Difference between revisions of "ClamAV"
Jump to navigation
Jump to search
(tentative command for quarantining) |
(freshclam; ArchLinux Wiki) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | <hide> | ||
| + | [[page type::article]] | ||
| + | [[thing type::software]] | ||
| + | [[purpose::antivirus]] | ||
| + | [[license::open-source]] | ||
[[category:software]] | [[category:software]] | ||
| + | </hide> | ||
==About== | ==About== | ||
[[ClamAV]] is [[free, open-source]] [[anti-virus]] software for [[Linux]], [[Microsoft Windows|Windows]], and many other [[operating system]]s. | [[ClamAV]] is [[free, open-source]] [[anti-virus]] software for [[Linux]], [[Microsoft Windows|Windows]], and many other [[operating system]]s. | ||
| − | == | + | ==How To== |
| − | To disinfect a Windows PC by running ClamAV from an [[Ubuntu]] liveCD: | + | To disinfect a Windows PC by running ClamAV from an [[Ubuntu]] [[liveCD]]: |
* Boot the liveCD | * Boot the liveCD | ||
* Install the "clamav" package | * Install the "clamav" package | ||
| − | * Mount the infected drive (opening it from "Locations" will do) | + | * Run "freshclam" (this may sit for a few minutes before showing any signs of life, and will take many minutes to finish downloading). |
| + | * Mount the infected drive (opening it from "Locations" in a [[file manager]] will do) | ||
* run '''df''' to find out the drive's filesystem path. We'll assume it's <u>/media/disk</u>. | * run '''df''' to find out the drive's filesystem path. We'll assume it's <u>/media/disk</u>. | ||
* Run clamscan in read-only mode to see if there are any detectable infections: | * Run clamscan in read-only mode to see if there are any detectable infections: | ||
| − | ** clamscan -v -r /media/disk | + | ** <code>clamscan -v -r /media/disk</code> |
* To move infected files into a quarantine area (only partially tested): | * To move infected files into a quarantine area (only partially tested): | ||
** sudo clamscan -v -r --move=/media/disk/quarantine /media/disk | ** sudo clamscan -v -r --move=/media/disk/quarantine /media/disk | ||
| − | ** real-world example: | + | ** real-world example -- this should quarantine the infections in addition to finding them: |
*** sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD | *** sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD | ||
| − | + | * If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. Hopefully this basic scan will be enough to make a hopelessly virus-bound system usable again. | |
| − | + | ===Notes=== | |
| − | * If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. | + | Additionally, there are some distributions which come with ClamAV already installed, and which may therefore simplify this process: |
| + | * http://distrowatch.com/weekly.php?issue=20100322 | ||
| + | * http://distrowatch.com/?newsid=06435 | ||
| + | * http://www.eugenemdavis.com/scanning-windows-folders-ubuntu-livecd | ||
| + | * [http://antiviruslivecd.4mlinux.com/ AVLive CD distro] | ||
| + | |||
==Windows== | ==Windows== | ||
In [[Microsoft Windows]], ClamAV is available in two varieties: | In [[Microsoft Windows]], ClamAV is available in two varieties: | ||
| Line 26: | Line 38: | ||
===Reference=== | ===Reference=== | ||
* {{wikipedia|Clam AntiVirus}} | * {{wikipedia|Clam AntiVirus}} | ||
| + | * [https://wiki.archlinux.org/index.php/ClamAV ArchLinux Wiki] | ||
===Official=== | ===Official=== | ||
| − | * [http://www.clamav.net/ ClamAV] | + | * [[URL::http://www.clamav.net/|ClamAV]] |
* [http://www.clamwin.com/ ClamWin] | * [http://www.clamwin.com/ ClamWin] | ||
Latest revision as of 20:47, 23 March 2015
About
ClamAV is free, open-source anti-virus software for Linux, Windows, and many other operating systems.
How To
To disinfect a Windows PC by running ClamAV from an Ubuntu liveCD:
- Boot the liveCD
- Install the "clamav" package
- Run "freshclam" (this may sit for a few minutes before showing any signs of life, and will take many minutes to finish downloading).
- Mount the infected drive (opening it from "Locations" in a file manager will do)
- run df to find out the drive's filesystem path. We'll assume it's /media/disk.
- Run clamscan in read-only mode to see if there are any detectable infections:
clamscan -v -r /media/disk
- To move infected files into a quarantine area (only partially tested):
- sudo clamscan -v -r --move=/media/disk/quarantine /media/disk
- real-world example -- this should quarantine the infections in addition to finding them:
- sudo clamscan -v -r --move=/media/IBM_PRELOAD/etc/quarantine /media/IBM_PRELOAD
- If no infections found, you may still be able to find infections with one of the Windows versions; there may be a way to force the Linux version to use the very latest data engine, but I'm not sure. Hopefully this basic scan will be enough to make a hopelessly virus-bound system usable again.
Notes
Additionally, there are some distributions which come with ClamAV already installed, and which may therefore simplify this process:
- http://distrowatch.com/weekly.php?issue=20100322
- http://distrowatch.com/?newsid=06435
- http://www.eugenemdavis.com/scanning-windows-folders-ubuntu-livecd
- AVLive CD distro
Windows
In Microsoft Windows, ClamAV is available in two varieties:
Error Codes
- Failed to install runtime with error code 1601 - ClamAV for Windows can't be installed in "safe mode", despite the obvious advantage of being able to do this with an anti-virus program.