ClamAV

TL;DR
Gotchas
Further readings
1. Sources

TL;DR

Setup

brew install 'clamav' \
&& cp '/opt/homebrew/etc/clamav/clamd.conf.sample' '/opt/homebrew/etc/clamav/clamd.conf' \
&& cp '/opt/homebrew/etc/clamav/freshclam.conf.sample' '/opt/homebrew/etc/clamav/freshclam.conf' \
&& sudo chown ':_clamav' '/opt/homebrew/var/lib/clamav' \
&& sudo chmod 'g+w' '/opt/homebrew/var/lib/clamav'

Usage

# Manually update the virus definitions.
# Do this once **before** starting a scan or the daemon.
# The definitions updater daemon **must be stopped** to avoid its complaints.
sudo systemctl stop 'clamav-freshclam' \
&& sudo 'freshclam' \
&& sudo systemctl enable --now 'clamav-freshclam'

# Scan specific files or directories.
clamscan 'path/to/file'
clamscan --recursive 'path/to/dir'

# Only scan files in a list.
clamscan -i -f '/tmp/scan.list'

# Only return specific results.
clamscan --infected '/home/'
clamscan --suppress-ok-results 'Downloads/'

# Save results to files.
clamscan --bell -i -r '/home' -l 'output.txt'

# Delete infected files.
clamscan -r --remove '/home/user'
clamscan -r -i --move='/home/user/infected' '/home/'

# Limit CPU usage.
nice -n 15 clamscan \
&& clamscan --bell -i -r '/home'

# Use multiple threads.
find . -type f -printf "'%p' " | xargs -P "$(nproc)" -n 1 clamscan
find . -type f | parallel --group --jobs 0 -d '\n' clamscan {}

Gotchas

The --fdpass option of clamdscan (with the d in the command name) sends a file descriptor to clamd rather than a path name, avoiding the need for the clamav user to be able to read everyone's files.
clamscan is designed to be single-threaded, so it willfully uses a single CPU thread when scanning files or directories from the command line.
Use xargs or another executor to run scans in parallel:
```
find . -type f -printf "'%p' " | xargs -P $(nproc) -n 1 clamscan
find . -type f | parallel --group --jobs 0 -d '\n' clamscan {}
```

2.6 KiB Raw Blame History

ClamAV

TL;DR

Gotchas

Further readings

Sources

2.6 KiB

Raw Blame History