Antivirus for Linux sounds unnecessary
due to the low probability of Linux being infected by a virus.
However because Linux can communicate and share files with Windows,
antivirus is another piece of software that will prevent the spread
of malware between Windows clients where Linux could be the conduit.
ClamAV is included in most Linux
distribution repositories. ClamAV is, “...designed especially for
e-mail scanning on mail gateways. It provides a number of utilities
including a flexible and scalable multi-threaded daemon, a command
line scanner and advanced tool for automatic database updates.”
Even though ClamAV is designed for mail gateways, to scan incoming
e-mail, there are tools to manually scan media for viruses. Normally
a systems home folder, which contains the users home directories, or
shared folders like SAMBA shares with Windows clients are scanned on
a schedule. ClamAV is not normally used to scan the complete
filesystem of a Linux machine. This in conjunction with Windows
antivirus software will helpfully prevent any malware outbreaks in
your home or organization.
Installing ClamAV is a fairly simple
task, and in this article I will use Ubuntu 12.04 as the example
system for installation and use. ClamTK is a GUI front end for
ClamAV and is a easy way to scan media and schedule system scans.
ClamAV and ClamTK can be instaled via the Ubuntu Software Center or
by the command line using the apt-get utility.
$ sudo apt-get install clamav clamtk$ sudo freshclam
The first command will install both
ClamAV and ClamTK on a Ubuntu Linux computer. The second command
will initially update the antivirus database.
In Ubuntu 12.04, the installation will
also setup ClamAV in daemon mode to update the antivirus database
automatically so manual update is unnecessary. We can see if ClamAV
is running in daemon mode by issuing the following command:
$ sudo service clamav-freshclam status
If the service is running the following
should be the result.
* freshclam is running
By default the antivirus database is
checked twenty-four times a day. To manually scan your home folder,
use either the command line utility clamscan or the GUI interface
ClamTK. When starting ClamTK, the application will check and report
the versions of the GUI interface, antivirus engine and antivirus
definitions. If your particular distribution has not updated their
repository to the latest version of ClamTK it should not be a major
issue, but if you want the latest you may need to enable any backport
repositories to get the latest update.
ClamTK Interface |
There are some preferences for ClamTK,
most notable are “Scan files beginning with a dot (.*)”, which
will scan hidden files. “Scan all files and directories within a
directory”, which enable recursive scanning. “Scan files larger
than 20 MB”, which will scan large files. I enable these three
options which makes scanning my home folder an easy task by just
clicking the Home icon in the ClamTK interface.
ClamTK Preferences |
Another use of ClamAV that has come in
handy is scanning removable media, like USB drives. I found the
easiest and most complete way to scan a USB device is to do a
recursive scan. Select Scan, then Recursive Scan from the ClamTK
menu and navigate to the removable media and scan the device.
Scanning a USB Drive |
ClamTK can also create a user level
cron job to schedule scans on a per user basis, if you have multiple
users on our Linux machine. From the ClamTK menu select Advanced
then Scheduler. In the diagram I have scheduled a daily scan of my
home folder at 8:00PM.
Daily Scan at 8:00PM |
Though antivirus on Linux may seem
unnecessary, there are other clients in use that are susceptible to
virus infection and other malware. ClamAV and ClamTK are tools that
can prevent Linux from being a carrier of malware.
2 comments:
HI, you should fix the command "sudo freschclam" there is a "c", the correct command is "sudo freshclam"
Thanks for catching the typo.
Post a Comment