Changes

From Amahi Wiki
Jump to: navigation, search

Virus Scan Shares (view source)

Revision as of 01:05, 15 September 2015

673 bytes added ,  01:05, 15 September 2015
no edit summary
ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.
 
'''NOTE:''' This guidance is for Amahi 7/8, but can be easily adapted for Ubuntu.
== Install ==
And you’re done! That should be the minimum required to install ClamAV and Perform a daily scan of a specific directory.
 
'''NOTE:''' You will need to enable email on your HDA to use option "b". See [[Main_Page#Community_Tutorials|Community Tutorials]] for guidance.
 
== Configure Virus Definitions Update ==
The following will ensure your virus definitions are updated hourly.
* Execute the following as root user:
touch /var/log/clamav/freshclam.log
chmod 600 /var/log/clamav/freshclam.log
chown clamupdate /var/log/clamav/freshclam.log
* Set up cron job
N * * * * /bin/freshclam --quiet
 
'''NOTE:''' Change N to any value between 3 and 57 for minutes. This will help prevent conflicts with other cron jobs that typically run at 0.
 
== Using Greyhole ==
You will need to do some additional setup to scan files when using Greyhole.
 
* Set up [[Mount_Shares_Locally|mount shares locally]]
* Ensure the SCAN_DIR= <code>/mnt/samba/share</code> and not <code>/var/hda/files/share</code>
'''NOTE:''' You Now when the daily scan runs, it will need to enable email on your HDA to use option "b". See [[Main_Page#Community_Tutorials|Community Tutorials]] for guidancescan the Greyhole enabled share correctly.
==== Incremental Daily and Full Weekly Scans ====You can expand on the above by making a daily cronjob script that only scans files changed in the last 24 hours, and a weekly cronjob script ("a" or "b" above) that does a full filesystem scan. You may choose to do this for reasons of efficiency, as scanning only the files changed in the last 24 hours is an order of magnitude faster. Your daily cron file would look something more like this:
<pre>#!/usr/bin/env bash
# Run clamscan against the list of files and pipe the results out to the results file
# -i prints only infected files, -f is the list of files to scan, and -l is the output log
clamscan -i -f "${LIST}" -l "${RESULTS}"</pre> == Using Greyhole ==You will need to do some additional setup # Send email with results (uncomment line below to scan files when using Greyhole.enable)* Set up [https://wiki# mail -s "HDA Daily Virus Scan - ${DATE}" user@mail.amahi.org/index.php/Mount_Shares_Locally mount shares locally]com < ${RESULTS}* Ensure the SCAN_DIR= <code>/mnt/samba/share</codepre> and not <code>/var/hda/files/share</code>  Now when the daily scan runs, it will scan the Greyhole enabled share correctly.
==References==
Bigfoot65
Trusted, Bureaucrats, Administrators
12,424

edits

Retrieved from "https://wiki.amahi.org/index.php/Special:MobileDiff/85101...98116"