Saturday, June 14, 2025

Installing ClamAV

ClamAV is an open-source antivirus software toolkit designed for detecting and removing malware, including viruses, trojans, and other malicious threats. It is widely used on mail servers for scanning attachments and is particularly known for its effectiveness in identifying threats on various platforms. 

In this post, we will go through the steps to install and configure ClamAV on Debian 12, ensuring your system is equipped to detect and manage malware effectively.

Installation Steps

  1. Install ClamAV and ClamAV Daemon
    Use the following command to install ClamAV and its daemon:

    sudo apt install clamav clamav-daemon

    This command installs the ClamAV antivirus toolkit along with the daemon that allows for background scanning.

  2. Comment Out NotifyClamd
    To prevent notification messages from being sent to users, you'll need to comment out the NotifyClamd line in the configuration file. This can typically be done by editing the clamav.conf file:

    sudo nano /etc/clamav/clamav.conf

    Locate the line that reads NotifyClamd and place a # at the beginning to comment it out. Save and exit the editor.

  3. Stop ClamAV Freshclam
    Before updating the virus definitions, stop the Freshclam service:

    systemctl stop clamav-freshclam

    This ensures that no updates are attempted while you are performing the next steps.

  4. Update Virus Definitions
    Update the virus definitions to ensure you have the latest protection:

    freshclam

    This command fetches the latest virus definitions from the ClamAV servers.

  5. Start ClamAV Freshclam
    Once the update is complete, restart the Freshclam service:

    systemctl start clamav-freshclam

    This will allow Freshclam to run in the background and keep your virus definitions up to date.

Scanning for Infected Files

  1. Scan for Infected Files
    To perform a scan of your system and move any infected files to a quarantine directory, use the following command:
    clamscan --infected --recursive --move=/home/quar / | grep FOUND >> /var/log/clamav.log
    • --infected: This option tells ClamAV to only report infected files.
    • --recursive: This ensures that all subdirectories are scanned.
    • --move=/home/quar: This specifies the directory where infected files will be moved.
    • | grep FOUND >> /var/log/clamav.log: This pipes the output to grep, which filters and logs the found infections into /var/log/clamav.log.


at
Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

Popular Posts