How to Use ClamAV for Malware Scanning on VPS

ClamAV is an open-source antivirus software designed for scanning and detecting malware, including viruses, trojans, worms, and other malicious software. Running ClamAV on your VPS (Virtual Private Server) can help protect your server from threats, ensuring the integrity of your files, websites, and data.

In this guide, we’ll walk you through the steps to install and configure ClamAV on your AnonVM VPS for comprehensive malware scanning.


Prerequisites

  • AnonVM VPS running a Linux-based distribution (Ubuntu 20.04 or later recommended).
  • Root access or sudo privileges.
  • Basic understanding of Linux command line.

Step 1: Install ClamAV on Your VPS

ClamAV is available in the official repositories for most Linux distributions, making installation quick and easy.

  1. Update your system: Begin by updating your package list to ensure that you have the latest version of ClamAV.

     
    sudo apt update
  2. Install ClamAV: Install ClamAV and its supporting packages (ClamAV daemon and freshclam for database updates).

     
    sudo apt install clamav clamav-daemon freshclam -y
  3. Verify the installation: After installation, check the version of ClamAV to verify that it has been installed successfully:

     
    clamscan --version

    You should see the ClamAV version and other relevant details.


Step 2: Configure Freshclam (Automatic Updates)

Freshclam is a tool that ensures ClamAV’s virus database is always up to date. It regularly downloads the latest virus definitions to detect the newest threats.

  1. Configure Freshclam for automatic updates: The configuration file for Freshclam is located at /etc/clamav/freshclam.conf. Open the file for editing:

     
    sudo nano /etc/clamav/freshclam.conf
  2. Set up automatic updates: Look for the line that says Example and remove the # to uncomment it. Then, modify the settings to enable automatic updates. Here are some key settings:

     
    # Uncomment to enable automatic daily updates NotifyClamd /var/run/clamav/clamd.sock
  3. Start the Freshclam service: You can start the Freshclam service to begin automatically updating ClamAV’s virus definitions:

     
    sudo systemctl start clamav-freshclam
  4. Enable Freshclam to start on boot: To ensure Freshclam runs on boot, enable it:

     
    sudo systemctl enable clamav-freshclam

Step 3: Running a Manual Malware Scan

ClamAV provides the clamscan command for manual malware scanning. You can scan files, directories, or your entire VPS for malware.

  1. Scan a single file: To scan a single file, run the following command:

     
    clamscan /path/to/file
  2. Scan a directory: To scan a directory, use the following command:

     
    clamscan -r /path/to/directory

    The -r option tells ClamAV to scan the directory recursively.

  3. Scan the entire server: If you want to scan your entire server, use this command:

     
    clamscan -r /
  4. Scan and delete infected files: You can automatically remove infected files by adding the --remove option:

     
    clamscan -r /path/to/directory --remove

    Be cautious with the --remove option as it deletes infected files without asking for confirmation.

  5. Scan with detailed report: To generate a detailed report, you can specify an output file:

     
    clamscan -r /path/to/directory --log=/path/to/report.txt

    This will log all scan results to the specified report file.


Step 4: Configuring ClamAV Daemon for Continuous Scanning

For continuous background scanning of your VPS, you can use ClamAV Daemon (clamd), which runs as a service and allows you to scan files on the fly.

  1. Edit the ClamAV Daemon configuration: The configuration file for the ClamAV Daemon is located at /etc/clamav/clamd.conf. Open it for editing:

     
    sudo nano /etc/clamav/clamd.conf
  2. Modify the configuration: Ensure that the ClamAV Daemon is set up to listen for requests on a specific socket. For example, configure it to listen on the local socket:

     
    LocalSocket /var/run/clamav/clamd.sock
  3. Start ClamAV Daemon: Once configured, start the ClamAV Daemon service:

     
    sudo systemctl start clamav-daemon
  4. Enable ClamAV Daemon to start on boot: To ensure the ClamAV Daemon starts automatically on boot, enable it:

     
    sudo systemctl enable clamav-daemon

Step 5: Scheduling Regular Scans with Cron Jobs

To automate malware scanning, you can schedule ClamAV to run regular scans using cron jobs. This will ensure that your VPS is continuously protected from new threats.

  1. Edit the crontab file: Open the crontab file to schedule regular scans:

     
    sudo crontab -e
  2. Add a cron job for daily scans: To schedule a daily scan at 2 AM, add the following line to the crontab file:

     
    0 2 * * * /usr/bin/clamscan -r / --log=/var/log/clamav/daily_scan.log
  3. Save and exit: Save the file and exit the editor. The scan will now run daily at 2 AM.


Step 6: Monitoring ClamAV Logs

ClamAV logs its scan results to two main log files: access.log and scan.log. You can monitor these logs to track any malware detection or system errors.

  1. View the ClamAV logs: To view the logs in real-time, use the following command:

     
    tail -f /var/log/clamav/scan.log
  2. Monitor the access log: The access.log file shows access requests to ClamAV’s services:

     
    tail -f /var/log/clamav/access.log

Step 7: ClamAV Maintenance and Updates

Regular maintenance is essential for ClamAV to continue performing optimally. Make sure the virus definitions are updated frequently, and you perform routine scans.

  1. Update ClamAV virus definitions manually: To manually update the virus definitions, use the following command:

     
    sudo freshclam
  2. Clear ClamAV’s temporary files: You can clear ClamAV’s temporary files periodically to free up disk space:

     
    sudo rm -rf /tmp/clamav-*

Conclusion

ClamAV is a powerful, open-source antivirus solution that provides a reliable way to protect your VPS from malware. By following the steps above, you’ve set up ClamAV to run automatic updates, conduct manual or scheduled scans, and maintain continuous protection with the ClamAV Daemon.

Make sure to monitor ClamAV logs and keep your virus definitions up to date to stay protected against new threats. Regularly scheduled scans and maintaining your ClamAV configuration will ensure that your VPS remains secure.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Powered by WHMCompleteSolution