Clam Antivirus

The ClamAV software is an open source antivirus engine that is used for detecting malware, virus, trojans, and other threats. It supports various file formats and types.

clam-antivirus

How to Install ClamAV

To use the ClamAV software, you must first install it. The instructions on how to install the ClamAV software on the Mac, Ubuntu, and Windows operating systems are provided in the below sections.

  • Download the ClamAV software on your Windows personal computer.
  • Run the .exe file or Installer from the default location on your system.
  • Go to the Command Prompt dialog box on your system and then choose the directory in which ClamAV software is installed.
  • Open the services.msc window on your system and then modify the name of the newly installed software to begin it automatically.
  • Else, utilize the credentials of the local system account for starting the ClamAV software.

How to Install ClamAV Mac

Follow the guidelines given below to install F-Secure Antivirus on your Mac computer.

  • Install the Homebrew OSX Package manager on your Mac system.
  • The software manager can be used for installing thousands of application packages.
  • Use the Brew software for installing the ClamAV antivirus software.
  • Configure the ClamAV software and then upgrade the ClamAV database.
  • ow, utilize the ClamAV software for scanning all the files you need.

How To Install Clamav In Ubuntu

  • Installation of the ClamAV is very easy if you follow the procedure given here.
  • If you have a Ubuntu system, then launch the terminal first.
  • Type sudo apt install clamav and press the Enter key.
  • In the next line, you have to specify the system password.
  • Tap the Enter button. The clamav will install in a few seconds.
  • Open clamav on your computer and configure the settings as per your choice.

How To Install Clam Av In Redhat

  • To install the ClamAV in Redhat, you can make use of the following guidelines.
  • Ensure that your system is turned on and then launch the terminal.
  • To install ClamAV, you have to install the EPEL repository.
  • Key in #yum install epel-release. Press the Enter button.
  • Next, type:
  • The ClamAV will now be installed in Redhat.

How To Configure Clamav

  • On installing the ClamAV files, two configuration files will be installed namely /etc/freshclam.conf and /etc/clam.d/scan.conf.
  • You have to edit these two configuration files to configure ClamAV.
  • Open the terminal and type freshclam. Next, specify,
  • To edit the second file, type the following:
  • Systemctl enable clamd@scan.service.
  • Systemctl start clamd@scan.service.
  • Once you edit these two files, ClamAV will be configured.

 Clamav Dynamic Configuration

  • For the ClamAV Dynamic Configuration, you have to enable certain settings in the *.confg.
  • The above-mentioned settings are present under the daily.cfg.
  • The features available under the struct dconf_module modules will be turned on or off by default.
  • To disable or enable the feature, you have to set flags to a particular value.
  • Specify: 0110 1111 1111 ^pdfnameobj off.
  • Next, type OTHER:0*6FF:90:99. The dynamic configuration is now complete.

Clamav For Windows [Redirect To Page Clamwin]

ClamAV provides support to the Windows operating system. It can support in both 32 and 64-bit versions of Windows 7, and newer. To install the ClamAV software on your Windows, first, you need to download its files from the manufacturer site. You can also download the ClamAV software file from this site by clicking the Download button given below the screen. As soon as you click Download, it will redirect you to the official page of the ClamWin application. After downloading the ClamAV software file, install it on your computer and start the scan or defect detection operation.

How To Detect Potentially Unwanted Application Using ClamAV

  • Make sure to download and install the ClamAV software on your computer.
  • You can use the Tools like General System Tools, Keyloggers, Spying Tools, DistributeNet, and ActiveX or similar.
  • Select any one of the tools from the list and start the detection process.

How to Enable and Configure ClamAV safe browsing

  • To enable and configure the ClamAV safe browsing feature, follow the procedures given below.
  • The Safe browsing feature is provided with the CVD file. The CVD file is shared to the distributors through a mirror network.
  • To enable the Safe browsing feature, type the command given below.
  • Freshclam.conf
  • SafeBrowsing Yes.
  • Now the Safe browsing feature is enabled successfully.

How to Scan on ClamAV

  • To perform the scan operation on ClamAV, perform the command codes given below.
  • Before you begin the Scan operation, make sure to get the latest signature updates.
  • Open the browser and type the sudo apt-get install ClamAV command in the terminal phase and press the Enter button.
  • To update the signature, type the sudo freshclam command on a terminal session.
  • Press the Enter button. Use the clamscan command to perform fast scan operation.
  • Now, type the clamscan-- help command in the first terminal and select a location on your computer you wish to scan.
  • Now the scan process is initiated by the ClamAV software successfully.
how-to-scan-on-clamAV

How to do On-Access Scanning in ClamAv[Linux]

Follow the guidelines mentioned below to perform on-access scanning with Clam Antivirus. (Type the commands without quotes)

  • Add the following PPA to get the latest version of Clam Antivirus engine.
  • ‘ppa:teward/clamac’
  • Then, type this command to refresh the apt cache.
  • ‘sudo apt-get update’
  • You can run the command given below to install the Clam Antivirus.
  • ‘sudo apt-get install clamav clamav-daemon’
  • Update the Clam Antivirus by running the following command.
  • ‘sudo freshclam’
  • Go to the clam.conf file by typing the command given below.
  • ‘sudo nano /etc/clamav/clamd.conf’
  • Check for this following parameter.
  • ‘ScanOnAccess false’
  • Change the parameter to the one given below.
  • ‘ScanOnAccess true’
  • Add OnAccess mount paths such as the ones given below.
  • OnAccessMountPath /home’
  • ‘OnAccessMountPath /opt’
  • Run these following commands
  • ‘sudo apt install apparmor-utils’
  • ‘sudo aa-complain clamd’
  • Restart your computer.

How to do One-Time-Scanning in ClamAV

To do One-Time scanning in Clam Antivirus, follow the guidelines mentioned below. (The quotes need not be entered.)

  • Update Clam virus definitions by running the following command: ‘sudo freshclam’
  • Scan for viruses with Clam by running the following command: ‘clamscan OPTIONS File/Folder’
  • Check the file list on the computer with the following command: ‘clamscan -r /’
  • Type the following command to remove infected files from the home directory: ‘clamscan -r --remove /home/USER’

How to Update ClamAV Signature Database

Updating the Clam AV signature database is quite simple, and you can follow the guidelines mentioned below to complete it with a few steps. Omit the quotes while following this procedur

  • First, run the following command.
  • ‘sudo freshclam’
  • You can, alternatively, do it offline by downloading the virus definitions from the main and daily databases.
  • Place these files in the path: ‘/var/lib/clamav’
  • Make sure you delete the old clamv files before placing the new files there.

How to Configure ClamAV signature Database

To configure the ClamAV signature database, follow the guidelines mentioned below. Leave out the quotes given in the guidelines while running the commands.

  • Run the command: ‘sigtool --info’
  • This gives you information about a CVD file.
  • Have a look at the debug information by running the command: ‘$ clamscan --debug attachment.exe’
  • There is an easy way to create signatures for the Clam Antivirus by using filehash checksums. Run the following command.
  • ‘zolw@localhost : /tmp/test$ sigtool --md5 test.exe > test.hdb’
  • The next command line is as follows: ‘zolw@localhost : /temp/test$ cat test.hdb’
  • The last command line is: ‘48c4533230e1ae1c118c741c0db19dfb:17387:test.exe’
  • This completes the signature which can now be used.

Filehash Signature

  • The File Hash signature is mainly used to find the contents of a file which is saved in any folder on your computer or laptop.
  • There are many methods to avail File Hash on your Windows system.
  • Refer to the following steps to use the File Hash feature by using the PowerShell on your computer.
  • Go to the Start menu.
  • Find the PowerShell option and select it.
  • Type the command line for finding the content of your file.
  • Follow the prompts on the screen and find your content.

Logical Signatures

  • Logical signatures are the combination of multiple signatures in the extended format.
  • The signatures are built by using logical operators.
  • The logical signs are stored inside the .ldb files which are in the SignatureName; TargetDescriptionBlock; LogicalExpression;Subsig0; Subsig1;Subsig2;... format.
  • The TargetDescriptionBlock keyword includes information regarding the target file.
  • LogicalExpression is used to describes the relationship between the keywords like Subsig0, Subsig1, and Subsig2.
  • The Target:X keyword specifies the type of the target file. You can also specify the file size using the FileSize:X-Y keyword.
  • The Container:CL_TYPE_* keyword is used to represent the container which stores the file.

Phishsigs

  • The Philshsigs feature contains URLs or hosts. The Phishsigs includes the following lines.
  • R[Filter]:RealURL:DisplayedURL[:FuncLevelSpec]
  • H[Filter]:DisplayedHostname[:FuncLevelSpec]
  • The letter H represents the DisplayedHostname.
  • In the Phishsigs feature deletes the empty lines.
  • It is mandatory to include colons at the end of the command lines.
  • Extra spaces should not be included in the lines.
  • If any lines are out of the Phisigs format, the Malformed Database Error appears, and the lines are cleared by clamav.

Whitelist Databases

  • The Whitelisting Database is the reverse process of blacklisting. Whitelisting is the process of specifying some entities like access to a particular service, recognition, mobility, and more.
  • Once you access a database server, you need to configure the database engine to access connections from the servers of datapins.
  • Whitelist the IP address while connecting the database to enable your server to access the database. You can utilize the 83.141.3.29, 83.141.3.27, and 83.141.3.28 IP addresses to avail the database with the provided user.
  • You can also make use of Fivetran’s IP to access your database. Use the 35.227.135.0/29 IP address to whitelist the URL’s in the US (Oregon) regions. For US (n.Virginia) regions, use the 52.0.2.4/32 and 35.234.176.144/29 IP addresses.

How to do ClamAv Update

  • If you have installed a package, locate approved package from your provider and launch it.
  • There are no separate packages for every distribution build.
  • If you do not have any new packages, install ClamAV from its source.
  • Begin the installation process by uninstalling its older version. Ensure that you have the gcc or clang tool which is required for installation. Also, check if your device has required libraries.
  • You have back up the configurations based on the installation procedure.
  • Never forget to restore backups before you begin the updated ClamAV.
  • You can find the backup database in the /usr/local/share/clamav location. The backup process prevents your system from the /usr/local/share/clamav not locked error.

How to Uninstall Clam Antivirus

  • Windows 7 : Access the Control Panel section from the Start window and then click the Program option.
  • Browse through the screen for selecting the ClamAV Antivirus software and then choose the Uninstall option.
  • Windows 10 or 8 : Right-click on the Start icon and then select the Programs & Features option from the results.
  • Find the ClamAV Antivirus software and double-click on it for beginning the uninstallation process.
  • Another way of deleting the software from the Windows personal computer is provided below:
  • Click the Start icon and click on the Settings option for opening the app.
  • To list the installed applications, select the Apps & Features option.
  • Choose the ClamAV antivirus software and then click on the Uninstall option twice.
  • Mac : Find the ClamAV installer which you have downloaded on your Mac system.
  • Double-click the ClamAV Engine Remover button, click on the Open button, and then choose the Continue option.
  • Provide the username and the password, and select the OK button.
  • Locate the ClamXav software in the Applications window and then drag to the Trash Can for uninstalling it.

Troubleshooting

 Easy instructions on how to fix the issues that occur in the ClamAV antivirus software are given below.

Freshclam running error 

  • Check if there are any faults with your DNS Server.
  • Make sure that your network is not broken.
  • Check whether you can resolve the hostnames manually.
  • Ensure that the mirrors present in the local pool are synchronized.
  • Also, make sure that you are using the updated version of the ClamAV software.
freshclam-running-error

 Invalid DNS reply. Falling back to HTTP mode or ERROR: Can’t query

  • Reconfigure the freshclam by typing the command in the terminal window.
  • Select the OK button and then try running Freshclam in the Daemon mode.
  • Choose a mirror that is near to you and do not type anything in the HTTP Proxy window.
  • Provide a number; it indicates the number of times you wish to update the Freshclam software.
  • If needed, set a notification to inform users that the upgradation is complete.
  • Choose Private Mirror. The private mirror section should be empty.

Current.Cvd.Clamav.Net  Error: Connection With ??? Failed

  • This occurs if your DNS server is not working. It can also occur if you have blocked the port 53/tcp.
  • To manually check and resolve the error, open the terminal and type:
  • host database.clamav.net
  • You can also key in /etc/resolv.conf to resolve errors with your DNS servers.
  • To check if you have blocked the port 53/tcp, type:
  • dig @ns1.clamav.net db.us.big.clamav.net

FAQ's

Can Phishing Be Considered As One Kind Of Spam? 

  • When ClamAV released the 0.90 version, it had the feature to identify if phish is a threat or not.
  • This feature will allow you to end the long threads in mailing lists.

How Do i Read The Cvd Files?

  • There are two ways to read the signatures available in the CVD files.

METHOD-1

  • Launch the terminal and key in dd if=claim.cvd of=clam.tar.gz bs=512 skip=1.
  • Make use of tar to extract the files from CVD. Type tar xzvf clam.tar.gz.

METHOD-2

  • There is a tool called Sigtool that can be used to access extract files from CVD.
  • In the terminal, mention sigtool -u clam.cvd

How many times per hour Can I run freshclam?

  • Check if the ClamAV software is running in version 0.8X or later. If not, then upgrade it from the official site. To know how many times you can run the Freshclam feature, use the commands given below.
    • freshclam.conf:
    • DNSDatabaseInfo current.cvd.clamav.net
    • DatabaseMirror database.clamav.net
  • Run the above command and check the total duration.

FAQ's

How do I know if my IP address has been blacklisted?

Download daily.cvd with the curl, wget, or lynx features. This future version will provide you to resolve this issue. After downloading the daily.CVD application, perform the steps as instructed in the user guide to disable the blacklist option.

I can’t resolve current.cvd.clamav.net! Is there a problem with your/my DNS servers?

  • Try the command given below to resolve this issue.
  • $ host -t txt current.cvd.clamav.net.
  • If this command fails to resolve this issue, then recompile the ClamAV application using the command given below,
  • --enable-dns-fix.