add clamav docs
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 39s
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 39s
This commit is contained in:
99
active/software_clamav/clamav.md
Normal file
99
active/software_clamav/clamav.md
Normal file
@@ -0,0 +1,99 @@
|
||||
# Clamav
|
||||
|
||||
- [Clamav](#clamav)
|
||||
- [Quick Start](#quick-start)
|
||||
- [On Access Scanning](#on-access-scanning)
|
||||
- [Testing](#testing)
|
||||
|
||||
## Quick Start
|
||||
|
||||
<https://docs.clamav.net/manual/Usage/Configuration.html#first-time-set-up>
|
||||
|
||||
```bash
|
||||
# Install
|
||||
sudo dnf install clamav clamav-freshclam clamd
|
||||
|
||||
##### Set up Freshclam #####
|
||||
|
||||
# Create freshclam's log file
|
||||
sudo touch /var/log/freshclam.log
|
||||
sudo chmod 600 /var/log/freshclam.log
|
||||
sudo chown clamscan /var/log/freshclam.log
|
||||
|
||||
# Copy configuration files
|
||||
sudo cp active/software_clamav/freshclam.conf
|
||||
sudo chown root:root /etc/freshclam.conf
|
||||
sudo chmod u=rw,go=r /etc/freshclam.conf
|
||||
|
||||
# Update the freshclam DB
|
||||
sudo freshclam
|
||||
sudo systemctl enable clamav-freshclam --now
|
||||
|
||||
##### Set up Clamd #####
|
||||
|
||||
# Create clamd's log file
|
||||
sudo touch /var/log/clamd.scan
|
||||
sudo chmod 600 /var/log/clamd.scan
|
||||
sudo chown clamscan /var/log/clamd.scan
|
||||
|
||||
# Copy configuration files
|
||||
# NOTE: Edit scan.conf OnAccessIncludePath to point to your home dir
|
||||
vim active/software_clamav/scan.conf
|
||||
|
||||
sudo cp active/software_clamav/scan.conf /etc/clamd.d/scan.conf
|
||||
sudo chown root:root /etc/clamd.d/scan.conf
|
||||
sudo chmod u=rw,go=r /etc/clamd.d/scan.conf
|
||||
|
||||
# Allow clamav with selinux
|
||||
sudo setsebool -P antivirus_can_scan_system 1
|
||||
```
|
||||
|
||||
Edit the `clamd@` service to limit system resources.
|
||||
|
||||
```bash
|
||||
sudo systemctl edit clamd@
|
||||
|
||||
[Service]
|
||||
Nice=18
|
||||
IOSchedulingClass=idle
|
||||
CPUSchedulingPolicy=idle
|
||||
```
|
||||
|
||||
Then start the clamd service
|
||||
|
||||
```bash
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now clamd@scan
|
||||
sudo systemctl status clamd@scan
|
||||
```
|
||||
|
||||
Allow your user to run scans
|
||||
|
||||
```bash
|
||||
sudo -E usermod -aG virusgroup $USER
|
||||
```
|
||||
|
||||
## On Access Scanning
|
||||
|
||||
If you want to cripple your computer you can enable on-access scanning.
|
||||
|
||||
```bash
|
||||
sudo systemctl edit clamav-clamonacc.service
|
||||
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/sbin/clamonacc -F --fdpass --config-file=/etc/clamd.d/scan.conf
|
||||
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now clamav-clamonacc.service
|
||||
```
|
||||
|
||||
## Testing
|
||||
|
||||
The `eicar` test malware allows you to test any malware scanner, as every
|
||||
scanner should have its signature included in its database.
|
||||
|
||||
1. Create a new file called `eicar.com`
|
||||
2. Add the contents: `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`
|
||||
3. Save and scan: `clamdscan eicar.com`
|
||||
4. If you have on access scanning enabled you shouldn't be able to open it.
|
||||
Reference in New Issue
Block a user