Using ClamAV (clamscan) on a Linux server
ClamAV is an open source antivirus that allows you to detect trojans, rootkits and other nasty things.
Clamscan is a scanning module.
It can be installed from software repositories. In the case of RedHat/CentOS you need to enable Epel.
yum install clamav clamav-clamav-update clamav-scanner
The release history is available at http://pkgs.repoforge.org/clamav/
After installation you need to update it:
The scan module has a bunch of options. You can check them with:
Scanning is performed by the following command:
If you want to scan files in a specific directory:
clamscan -r /home/
To write a log file:
clamscan -r /home/ -log=/var/log/clamscan.log
By default the module will display information about all files that it has scanned. It is quite convenient to use the
-i switch and get information only about infected files.
Infected files can be copied or moved to the specified location on the server. For example:
clamscan -i -copy=/var/suspicious -r /home/ -log=/var/log/clamscan.log
clamscan -i -move=/var/infected -r /home/ -log=/var/log/clamscan.log
/var/suspicious folders must exist.
Clamscan can be used to check files uploaded via ftp.