ClamAV on openSuse
ClamAV is a good antivirus software for Linux. Do you need it? Linux is a very safe operating system, but sometimes it’s good to check if everything is OK.
You can find ClamAV in your operating system repository. On openSuse, I just use Apper that is software for managing packages. Click Security, and you have all packages. Search clamav. Click to install it on your system if it has not been installed so far.
The most important command is clamscan. To see the version, just write on the console:
poganin@linux-7tpy:~> clamscan -V
ClamAV 0.98
But when you wish to scan the system and use clamscan (you must be a root!), you will get:
poganin@linux-7tpy:~> sudo clamscan
Ufamy, że lokalny administrator udzielił odpowiedniego szkolenia.
Zwykle sprowadza się ono do tych trzech rzeczy:
1) należy respektować prywatność innych,
2) należy myśleć przed pisaniem,
3) z dużą władzą wiąże się duża odpowiedzialność.
root’s password:
LibClamAV Error: cli_loaddb(): No supported database files found in /var/lib/clamav
ERROR: Can’t open file or directory
———– SCAN SUMMARY ———–
Known viruses: 0
Engine version: 0.98
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)
In other words, it doesn’t work. You must update the virus database by running
poganin@linux-7tpy:~> sudo freshclam
as a root. Then, wait for the end of updating. You will see something like that:
ClamAV update process started at Wed Dec 25 13:37:10 2013
Downloading main.cvd [100%]
main.cvd updated (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily.cvd [100%]
daily.cvd updated (version: 18284, sigs: 621876, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 235, sigs: 44, f-level: 63, builder: dgoddard)
Database updated (3046145 signatures) from database.clamav.net (IP: 195.30.97.3)
The databases are in the files:
/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd
ClamAV use these files to check if there’s no malware on your operating system.
Now run clamscan again:
clamscan /path/to/the/directory
And all files in the directory will be scanned. Look at the example:
linux-7tpy:/ # clamscan /home/poganin/worksSpring/Mirek/src/main/java/com/linaittech/Mirek
/home/poganin/worksSpring/Mirek/src/main/java/com/linaittech/Mirek/HomeController.java: OK
———– SCAN SUMMARY ———–
Known viruses: 3040793
Engine version: 0.98
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 11.261 sec (0 m 11 s)
There’s one file in the Mirek directory. It’s status is OK so it’s not infected. At the end of scanning, you see the stats.
To get help and more options, just run the command:
linux-7tpy:/ # clamscan –help
You see that ClamAV is a very useful tool. However, you will be using the most often:
linux-7tpy:/ # clamscan -r –bell -i /
for scanning all files in your system.
-r – Scan subdirectories recursively
–bell – Sound bell on virus detection
-i – Only print infected files
To remove an infected file, just run:
linux-7tpy:/ # clamscan -r –remove /home/poganin
It will remove all the infected files ClamAV has just found on your operating system. Be careful – the files are gone for good. Instead, better use this command:
linux-7tpy:/ # clamscan -r –move=/home/wirusy /home/poganin
–move=/home/wirusy – Move infected files into the /home/wirusy directory
With this option, all infected files will be moved to the directory during scanning. Then, you can check the infected files again and make a decision what to do with them.
I hope it’s clear.
Tomasz Zackiewicz 