Scribd
Upload
56 views7 pages

Lab 2-3

Uploaded by

Ngô Hải Anh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
56 views7 pages

Lab 2-3

Uploaded by

Ngô Hải Anh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Install and Use ClamAV

OS Install:

ClamAV is a well-reputed free and open-source antivirus software tool. It provides


a command line interface that quickly scans the Linux system against viruses and
malware attacks. The “ClamAV” helps scan the important part of Linux, i.e., mail
gateways and emails directly affecting the network.

Install ClamAV on Ubuntu


Step 1: Update the Repository

We need to reboot after the update is complete


Step 2: Install ClamAV

Install the “ClamAV” application alongside the “clamav-daemon” from the


standard repository of Ubuntu using the default “apt” package manager:

sudo apt install clamav clamav-daemon


Step 3: Verify ClamAV

Check the installed version of the “clamav” scanner for verification purposes:

clamscan –version

The “ClamAV” works on a signature database that identifies the malware. It


requires updation regularly that ensures the application is up to date for protection
against the latest threats.

Keeping this in view, Let’s update the installed “ClamAV” signature database:

Disable the “freshclam” Service


The pre-installed “freshclam” service automatically downloads the database
updates. For the manual updation, disable/stop the “freshclam” service using the
“systemctl” command:

sudo systemctl stop clamav-freshclam


The “freshclam” service has been stopped

Download Updates Using freshclam (First Method)


The first convenient way is to download the latest signature database update using
“freshclam” via the superuser privileges, i.e., “sudo” command:

sudo freshclam

The output shows that the installed “ClamAV” database is up to date.

When all the updates are downloaded, start/enable the “freshclam” service again
with the help of the “systemctl” command:
Download Updates Using Official Website (Second
Method)
Another way is to download the “ClamAV” database from its official website
https://database.clamav.net/daily.cvd

Click on the provided link, and it downloads the “daily.cvd” file.

Copy the “daily.cvd” file into the “var/lib/clamav” file through the copy command
“cp”:
sudo cp daily.cvd /var/lib/clamav/

The “clamscan” provides a wide range of options that can be seen through its
“help” command:
Scan a Directory

Execute the “clamscan” command with the “sudo” combination to scan the
“Documents” directory “–recursive (including subdirectories)” in this format:

Create a Test folder for testing

Download a malicious code on https://secure.eicar.org/ to test


sudo wget https://secure.eicar.org/eicar.com.txt
Scan a Directory
Execute the “clamscan” command with the “sudo” combination to scan the
“Documents” directory “–recursive (including subdirectories)” in this format:

sudo clamscan --infected --remove --recursive Test/

Use this command to create a signature for clamav:


sudo nano Clam_HelloWorld.ndb
Then we enter this Clam_HelloWorld:0:*:68656c6c6f*776f726c64 into the file
Clam_HelloWorld.ndb. (This file will be signed so that ClamAV can scan the file,
specifically if any txt file contains the words "hello" and the word "world" it will
be considered to be injected with malicious code)

Next, we create the file test.txt with the command sudo nano test.txt, this file will
contain 2 words "hello world". Then we use this command to scan: clamscan -d
Clam_HelloWorld.ndb test.txt

You might also like