September 21, 2006

Using clamav in Fedora, in detail

I’ve just read a post on my blog which was asking for more information about clamav in fedora, what might be good whilst installing it etc. so I thought I might as well try and lay down some advice.

This is a continuation of a post I made in April about setting up repositories in fedora, where I made a general comment about clam but I really was going to update it, but you know how things are… they often move slowly

Firstly I was asked about clamav, so that’s what I’ll turn to now,

The clam modules which I have installed (and will recomend) are;

*clamav
*clamav-update
*clamav-lib

you should be able to install these with the usual yum commands of;

su -
.root password.
yum install (name of package from above^)

it should sort out the dependencies for you on these – There is a way to install more than one package at once but strangely I’ve never used it, I think it is just one package name after another with spaces but no other divide… but I’m not sure. Still, doing it one by one won’t hurt.
Now one more thing, you will need to go to the file /etc/freshclam.conf and edit it. You’ll need to be root to do this so just don’t log out after you installed the stuff from above. To get to the file type in the terminal;

gedit /etc/freshclam.conf

This opens up the text editor (the default one for GNOME on Fedora, if you would rather you can use vi just with the command “vi /etc/freshclam.conf”) you need to go down to the lines which say:

.# Uncomment the following line and replace XY with your country
.# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
.# Default: There is no default, which results in an error when running freshclam
.#DatabaseMirror db.XY.clamav.net
(Ignore the dots before it – thats just what it takes to stop the formatting from kicking in and making it numbering)

Commented refers to a hash symbol being infront of it, this means that that line is not read by the computer when the document is read (sorry if that sounds patronising but I like to avoid too much technical language). All you need to do here is go to the website which is in the list and look for your country code and then change the last line so it looks something like;

DatabaseMirror db.UK.clamav.net

Without a # and the XY changed to UK (obviously the country code for the UK)

Right, now that should have clam up and running. To use it go to the terminal, login as root (with “su -” like above) and type;

freshclam (this will update your clam database – everything should work ok)

Then you can run a scan by typing in the terminal;

clamscan

this will scan your home directory, if you are root it’ll do all the hidden files and everything in there. This is good but maybe not exactly what you’d want, you will want to add options (typing “man clamscan” will give you a whole host of options to customise how you scan). What I would run to do a full system scan is;

clamscan / -r—quiet
(that’s; clamscan “space” slash “space” “hyphen r” “space” “two hyphens quiet”... I had to do that because the blog system likes to use really random language and hyphens make the text strikethrough)

The clamscan is the program, the ”/” is the start of your file tree (or at least it is by default and if you know how to change that then you’ll not need this – if it’s even possible), the “-r” means recursive, which means it scans through sub-folders until there is no where left to go
The “—quiet” means it will only tell you about viruses or errors – so it looks blank unless there is a problem… one that I have is it not being able to access ”/proc” but I don’t worry about it ; )
-if you leave off the—quiet then it’ll show you each file in turn and then say “ok” after, this is ok (you know how far it is along) but the final report won’t give you specifics if you do have an infected file… so you would need to scan again with—quiet to find out where it is

Right, that might have been a bit long winded but at least it was comprehensive!
- Tomorrow I’ll try and write about how to scan for rootkits (using rkhunter and chkrootkit) and how to shut off root access to ssh (which should be closed by default but strangely isn’t… :S). I’ll also stick down some really good websites for learning and the best forum in the world (because it’s the one I go on). But for now, night night


- 9 comments by 0 or more people Not publicly viewable

[Skip to the latest comment]
  1. Alexander Leith

    Thank you so much for this easy to understand guide. I’ve spent hours trying to get freshclam to work, and in the space of 3 minutes you’ve explained everything I need to know. Thanks!

    04 Dec 2006, 14:34

  2. Shibly

    Thanks u very much. But my virus r not removed. how can i remove my virus….plz email.

    19 Mar 2007, 05:53

  3. lennon

    sorry, i follow the step, but when i used the “freshclam” command,
    it display a error msg, can’t parse /etc/clamd.config.

    may i know how can i solve it?

    01 Jul 2007, 14:15

  4. patrick

    seems like an old thread, but since it’s hanging with a question, thought I might offer a suggestion.

    there was a line in my frreshclam.conf file that had to be removed (or commented) called:

    EXAMPLE

    maybe it’s the same with this other file in question

    03 Jul 2007, 15:08

  5. Kiev1.org

    freshclam
    ERROR: Please edit the example config file /etc/freshclam.conf.
    ERROR: Can’t parse the config file /etc/clamd.conf

    06 Aug 2007, 04:45

  6. john doe

    You have to put a # infront of the line that begins with EXAMPLE in /etc/clamd.conf
    Running freshclam after that you just go fine.

    10 Aug 2007, 14:16

  7. Chris

    I did as posted I have no file /etc/clamd.conf I am now using yum install clamav. still at a loss. I am running fedora7 and need help. Thank you

    07 Sep 2007, 04:58

  8. vicks

    In a single word SUPERB…..

    Hope this ll be best guide for initial phase users like us..

    Thank you ..

    21 Sep 2007, 21:49

  9. pete

    nice post –
    commenting out the ‘example’ line and inserting country code did it for me.
    thanks
    Pete

    30 Sep 2007, 17:33


Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

September 2006

Mo Tu We Th Fr Sa Su
Aug |  Today  |
            1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30   

Search this blog

Galleries

Most recent comments

  • Thanks once again worked quite a couple times! by bmb on this entry
  • nice post commenting out the 'example' line and inserting country code did it for me. thanks Pete by pete on this entry
  • In a single word SUPERB….. Hope this ll be best guide for initial phase users like us.. Thank you … by vicks on this entry
  • I did as posted I have no file /etc/clamd.conf I am now using yum install clamav. still at a loss. I… by Chris on this entry
  • You have to put a # infront of the line that begins with EXAMPLE in /etc/clamd.conf Running freshcla… by john doe on this entry

Blog archive

Loading…
Not signed in
Sign in

Powered by BlogBuilder
© MMXIX