Work:Installing ClamAV

ClamAV is a free antivirus scanner that can be used from the Linux command line, using antivirus definitions from http://www.openantivirus.org/. These instructions are intended for an L2 or L3 wishing to help identify and remove viruses from hacked web pages.

Contents 1 Automatic Installation 1.1 Use my script 1.2 Make your own script 2 Manual Installation 2.1 Get 2.2 Extract 2.3 Install 2.4 Configure 2.4.1 clamd.conf 2.4.2 freshclam.conf 2.5 Update 3 Scan 4 Review 5 Disinfect 6 Finish 7 Uninstallation

Automatic Installation

You can either download my script, make your own, or do it manually step by step.

Use my script

Run the following commands to download and run my installer...

wget rogerpbrown.com/claminstall.sh && sh claminstall.sh

This installer also updates the antivirus database, but it stops short of doing the actual scan.

Make your own script

Put the following into a file called claminstall.sh and then run it with the sh claminstall.sh command...

#!/bin/sh
wget -c http://voxel.dl.sourceforge.net/sourceforge/clamav/clamav-0.95.tar.gz
tar zxf clamav-*.tar.gz
cd clamav-*
./configure --prefix=$HOME/clamav --disable-clamav --disable-zlib-vcheck
make; make install
cd
replace Example '#Example' -- clamav/etc/clamd.conf 
replace Example '#Example' \
'#DatabaseMirror' 'DatabaseMirror' \
'db.XY.clamav.net' 'db.us.clamav.net' -- clamav/etc/freshclam.conf
./clamav/bin/freshclam
echo Finished!
echo Next, run the following command to do a scan...
echo ./clamav/bin/clamscan -r -l clamscan.txt public_html/

Manual Installation

Get

Download latest stable source code manually from http://www.clamav.net/. Or from ssh...

wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.93.3.tar.gz

Extract

tar zxf clamav-*.tar.gz

Install

cd clamav-*

./configure --prefix=$HOME/clamav --disable-clamav --disable-zlib-vcheck

make; make install

Configure

clamd.conf

cd

vi clamav/etc/clamd.conf

Comment out the word 'Example' on line 8, as follows...

# Example

freshclam.conf

vi clamav/etc/freshclam.conf

Comment out the word 'Example' on line 8, as follows...

# Example

Uncomment DatabaseMirror on line 67, and on the same line, replace db.XY.clamav.net with db.us.clamav.net, as follows...

DatabaseMirror db.us.clamav.net

Update

Do this to update the antivirus database...

./clamav/bin/freshclam 

Scan

The following command will scan public_html recursively (-r), only listing viruses that are found (-i), and log (-l) to file clamscan.txt.

./clamav/bin/clamscan -r -i -l clamscan.txt public_html/

To limit cpu time, consider the following include pattern...

./clamav/bin/clamscan --include='(htm?$|php?$|cgi$|py$|\.pl$)' -r -i -l clamscan.txt public_html/

Review

less clamscan.txt

grep FOUND clamscan.txt

Disinfect

To let clamav automatically delete any infected files, play it safe with a fresh backup first, then scan again while adding the --remove flag, as follows...

./clamav/bin/clamscan --remove -r -l clamscan.txt public_html/

Don't want to remove the whole file? See Virus on site infects visitors for ideas.

Finish

Optionally, remove source files no longer needed

rm -fr clamav-*

Uninstallation

To uninstall, do the following...

rm -fr ~/clamav*

---