Thursday, May 8, 2014

ClamAV Installation and Scanning on CentOS

  ClamAV open source antivirus engine


ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates

CentOS 6 – 32-bit
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 CentOS 6 – 64-bit

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 CentOS 5 – 32-bit

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

 CentOS 5 – 64-bit

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
After running the above commands for your relevant CentOS version, the following file is created:
/etc/yum.repos.d/epel.repo
The above file can be edited directly to enable or disable the EPEL repo.

2. Install required ClamAV packages
yum install clamav clamd

3. Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on
/etc/init.d/clamd start

4. Update ClamAV’s signatures

/usr/bin/freshclam
Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:

vim /etc/cron.daily/manual_clamscan
Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:
#!/bin/bash
SCAN_DIR="/home"
LOG_FILE="/var/log/clamav/manual_clamscan.log"
/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE
Give our cron script executable permissions:
chmod +x /etc/cron.daily/manual_clamscan
You can even run the above script to ensure that it works correctly.
And you’re done! That should be the minimum required to
 00 10 * * * * root freshclam 
This command will update ClamAV database at 10 am every day.
Good Luck ....!!!