ClamAV Antivirus in Linux - Unofficial Signatures and Cron
In previous post "ClamAV Antivirus in Linux - Installation and Usage", we discussed about installation and usage guidelines for ClamAV antivirus software in Linux.
This follow-up post contains necessary terminal commands for installing unofficial signatures for advanced usage.
I. Adding Unofficial Virus Signatures
ClamAV comes with its own updated set of signatures. However, if you need additional virus signatures, download unofficial signatures from third-party providers like extremeshok (https://github.com/extremeshok).NOTE: Using additional signatures consumes more resources and bandwidth.
Start by entering root access mode
'sudo -i'
Download the files and move them to a new directory
`wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.tar.gz`
`tar xvzf master.tar.gz`
`rm master.tar.gz`
`cp clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/`
`mkdir -p /etc/clamav-unofficial-sigs`
Copy to enable appropriate OS config. Check available .conf files using "ls" command.
Start by entering root access mode
'sudo -i'
Download the files and move them to a new directory
`wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.tar.gz`
`tar xvzf master.tar.gz`
`rm master.tar.gz`
`cp clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/`
`mkdir -p /etc/clamav-unofficial-sigs`
Copy to enable appropriate OS config. Check available .conf files using "ls" command.
`ls clamav-unofficial-sigs-master/config/os`
For example, to use on a Ubuntu based distro
`cp clamav-unofficial-sigs-master/config/os/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf`
Copy the master and user configs
`cp clamav-unofficial-sigs-master/config/{master.conf,user.conf} /etc/clamav-unofficial-sigs/`
To enable the update script, edit
`nano /etc/clamav-unofficial-sigs/user.conf`
And make sure the following option is uncommented and set to yes (ctrl+x to exit nano)
`user_configuration_complete="yes"`
Install lograte configuration to compress and archive older log files created from the script
`chmod 744 /usr/local/sbin/clamav-unofficial-sigs.sh`
`/usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate`
Install the manual page
`/usr/local/sbin/clamav-unofficial-sigs.sh --install-man`
Copy system md files, works like cron
`cp clamav-unofficial-sigs-master/systemd/* /etc/systemd/`
To update signatures manually run the following command and download unofficial signatures
`/usr/local/sbin/clamav-unofficial-sigs.sh`
To check if the additional signatures were added
`clamscan --debug 2>&1 /dev/null | grep "loaded"`
Remove downloaded sigs folder
`rm -f -r clamav-unofficial-sigs-master`
II. Scheduling Antivirus Scan and Updates using Cron
Open a file in cron.daily, and paste the following script to setup daily scans`nano /etc/cron.daily/dailyclamscan`
`#!/bin/bash
SCAN_DIR="/"
LOG_FILE="/var/log/clamav/dailyclamscan.log"
touch $LOG_FILE
/usr/bin/clamscan --infected --remove --recursive $SCAN_DIR >> $LOG_FILE`
And provide permissions
`chmod +x /etc/cron.daily/dailyclamscan`
To add cron to freshclam to schedule daily virus signature update
`crontab -e`
`0 1 * * * /usr/bin/freshclam --quiet`
Exit root access
`exit`
Post a Comment