Difference between revisions of "ClamAV"
Jump to navigation
Jump to search
(tentative command for quarantining) |
(→Notes: link to liveCD page) |
||
Line 3: | Line 3: | ||
[[ClamAV]] is [[free, open-source]] [[anti-virus]] software for [[Linux]], [[Microsoft Windows|Windows]], and many other [[operating system]]s. | [[ClamAV]] is [[free, open-source]] [[anti-virus]] software for [[Linux]], [[Microsoft Windows|Windows]], and many other [[operating system]]s. | ||
==Notes== | ==Notes== | ||
− | To disinfect a Windows PC by running ClamAV from an [[Ubuntu]] liveCD: | + | To disinfect a Windows PC by running ClamAV from an [[Ubuntu]] [[liveCD]]: |
* Boot the liveCD | * Boot the liveCD | ||
* Install the "clamav" package | * Install the "clamav" package | ||
Line 17: | Line 17: | ||
** Basically, you'll probably want to set up a folder for quarantining infected files, and then run clamscan with the option to move infected files there. | ** Basically, you'll probably want to set up a folder for quarantining infected files, and then run clamscan with the option to move infected files there. | ||
* If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. | * If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. | ||
+ | |||
==Windows== | ==Windows== | ||
In [[Microsoft Windows]], ClamAV is available in two varieties: | In [[Microsoft Windows]], ClamAV is available in two varieties: |
Revision as of 00:42, 22 March 2013
About
ClamAV is free, open-source anti-virus software for Linux, Windows, and many other operating systems.
Notes
To disinfect a Windows PC by running ClamAV from an Ubuntu liveCD:
- Boot the liveCD
- Install the "clamav" package
- Mount the infected drive (opening it from "Locations" will do)
- run df to find out the drive's filesystem path. We'll assume it's /media/disk.
- Run clamscan in read-only mode to see if there are any detectable infections:
- clamscan -v -r /media/disk
- To move infected files into a quarantine area (only partially tested):
- sudo clamscan -v -r --move=/media/disk/quarantine /media/disk
- real-world example:
- sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD
- to be written: what to do if infections are found.
- Basically, you'll probably want to set up a folder for quarantining infected files, and then run clamscan with the option to move infected files there.
- If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure.
Windows
In Microsoft Windows, ClamAV is available in two varieties:
Error Codes
- Failed to install runtime with error code 1601 - ClamAV for Windows can't be installed in "safe mode", despite the obvious advantage of being able to do this with an anti-virus program.