RU
EN
UA
CZ
What is ClamAV
ClamAV is a free and open source cross-platform program for detecting viruses and other types of malware. Although originally developed for Unix, it is now available in versions for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF, and Solaris.
The application supports a wide range of file formats, including mail formats, archive formats, executable files, and popular document formats. Essentially, the package consists of an antivirus engine that can be accessed as a shared library.
How to install ClamAV
To install ClamAV, first we have to log in to our server and run the command to update the packages inside our OS:
apt update && apt upgrade -y
After we have updated all installed applications to the latest version, we execute the command to install ClamAV itself using the command below:
apt install clamav -y
After installing ClamAV, we must also install the ClamAV Demon, this we must do using the command below:
apt install clamav-daemon
Now let’s update ClamAV. You will see some errors, ignore them, they will be automatically updated anyway. To update ClamAV, run the command below:
freshclam
Now we can start scanning our system or a specific folder or file.
How to scan with ClamAV
ClamAV is now ready to use. Here you can use many scanning commands. We will now look at some of them. For example, we will scan the root directory.
Run the following command to scan the root directory:
clamscan -r /root
After scanning, we will get such a picture, i.e. report what was scanned and whether there were infected files:
In our case, everything went well, but as we did on the test server, it was definitely not infected with viruses.
To view all infected files, you must use the command:
clamscan -ri /root
To delete an infected file, you can use the following command. However, this command is not recommended because it will destroy your files if it becomes infected. If you want to delete files that are infected with a virus, use this command:
clamscan -ri –remove /root
To avoid complications when deleting files. You can create a folder and move infected files to it. Hence, you can check which files need to be deleted and delete them accordingly.
Run the following commands:
mkdir VIRUS - Create a folder
ls - Check whether the folder is created or not
cd VIRUS/ - To go to a folder
pwd - To see the current location.
Then run the command to move the infected file to the folder we just created. The /root command is the folder that we are going to scan.
clamscan -r --move=/root/VIRUS /root
After the scan is complete, you can check the folder and delete infected files if necessary.
Conclusion
Viruses can harm computers and even web servers at any given time, no matter what operating system you are using. Therefore, if you have a Linux VDS or a dedicated server, you should install an antivirus to protect it from malicious attacks.