From aldeid
Jump to navigation Jump to search
This page is still a draft. Thank you for your understanding.


This section/article is being written and is therefore not complete.
Thank you for your comprehension.


From packages

$ sudo aptitude install clamav clamav-freshclam

From sources

$ cd /data/src/
$ wget
$ tar xzvf clamav-0.97.6.tar.gz
$ cd clamav-0.97.6/
$ ./configure
$ make
$ sudo make install



--help, -h
Print this help screen
--version, -V
Print version number
--verbose, -v
Be verbose
Enable libclamav's debug messages
Only output error messages
Write to stdout instead of stderr
Disable summary at end of scanning
--infected, -i
Only print infected files
Sound bell on virus detection
Create temporary files in DIRECTORY
Do not remove temporary files
--database=FILE/DIR, -d FILE/DIR
Load virus database from FILE or load all supported db files from DIR
Only load official signatures
--log=FILE, -l FILE
Save scan report to FILE
--recursive[=yes/no(*)], -r
Scan subdirectories recursively
Scan files and directories on other filesystems
Follow directory symlinks (0 = never, 1 = direct, 2 = always)
Follow file symlinks (0 = never, 1 = direct, 2 = always)
--file-list=FILE, -f FILE
Scan files from FILE
Remove infected files. Be careful!
Move infected files into DIRECTORY
Copy infected files into DIRECTORY
Don't scan file names matching REGEX
Don't scan directories matching REGEX
Only scan file names matching REGEX
Only scan directories matching REGEX
Load bytecode from the database
Load unsigned bytecode
Set bytecode timeout (in milliseconds)
Detect Possibly Unwanted Applications
Skip PUA sigs of category CAT
Load PUA sigs of category CAT
Detect structured data (SSN, Credit Card)
SSN format (0=normal,1=stripped,2=both)
Min SSN count to generate a detect
Min CC count to generate a detect
Scan mail files
Signature-based phishing detection
URL-based phishing detection
Stop scanning as soon as a heuristic match is found
Always block SSL mismatches in URLs (phishing module)
Always block cloaked URLs (phishing module)
Algorithmic detection
Scan PE files
Scan ELF files
Scan OLE2 containers
Scan PDF files
Scan HTML files
Scan archive files (supported by libclamav)
Try to detect broken executable files
Block encrypted archives
Files larger than this will be skipped and assumed clean
The maximum amount of data to scan for each container file (**)
The maximum number of files to scan for each container file (**)
Maximum archive recursion level for container file (**)
Maximum directory recursion level

Use cases

Update signatures

$ $ sudo freshclam
ClamAV update process started at Sat Mar  2 21:48:29 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Downloading daily.cvd [ 12%]

Scan a file

$ clamscan /data/exploits/winfixer.exe
/data/exploits/winfixer.exe: Worm.Autorun-7661 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 1044387
Engine version: 0.97.6
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.03 MB
Data read: 0.03 MB (ratio 1.00:1)
Time: 1.998 sec (0 m 1 s)

Scan a directory

$ clamscan /data/exploits/
/data/exploits/arru.exe: OK
/data/exploits/setup[1].exe: OK
/data/exploits/nuxninqynkow.exe: OK
/data/exploits/MsMxEng.exe: Trojan.Buzus-6212 FOUND
/data/exploits/ARPPRODUCTICON.exe: OK
/data/exploits/nopenico.exe: OK
/data/exploits/Captain Coucou!.JPG: OK
/data/exploits/ptrvta.exe: OK
/data/exploits/360Tray.exe: OK
/data/exploits/vgwisb.exe: OK
/data/exploits/ose00000.exe: OK
/data/exploits/alicsrv.exe: OK
/data/exploits/Dc30.exe: OK
/data/exploits/Persomod.exe: OK
/data/exploits/tm2002.exe: OK
/data/exploits/teasing.exe: OK
/data/exploits/ICBCEBankAssist.exe: OK
/data/exploits/hod.exe: Worm.Autorun-2205 FOUND
/data/exploits/ext_1.exe: OK
/data/exploits/My IP Address.exe: OK
/data/exploits/Skycn_1.2.1.exe: OK
/data/exploits/panjxg.exe: OK
/data/exploits/6C82D104845D404ED19B40607B07D287.ico: OK