Install and Use ClamAV

OS Install:

ClamAV is a well-reputed free and open-source antivirus software tool. It provides

a command line interface that quickly scans the Linux system against viruses and
malware attacks. The “ClamAV” helps scan the important part of Linux, i.e., mail
gateways and emails directly affecting the network.

Install ClamAV on Ubuntu

Step 1: Update the Repository

We need to reboot after the update is complete

Step 2: Install ClamAV

Install the “ClamAV” application alongside the “clamav-daemon” from the

standard repository of Ubuntu using the default “apt” package manager:

sudo apt install clamav clamav-daemon

Step 3: Verify ClamAV

Check the installed version of the “clamav” scanner for verification purposes:

clamscan –version

The “ClamAV” works on a signature database that identifies the malware. It

requires updation regularly that ensures the application is up to date for protection
against the latest threats.

Keeping this in view, Let’s update the installed “ClamAV” signature database:

Disable the “freshclam” Service

The pre-installed “freshclam” service automatically downloads the database
updates. For the manual updation, disable/stop the “freshclam” service using the
“systemctl” command:

sudo systemctl stop clamav-freshclam

The “freshclam” service has been stopped

Download Updates Using freshclam (First Method)

The first convenient way is to download the latest signature database update using
“freshclam” via the superuser privileges, i.e., “sudo” command:

sudo freshclam

The output shows that the installed “ClamAV” database is up to date.

When all the updates are downloaded, start/enable the “freshclam” service again
with the help of the “systemctl” command:
Download Updates Using Official Website (Second
Method)
Another way is to download the “ClamAV” database from its official website
https://database.clamav.net/daily.cvd

Click on the provided link, and it downloads the “daily.cvd” file.

Copy the “daily.cvd” file into the “var/lib/clamav” file through the copy command
“cp”:
sudo cp daily.cvd /var/lib/clamav/

The “clamscan” provides a wide range of options that can be seen through its
“help” command:
Scan a Directory

Execute the “clamscan” command with the “sudo” combination to scan the
“Documents” directory “–recursive (including subdirectories)” in this format:

Create a Test folder for testing

Download a malicious code on https://secure.eicar.org/ to test

sudo wget https://secure.eicar.org/eicar.com.txt
Scan a Directory
Execute the “clamscan” command with the “sudo” combination to scan the
“Documents” directory “–recursive (including subdirectories)” in this format:

sudo clamscan --infected --remove --recursive Test/

Use this command to create a signature for clamav:

 sudo nano Clam_HelloWorld.ndb
Then we enter this Clam_HelloWorld:0:*:68656c6c6f*776f726c64 into the file
Clam_HelloWorld.ndb. (This file will be signed so that ClamAV can scan the file,
specifically if any txt file contains the words "hello" and the word "world" it will
be considered to be injected with malicious code)

Next, we create the file test.txt with the command sudo nano test.txt, this file will
contain 2 words "hello world". Then we use this command to scan: clamscan -d
Clam_HelloWorld.ndb test.txt