Clamav: Difference between revisions
No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
and all the fun stuff I went through trying to get it to work. | and all the fun stuff I went through trying to get it to work. | ||
https://www.clamav.net/downloads | ==Install== | ||
Get the latest source code from: https://www.clamav.net/downloads<br> | |||
Download with wget: | |||
wget https://www.clamav.net/downloads/production/clamav-0.99.4.tar.gz | |||
Untar with: | |||
tar zxf clamav-0.99.4.tar.gz | |||
Enter the clamav directory: | |||
cd clamav-0.99.4/ | |||
Create clamav user: | |||
sudo adduser --disabled-login clamav | |||
Download and install prerequisites for compiling: | |||
sudo apt install libssl-dev libpcre3 libpcre3-dev libbz2-dev | |||
sudo apt install libssl-dev | |||
Compile ClamAV: | |||
./configure | ./configure | ||
Line 28: | Line 27: | ||
sudo make install | sudo make install | ||
Make a directory for freshclam and change the owner to clamav: | |||
sudo mkdir /usr/local/share/clamav | sudo mkdir /usr/local/share/clamav | ||
sudo chown clamav:clamav /usr/local/share/clamav/ | sudo chown clamav:clamav /usr/local/share/clamav/ | ||
Make a copy of the config file: | |||
sudo cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf | |||
Edit the config file: | |||
sudo nano /usr/local/etc/freshclam.conf | |||
and put a '#' in front of 'example' | |||
then: | |||
sudo | sudo ldconfig | ||
Finally run freshclam to download all the virus definitions: | |||
sudo freshclam | |||
sudo | |||
Now we will run a little test scan just to make sure everything is working: | |||
sudo clamscan -ri /home | |||
Don't be worried about the infected files just yet. Included in the source code are some test files that contain virus signatures in order to test clamscan. Later we will delete these, but for now leave them alone. | |||
Next create a script that will be run daily to scan your system: | |||
sudo nano /usr/local/sbin/clamscan_daily.sh | sudo nano /usr/local/sbin/clamscan_daily.sh | ||
And paste this in: | |||
#!/bin/bash | #!/bin/bash | ||
LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log"; | LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log"; | ||
Line 100: | Line 74: | ||
fi | fi | ||
NOTE: | NOTE: | ||
if the email has no attachment try changing the <code>mail -a "$LOFILE...</code> to <code>mail -A $LOFILE...</code> | if the email has no attachment try changing the <code>mail -a "$LOFILE...</code> to <code>mail -A $LOFILE...</code> | ||
make it executable: | make it executable: | ||
Line 128: | Line 99: | ||
Finally all done. | Finally all done. | ||
Please note that the log files are NOT setup with logrotate, so they will eventually build up and eat up space...something else for me to figure out :) | Please note that the log files are NOT setup with logrotate, so they will eventually build up and eat up space...something else for me to figure out :) | ||
==References== | ==References== | ||
https://www.clamav.net/<br> | https://www.clamav.net/<br> | ||
https://www.howtoforge.com/tutorial/configure-clamav-to-scan-and-notify-virus-and-malware/<br> | https://www.howtoforge.com/tutorial/configure-clamav-to-scan-and-notify-virus-and-malware/<br> |
Revision as of 17:19, 4 March 2018
2/18/18 This wiki is a how-to install ClamAV 0.99.3 on a Raspberry Pi (3) running the latest version of debian (stretch) and all the fun stuff I went through trying to get it to work.
Install
Get the latest source code from: https://www.clamav.net/downloads
Download with wget:
wget https://www.clamav.net/downloads/production/clamav-0.99.4.tar.gz
Untar with:
tar zxf clamav-0.99.4.tar.gz
Enter the clamav directory:
cd clamav-0.99.4/
Create clamav user:
sudo adduser --disabled-login clamav
Download and install prerequisites for compiling:
sudo apt install libssl-dev libpcre3 libpcre3-dev libbz2-dev
Compile ClamAV:
./configure
make
sudo make install
Make a directory for freshclam and change the owner to clamav:
sudo mkdir /usr/local/share/clamav
sudo chown clamav:clamav /usr/local/share/clamav/
Make a copy of the config file:
sudo cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
Edit the config file:
sudo nano /usr/local/etc/freshclam.conf
and put a '#' in front of 'example'
then:
sudo ldconfig
Finally run freshclam to download all the virus definitions:
sudo freshclam
Now we will run a little test scan just to make sure everything is working:
sudo clamscan -ri /home
Don't be worried about the infected files just yet. Included in the source code are some test files that contain virus signatures in order to test clamscan. Later we will delete these, but for now leave them alone.
Next create a script that will be run daily to scan your system:
sudo nano /usr/local/sbin/clamscan_daily.sh
And paste this in:
#!/bin/bash LOGFILE="/var/log/clamav/clamav-$(date +'%Y-%m-%d').log"; EMAIL_MSG="Please see the log file attached."; EMAIL_FROM="clamav@somewhere.com"; EMAIL_TO="someone@gmail.com"; echo "Starting a daily scan"; clamscan -ri --exclude-dir="^/sys" / >> "$LOGFILE"; # get the value of "Infected lines" MALWARE=$(tail "$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then # using heirloom-mailx below echo "$EMAIL_MSG"|mail -a "$LOGFILE" -s "Malware Found On nsserver" -r "$EMAIL_FROM" "$EMAIL_TO"; fi
NOTE:
if the email has no attachment try changing the mail -a "$LOFILE...
to mail -A $LOFILE...
make it executable:
sudo chmod 0755 /usr/local/sbin/clamscan_daily.sh
create dir /var/log/clamav:
sudo mkdir /var/log/clamav
test it with: (a full system scan takes something like 25 min on my RPI 3)
sudo /usr/local/sbin/clamscan_daily.sh
add a crontab entry to run at 1:30am and run freshclam
sudo crontab -e
paste this in:
#run freshclam to get the latest virus definitions 30 01 * * * sudo freshclam #run clamscan full system check at 1:35am and email on infected files 35 01 * * * sudo /usr/local/sbin/clamscan_daily.sh
clear out the stuff we used to build and install clamav:
rm clamav-0.99.3.tar.gz
sudo rm -R clamav-0.99.3/
Finally all done. Please note that the log files are NOT setup with logrotate, so they will eventually build up and eat up space...something else for me to figure out :)
References
https://www.clamav.net/
https://www.howtoforge.com/tutorial/configure-clamav-to-scan-and-notify-virus-and-malware/