Debian/Ubuntu

sudo apt-get install clamav clamav-daemon
sudo clamscan -r /home

Add new cronjob.

sudo crontab -e
00 00 * * * clamscan -r /
00 00 * * * clamscan -r / | grep FOUND >> /var/log/clamscan.log

CentOS 7

sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
sudo setenforce 0

sudo setsebool -P antivirus_can_scan_system 1
sudo setsebool -P clamd_use_jit 1
sudo getsebool -a | grep antivirus
sudo cp /etc/clamd.d/scan.conf /etc/clamd.d/scan.conf.backup
sudo sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
sudo cat /etc/passwd | grep clam

sudo cat -n /etc/clamd.d/scan.conf | grep 'User'
sudo vi +195 /etc/clamd.d/scan.conf

Uncomment the line #LocalSocket /var/run/clamd.scan/clamd.sock.

sudo cat -n /etc/clamd.d/scan.conf | grep 'Local'
sudo vi +85 /etc/clamd.d/scan.conf

sudo cp /etc/freshclam.conf /etc/freshclam.conf.backup
sudo sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
sudo freshclam

Add new cronjob.

sudo crontab -e 
00 01,13 * * *  /usr/bin/freshclam --quiet

sudo nano /usr/lib/systemd/system/freshclam.service

Isi dengan kode ini.

[Unit]
    Description = freshclam scanner
    After = network.target

[Service]
    Type = forking
    ExecStart = /usr/bin/freshclam -d -c 2
    Restart = on-failure
    PrivateTmp = true

[Install]
    WantedBy=multi-user.target

Aktifkan layanan.

sudo systemctl start freshclam 
systemctl enable freshclam 
sudo systemctl status freshclam 

sudo systemctl start clamd@scan 
sudo systemctl enable clamd@scan 
sudo systemctl status clamd@scan 
sudo clamconf

Mendeteksi dan menghapus virus

Sebagai studi kasus, pasang terlebih dahulu berkas yang dianggap virus pada direktori /tmp.

wget http://www.eicar.org/download/eicar_com.zip -O /tmp/eicar_com.zip

Kemudian deteksi dengan perintah.

$ sudo clamscan -l /var/log/clamscan.log /tmp/
$ sudo tail /var/log/clamscan.log

----------- SCAN SUMMARY -----------
Known viruses: 6524436
Engine version: 0.99.4
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.872 sec (0 m 17 s)

Untuk menghapusnya gunakan perintah.

$ sudo clamscan --infected --remove --recursive /tmp/

Referensi

https://www.unixmen.com/installing-scanning-clamav-ubuntu-14-04-linux/

ClamAV

Debian/Ubuntu

CentOS 7

Mendeteksi dan menghapus virus

Referensi

results matching ""

No results matching ""