ClamAV on openSuse

ClamAV on openSuse

ClamAV is a good antivirus software for Linux. Do you need it? Linux is a very safe operating system, but sometimes it’s good to check if everything is OK.

You can find ClamAV in your operating system repository. On openSuse, I just use Apper that is software for managing packages. Click Security, and you have all packages. Search clamav. Click to install it on your system if it has not been installed so far.

The most important command is clamscan. To see the version, just write on the console:

poganin@linux-7tpy:~> clamscan -V
ClamAV 0.98

But when you wish to scan the system and use clamscan (you must be a root!), you will get:

poganin@linux-7tpy:~> sudo clamscan

Ufamy, że lokalny administrator udzielił odpowiedniego szkolenia.
Zwykle sprowadza się ono do tych trzech rzeczy:

    1) należy respektować prywatność innych,
    2) należy myśleć przed pisaniem,
    3) z dużą władzą wiąże się duża odpowiedzialność.

root’s password:
LibClamAV Error: cli_loaddb(): No supported database files found in /var/lib/clamav
ERROR: Can’t open file or directory

———– SCAN SUMMARY ———–
Known viruses: 0
Engine version: 0.98
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)

In other words, it doesn’t work. You must update the virus database by running

poganin@linux-7tpy:~> sudo freshclam

as a root. Then, wait for the end of updating. You will see something like that:

ClamAV update process started at Wed Dec 25 13:37:10 2013
Downloading main.cvd [100%]
main.cvd updated (version: 55, sigs: 2424225, f-level: 60, builder: neo)                                                
Downloading daily.cvd [100%]                                                                                            
daily.cvd updated (version: 18284, sigs: 621876, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 235, sigs: 44, f-level: 63, builder: dgoddard)
Database updated (3046145 signatures) from database.clamav.net (IP: 195.30.97.3)

The databases are in the files:

/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd

ClamAV use these files to check if there’s no malware on your operating system.

Now run clamscan again:

clamscan /path/to/the/directory

And all files in the directory will be scanned. Look at the example:

linux-7tpy:/ # clamscan /home/poganin/worksSpring/Mirek/src/main/java/com/linaittech/Mirek
/home/poganin/worksSpring/Mirek/src/main/java/com/linaittech/Mirek/HomeController.java: OK

———– SCAN SUMMARY ———–
Known viruses: 3040793
Engine version: 0.98
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 11.261 sec (0 m 11 s)

There’s one file in the Mirek directory. It’s status is OK so it’s not infected. At the end of scanning, you see the stats.

To get help and more options, just run the command:

linux-7tpy:/ # clamscan –help

You see that ClamAV is a very useful tool. However, you will be using the most often:

linux-7tpy:/ # clamscan -r –bell -i /

for scanning all files in your system.

-r  – Scan subdirectories recursively
–bell – Sound bell on virus detection
-i – Only print infected files

To remove an infected file, just run:

linux-7tpy:/ # clamscan -r –remove /home/poganin

It will remove all the infected files ClamAV has just found on your operating system. Be careful – the files are gone for good. Instead, better use this command:

linux-7tpy:/ # clamscan -r –move=/home/wirusy /home/poganin

–move=/home/wirusy – Move infected files into the /home/wirusy directory

With this option, all infected files will be moved to the directory during scanning. Then, you can check the infected files again and make a decision what to do with them.

I hope it’s clear.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s