Pisi Linux Installation and automation of clamAV   Leave a comment

If you have not already done so, install ClamAV

sudo pisi it clamav

Updating the basis of virus definition.

sudo freshclam

*** Once the ClamAV daemon will be automatically started at boot (see below) the update will happen automatically.
Originally the update is done every hour which is exaggerated im my opinion then freshclam.conf file must be modified so the update is done every 2 hours.
The freshclam.conf file is in etc/freshclam.conf
modify

# Number of database checks per day.
# Default: 12 (every two hours)
# Checks 24to
# Number of database checks per day.
# Default: 12 (every two hours)
Checks 12
*The updates log file is in var/log/clamav/freshclam.log

ClamAV Automated tasks.

So that the ClamAV automated tasks are launched the daemon (clamav-daemon) has to be launched.(The file is in var/db/Comar3/Script/Services system)
In order for this service to start automatically at computer startup:
Go to System/Service Manager: you will find the clamav service. Select Run at startup

*The clamav daemon log file is /var/log/clamav/clamd.log

To automatically scan incoming mail in thunderbird with clamdrib

Install the extension Clamdrib
If you can not find it you can download it here: https://www.dropbox.com/s/rv0ky0734b703gv/clamdrib-0.2.0.4.xpi?dl=0

To make it work, you must add the following lines to /etc/clamd.conf

TCPSocket 3310
TCPAddr localhost
ReadTimeout 300
IdleTimeout 60
MaxConnectionQueueLength 30

Real-time analysis of downloads in Firefox.

Install the extension Fireclam

*Check the preferences of the extension:
– ClamAV executable points to /usr/bin/clamdscan
– Path to the database points to /var/lib/clamav
– Additional parameters: you can leave blank or as in my case indicate that the .pdf files should not be analyzed in this case enter the command :

–scan-pdf=no

You can then test by going to this page and trying to download files: http://support.kaspersky.com/fr/viruses/avtest
When you download a file therein, you should see a similar notice to this:

Fireclam determined that the following file is infected:
/home/user/Downloads/level1.zip
————————————–
/home/user/Downloads/level1.zip: Eicar-Test-Signature FOUND

Comprehensive real-time analysis

Personally I have limited the analysis in real time to my download folder to avoid overloading the system unnecessarily.

Prerequisite:
we need the clamav daemon is active (see automated tasks ClamAV) and inotify-tools installed.
It is also recommended to install libnotify.

Here’s a script „clamavTR.sh“ to add a real-time function to ClamAV. It allows real-time scan the directory „/home/user/Downloads“, if a virus is found it will be moved to Quarantine (/ tmp by default, but you can modify it). A hidden file (.clamav-tr.log) will be available in the user directory of the script.

This script does not require administrator rights.

#!/bin/bash
# Script „ClamAV Real Time“, by HacKurx modified by mancora
# http://hackurx.wordpress.com
# Licence: GPL v3
# Dépendance: clamav-daemon inotify-tools
# Recommandé : libnotify

DOSSIER=/home/user/Downloads
QUARANTAINE=/tmp
LOG=$HOME/.clamav-tr.log

inotifywait -q -m -r -e create,modify,access „$DOSSIER“ –format ‚%w%f|%e‘ | sed –unbuffered ’s/|.*//g‘ |

while read FICHIER; do
clamdscan –quiet –no-summary -i -m „$FICHIER“ –move=$QUARANTAINE
if [ „$?“ == „1“ ]; then
echo „`date` – Malware found in the file ‚$FICHIER‘. The file has been moved $QUARANTAINE.“ >> $LOG
echo -e „\033[31mMalware found!!!\033[00m“ „The file ‚$FICHIER‘ has been moved to quarantaine.“
if [ -f /usr/bin/notify-send ]; then
notify-send -u critical „ClamAV Real Time“ „Malware found!!! The file ‚$FICHIER‘ has been moved to quarantaine.“
fi
fi
done

Save this script for example in the „Script“ folder you created in your home directory, and make the script executable [/ b].

Add the script at startup to run automatically:
– System Setup/Startup & Shutdown/Auto Start/Add script/ go to the location where the script was recorded (uncheck created as a symbolic link)

*The log of the real-time analysis is /user/.clamav-tr.log

System or folder analysis :

sudo clamscan –remove -r /

sudo clamscan –remove -r /home/user

sudo clamscan –remove -r /home/user/Downloads

Scheduled scan.

Recursive analysis of the home directory of the user with moving to quarantine of infected file and scan report

clamscan –recursive –move=/home/utilisateur/QuarantaineClamav –log=/home/utilisateur/clamscan.log /home/utilisateurCreate the folder /home/user/QuarantaineClamav

Programing using crontab:

0 23 1 * * clamscan –recursive –move=/home/user/QuarantaineClamav –log=/home/user/clamscan.log /home/userScan at 23:00 every first of the month

*The KCron program can help you easily generate the crontab file.
Install KCron, once installed you will find it in System Setup/System Administration/Scheduler


This Tutorial is written from User Michel.B from the Pisi Linux Forum

Advertisements

Veröffentlicht 26. Dezember 2014 von groni in Allgemein

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

%d Bloggern gefällt das: