||<>|| ClamAV detects viruses on all platforms. Other antivirus programs running on Ubuntu can be found [[https://help.ubuntu.com/community/Antivirus|here]]. = Installing ClamAV from Ubuntu = By Default 'ClamAV' is in the Main repository so it can install it by the Software Center or Synaptic Package Manager. Just Search for 'clamAV' and install it. ClamAV has two modes of operation, a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running. Database updates can also be downloaded automatically. * For manual use: install the package {{{clamav}}}. * For automated use: install the package {{{clamav-daemon}}}. Both methods will also install the updater {{{clamav-freshclam}}}. If one wants a GUI, then install the package {{{clamtk}}}. {{attachment:_Screenshot-Virus Scanner-1.png}} = Using ClamAV in the Terminal = == Update Virus Definitions == Use {{{freshclam}}}. You will see an output like this: {{{ sudo freshclam ClamAV update process started at Wed Apr 27 00:06:47 2005 main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm) daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes) }}} === Proxy === If you are using a http proxy to connect to the internet you will have to edit the file /etc/clamav/freshclam.conf adding: {{{ HTTPProxyServer serveraddress HTTPProxyPort portnumber }}} == Scan Files == Use {{{clamscan}}} to check nearly all files on the computer, and report only warnings and infections: {{{ sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/sys/* -i -r / }}} When ClamAV has finished scanning it will report a summary: {{{ ----------- SCAN SUMMARY ----------- Known viruses: 33840 Scanned directories: 145 Scanned files: 226 Infected files: 1 Data scanned: 54.22 MB I/O buffer size: 131072 bytes Time: 20.831 sec (0 m 20 s) }}} {{attachment:IconsPage/info.png}} ClamAV can only read files that the user running it can read. If you want to check all files on the system, use the {{{sudo}}} command (see UsingSudo for more information). == Infected files reporting == when scanning recursively, one may generate a report via: {{{ sudo clamscan -v -r /FOLDERTOSCAN | grep FOUND >> /path/to/save/report/file.txt }}} ClamAV doesn't disinfect files, it either moves or removes them. This can be problematic. For example, if using Wine and it deletes an infected file, it could break a program without having the data saved. == Run ClamAV as a Daemon == Install {{{clamav-daemon}}}. You can then use {{{clamdscan}}} where you would previously have used {{{clamscan}}}. Lots of programs, especially e-mail servers, can connect to a ClamAV daemon. This speeds up virus scanning as the program is always in memory. The {{{clamav-daemon}}} package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files. === Let ClamAV listen for Incoming Scans === There are cases where you may want ClamAV daemon to act as a scanner for other systems, so you don't have to run everything locally on the system. To do this, you simply have to modify the {{{clamd.conf}}} file and add {{{TCPSocket PORTNUMBER}}} and {{{TCPAddr IPADDRESS}}} arguments to the {{{clamd.conf}}} file and reload the daemon. The daemon will then accept connections to it via the IP address and Port combination you specify. == Check to find if Clamscan is running == Look for it in the processt list, or use this handy shortcut: {{{ps ax | grep [c]lamd}}} == Remove Infected Files == You can add --remove to the clamscan or clamdscan command-line. {{attachment:IconsPage/warning.png}} ''Note'': No virus scanner is 100% accurate. It is always best to manually check the files you delete, if you are not totally sure that this is what you want to do. == Find ClamAV Version Number == Use {{{clamdscan -V}}}: {{{ user@ubuntu:/etc/clamav # clamdscan -V ClamAV 0.83/855/Tue Apr 26 06:40:32 2005 }}} == Learn About ClamAv's Other Options == {{{man clamscan}}}. == Schedule ClamAV == You can use the {{{at}}} command to schedule clamscan or freshclam. For example: {{{ at 3:30 tomorrow at>clamscan -i /home/user | mail user@example.com at> job 3 at 2005-04-28 03:30 }}} You have now scheduled a ClamAV scan to happen on your home directory at 3:30 AM tomorrow. The output (showing only infected files) will be sent to you by e-mail. = External Links = * ClamAV homepage http://www.clamav.net/ ---- CategorySecurity