Linux virus scan: How do I check my linux installation for viruses using ClamAV? (CentOS, Linux, Redhat)

There are quite a bit of antivirus software exist for Linux nowadays. One of the popular antivirus software is ClamAV. We will install Clam AntiVirus software from source and install it to a custom directory. We will also install gmp-devel package which installs GMP library. GMP library is used to verify the digital signature of the virus database.

yum -y install gmp-devel
wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.91.2.tar.gz
adduser -M -s /bin/false clamav
tar zxf clamav-0.91.2.tar.gz
cd clamav-0.91.2
./configure --prefix=/usr/local/clamav
make install
for binaries in `find /usr/local/clamav/bin/*` ; do ln -s ${binaries} /usr/bin/; done

At this point Clam AntiVirus is installed and ready for use. Edit the configuration file and remove the line which says: Example It is there to ensure. If you want, you can look at other options but we don’t need to change anything else here to make ClamAV work for us.

vi /usr/local/clamav/etc/freshclam.conf #remove Example

Now let us run the freshclam which will download virus database and bring our virus database up to date. We should do this manually and make sure it didn’t give any errors. If this works, you will a lot of “downloading” messages.

/usr/bin/freshclam

If everything checks out, let us add this to our crontab to ensure our virus database is updated hourly. I chose to be updated every 9 minutes in to every hour. You can change to fit your needs or leave it as it is.

crontab -e

9 * * * * /usr/bin/freshclam –quiet

At this point our ClamAV virus database is up to date and now we can scan whichever directory we want. Go to the directory you want to scan and type:

clamscan -r -i

Once it is done scanning, it will display something similar to below.
-r parameter tells clamscan to recurse into directories
-i will print out infected filenames

----------- SCAN SUMMARY -----------
Known viruses: 159855
Engine version: 0.91.2
Scanned directories: 1437
Scanned files: 8836
Infected files: 0
Data scanned: 464.83 MB
Time: 103.678 sec (1 m 43 s)

Happy scanning!
————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.

3 thoughts on “Linux virus scan: How do I check my linux installation for viruses using ClamAV? (CentOS, Linux, Redhat)

  1. FirstTom

    I have noticed you don’t monetize your blog, don’t waste your traffic,
    you can earn extra bucks every month because you’ve got hi quality content.
    If you want to know how to make extra bucks, search for: Boorfe’s tips best adsense alternative

Leave a Reply

Your email address will not be published. Required fields are marked *