ClamAV: Anti-Virus for Linux

It never hurts to use protection. Here’s a way to keep your Linux system free of viruses.
One of the things that Linux users love to brag about is the dearth of viruses to be found on the operating system. There are two Linux viruses and neither has been found alive in the wild. On the other hand, there are eighteen bazillion infectious viruses on Windows and that number grows steadily every day.
So naturally, Penguinistas need not worry about anti-virus protection, right? Not so fast… While you’ll likely never face the email-borne infestation that plagues Windows, that doesn’t mean you shouldn’t ignore anti-virus software.
If your Linux server sends email or serves files on a mixed network of Linux and Windows machines, you should run anti-virus software on the host as a matter of course. The Windows machines interacting with those Linux servers need protection, and anti-virus software can help in that effort.
If you use a Linux desktop, you should run anti-virus software, too. You can notify Windows users if you receive a virus, especially if the virus is an Office- based macro virus. In addition, the world could change at any time, loosing Linux viruses. If that happens, better safe than sorry.
There are several good anti-virus software packages available for Linux, and unlike some popular commercial anti-virus products for Windows, the Linux equivalents aren’t CPU and memory hogs.
One of the best free (as in speech and beer) Linux anti-virus packages is ClamAV. Installing ClamAV is really simple. Most distributions have binaries available, or if you’re distro supports APT, just type:
# apt-get install clamav
When prompted, accept the additional packages (dependencies) that come with the clamav package and be done with it. To grab the source code if you need to compile ClamAV yourself, point your web browser to http://www.clamav.net.
If you’re lucky enough to use a Debian-based distro, ClamAV sets itself up. If you’re using another distro, you may have to create a new user named clamav, change a few permissions, and set up a few cron jobs. For detailed instructions, see the Clam AntiVirus User Manual at http://www.clamav.net/doc/latest/html/.
No one wants to have to think about anti-virus software once it’s installed. Any good anti-virus package should automatically update itself with new virus definitions, the more often the better. In addition, the anti-virus software should perform a full system scan at a regularly scheduled interval. Finally, integration with email software is vital: the best place to intercept new viruses is at this common point of entry.
ClamAV can handle all of these tasks. ClamAV runs freshclam to check for updates. By default, Debian systems run freshclam runs hourly. If you want to change that number, simply edit the Checks line in /etc/clamav/freshclam.conf.
To check your system, ClamAV uses clamscan. There are a wealth of options available for clamscan; to see them, use man clamscan. A quick and dirty way to scan your home directory is to use clamscan as follows:
$ clamscan –ri ––move=/tmp/virus /home/yourusername
The –r option tells ClamAV to recursively scan your directory and every other directory and file in it, while –i makes things a bit quieter, telling ClamAV to only print the names of infected files it finds. If a virus is found in a file, ClamAV moves the file to /tmp/virus/, but that directory must already exist before clamscan starts working. Set up a cron job to create /tmp/virus/ and run clamscan and you have an automated way to keep your system clean and healthy.
Many Linux email clients already support ClamAV directly, including KMail (which allows you to pick the anti-virus program of your choice) and Sylpheed Claws. Others, such as Evolution, require you to manually create filters that pipe email through ClamAV. (C’mon, Evolution (and others)! Let us specify ClamAV or other anti-virus programs directly!)
There are windowed interfaces for ClamAV, if you really want them (check out the enormous list at http://www.clamav.net/3rdparty.html). There are also lots of other programs and libraries that interface with ClamAV, including php-clamav (which allows ClamAV to work with PHP), python-clamav (ditto, but for Python), and clamav-milter (which scans messages processed by sendmail).
If you want to protect your Linux server or desktop from viruses, give ClamAV a look. It’s a powerful, well-supported open source project, and it just keeps getting better and better.

R. Scott Granneman teaches at Washington University in St. Louis, consults for Bryan Consulting, and writes for SecurityFocus and Linux Magazine. His latest book, Don’t Click on the Blue E!:Switching to Firefox, has just been published. You can reach him at class="emailaddress">scott@granneman.com.

Comments are closed.