How to Install ClamAV on Ubuntu Server 14.04

Linux system is design to makes it hard for viruses to run and that why it is more secure than windows operating system. However we still need to install Clam AntiVirus (ClamAV) on linux server to protect it from virus. This because the linux malware and viruses are increasing everyday. ClamAV is free antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats and one of the main uses is on main servers as server-side email virus scanner. ClamAV can be integrate with mail servers to scan the attachment and files. This article will describe on how to install ClamAV on Ubuntu Server 14.04 virtual private server (VPS) or dedicated server.

install clamav ubuntu server

How to Install ClamAV on Ubuntu Server 14.04

1. Install clamav and clamav-daemon. Clamav daemon is for automated use.

ehowstuff@ubuntu14:~$ sudo apt-get install clamav clamav-daemon -y

2. Update the clamav pattern file :

ehowstuff@ubuntu14:~$ sudo freshclam

3. Check files in the all users home directories:

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
[sudo] password for ehowstuff:
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.139 sec (0 m 20 s)
ehowstuff@ubuntu14:~$

4. Download test virus :

ehowstuff@ubuntu14:~$ wget http://www.eicar.org/download/eicar.com
--2014-05-24 15:05:13--  http://www.eicar.org/download/eicar.com
Resolving www.eicar.org (www.eicar.org)... 188.40.238.250
Connecting to www.eicar.org (www.eicar.org)|188.40.238.250|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: âeicar.comâ

100%[==========================================================>] 68          --.-K/s   in 0s

2014-05-24 15:05:13 (8.12 MB/s) - âeicar.comâ saved [68/68]

5. Check again the directory should contain the downloaded test virus :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 19.874 sec (0 m 19 s)

6. Scan and remove virus files :

ehowstuff@ubuntu14:~$ sudo clamscan --infected --remove --recursive /home
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND
/home/ehowstuff/eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.930 sec (0 m 20 s)

7. Scan again home directory. The downloaded virus file should be remove now :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.151 sec (0 m 20 s)

8. Start clamav-daemon (clamd):

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon start
 * Starting ClamAV daemon clamd                                                              [ OK ]

9. Check clamd status :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon status
 * clamd is running

10. Start and check the status of clamav-freshclam :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam start
 * Starting ClamAV virus database updater freshclam                                          [ OK ]
ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam status
 * freshclam is running

11. Verify ClamAV version number :

ehowstuff@ubuntu14:~$ sudo clamdscan -V
ClamAV 0.98.1/19025/Sat May 24 10:04:32 2014

12. See more option for clamscan by issue “sudo clamscan –help” command:

ehowstuff@ubuntu14:~$ sudo clamscan --help

                       Clam AntiVirus Scanner 0.98.1
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

I hope this article gives you some ideas and essential guidance on how to install clamav ubuntu server 14.04 virtual private server (VPS) or dedicated server.

See also  How to Uninstall SaltStack on Ubuntu

 

Comments

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *