ClamAV: Difference between revisions

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Notes: link to liveCD page
added links from Will Hill; tidied up how-to a bit; SMW
Line 1: Line 1:
<hide>
[[page type::article]]
[[thing type::software]]
[[purpose::antivirus]]
[[license::open-source]]
[[category:software]]
[[category:software]]
</hide>
==About==
==About==
[[ClamAV]] is [[free, open-source]] [[anti-virus]] software for [[Linux]], [[Microsoft Windows|Windows]], and many other [[operating system]]s.
[[ClamAV]] is [[free, open-source]] [[anti-virus]] software for [[Linux]], [[Microsoft Windows|Windows]], and many other [[operating system]]s.
==Notes==
==How To==
To disinfect a Windows PC by running ClamAV from an [[Ubuntu]] [[liveCD]]:
To disinfect a Windows PC by running ClamAV from an [[Ubuntu]] [[liveCD]]:
* Boot the liveCD
* Boot the liveCD
Line 12: Line 18:
* To move infected files into a quarantine area (only partially tested):
* To move infected files into a quarantine area (only partially tested):
** sudo clamscan -v -r --move=/media/disk/quarantine /media/disk
** sudo clamscan -v -r --move=/media/disk/quarantine /media/disk
** real-world example:
** real-world example -- this should quarantine the infections in addition to finding them:
*** sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD
*** sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD
* ''to be written: what to do if infections are found.''
* If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. Hopefully this basic scan will be enough to make a hopelessly virus-bound system usable again.
** Basically, you'll probably want to set up a folder for quarantining infected files, and then run clamscan with the option to move infected files there.
===Notes===
* If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure.
Additionally, there are some distributions which come with ClamAV already installed, and which may therefore simplify this process:
* http://distrowatch.com/weekly.php?issue=20100322
* http://distrowatch.com/?newsid=06435
* http://www.eugenemdavis.com/scanning-windows-folders-ubuntu-livecd
* [http://antiviruslivecd.4mlinux.com/ AVLive CD distro]


==Windows==
==Windows==
Line 28: Line 38:
* {{wikipedia|Clam AntiVirus}}
* {{wikipedia|Clam AntiVirus}}
===Official===
===Official===
* [http://www.clamav.net/ ClamAV]
* [[URL::http://www.clamav.net/|ClamAV]]
* [http://www.clamwin.com/ ClamWin]
* [http://www.clamwin.com/ ClamWin]

Revision as of 00:48, 22 March 2013

<hide> page type::article thing type::software purpose::antivirus license::open-source </hide>

About

ClamAV is free, open-source anti-virus software for Linux, Windows, and many other operating systems.

How To

To disinfect a Windows PC by running ClamAV from an Ubuntu liveCD:

  • Boot the liveCD
  • Install the "clamav" package
  • Mount the infected drive (opening it from "Locations" will do)
  • run df to find out the drive's filesystem path. We'll assume it's /media/disk.
  • Run clamscan in read-only mode to see if there are any detectable infections:
    • clamscan -v -r /media/disk
  • To move infected files into a quarantine area (only partially tested):
    • sudo clamscan -v -r --move=/media/disk/quarantine /media/disk
    • real-world example -- this should quarantine the infections in addition to finding them:
      • sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD
  • If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. Hopefully this basic scan will be enough to make a hopelessly virus-bound system usable again.

Notes

Additionally, there are some distributions which come with ClamAV already installed, and which may therefore simplify this process:

Windows

In Microsoft Windows, ClamAV is available in two varieties:

Error Codes

Reference

Official