Monday, 13 June 2016

How to install clamAV on Centos 6

Install EPEL repo:
Before we can do proceed, you must ensure that you have the EPEL yum repository enabled. To do this,


CentOS 6.x

#rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

CentOS 5.x
#rpm -Uvh http://mirror.pnl.gov/epel/5/x86_64/epel-release-5-4.noarch.rpm

Install clamAV
# yum -y install clamav clamd
# chkconfig clamd on

Update the clamav virus database
# /usr/bin/freshclam

Error:

# /usr/bin/freshclam
ERROR: Please edit the example config file /etc/freshclam.conf
ERROR: Can't open/parse the config file /etc/freshclam.conf

To fix this above  error Comment out the Line with “Example”
#vim  /etc/freshclam.conf
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.

Example


Change to

#vim /etc/freshclam.conf
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.

# Example


Run freshclam again
# /usr/bin/freshclam

Start Clamav
# service clamd start

 Starting Clam AntiVirus Daemon: ERROR: Please edit the example config file /etc/clamd.conf
ERROR: Can't open/parse the config file /etc/clamd.conf
 [FAILED]

Edit the config file, comment out “Example”

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.

#Example



"ERROR: Please define server type (local and/or TCP)"
You may need to uncomment the "TCPSocket" line in clamd.conf.


Set Clamav to run a daily scan

#vim /etc/cron.daily/clamscan

#!/bin/bash

# setup the scan location and scan log

CLAM_SCAN_DIR="/var/www/vhosts"

CLAM_LOG_FILE="/var/log/clamav/dailyscan.log"

# update the virus database

/usr/bin/freshclam

# run the scan

/usr/bin/clamscan -i -r $CLAM_SCAN_DIR >> $CLAM_LOG_FILE

MAILTO=user@domain.com


or

#clamscan -i -r --log=/var/log/clamscan-date.txt /var/www/vhosts/*

Set the cron file as an executible
#chmod 555 /etc/cron.daily/clamscan

Test your installation and cron job
 #/etc/cron.daily/clamscan


Try to scan.
[root@mail ~]# clamscan --infected --remove --recursive /home          #/home is your scan folder
----------- SCAN SUMMARY -----------
Known viruses: 3509099
Engine version: 0.98.4
Scanned directories: 94
Scanned files: 109
Infected files: 0
Data scanned: 0.95 MB
Data read: 0.89 MB (ratio 1.07:1)
Time: 8.485 sec (0 m 8 s)

# Download trial virus
[root@amir ~]# wget http://www.eicar.org/download/eicar.com
[root@amir ~]# clamscan --infected --remove --recursive .

./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed. # just detected

----------- SCAN SUMMARY -----------
Known viruses: 3509099
Engine version: 0.98.4
Scanned directories: 110
Scanned files: 147
Infected files: 1
Data scanned: 0.78 MB
Data read: 0.64 MB (ratio 1.21:1)
Time: 7.982 sec (0 m 7 s)