Questions tagged [clamav]
Antivirus for UNIX-like systems primarily for mailserver integration.
165
questions
32
votes
3
answers
60k
views
How should I test Clam Anti-Virus?
I have setup a new email server and now I need to test that Clam Antivirus is scanning messages correctly.
How should I do this in a safe and controlled way?
10
votes
4
answers
7k
views
ClamAV detected Kaiji malware on Ubuntu instance
Today clamAV scanned my AWS instances and detect 24 infected files on each.
It looks like false positive due to several reasons:
All these files are created in October 2022 (why were they detected ...
10
votes
2
answers
965
views
Is there a way to know why a service is restarted and who did it?
Ubuntu 14.04
clamav 0.98.7
The problem is clamav-daemon is restarted nearly daily:
Sep 1 06:30:00 x-master clamd[6778]: Pid file removed.
clamd[6778]: --- Stopped at Tue Sep 1 06:30:00 2015
clamd[...
9
votes
8
answers
20k
views
Is it safe to disable clamd?
Clamd is taking up about 5% of my memory (2GB) on my dedicated server (running linux) and I'm wondering if I can disable it without any security risks.
The server just hosts a few of my own websites. ...
9
votes
5
answers
3k
views
Web Server Security Overkill?
I've been doing "extensive" research on securing a linux web server. On top of what is considered the "basics" (removing unused services, hardening ssh, iptables, etc.) is it wise to include anti-...
8
votes
3
answers
7k
views
Is there a way to keep ClamAV updated on Debian 8?
Since upgrading to Debian 8 my syslog is full of
...freshclam[17851]: WARNING: Your ClamAV installation is OUTDATED!
...freshclam[17851]: WARNING: Local version: 0.98.7 Recommended version: 0.99
......
7
votes
3
answers
23k
views
How to make `clamdscan` exclude folders and only log `--infected`?
My server is centos 7.4, with clamav 0.101.1-1.el7.
When I run clamscan -r --infected --exclude-dir="^/sys" / through terminal, I always wait more than 6 hours to get output.
And if I close ...
7
votes
4
answers
13k
views
Is it possible to check the progress of of a currently running clamAV scan?
I have searched around but not found a possible solution to this so far.
I have an ongoing scan which I thought would've been finished at certain time, but unfortunately it has not. So I am wondering ...
7
votes
2
answers
11k
views
clamav-daemon start condition failed, /var/lib/clamav/daily.{c[vl]d,inc} was not met
After installing Modoboa(Open Source Mail Hosting), I Tried to start clamav-daemon, but i faced start condition failed.
systemctl status clamav-daemon.service
clamav-daemon.service - Clam ...
6
votes
3
answers
12k
views
How to scan multiple directories with clamav
I know how to scan one directory:
clamscan -r /home
but for the life of me I cannot seem to get multiple directories working and I cannot seem to Google this simple problem.
I have tried:
clamscan ...
6
votes
5
answers
18k
views
clamav error: mpool_malloc(): Attempt to allocate 8388608 bytes
Following error is showed when starting clamd;
freshclam[26882]: [LibClamAV] mpool_malloc():Attempt to allocate
8388608 bytes. Please report to http://bugs.clamav.net
I have lots of RAM memory ...
6
votes
6
answers
22k
views
Debian 8: can't get ClamAV to listen on TCP 3310
I am trying to get Clamav-daemon running on a Debian 8 system so that it will listen on TCP port 3310. I have done the following:
aptitude install clamav-daemon
Then modified /etc/clamav/clamd.conf ...
6
votes
1
answer
3k
views
Integrating ClamAV with NGINX
We're using NGINX as our main web server, after moving away from Apache. We recently decided to test ClamAV integration, to make sure files uploaded by users are thoroughly scanned prior to transfer ...
6
votes
0
answers
6k
views
Socket access for clamdscan
On fc29 I have clamd installed and [email protected] is running fine. clamdscan runs for root but not for a regular user, even after addition to 'clamscan' group.
dnf list installed | grep clam
...
5
votes
1
answer
7k
views
ClamAV and MalDet - Are these quarantined or infected?
Learning about hardening my VPS, I installed ClamAV and MalDet, using both for a few months. Tonight, I decided that, instead of just checking home I'd check the entire VPS other than "/sys".
This ...
5
votes
2
answers
89
views
avoid redundant writing of virus scan signatures in VMs on same disk [closed]
I have two VMs on the same disk that each have clamav installed. Both regularly run updates for the same virus scan signatures
simultaneously which results in an unnecessary strain on the performance ...
5
votes
2
answers
13k
views
Up to date ClamAV on Debian Wheezy (ClamAV installation is OUTDATED log message)
I've installed ClamAV on Debian Wheezy from the offical repositories, using apt. System is up to date and I don't get any updates via apt-get upgrade, but still I get this message in the logs:
Your ...
5
votes
1
answer
2k
views
Squid + ClamAV + i-cap: Scanning proxy for uploaded files?
I'm trying to configure a virus scanning proxy server specifically to scan files being uploaded. Scanning flies being downloaded seems to be the common use case, and seems to be well documented.
Not ...
4
votes
3
answers
17k
views
Where is ClamAV quarantine folder?
I want to restore some files from quarantine after I have executed clamscan some times. But I cannot find the quarantine folder in the configuration.
How should I find the address of the quarantined ...
4
votes
3
answers
8k
views
How to scan only last 24 hours files with clamav
I've create a bash script to scan whole server for virus via clamav. The script has been running via cron every night. Because of this I want to scan only the files that has been added last 24 hours.
...
4
votes
2
answers
5k
views
Exim4 won't send message
My exim4 don't send any message. The logs says
2011-03-09 15:59:57 1PxKrl-00038i-BT malware acl condition: clamd: ClamAV returned /var/spool/exim4/scan/1PxKrl-00038i-BT: lstat() failed: Permission ...
4
votes
3
answers
11k
views
Disable ClamAV for Amavis
I have a Postfix mail server, using Amavis and Spamassassin to check for unwanted e-mails. I have removed ClamAV because it'd basically freeze the whole server every time someone received an e-mail, ...
4
votes
1
answer
2k
views
How are systemd/system overrides supposed to work?
I'm messing around with some timeout settings, and am trying to figure out the correct way to set things for systemd/system daemons. Specifically, this is an underpowered server, and I keep timing out ...
4
votes
1
answer
3k
views
ClamAV signature to ban office documents with macros
We are using custom signatures for ClamAV database to ban some types of files when they're attached to one email.
This it's done using clamd and clamassassin with procmail.
We're looking to add a ...
4
votes
1
answer
2k
views
correct order for Postfix milters
I use the following milters with Postfix:
ClamAV, OpenDKIM, OpenDMARC, Rspamd
This is also the order they are being called via smtpd_milters.
What would be the best order for them regarding ...
4
votes
1
answer
422
views
How to make clamassassin prepend the X-Virus-* headers instead of appending them?
The email virus filter wrapper for ClamAV, clamassassin, appends its headers to the message headers.
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 1.0.3/27134/...
4
votes
2
answers
13k
views
Scan the full filesystem in parallel with clamscan
I run a clamav scan weekly on my servers. There is one server with a raid6 cluster of 30TB of disk space where the scan take more than 24h to run.
So I wonder how can I run clamscan on the whole ...
4
votes
1
answer
2k
views
How do I configure MailScanner to use a remote clamd?
I decided to decrease the workload on my mail gateway by moving anti-virus processing to a separate server. I created the server, installed clamav-daemon on it, and tested it by running clamdscan from ...
3
votes
2
answers
834
views
Debian 12: can't get ClamAV to listen on TCP 3310
ClamAV seems to have a bug on Debian 12 (bookworm) making it difficult to get it listening on TCP 3310.
I tried the two approaches described in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=...
3
votes
3
answers
3k
views
Scan whole system or just user dirs with clamav
I'm in doubt about how to scan my Linux system with Clamav: do I just scan the places where users can upload files (homedirs, their webroots) or do I scan the whole system?
The various sites I've ...
3
votes
1
answer
3k
views
Quarantined mail retrieval from SpamAssassin/ClamAV/Postfix
We run a mail relay service in a multi tenant deployment for clients. We started doing this because commercially available relay services were silly money when compared to the costs of building one ...
3
votes
1
answer
2k
views
Large Virus File with EICAR-Test-Signature not identified by the clamav library
If I add the Eicar Test Signature at the beginning of a large text file, will that file turn out to be malicious? I opened a 5 MB binary file on Sublime Text and added the signatue at the beginning. ...
3
votes
2
answers
499
views
Process 'clamd' "not monitored"
the output of monit summary says clamav is not monitored.
The configuration says:
check process clamd with pidfile /var/run/clamav/clamd.pid
start program = "/etc/init.d/clamav-daemon start"
...
3
votes
3
answers
4k
views
How to upgrade ClamAV on Ubuntu Hardy Heron 8.04 LTS?
I'm running a server on Ubuntu Hardy Heron 8.04 LTS, and when I installed ClamAV via aptitude, it installed version 0.94. That version has now been EOL'ed, but when I run "aptitude upgrade", it doesn'...
3
votes
1
answer
245
views
System-wide virus scans in Ubuntu?
I installed ClamAV (clamav-daemon and clamav-freshclam) in order to set up a policy of regularly scanning my LTSP thin client setup for Windows viruses.
Currently, we have a variety of users, each ...
2
votes
6
answers
2k
views
Websites on Ubuntu 8.04 LTS with Plesk are infected with viruses [duplicate]
I am running Plesk 9.5 on Ubuntu 8.04 LTS and have about 15 websites infected with some malicious code appended to the end of java files. I have installed Clamav and it has managed to pickup the ...
2
votes
8
answers
1k
views
Experience with HAVP
I have employees that have to search sketchy virus-ridden websites as part of their job. They all have XP and Symantec AV installed but they still get hit fairly often.
Rather then trying all sorts ...
2
votes
1
answer
7k
views
Installing clamav on Amazon Linux 2
I have been trying to install clamav on Amazon Linux 2 using the following which works fine on Amazon Linux 1:
curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum ...
2
votes
3
answers
6k
views
clamav "killed" with no explanation
On a Debian 10 server I have this problem with clamav:
root@vps:~# clamscan -r -v --stdout /
Killed
You see I use the verbose flag but that does not give me any information. In years of using clam ...
2
votes
1
answer
8k
views
subprocess installed pre-removal script returned error exit status 5
Trying to get clamav and clamav-daemon uninstalled but seems apt and dpkg are stuck and nothing can complete without this error:
dpkg --remove output:
(Reading database ... 385080 files and ...
2
votes
2
answers
3k
views
Clamd won't start after update
Since updating clamd to 0.99.2-1.e15 on our RedHat 5 x86_64 system, it has failed to start successfully. The error we get is as follows:
LibClamAV Error: cli_pcre_compile: PCRE compilation failed at ...
2
votes
2
answers
3k
views
Using ClamAV to virus scan uploaded files on Ubuntu Production Servers
I am planning to use ClamAV to virus scan files being uploaded to a Web Application running on Ubuntu Servers.
ClamAV will be installed on a dedicated server and when the file is being uploaded, the ...
2
votes
2
answers
9k
views
Sending a file to a remote clamd instance
I may be misunderstanding how to utilize clamd. I've got a situation where I have a media server that isn't quite powerfull enough to scan files as well as host the other services it is running (...
2
votes
2
answers
10k
views
Error with clamd amavisd CentOS 7
I am getting issue with clamd and amavisd please see error message below
I am running an email server on CentOS 7.3..... amavisd and clamd seems working fine, but they keep jump up with errors every ...
2
votes
2
answers
562
views
Installing ClamAV on Ubuntu
I'd like to install ClamAV on my Ubuntu Servers (LAMP). Is it good to go (as a daemon) out-of-the-box, or does it need some configuration? Do I need to add a line to my crontab to update virus ...
2
votes
1
answer
3k
views
ClamAV Milter service will not start after updating clamav-milter
I recently updated ClamAV. Here are the packages that were updated:
clamav-db-0.99-3.el6.x86_64
clamav-0.99-3.el6.x86_64
clamd-0.99-3.el6.x86_64
clamav-milter-0.99-3.el6.x86_64
libpng-1.2.49-2.el6_7....
2
votes
1
answer
14k
views
clamd says socket in use by another process but I can't find one
I'm running CentOS 5.3 (Final) and using rpmforge I installed clamd and prereqs ok. I started clamd and ran a freshclam all ok. But if I run "clamd PING" or clamd /path/to/file I get
ERROR: LOCAL: ...
2
votes
2
answers
2k
views
Can I get clamav-daemon to run without first updating with freshclam?
It's painfully slow to run freshclam, but clamav-daemon won't start without it:
$ sudo service clamav-daemon start
* Clamav signatures not found in /var/lib/clamav
* Please retrieve them using ...
2
votes
0
answers
1k
views
ClamAV for the host running docker containers - inotify/fanotify limits
I'm implementing anti-virus solution for Linux with ClamAV daemon running in On-Access mode, watching the created/opened files for malicious content at the host system AND in docker containers, ...
2
votes
1
answer
42
views
mpool_malloc error, cannot access shell
I'm getting spammed the following error on boot:
LibClamAC Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net
I read that I will need to update... but ...