Using clamscan to do your virus washing and tired of waiting for it to finish? Why not try new, improved clamdscan instead? It mightn’t wash whiter, but it’ll definitely wash quicker.
In Linux – Setting up ClamAV on RHEL we worked through installing the ClamAV antivirus package on Red Hat Enterprise Linux to support some simple, command-line virus checks:-
Put a stop to malware, not to your Mac Keep your Mac safe with ClamXAV, the trusted anti-virus and malware scanner for macOS Free trial Buy now. Tick Mac security off your to-do list today The ClamXAV scanner efficiently heads off malware and viruses in the workplace and can help you to comply with critical audit requirements and guidelines. Get ClamAV running on Mac OS X (using Homebrew) The easiest way to get the ClamAV package is using Homebrew $ brew install clamav Before trying to start the clamd process, you'll need a copy of the ClamAV.
Memorandum: How to build ClamAV® - antivirus scanning engine on Mac OS X 10.4 through macOS 10.13, Compile ClamAV on Mac OS X 10.4, Mac OS X 10.5, Mac OS X 10.6, Mac OS X 10.7, OS X 10.8, OS X 10.9, OS X 10.10, OS X 10.11, macOS 10.12, macOS 10.13, macOS 10.14, macOs 10.15, macOs 11.0, Running clamd and freshclam as 'launch daemon', Running RunFreshclam as 'launch daemon', Running ClamXav. Background Need an AntiVirus on my CentOS box. AntiVirus ClamAV is free and works on CentOS. Outline Package Verify ClamAV yum yum list installed dnf dnf list installed Install Identify Artifacts Install Artifacts Review Review Packages Configure ClamAV Configure SELinux Configure Services List of Services clamd@.service freshclam.service Configure Service Start Service Review Service Status. I am running OS X 10.5.8 Server on a Power Mac G5. When I installed OS X Server a year of so ago the installation included ClamAV. It is version 0.95.2. My console log has been complaining that it's an outdated version and that the current version is ClamAV 0.95.3. Do I need to update to 0.95.3?
2 4 6 8 10 12 | myfile.jar: OK ----------- SCAN SUMMARY ----------- Engine version: 0.98.4 Scanned files: 1 Data scanned: 0.29 MB Time: 12.771 sec (0 m 12 s) |
One thing kinda leaps out from this report – on my box this single file took around 13 seconds to process. As we’ve previously observed, processing multiple files in one batch definitely improves things:-
2 4 6 8 10 12 14 | myfile1.jar: OK myfile3.jar: OK ----------- SCAN SUMMARY ----------- Engine version: 0.98.4 Scanned files: 3 Data scanned: 0.29 MB Time: 15.916 sec (0 m 15 s) |
13 seconds for one file, 16 seconds for three makes it pretty obvious that clamscan is doing a lot of work when it starts up. This extra time is spent loading the virus database into memory and those nice people from ClamAV have a ready-made way to avoid it. Use clamdscan instead.
Well, okay, it’s not quite that simple. The difference between these two tools is that plain clamscan loads its own virus database and does the processing itself whereas clamdscan is a thin client for the clamd daemon, which keeps its virus database in memory ready to use. So in order to use clamdscan, you need to have clamd running.
Installing clamd
If you’ve built from source you probably have everything you need to use clamd on your server though you won’t have a script in /etc/init.d to manage it as a service. Since all it needs to do is launch or kill the clamd process (/usr/local/sbin/clamd on my source build) you can easily crib one from your other init.d scripts. The meat of it should look something like this:-
2 4 6 8 10 12 14 16 18 | start) daemon/usr/local/sbin/clamd echo ;; echo-n'Stopping Clam AntiVirus Daemon: ' rm-f/var/run/clamav/clamd.sock RETVAL=$? [$RETVAL-eq0]&& rm -f /var/lock/subsys/clamd esac |
If you’ve installed a pre-packaged version you might find clamd isn’t part of the basic ClamAV package. On RHEL you need to add the clamd package as well:-
Or if you’re installing from the distribution media:-
Configuring clamd
Clamav Windows Download
If you’re lucky enough to be using the RHEL pre-canned build you’ll find /etc/clamd.conf pretty much good-to-go. Unlike clamscan though, where you can fine-tune a lot of scanning options, clamd will take those settings from this configuration file instead. So if you are using any exotic options you’ll need to make sure they’re set in this file. You might want to review the options in there anyway, perhaps to enable logging.
If you’ve built from source you might find clamd.conf lurking elsewhere – it’s in /usr/local/etc on my source build and named clamd.conf.sample. You’ll need to rename it and comment out the Example line at the top. You’ll also need to enable connections to it – you can use a local socket or a TCP/IP port by uncommenting the LocalSocket and TCPSocket options respectively. You might also want to enable the PidFile for your daemon management script.
Once it’s configured up, you just need to start the service:-
Install Clamav Mac
You might also want to make sure it automatically starts up when the server boots:-
Finally, if you’ve scripted up the freshclam command to keep your virus definitions up-to-date clamd won’t automatically pick up these changes. You can add the following command to your cron job, after freshclam has run, to get clamd to reload them:-
Clamav Mac Os X Install
Using clamd
Once clamd is up and running don’t think (like I did!) that clamscan will magically find it and use it. You need to switch to using clamdscan instead:-
2 4 6 8 | myfile1.jar: OK myfile3.jar: OK ----------- SCAN SUMMARY ----------- Time: 0.800 sec (0 m 0 s) |
Much faster! When migrating any scripted clamscan commands over to using clamdscan remember that most of the command line options for configuring your scan won’t work any more – clamd will use the settings in clamd.conf – so you’ll need to make sure this file contains the common set of options you want to use.