Scan your Linux system with Clam AntiVirus/ClamAV.Installation Guide

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.

Please follow the below steps to install and configure ClamAV in your system.

Install the Atomic repository in your system.

wget -q -O - http://www.atomicorp.com/installers/atomic | sh

Install ClamAV using yum.

yum install clamd

It will install clamd, clamav and clamav-db in your system. Run the below command to update the virus definitions.

freshclam

Start the ClamAV.

/etc/init.d/clamd start

Now open a new screen session and scan the whole system by running the below command.

clamscan -ril /opt/clamscan.log /

( Please note that, this will take hours to complete depending on the disk usage in your system and that is the reason why we are running it in a screen session. )

You can detach and enter to screen session any time and check the status frequently.

You will get the scan result at the end and the command will only list the infected files. You can find the files in “/opt/clamscan.log”. ( grep the word FOUND ) You may either manually remove or correct these files or else run the below command that will permanently remove all infected files in your system ( Make sure to run in screen session )

clamscan -ril /opt/clamscan.log --remove /

That’s it!! :) You have removed the virus and malicious codes from your system.

Was this answer helpful?

 Print this Article

Also Read

How to Prevent Symlink Attacks

ad Impact of Symlink - Suppose you own a small hosting company with a Linux Box, & 1337...

How To Use The IP Deny Manager

This tutorial will teach you how to use the IP Deny Manager to block access to your web site from...

How to Secure WHM/cPanel

Login to WHM using root username/passwdhttp://serverip:2086 or http://serverip/whm WHM –...

Using Hotlink Protection

Hotlink Protection prevents other web sites from directly linking to certain files (typically...

Is my server hacked? Lets check it with rootkit hunter

RookHit Hunter is a command-line utility that will search your machine for...