Anti-virus
Linux is a very good operating system. However, it's not unbreakable and it might be infected by some virus. One of the best open-source anti virus is clamAv. This is the most popular and the one I choose to use.
- Note -
There are a lot of pros and cons to the anti-virus. Some sysadmin are NOT using them and they are happy about it. So, unlike the firewall, you can live WITHOUT an anti-virus.
Contents
Installation of ClamAV
apt-get install -y clamav clamav-freshclam clamav-docs
# Daemon (auto-run and service management)
apt-get install -y clamav-daemon python3-clamav-daemon
# Utilities (additional scans)
apt-get install -y libclamunrar7 clamassassin
# Frontend (optional)
apt-get install -y clamtkThe daemon will protected your computer in real time, while freshclam will get the updates of virus and threats definitions.
>> During the installation, you might get a warning about an out-of-date version. Don't panic! This is normal, it means that the virus definition within the package is not up-to-date.
Update ClamAV definitions
To finish the installation, you need to update the definitions
freshclam
Set the definition update rate
By default, freshclam will check for updates every hours. You can change this parameter:
vim /etc/clamav/freshclam.conf
Put the following
# Check for new database 24 times a day
Checks 24 ## Edit this value as you wish. It will automatically calculate the time
Then, you need to restart freshclam
/etc/init.d/clamav-freshclam restart
Manual scan of the hard drive
If you want, you can scan your hard drive.
> I advise you to do this right after the installation.
clamscan -r /
Notes:
- You can also scan for specific folders or drives with the same option (-r)
- To improve the lisibility, use the infected only option (it display only the wrong files):
clamscan -r / -i
Set automatic scans of the hard drive
For a server, it's a good idea to often check for virus. You just have to update your crontab.
crontab -u root -e
Add the following line to scan each day the full disk, at 02:30
30 02 * * * clamscan -r -i --exclude-dir=^/sys /
Note: I exclude the /sys folder because of specific errors on my OVH distribution.
