Fedora 28: Virus scan with ClamAV

This article will describe virus scan with ClamAV.

1 Virus scan with clamscan

Install clamav package.

$ sudo dnf install -y clamav

The clamscan command will scan file or directory.

  • -r option will scan directory recursively.
  • -i option will show detected file only.
  • –move option will move detected file to specific directory.
$ mkdir ~/virus
$ clamscan -r -i --move=$HOME/virus .

2 Update virus database manually

The freshclam command will update virus database. The freshclam command includes in clamav-update package.

$ sudo dnf install -y clamav-update
$ sudo freshclam

3 Update virus database automatically

Installing clam-update package will enable cron job which will run /usr/share/clamav/freshclam-sleep for each 3 hours. If FRESHCLAM_DELAY value is not "disabled-warn" nor "disabled", freshclam-sleep will run freshclam command. FRESHCLAM_DELAY default value is "disabled-warn".

So, for updating virus database automatically, you need to install clamav-freshclam package and replace FRESHCLAM_DELAY value.

$ sudo dnf install -y clamav-update
$ sudo sed -e 's/^FRESHCLAM_DELAY/#FRESHCLAM_DELAY/g' \
-i /etc/sysconfig/freshclam

For changing update interval, you need to modify the following file.

/etc/cron.d/clamav-update

4 Virus scan with clamd

The clamd daemon load database once and wait as a daemon. And run virus scan by request from clamdscan command without loading database.

clamd daemon always consume memory for database, but clamdscan is faster than clamscan. And clamdscan's behavior depends on clamd while clamscan's behavior depends clamscan's options.

Install packages for clamd.

$ sudo dnf install -y clamav-server clamav-server-systemd clamav-scanner

Edit /etc/clamd.d/scan.conf which will be used by clamd@scan.service.

$ sudo sed -e 's/^Example/#Example/g' \
       -e 's/^User.*/User root/g' \
       -e 's/^#LocalSocket /LocalSocket /g' \
       -e 's/^#LocalSocketGroup.*/LocalSocketGroup clamscan/g' \
       -e 's/^#LocalSocketMode /LocalSocketMode /g' \
       -e 's/^#FixStaleSocket /FixStaleSocket /g' \
       -e 's/^#ExcludePath /ExcludePath /g' \
       -i /etc/clamd.d/scan.conf

Enable clamd@scan.service.

$ sudo systemctl enable clamd@scan

Create symbolic link from /etc/clamd.d/scan.conf to /etc/clamd.conf which will be used by clamdscan command.

$ sudo ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

Allow selinux setting for clamd.

$ sudo setsebool -P antivirus_can_scan_system 1
$ sudo setsebool -P clamd_use_jit 1

Add running clamdscan user to clamdscan group.

$ sudo gpasswd -a "${USER}" clamscan

Reboot for updating gpasswd setting.

$ sudo reboot

After reboot, you can run clamdscan.

$ clamdscan <file-or-dir>

5 Virus scan with clamtk package

clamtk package provides GUI window, This is useful for desktop user.

$ sudo dnf install -y clamtk

clamtk is as the following. You need double click to select item.

0001_ClamTk.png

Check "scan directories recursively" in Settings.

0002_ScanDirectoriesRecursively.png

Home directory can be scanned recursively by "Scan a directory".

0003_ScanADirectory.png