Using clamav in Fedora, in detail
I’ve just read a post on my blog which was asking for more information about clamav in fedora, what might be good whilst installing it etc. so I thought I might as well try and lay down some advice.
This is a continuation of a post I made in April about setting up repositories in fedora, where I made a general comment about clam but I really was going to update it, but you know how things are… they often move slowly
Firstly I was asked about clamav, so that’s what I’ll turn to now,
The clam modules which I have installed (and will recomend) are;
you should be able to install these with the usual yum commands of;
yum install (name of package from above^)
it should sort out the dependencies for you on these – There is a way to install more than one package at once but strangely I’ve never used it, I think it is just one package name after another with spaces but no other divide… but I’m not sure. Still, doing it one by one won’t hurt.
Now one more thing, you will need to go to the file /etc/freshclam.conf and edit it. You’ll need to be root to do this so just don’t log out after you installed the stuff from above. To get to the file type in the terminal;
This opens up the text editor (the default one for GNOME on Fedora, if you would rather you can use vi just with the command “vi /etc/freshclam.conf”) you need to go down to the lines which say:
.# Uncomment the following line and replace XY with your country
.# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
.# Default: There is no default, which results in an error when running freshclam
(Ignore the dots before it – thats just what it takes to stop the formatting from kicking in and making it numbering)
Commented refers to a hash symbol being infront of it, this means that that line is not read by the computer when the document is read (sorry if that sounds patronising but I like to avoid too much technical language). All you need to do here is go to the website which is in the list and look for your country code and then change the last line so it looks something like;
Without a # and the XY changed to UK (obviously the country code for the UK)
Right, now that should have clam up and running. To use it go to the terminal, login as root (with “su -” like above) and type;
freshclam (this will update your clam database – everything should work ok)
Then you can run a scan by typing in the terminal;
this will scan your home directory, if you are root it’ll do all the hidden files and everything in there. This is good but maybe not exactly what you’d want, you will want to add options (typing “man clamscan” will give you a whole host of options to customise how you scan). What I would run to do a full system scan is;
clamscan / -r—quiet
(that’s; clamscan “space” slash “space” “hyphen r” “space” “two hyphens quiet”... I had to do that because the blog system likes to use really random language and hyphens make the text strikethrough)
The clamscan is the program, the ”/” is the start of your file tree (or at least it is by default and if you know how to change that then you’ll not need this – if it’s even possible), the “-r” means recursive, which means it scans through sub-folders until there is no where left to go
The “—quiet” means it will only tell you about viruses or errors – so it looks blank unless there is a problem… one that I have is it not being able to access ”/proc” but I don’t worry about it ; )
-if you leave off the—quiet then it’ll show you each file in turn and then say “ok” after, this is ok (you know how far it is along) but the final report won’t give you specifics if you do have an infected file… so you would need to scan again with—quiet to find out where it is
Right, that might have been a bit long winded but at least it was comprehensive!
- Tomorrow I’ll try and write about how to scan for rootkits (using rkhunter and chkrootkit) and how to shut off root access to ssh (which should be closed by default but strangely isn’t… :S). I’ll also stick down some really good websites for learning and the best forum in the world (because it’s the one I go on). But for now, night night