Note: This was installed on a virtualmin server with clamav. Existing clamav was removed/purged via apt-get and reinstalled. clamd.conf reflects settings as part of virtualmin and clamonacc.
Install clamav and mailx
sudo apt-get install -y bsd-mailx clamav clamav-base clamav-daemon clamav-docs clamav-freshclam
Create Quarantine Folder
mkdir /root/quarantine
Create the following files (see gist files below at end of blog or here)
- /etc/systemd/system/clamonacc.service
- /etc/clamav/clamd.conf
- /etc/clamav/detected.sh
Enable services
systemctl enable clamav-daemon.service
systemctl enable clamonacc.service
systemctl enable clamav-freshclam.service
Add root to clamav group
Clam, by default, will run under the clamav user and group. You can choose to keep/configure this or run as root. If you scan /root or folders owned by root you can encounter lstat() errors while running under the clamav user.
usermod -a -G clamav root
Crons
00 01,13 * * * /usr/bin/freshclam --quiet
0 19 * * 1-5 nice -n 16 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass /home /tmp >/dev/null 2>&1
0 6 * * 6 nice -n 18 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass / >/dev/null 2>&1
Final Step
- Reboot
Please explain how to do the Cron part
ReplyDelete