This week we have started working on the network requirement of having secure anti-virus / vulnerability scanning.
Linux systems are already quite secure, as a large amount of common viruses/malware is targeted as Windows or more mainstream operating systems.
We have decided to use ClamAV for command line scans, and to install ClamTK for the more user friendly GUI (graphical user interface).
To use ClamTK, ClamAV must be installed first. I will document the process and any problems overcome along the way.
Installing ClamAV on CHCH Ubuntu Device
- Update your package lists:
sudo apt-get update - Install ClamAV:
sudo apt-get install clamav clamav-daemon -y - After you finish installing ClamAV, ensure your ClamAV virus signatures are up to date. First, stop the clam service
systemctl stop clamav-freshclam - Manually update the ClamAV signature database:
freshclam - Restart the service to update the database in the background:
systemctl start clamav-freshclam
Now clamAV is installed. Below are a list of common scan methods now available from the command line.
Common ClamAV Scans
Scan all files starting from the current directory: clamscan -r /
Scan files but only show infected files: clamscan -r -i /[path-to-folder]
Scan files but don’t show OK files: clamscan -r -o /[path-to-folder]
Scan files and send results of infected files to a results file:
clamscan -r /[path-to-folder] | grep FOUND >> /[path-folder]/[file].txt
Scan files and move infected files to a different directory:
clamscan -r — move=/[path-to-folder] /[path-to-quarantine-folder]
Installing ClamTK
Now with ClamAV installed, we can install the GUI counterpart.
Steps taken:
- Download the latest version of the deb file from https://gitlab.com/dave_m/clamtk/-/wikis/Downloads.
The current version is 6.11. - Once downloaded, the file will be located in the Downloads folder.
- Install the deb package in your terminal (replace VERSION with full file name):
sudo dpkg -i Downloads/clamtk_VERSION.deb
so for our install: dpkg -i Downloads/clamtk_6.11–1_all.deb - Afterwards, you can open ClamTK from your terminal (
clamtk) or desktop main menu
Problems Encountered
During the install, there were missing packages that were required. To fix this, a simple command was run to install the missing packages
Command: sudo apt — fix-broken install
Once this was complete, the install went smoothly.
We will need to replicate this on any other devices in the network.
Installing clamAV & clamTK on the Server (Fedora).
We are using the same antivirus service for our FreeIPA servers which use a Fedora operating system (A Linux distribution similar to RHEL). Fedora uses slightly different commands. (See image below for example).
For Fedora, the process is similar, but I will list the differences here.
1. Command changes to : yum install -y clamav clamav-update
2. Instead of downloading the .deb package, command 'yum install clamtk' can be used.
3. OR download most recent clamtk file from website, and then
'yum install --nogpgcheck /path/to/clamtk-rpm-you-just-downloaded.rpm'
The Fedora distribution uses a .rpm file instead of the .deb file used by the Ubuntu device.References
Jacqueem. (April 20, 2020). How to install ClamAV on Ubuntu. inmotion hosting. https://www.inmotionhosting.com/support/security/install-clamav-on-ubuntu/.
Jacqueem. (April 10, 2020). How to Install ClamTK on Ubuntu. inmotion hosting. https://www.inmotionhosting.com/support/security/clamtk-ubuntu-clamav/.
