October 18, 2016

CentOS 7 - Virus Scanning (clamav)

Viruses are a danger to all computer users and we must guard against them. To protect against viruses you can install and use clamav.

Note: To install clamav, you must have installed and enabled EPEL. To do this you can follow our EPEL tutorial on how to install and setup EPEL.

To install clamav. Open a terminal and type in the following command and press ENTER on your keyboard.

sudo yum install clamav clamav-update

Once installed, we need to perform some configuration to allow virus definition updates. We will now update freshclam. In the terminal, type in the following command and press ENTER on your keyboard.

sudo vim /etc/freshclam.conf

Find the line near the top of the file with the word Example on it. Place a # before the word. Once done. Save and exit the file.

We can now update the virus definitions. In the terminal, type in the following command and press ENTER on your keyboard.

sudo freshclam

As CentOS uses selinux by default and should always be enabled. We will perform some configuration so clamav can access all files on disk, and update its data definition files.

In the terminal, type in the following command and press ENTER on your keyboard.

sudo setsebool -P antivirus_can_scan_system 1

If like us you prefer to automate tasks. Let us create a script and run clamav weekly then have it email us the results.

In the terminal, type the following command and press ENTER on your keyboard.

sudo vim /etc/cron.weekly/clamav_cron.sh

Input the text below.

#!/bin/sh
(
freshclam
clamscan -r -i / 
) | mail -s "clamav weekly scan..." youremail@address.com

Note: Please replace youremail@address.com with your own email address.

Note: Gmail and other mail service users that require SMTP send authentication use the text below.

#!/bin/sh
(
freshclam
clamscan -r -i /
) | mailx -v -s "clamav weekly scan..." -S smtp-use-starttls -S ssl-verify=ignore -S smtp-auth=login -S smtp=smtp://smtp.gmail.com:587 -S from="
youremail@address.com" -S smtp-auth-user=youremail@address.com -S smtp-auth-password=yourpassword -S ssl-verify=ignore -S nss-config-dir="/etc/pki/nssdb/" youremail@address.com

Note: Please replace youremail@address.com with your own email address. Also replace yourpassword with your mail service password.

Once done. Save and exit the file.

We now need to make our script executable. We do this using the command below. In the terminal, type the following command and press ENTER on your keyboard.

sudo chmod +x /etc/cron.weekly/clamav_cron.sh

You can now look forward to daily emails delivered from clamav.

No comments:

Post a Comment