Here a quick walk through on how to install and perform a file system scan with ClamAV. I’ll be installing and scanning on a RedHat 7.3 machine.

First download the required files listed below. For other distributions you should refer to the download page to get the suitable packages. I saved the files to /opt/clamav/

  1. clamav (Scanning tools)

  2. clamav-db (Virus database)

  3. main.cvd (Virus database update file)

  4. daily.cvd (Virus database update file)

Let’s start installing the packages.

[[email protected]:~]# rpm -ivh clamav-db-0.93.3-1.rh7.rf.i386.rpm

[[email protected]:~]# rpm -ivh clamav-0.93.3-1.rh7.rf.i386.rpm

[[email protected]:~]# cp main.cvd /var/clamav/

[[email protected]:~]# cp daily.cvd /var/clamav/

That concludes the install process. Now lets scan.

First check if your virus database is up to date.

[[email protected]:~]# freshclam<br /> ClamAV update process started at Wed Aug 20 17:49:38 2008<br /> main.cvd is up to date (version: 47, sigs: 312304, f-level: 31, builder: sven)<br /> daily.cvd is up to date (version: 8058, sigs: 85172, f-level: 33, builder: acab)

To scan the command would look like this. clamscan [options] [directory]

The -r option will force the scan to be recursive across directories.

[[email protected]:~]# clamscan -r /home/

The -i option will only return infected files.

[[email protected]:~]# clamscan -r -i /home/

You can also use -move=[directory] to move infected files or -copy=[directory] to copy infected files to a designated directory.

[[email protected]:~]# clamscan -r -i --move=/infected-files/

[[email protected]:~]# clamscan -r -i -copy=/infected-files/

To save the scan summary to a report file user -l /scan/report/scan.log or -log=/scan/report/scan.log

[[email protected]:~]# clamscan -r -i --log=/scan/report/scan.log

Sample scan summary,

[[email protected]:~]#

———- SCAN SUMMARY ———-
Known viruses: 396679
Engine version: 0.93.3
Scanned directories: 1920
Scanned files: 25372
Infected files: 6
Data scanned: 6643.96 MB
Time: 3020.422 sec (50 m 20 s)