social security numbers inside text files.
clamdoc.pdf

If you want a simple GUI front to clam, install clamtk in Mint:

DellMint stevee # apt-get install clamtk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libbit-vector-perl libcarp-clan-perl libdate-calc-perl
Recommended packages:
libdate-calc-xs-perl
The following NEW packages will be installed
clamtk libbit-vector-perl libcarp-clan-perl libdate-calc-perl
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 657 kB of archives.
After this operation, 2,626 kB of additional disk space will be used.
Do you want to continue [Y/n]?

ClamTK.jpg

 

 

 

 

 

 

 

 

 

 

ClamResults.jpg

 

Clamoptions.jpg

Comments are closed.

Post Navigation