Skip to main content

Questions tagged [clamav]

Antivirus for UNIX-like systems primarily for mailserver integration.

Filter by
Sorted by
Tagged with
32 votes
3 answers
60k views

How should I test Clam Anti-Virus?

I have setup a new email server and now I need to test that Clam Antivirus is scanning messages correctly. How should I do this in a safe and controlled way?
karthick's user avatar
  • 713
10 votes
4 answers
7k views

ClamAV detected Kaiji malware on Ubuntu instance

Today clamAV scanned my AWS instances and detect 24 infected files on each. It looks like false positive due to several reasons: All these files are created in October 2022 (why were they detected ...
Rougher's user avatar
  • 203
10 votes
2 answers
965 views

Is there a way to know why a service is restarted and who did it?

Ubuntu 14.04 clamav 0.98.7 The problem is clamav-daemon is restarted nearly daily: Sep 1 06:30:00 x-master clamd[6778]: Pid file removed. clamd[6778]: --- Stopped at Tue Sep 1 06:30:00 2015 clamd[...
quanta's user avatar
  • 52k
9 votes
8 answers
20k views

Is it safe to disable clamd?

Clamd is taking up about 5% of my memory (2GB) on my dedicated server (running linux) and I'm wondering if I can disable it without any security risks. The server just hosts a few of my own websites. ...
mk1000's user avatar
  • 255
9 votes
5 answers
3k views

Web Server Security Overkill?

I've been doing "extensive" research on securing a linux web server. On top of what is considered the "basics" (removing unused services, hardening ssh, iptables, etc.) is it wise to include anti-...
Aaron's user avatar
  • 91
8 votes
3 answers
7k views

Is there a way to keep ClamAV updated on Debian 8?

Since upgrading to Debian 8 my syslog is full of ...freshclam[17851]: WARNING: Your ClamAV installation is OUTDATED! ...freshclam[17851]: WARNING: Local version: 0.98.7 Recommended version: 0.99 ......
artfulrobot's user avatar
  • 3,139
7 votes
3 answers
23k views

How to make `clamdscan` exclude folders and only log `--infected`?

My server is centos 7.4, with clamav 0.101.1-1.el7. When I run clamscan -r --infected --exclude-dir="^/sys" / through terminal, I always wait more than 6 hours to get output. And if I close ...
kittygirl's user avatar
  • 985
7 votes
4 answers
13k views

Is it possible to check the progress of of a currently running clamAV scan?

I have searched around but not found a possible solution to this so far. I have an ongoing scan which I thought would've been finished at certain time, but unfortunately it has not. So I am wondering ...
Dark Star1's user avatar
  • 1,445
7 votes
2 answers
11k views

clamav-daemon start condition failed, /var/lib/clamav/daily.{c[vl]d,inc} was not met

After installing Modoboa(Open Source Mail Hosting), I Tried to start clamav-daemon, but i faced start condition failed. systemctl status clamav-daemon.service clamav-daemon.service - Clam ...
Omid Estaji's user avatar
6 votes
3 answers
12k views

How to scan multiple directories with clamav

I know how to scan one directory: clamscan -r /home but for the life of me I cannot seem to get multiple directories working and I cannot seem to Google this simple problem. I have tried: clamscan ...
Sammaye's user avatar
  • 729
6 votes
5 answers
18k views

clamav error: mpool_malloc(): Attempt to allocate 8388608 bytes

Following error is showed when starting clamd; freshclam[26882]: [LibClamAV] mpool_malloc():Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net I have lots of RAM memory ...
george long's user avatar
6 votes
6 answers
22k views

Debian 8: can't get ClamAV to listen on TCP 3310

I am trying to get Clamav-daemon running on a Debian 8 system so that it will listen on TCP port 3310. I have done the following: aptitude install clamav-daemon Then modified /etc/clamav/clamd.conf ...
Doahh's user avatar
  • 191
6 votes
1 answer
3k views

Integrating ClamAV with NGINX

We're using NGINX as our main web server, after moving away from Apache. We recently decided to test ClamAV integration, to make sure files uploaded by users are thoroughly scanned prior to transfer ...
Traveling Tech Guy's user avatar
6 votes
0 answers
6k views

Socket access for clamdscan

On fc29 I have clamd installed and [email protected] is running fine. clamdscan runs for root but not for a regular user, even after addition to 'clamscan' group. dnf list installed | grep clam ...
hotkarl's user avatar
  • 165
5 votes
1 answer
7k views

ClamAV and MalDet - Are these quarantined or infected?

Learning about hardening my VPS, I installed ClamAV and MalDet, using both for a few months. Tonight, I decided that, instead of just checking home I'd check the entire VPS other than "/sys". This ...
Steven Ventimiglia's user avatar
5 votes
2 answers
89 views

avoid redundant writing of virus scan signatures in VMs on same disk [closed]

I have two VMs on the same disk that each have clamav installed. Both regularly run updates for the same virus scan signatures simultaneously which results in an unnecessary strain on the performance ...
schf1919's user avatar
5 votes
2 answers
13k views

Up to date ClamAV on Debian Wheezy (ClamAV installation is OUTDATED log message)

I've installed ClamAV on Debian Wheezy from the offical repositories, using apt. System is up to date and I don't get any updates via apt-get upgrade, but still I get this message in the logs: Your ...
Sfisioza's user avatar
  • 592
5 votes
1 answer
2k views

Squid + ClamAV + i-cap: Scanning proxy for uploaded files?

I'm trying to configure a virus scanning proxy server specifically to scan files being uploaded. Scanning flies being downloaded seems to be the common use case, and seems to be well documented. Not ...
Ryan Greget's user avatar
4 votes
3 answers
17k views

Where is ClamAV quarantine folder?

I want to restore some files from quarantine after I have executed clamscan some times. But I cannot find the quarantine folder in the configuration. How should I find the address of the quarantined ...
smhnaji's user avatar
  • 619
4 votes
3 answers
8k views

How to scan only last 24 hours files with clamav

I've create a bash script to scan whole server for virus via clamav. The script has been running via cron every night. Because of this I want to scan only the files that has been added last 24 hours. ...
Ehsan's user avatar
  • 247
4 votes
2 answers
5k views

Exim4 won't send message

My exim4 don't send any message. The logs says 2011-03-09 15:59:57 1PxKrl-00038i-BT malware acl condition: clamd: ClamAV returned /var/spool/exim4/scan/1PxKrl-00038i-BT: lstat() failed: Permission ...
PeterMmm's user avatar
  • 905
4 votes
3 answers
11k views

Disable ClamAV for Amavis

I have a Postfix mail server, using Amavis and Spamassassin to check for unwanted e-mails. I have removed ClamAV because it'd basically freeze the whole server every time someone received an e-mail, ...
RobinJ's user avatar
  • 187
4 votes
1 answer
2k views

How are systemd/system overrides supposed to work?

I'm messing around with some timeout settings, and am trying to figure out the correct way to set things for systemd/system daemons. Specifically, this is an underpowered server, and I keep timing out ...
philolegein's user avatar
4 votes
1 answer
3k views

ClamAV signature to ban office documents with macros

We are using custom signatures for ClamAV database to ban some types of files when they're attached to one email. This it's done using clamd and clamassassin with procmail. We're looking to add a ...
NetVicious's user avatar
4 votes
1 answer
2k views

correct order for Postfix milters

I use the following milters with Postfix: ClamAV, OpenDKIM, OpenDMARC, Rspamd This is also the order they are being called via smtpd_milters. What would be the best order for them regarding ...
basbebe's user avatar
  • 313
4 votes
1 answer
422 views

How to make clamassassin prepend the X-Virus-* headers instead of appending them?

The email virus filter wrapper for ClamAV, clamassassin, appends its headers to the message headers. X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 1.0.3/27134/...
Esa Jokinen's user avatar
  • 50.2k
4 votes
2 answers
13k views

Scan the full filesystem in parallel with clamscan

I run a clamav scan weekly on my servers. There is one server with a raid6 cluster of 30TB of disk space where the scan take more than 24h to run. So I wonder how can I run clamscan on the whole ...
azmeuk's user avatar
  • 195
4 votes
1 answer
2k views

How do I configure MailScanner to use a remote clamd?

I decided to decrease the workload on my mail gateway by moving anti-virus processing to a separate server. I created the server, installed clamav-daemon on it, and tested it by running clamdscan from ...
Daniel C. Sobral's user avatar
3 votes
2 answers
834 views

Debian 12: can't get ClamAV to listen on TCP 3310

ClamAV seems to have a bug on Debian 12 (bookworm) making it difficult to get it listening on TCP 3310. I tried the two approaches described in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=...
Thomas853's user avatar
  • 161
3 votes
3 answers
3k views

Scan whole system or just user dirs with clamav

I'm in doubt about how to scan my Linux system with Clamav: do I just scan the places where users can upload files (homedirs, their webroots) or do I scan the whole system? The various sites I've ...
datadevil's user avatar
  • 535
3 votes
1 answer
3k views

Quarantined mail retrieval from SpamAssassin/ClamAV/Postfix

We run a mail relay service in a multi tenant deployment for clients. We started doing this because commercially available relay services were silly money when compared to the costs of building one ...
SimonJGreen's user avatar
  • 3,235
3 votes
1 answer
2k views

Large Virus File with EICAR-Test-Signature not identified by the clamav library

If I add the Eicar Test Signature at the beginning of a large text file, will that file turn out to be malicious? I opened a 5 MB binary file on Sublime Text and added the signatue at the beginning. ...
Ashish Poddar's user avatar
3 votes
2 answers
499 views

Process 'clamd' "not monitored"

the output of monit summary says clamav is not monitored. The configuration says: check process clamd with pidfile /var/run/clamav/clamd.pid start program = "/etc/init.d/clamav-daemon start" ...
Adripants's user avatar
  • 347
3 votes
3 answers
4k views

How to upgrade ClamAV on Ubuntu Hardy Heron 8.04 LTS?

I'm running a server on Ubuntu Hardy Heron 8.04 LTS, and when I installed ClamAV via aptitude, it installed version 0.94. That version has now been EOL'ed, but when I run "aptitude upgrade", it doesn'...
user avatar
3 votes
1 answer
245 views

System-wide virus scans in Ubuntu?

I installed ClamAV (clamav-daemon and clamav-freshclam) in order to set up a policy of regularly scanning my LTSP thin client setup for Windows viruses. Currently, we have a variety of users, each ...
lfaraone's user avatar
  • 1,621
2 votes
6 answers
2k views

Websites on Ubuntu 8.04 LTS with Plesk are infected with viruses [duplicate]

I am running Plesk 9.5 on Ubuntu 8.04 LTS and have about 15 websites infected with some malicious code appended to the end of java files. I have installed Clamav and it has managed to pickup the ...
Paddington's user avatar
2 votes
8 answers
1k views

Experience with HAVP

I have employees that have to search sketchy virus-ridden websites as part of their job. They all have XP and Symantec AV installed but they still get hit fairly often. Rather then trying all sorts ...
Kyle Brandt's user avatar
  • 84.6k
2 votes
1 answer
7k views

Installing clamav on Amazon Linux 2

I have been trying to install clamav on Amazon Linux 2 using the following which works fine on Amazon Linux 1: curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum ...
williamsdb's user avatar
2 votes
3 answers
6k views

clamav "killed" with no explanation

On a Debian 10 server I have this problem with clamav: root@vps:~# clamscan -r -v --stdout / Killed You see I use the verbose flag but that does not give me any information. In years of using clam ...
Jason Cotman's user avatar
2 votes
1 answer
8k views

subprocess installed pre-removal script returned error exit status 5

Trying to get clamav and clamav-daemon uninstalled but seems apt and dpkg are stuck and nothing can complete without this error: dpkg --remove output: (Reading database ... 385080 files and ...
eskimo's user avatar
  • 123
2 votes
2 answers
3k views

Clamd won't start after update

Since updating clamd to 0.99.2-1.e15 on our RedHat 5 x86_64 system, it has failed to start successfully. The error we get is as follows: LibClamAV Error: cli_pcre_compile: PCRE compilation failed at ...
Jamen McGranahan's user avatar
2 votes
2 answers
3k views

Using ClamAV to virus scan uploaded files on Ubuntu Production Servers

I am planning to use ClamAV to virus scan files being uploaded to a Web Application running on Ubuntu Servers. ClamAV will be installed on a dedicated server and when the file is being uploaded, the ...
lingostar's user avatar
2 votes
2 answers
9k views

Sending a file to a remote clamd instance

I may be misunderstanding how to utilize clamd. I've got a situation where I have a media server that isn't quite powerfull enough to scan files as well as host the other services it is running (...
BobserLuck's user avatar
2 votes
2 answers
10k views

Error with clamd amavisd CentOS 7

I am getting issue with clamd and amavisd please see error message below I am running an email server on CentOS 7.3..... amavisd and clamd seems working fine, but they keep jump up with errors every ...
WillyBoy's user avatar
2 votes
2 answers
562 views

Installing ClamAV on Ubuntu

I'd like to install ClamAV on my Ubuntu Servers (LAMP). Is it good to go (as a daemon) out-of-the-box, or does it need some configuration? Do I need to add a line to my crontab to update virus ...
Trent Scott's user avatar
2 votes
1 answer
3k views

ClamAV Milter service will not start after updating clamav-milter

I recently updated ClamAV. Here are the packages that were updated: clamav-db-0.99-3.el6.x86_64 clamav-0.99-3.el6.x86_64 clamd-0.99-3.el6.x86_64 clamav-milter-0.99-3.el6.x86_64 libpng-1.2.49-2.el6_7....
halmeetdave's user avatar
2 votes
1 answer
14k views

clamd says socket in use by another process but I can't find one

I'm running CentOS 5.3 (Final) and using rpmforge I installed clamd and prereqs ok. I started clamd and ran a freshclam all ok. But if I run "clamd PING" or clamd /path/to/file I get ERROR: LOCAL: ...
dannix's user avatar
  • 97
2 votes
2 answers
2k views

Can I get clamav-daemon to run without first updating with freshclam?

It's painfully slow to run freshclam, but clamav-daemon won't start without it: $ sudo service clamav-daemon start * Clamav signatures not found in /var/lib/clamav * Please retrieve them using ...
Kit Sunde's user avatar
  • 946
2 votes
0 answers
1k views

ClamAV for the host running docker containers - inotify/fanotify limits

I'm implementing anti-virus solution for Linux with ClamAV daemon running in On-Access mode, watching the created/opened files for malicious content at the host system AND in docker containers, ...
mva's user avatar
  • 141
2 votes
1 answer
42 views

mpool_malloc error, cannot access shell

I'm getting spammed the following error on boot: LibClamAC Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net I read that I will need to update... but ...
zentenk's user avatar
  • 223