Anti-virus

Revision as of 19:56, 7 June 2014 by WikiFreak (talk | contribs)

Linux is a very good operating system. However, it's not unbreakable and it might be infected by some virus. One of the best open-source anti virus is clamAv. This is the most popular and the one I choose to use.


- Note -

There are a lot of pros and cons to the anti-virus. Some sysadmin are NOT using them and they are happy about it. So, unlike the firewall, you can live WITHOUT an anti-virus.


Installation of ClamAV

apt-get install clamav-daemon clamav-freshclam clamav-docs libclamunrar6

The daemon will protected your computer in real time, while freshclam will get the updates of virus and threats definitions.

>> During the installation, you might get a warning about an out-of-date version. Don't panic! This is normal, it means that the virus definition within the package is not up-to-date.


Update ClamAV definitions

To finish the installation, you need to update the definitions

freshclam


Set the definition update rate

By default, freshclam will check for updates every hours. You can change this parameter:

vim /etc/clamav/freshclam.conf


Put the following

# Check for new database 24 times a day
Checks 24	          ## Edit this value as you wish. It will automatically calculate the time


Then, you need to restart freshclam

/etc/init.d/clamav-freshclam restart


Manual scan of the hard drive

If you want, you can scan your hard drive.

> I advise you to do this right after the installation.

clamscan -r /
<syntaxhighlight lang="bash">


Notes:

* You can also scan for specific folders or drives with the same option (-r)

* To improve the lisibility, use the infected only option (it display only the wrong files):

<syntaxhighlight lang="bash">
clamscan -r / -i


Set automatic scans of the hard drive

For a server, it's a good idea to often check for virus. You just have to update your crontab.

crontab -u root -e


Add the following line to scan each day the full disk, at 02:30

<syntaxhighlight lang="bash"> 30 02 * * * clamscan -r -i --exclude-dir=^/sys / <syntaxhighlight lang="bash">


Note: I exclude the /sys folder because of specific errors on my OVH distribution.