How to Install ClamAV on Ubuntu Server 14.04

Linux system is design to makes it hard for viruses to run and that why it is more secure than windows operating system. However we still need to install Clam AntiVirus (ClamAV) on linux server to protect it from virus. This because the linux malware and viruses are increasing everyday. ClamAV is free antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats and one of the main uses is on main servers as server-side email virus scanner. ClamAV can be integrate with mail servers to scan the attachment and files. This article will describe on how to install ClamAV on Ubuntu Server 14.04 virtual private server (VPS) or dedicated server.

install clamav ubuntu server

How to Install ClamAV on Ubuntu Server 14.04

1. Install clamav and clamav-daemon. Clamav daemon is for automated use.

ehowstuff@ubuntu14:~$ sudo apt-get install clamav clamav-daemon -y

2. Update the clamav pattern file :

ehowstuff@ubuntu14:~$ sudo freshclam

3. Check files in the all users home directories:

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
[sudo] password for ehowstuff:
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.139 sec (0 m 20 s)
ehowstuff@ubuntu14:~$

4. Download test virus :

ehowstuff@ubuntu14:~$ wget http://www.eicar.org/download/eicar.com
--2014-05-24 15:05:13--  http://www.eicar.org/download/eicar.com
Resolving www.eicar.org (www.eicar.org)... 188.40.238.250
Connecting to www.eicar.org (www.eicar.org)|188.40.238.250|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: âeicar.comâ

100%[==========================================================>] 68          --.-K/s   in 0s

2014-05-24 15:05:13 (8.12 MB/s) - âeicar.comâ saved [68/68]

5. Check again the directory should contain the downloaded test virus :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 19.874 sec (0 m 19 s)

6. Scan and remove virus files :

ehowstuff@ubuntu14:~$ sudo clamscan --infected --remove --recursive /home
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND
/home/ehowstuff/eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.930 sec (0 m 20 s)

7. Scan again home directory. The downloaded virus file should be remove now :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.151 sec (0 m 20 s)

8. Start clamav-daemon (clamd):

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon start
 * Starting ClamAV daemon clamd                                                              [ OK ]

9. Check clamd status :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon status
 * clamd is running

10. Start and check the status of clamav-freshclam :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam start
 * Starting ClamAV virus database updater freshclam                                          [ OK ]
ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam status
 * freshclam is running

11. Verify ClamAV version number :

ehowstuff@ubuntu14:~$ sudo clamdscan -V
ClamAV 0.98.1/19025/Sat May 24 10:04:32 2014

12. See more option for clamscan by issue “sudo clamscan –help” command:

ehowstuff@ubuntu14:~$ sudo clamscan --help

                       Clam AntiVirus Scanner 0.98.1
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

I hope this article gives you some ideas and essential guidance on how to install clamav ubuntu server 14.04 virtual private server (VPS) or dedicated server.

See also  How to Install Clam Antivirus on CentOS 6.3

 

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

4 Comments

1 Trackback or Pingback

Leave a Reply

Your email address will not be published. Required fields are marked *