There are few known viruses in Linux compared to Windows, but since users are uploading content to the Linux servers from time to time, it is better to be vigilant and to seek and destroy those on the server. We can install ClamAV on Linux servers since it is a fast, free and efficient.
Installing ClamAV (64-bit)
1. Download the file using wget
$ sudo wget http://pkgs.repoforge.org/clamav/clamav-0.97.3-1.el5.rf.x86_64.rpm
$ sudo wget http://pkgs.repoforge.org/clamav/clamav-db-0.97.3-1.el5.rf.x86_64.rpm
2. Install the packages
$ sudo rpm -ivh clamav-*.rpm
Now that we have it installed there are a few things we need to learn about it and do. First thing is to update the definitions. We achieve this by running the command freshclam. Freshclam requires and Internet connection to download and update the virus definitions. All you have to do is type the command, press enter and voila! We are up to date.
Running Antivirus Scanning Manually
To run antivirus and print infected files on /home:
clamscan -ri /home
To run antivirus and remove infected files on /home:
clamscan -ri –remove /home
Automating Antivirus Scanning
It is a good security practice to have regular antivirus scanning on the system.
To automate the scanning, just edit /etc/crontab and add the following at the bottom:
0 5 * * * root clamscan -ri /|mail -s “ClamScan Result for servername” firstname.lastname@example.org
This will make ClamAV to run daily at 5.00 AM and send the scan result to email@example.com.
The anti virus database has been set to be updated daily so there is no need to configure it.
ClamAV on CentOS 5.5