Debian/Ubuntu
sudo apt-get install clamav clamav-daemon
sudo clamscan -r /home
Add new cronjob.
sudo crontab -e
00 00 * * * clamscan -r /
00 00 * * * clamscan -r / | grep FOUND >> /var/log/clamscan.log
CentOS 7
sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
sudo setenforce 0
sudo setsebool -P antivirus_can_scan_system 1
sudo setsebool -P clamd_use_jit 1
sudo getsebool -a | grep antivirus
sudo cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.backup
sudo sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
sudo cat /etc/passwd | grep clam
sudo cat -n /etc/clamd.d/scan.conf | grep 'User'
sudo vi +195 /etc/clamd.d/scan.conf
Uncomment the line #LocalSocket /var/run/clamd.scan/clamd.sock
.
sudo cat -n /etc/clamd.d/scan.conf | grep 'Local'
sudo vi +85 /etc/clamd.d/scan.conf
sudo cp /etc/freshclam.conf /etc/freshclam.conf.backup
sudo sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
sudo freshclam
Add new cronjob.
sudo crontab -e
00 01,13 * * * /usr/bin/freshclam --quiet
sudo nano /usr/lib/systemd/system/freshclam.service
Isi dengan kode ini.
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 2
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Aktifkan layanan.
sudo systemctl start freshclam
systemctl enable freshclam
sudo systemctl status freshclam
sudo systemctl start clamd@scan
sudo systemctl enable clamd@scan
sudo systemctl status clamd@scan
sudo clamconf
Mendeteksi dan menghapus virus
Sebagai studi kasus, pasang terlebih dahulu berkas yang dianggap virus pada direktori /tmp
.
wget http://www.eicar.org/download/eicar_com.zip -O /tmp/eicar_com.zip
Kemudian deteksi dengan perintah.
$ sudo clamscan -l /var/log/clamscan.log /tmp/
$ sudo tail /var/log/clamscan.log
----------- SCAN SUMMARY -----------
Known viruses: 6524436
Engine version: 0.99.4
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.872 sec (0 m 17 s)
Untuk menghapusnya gunakan perintah.
$ sudo clamscan --infected --remove --recursive /tmp/