From ba0228c8ae931a29ff7351b34a2021c0bbd625d5 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Sun, 17 Apr 2022 23:51:48 +0200 Subject: [PATCH] Added clamav notes to the knowledge base --- knowledge base/clamav.md | 53 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 knowledge base/clamav.md diff --git a/knowledge base/clamav.md b/knowledge base/clamav.md new file mode 100644 index 0000000..22110f6 --- /dev/null +++ b/knowledge base/clamav.md @@ -0,0 +1,53 @@ +# ClamAV + +## TL;DR + +```shell +# manually update the virus definitions +# do it once **before** starting a scan or the daemon +# the definitions updater deamon must be stopped to avoid complaints from it +sudo systemctl stop clamav-freshclam \ + && sudo freshclam \ + && sudo systemctl enable --now clamav-freshclam + +# scan a file or directory +clamscan path/to/file +clamscan --recursive path/to/dir + +# only return specific files +clamscan --infected /home/ +clamscan --suppress-ok-results Downloads/ + +# save results to file +clamscan --bell -i -r /home -l output.txt + +# scan files in a list +clamscan -i -f /tmp/scan.list + +# remove infected files +clamscan -r --remove /home/user +clamscan -r -i --move=/home/user/infected /home/ + +# limit cpu usage +nice -n 15 clamscan && clamscan --bell -i -r /home + +# use multiple threads +``` + +## Gotchas + +- The `--fdpass` option of `clamdscan` (notice the _d_ in the command) sends a file descriptor to clamd rather than a path name, avoiding the need for the `clamav` user to be able to read everyone's files +- `clamscan` is designed to be single-threaded, so when scanning a file or directory from the command line only a single CPU thread is used; use `xargs` or another executor to run a scan in parallel: + + ```shell + find . -type f -printf "'%p' " | xargs -P $(nproc) -n 1 clamscan + find . -type f | parallel --group --jobs 0 -d '\n' clamscan {} + ``` + +## Further readings + +- [Install ClamAV on Fedora Linux 35] +- [Gentoo Wiki] + +[gentoo wiki]: https://wiki.gentoo.org/wiki/ClamAV +[install clamav on fedora linux 35]: https://www.linuxcapable.com/how-to-install-clamav-on-fedora-35/