- Endchan Magrathea

ClamAV

Endwall

2/12/2024 02:34:00 No. 1841 [Reply] report

On Debian and Windows I use ClamAV which is maintained by Cisco systems.

https://www.clamav.net/
https://www.clamav.net/downloads

It comes packaged with Debian and other GNU/Linux distributions, and I've used it on OpenBSD. On windows I use the Windows defender suite but this also works on windows through an admin CMD command line. You download the package from the above link and install it. Then you need to edit two config files in the directory "C:\Program Files\ClamAV\conf_examples\". Copy these files to the main directory

C:\> copy "C:\Program Files\ClamAV\conf_examples\*.sample" ..
C:\> cd "C:\Program Files\ClamAV\"
C:\> move clamd.conf.sample clamd.conf
C:\> move freshclam.conf.sample freshclam.conf
C:\> notepad clamd.conf

#Comment or remove the line below.
#Example

Save and close the file, then do the same for freshclam.conf

C:\> notepad freshclam.conf

# Comment or remove the line below.
#Example

Save and close the file after commenting Example with #

C:\> freshclam

This will update the database of signatures and definitions
Next change directory into the root directory.

C:\> cd C:\
C:\> "C:\Program Files\ClamAV\clamscan" -help | more
## read the instructions
C:\> mkdir C:\temp
C:\> mkdir C:\temp\virus\

Now run the program from the root directory

C:\> "C:\Program Files\ClamAV\clamscan" -v -a -o -i -r -z --memory --kill --move=C:\temp\virus

This will run the antivirus program on windows and move the infected files to C:\temp\virus
you can delete these after you inspect the directory

C:\> cd C:\temp\virus\
C:\> dir
C:\> rm C:\temp\virus\*

For GNU/Linux, the package installation will already have the #Example commented out and you simply run :

$ su
# cd /
# freshclam
# mkdir /tmp/virus/
# clamscan -v -a -o -i -r -z --move=/tmp/virus

To run the program from the current working directory

# cd /tmp/virus/
# ls /tmp/virus/
# rm /tmp/virus/*

I'm sad to say that ClamAV found stuff on my server on Parabola GNU/Linux and on my daily driver computer on Debian, and on my Windows Computers, but found nothing on my OpenBSD machines. I don't know if it reports matched hashed files back to a central server or not so this may not be for you if you have stolen documents in your possession. For my use case I'm only concerned about Trojans, worms and files that have viruses. It's the best I have to go on. Use this with windows defender on windows, and as mentioned on *NIX and GNU/Linux systems. If you know more about this kind of stuff and have tips to share, feel free to share them below.