The reason I decided to set this up was because firewall isn’t enough, even for linux. Remember teh firewall I wrote about a little while ago? ~~>Firewall Tutorial<~~ Well I was checking my logs and found that it was blocking a trojan trying to make an external connection to some outside ip, and another trying to make a connection to my internal gateway. So I’d thought I’d set this ClamAV up to scan my box to see what it came up with. As far as I know this is the only AntiVirus scanner for linux.
Download the clamAV package from Linux Packages dot net. Then install the package as root.
Once teh package is installed make a backup of the configuration file and edit the original. Once the original is edited copy it to the file name it needs to be in order to run the clamd daemon.
#cp /etc/clamav.conf.new /etc/clamav.conf.bak
Edit the clamav.conf.new using vi editor. The config file is pretty straight forward, just read the comments and uncomment the options you want or fine tune them according to you particular network needs.
#cp /etc/clamav.conf.new /etc/clamd.conf
Start the clamav daemon. Then you can use the PING option with clamd to see if server is configured correctly. It should respond with a PONG.
Once you have your daemon set, just change to your root directory or whatever directory you want to scan and run the client…clamdscan. Running from teh root directory on my box will also scan all the files on my XP partition because my root user is mounted to those partitions. But I configured my clamd.conf file to also scan exe files so it’s *nix and windoze capable.
It’s that simple for Slackware 10.1 to set up an antivirus scanner.
Tomorow, I will work on FreshClam which is the auto-update daemon. This tool will automatically keep the virus signature up-to-date using mirrors.