---------------------------------- Title : AntiVirus for Linux - ClamAV with Fedora 11 ---------------------------------- Background: This guide will use the ClamAV CLI scanner and the ClamAV-Update script (freshclam). I wrote this to help all the Home\SOHO users (servers or desktops). ClamAV has various tools/packages/plugins for email servers etc. but that's another story. If you wish to learn more visit their home site: http://www.clamav.net/ ---------------------------------- Installation: shell> sudo yum install -y clamav clamav-update ---------------------------------- Setup clamav-update: shell> sudo vi /etc/freshclam.conf Note: Change the following 2 items, then save and quit. Example to #Example #DatabaseDirectory /var/lib/clamav to DatabaseDirectory /var/lib/clamav ---------------------------------- In order for the freshclam cron script to work, we'll need to update /etc/sysconfig/freshclam shell> sudo vi /etc/sysconfig/freshclam Note: Change the following item, then save and quit. FRESHCLAM_DELAY=disabled-warn to #FRESHCLAM_DELAY=disabled-warn ---------------------------------- Run the virus definition updates by hand (for testing): shell> sudo /usr/bin/freshclam Run a test scan on /sbin and /bin (recursively and log to /tmp/clamscan.Month-Day-Year.log): shell> sudo clamscan -r /sbin /bin --log=/tmp/clamscan.`date +%m-%d-%y`.log ---------------------------------- Script for auto-scans: Note: Create the script and save under "root's" home. shell> sudo su - shell> cd ~ shell> vi virus-scan.sh NOTE: Copy and paste the below info into the virus-scan.sh, then save and quit. #!/bin/sh ####################### # Create the log file if needed # CLAM_LOG="/var/log/clamscan.log" if [ ! -f "$CLAM_LOG" ]; then touch "$CLAM_LOG" chmod 644 "$CLAM_LOG" chown clamav.clamav "$CLAM_LOG" fi # ######################## # Setup our common scanned paths - note these are based on my systems $PATH # You can change the user that gets mailed, or don't use mail at all, if using a logging setup etc. # COMMON_DIRS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /usr/kerberos/bin /usr/kerberos/sbin /usr/lib/qt* /home /tmp" # ######################## # Start the scan and mail to root (change as needed) # /usr/bin/clamscan -ri $COMMON_DIRS --log="$CLAM_LOG" | mail -s virus-scan.`date +%m-%d-%y` root@localhost # ######################## Set the script to be executable and test: shell> chmod +x virus-scan.sh shell> ./virus-scan-sh & Once it's complete check roots mail and/or the log file, if all is well, let's set up a cron job. ---------------------------------- There are many ways to use cron, this example is using the /etc/cron.d structure. shell> cd /etc/cron.d shell> vi virus-scan NOTE: Copy and paste the following into the virus-scan file, the save and quit. # The following will run our script at 2am every day of the week. # Obviously you'll need to adjust this based on workload, uptimes etc. 00 02 * * * root /root/virus-scan.sh > /dev/null 2>&1 ---------------------------------- HTH - dbcooper