ClamAV - Anti Virus software

Antivirus, forensics, intrusion detection, cryptography, etc.
Post Reply
Message
Author
User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

ClamAV - Anti Virus software

#1 Post by RetroTechGuy »

So I just checked to make sure this collection works on a new Puppy pupsave (sorry guys, I haven't learned my way around building .pets yet).

I picked the install from "squeeze" (though it is probably the same as "Lenny")

http://packages.debian.org/squeeze/clamav

You need the following packages for Puppy 4.3.1 (I'm assuming that you have i386-family hardware):

Updated: See 2nd post for new packages (0.96)

<snipped 0.95 packages>

And from the Clam page (http://www.clamav.net/), get the virus definition files:

http://db.local.clamav.net/main.cvd
http://db.local.clamav.net/daily.cvd

Which you will place in /var/lib/clamav/

The command-line is:

Code: Select all

clamscan
Though you probably want something more like:

Code: Select all

clamscan -r -i -l /tmp/clamav.log
Which will do a recursive scan, report only viruses and write a log file to /tmp/

Enjoy!
Last edited by RetroTechGuy on Tue 04 May 2010, 16:21, edited 1 time in total.

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

Update ClamAV 0.96 in Puppy (using Debian)

#2 Post by RetroTechGuy »

OK Folks, here's an update for ClamAV, which works in Puppy 4.3.1 (haven't tried earlier versions, but there is probably no reason it won't work).

Updated 06Dec2010:

I went to Debian "squeeze":

http://packages.debian.org/squeeze/clamav

And grabbed the following .deb files (updated on 06Aug2010 for Clam 0.96.4+dfsg-1):

http://http.us.debian.org/debian/pool/m ... 1_i386.deb
http://http.us.debian.org/debian/pool/m ... 1_i386.deb

Running clamscan, it complained about zlib, but appeared to run just fine.

06Dec2010 update: I did not upgrade these on my system, but newer versions can be found (I have not tested the newer versions -- but these worked on mine):

http://http.us.debian.org/debian/pool/m ... 2_i386.deb
http://http.us.debian.org/debian/pool/m ... 3_i386.deb
http://http.us.debian.org/debian/pool/m ... 6_i386.deb

If you had previously installed 0.95, you only need the first 2 files. If you are installing from scratch, you need all 5 files (just click them sequentially to install all of them).

Then get the 2 virus definition files from the Clam site:

http://www.clamav.net/lang/en/

and place them in /var/lib/clamav/ (you must create the "clamav" folder)

Clamscan works from the command line, just as before.

Yorkiesnorkie is also working on building a .pet for this, but I'm not completely sure where he is with it:

See towards the bottom of the page:
http://murga-linux.com/puppy/viewtopic.php?t=54583

And his current progress:
http://www.murga-linux.com/puppy/viewtopic.php?p=414761
Last edited by RetroTechGuy on Mon 06 Dec 2010, 17:11, edited 2 times in total.

aarf

#3 Post by aarf »

there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#4 Post by RetroTechGuy »

aarf wrote:there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.
To my knowledge, there are no config files requiring editing.

Before posting, I had just tested the process it on a brand new pupsave (created fresh, just for the purpose of testing).

The only "tricky" part is that you must create the directory /var/lib/clamav/ and you must place the 2 virus definition files in that folder.

If you get an error, read carefully (as it is probably the missing virus defs).

aarf

#5 Post by aarf »

RetroTechGuy wrote:
aarf wrote:there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.
To my knowledge, there are no config files requiring editing.

Before posting, I had just tested the process it on a brand new pupsave (created fresh, just for the purpose of testing).

The only "tricky" part is that you must create the directory /var/lib/clamav/ and you must place the 2 virus definition files in that folder.

If you get an error, read carefully (as it is probably the missing virus defs).
my tries for an antivirus on that day included multiple install methods/sources of clamav and fprot, on lupu113, quirky21 and xandros, all failed. so i may be a little confused as to which and where, so i will try again. thanks.

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#6 Post by RetroTechGuy »

aarf wrote:
RetroTechGuy wrote:
aarf wrote:there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.
To my knowledge, there are no config files requiring editing.

Before posting, I had just tested the process it on a brand new pupsave (created fresh, just for the purpose of testing).

The only "tricky" part is that you must create the directory /var/lib/clamav/ and you must place the 2 virus definition files in that folder.

If you get an error, read carefully (as it is probably the missing virus defs).
my tries for an antivirus on that day included multiple install methods/sources of clamav and fprot, on lupu113, quirky21 and xandros, all failed. so i may be a little confused as to which and where, so i will try again. thanks.
Yeah, I started getting lost when installing these things too.

That's when I started created a new, blank pupsave and installing from scratch -- a mature system is likely to have all the libraries, a new system doesn't. So I install the base package, then run it from the command line, so I can see the missing dependencies. Then I add the missing libs, and repeat until it works (Puppy has some of the libs, but not necessarily all of them).

Once I get a package working, I make a sub-folder and store the package and all the required libs together, in case I need to install it again in the future. It makes doing a system rebuild really easy.

aarf

#7 Post by aarf »

<wrong links from first post removed>

aarf

#8 Post by aarf »

ok installed into puppeee (431) by downloading and clicking on the .deb files
and making the directory for the downloaded definitions
simple. thanks. but i want to scan more than /root and cant see from

Code: Select all

# clamscan -h
how to do that. i want to scan all mounted partitions and everything everywhere on the laptop.

Code: Select all

# clamscan -r -i -l /tmp/clamav.log

----------- SCAN SUMMARY -----------
Known viruses: 761105
Engine version: 0.96
Scanned directories: 752
Scanned files: 1274
Infected files: 0
Data scanned: 20.29 MB
Data read: 20.04 MB (ratio 1.01:1)
Time: 47.651 sec (0 m 47 s)
# 

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#9 Post by RetroTechGuy »

aarf wrote:ok installed into puppeee (431) by downloading and clicking on the .deb files
and making the directory for the downloaded definitions
simple. thanks. but i want to scan more than /root and cant see from

Code: Select all

# clamscan -h
how to do that. i want to scan all mounted partitions and everything everywhere on the laptop.

Code: Select all

# clamscan -r -i -l /tmp/clamav.log

----------- SCAN SUMMARY -----------
Known viruses: 761105
Engine version: 0.96
Scanned directories: 752
Scanned files: 1274
Infected files: 0
Data scanned: 20.29 MB
Data read: 20.04 MB (ratio 1.01:1)
Time: 47.651 sec (0 m 47 s)
# 
When you open a terminal (rxvt), it drops you into /root/, so your search ran through /root/.

Instead:

Code: Select all

cd /mnt/

or 

cd /
then

Code: Select all

clamscan -r -i -l /tmp/clamav.log
Which will scan everything under /mnt/ (all mounted partitions), or everything, including /mnt/ (I don't know if /mnt/ will include /root/, due to the way the system is mounted -- but starting from "/" will).

Or, if you prefer, just specify the filename or location of your search

Code: Select all

clamscan -irl  /tmp/clamav.log /mnt/sdb1/virus.exe
note: you generally do not need to put a space between command line options, so "-i -r -l" = "-irl"

note2: clamscan will append new searches to the existing .log file (and also note that /tmp/ is cleared on reboot, so only save there if you don't care about preserving the log file)

BTW, to see where you are "sitting", enter "pwd" (i.e. "print working directory"), so you know from whence you will recursively search into directories.

User avatar
yorkiesnorkie
Posts: 504
Joined: Mon 04 Jun 2007, 13:11
Location: George's Island

#10 Post by yorkiesnorkie »

aarf wrote:there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.
It's not that bad really. clamd.conf and clamscan.conf are in /etc. Each has a line in red (if you open it in Geany) which looks like this

Code: Select all

Example
you have to comment it out

Code: Select all

#Example
I also change the user from clamav to root. I'll post an example of my conf files a little later so you can see what I did. (I am not home) Those are the only changes I made. I found I had to do that with the old pet package I downloaded.

Usually, if you haven't commented out "example", Clamav will complain when you run a clamscan or freshclam from the command line.

Thanks for the link by the way RetroTechGuy to the new debs of 0.96. I'll have to see if those files are smaller than the 28 mb PET I made. That pet is now available at pupplinux.ca http://puppylinux.ca/tpp/ttuuxxx/other/ ... 6-i486.pet Consider it a test version! I compiled it in 4.3.0 and ttuuxxx said it did not work with 2.14x so I'll be taking a run at making one for that version of puppy.

y.
[url]http://www.busygamemaster.com[/url]

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#11 Post by RetroTechGuy »

yorkiesnorkie wrote:
aarf wrote:there are two config files that need to be edited. post the completed edited files so that they can be swapped in. else it is too annoying to read through all the garbage in those 2 files and then find that it wont run.
It's not that bad really. clamd.conf and clamscan.conf are in /etc. Each has a line in red (if you open it in Geany) which looks like this

Code: Select all

Example
you have to comment it out

Code: Select all

#Example
I also change the user from clamav to root. I'll post an example of my conf files a little later so you can see what I did. (I am not home) Those are the only changes I made. I found I had to do that with the old pet package I downloaded.

Usually, if you haven't commented out "example", Clamav will complain when you run a clamscan or freshclam from the command line.
I created a brand new pupsave, and installed the .deb files, and received no warnings from clamscan (however, freshclam is not installed).

I suspect that this is a freshclam config file... (I did try installing the .deb version of freshclam, and had some sort of error -- haven't dug into it further).

User avatar
yorkiesnorkie
Posts: 504
Joined: Mon 04 Jun 2007, 13:11
Location: George's Island

my conf files

#12 Post by yorkiesnorkie »

Here are my conf files:

y.
Attachments
clamav_conf_files.tar.gz
my conf files
(7.23 KiB) Downloaded 1111 times
[url]http://www.busygamemaster.com[/url]

User avatar
yorkiesnorkie
Posts: 504
Joined: Mon 04 Jun 2007, 13:11
Location: George's Island

Response times

#13 Post by yorkiesnorkie »

RetroTechGuy wrote:
I created a brand new pupsave, and installed the .deb files, and received no warnings from clamscan (however, freshclam is not installed).

I suspect that this is a freshclam config file... (I did try installing the .deb version of freshclam, and had some sort of error -- haven't dug into it further).
The error I got when I first ran freshclam was somewhat cryptic. First I got some error about the database owner. That led me to the, there's no user clamav in puppy. I've even added a user "clamav", which works for the compile, but doesn't in fact actually work when you run freshclam. Hence, I had to change to root. If you check the freshclam.conf file you'll see where I changed it.

The clamav pet works, but I found the clamscan very slow. You do get there but it takes quite a while. What you've done is very interesting because you are only working with clamscan, rather than the whole meal deal which is in my pet. It makes me wonder what I could trim out and still get it to work. Basically all I'd want is clamscan and freshclam.

How fast is your deb running? Do you get a fairly immediate response?

y.
[url]http://www.busygamemaster.com[/url]

User avatar
yorkiesnorkie
Posts: 504
Joined: Mon 04 Jun 2007, 13:11
Location: George's Island

#14 Post by yorkiesnorkie »

I found this:
Clamscan is fine for scanning file systems where long lists of files are scanned with very few processes because of the db loading penalty at each startup, but clamd, which provides the same thing, loads the database files once and can be re-used thousands of times an hour via sockets, streams, and file pointers either directly (direct calls to the socket from your code) or from clamdscan which can be called from scripts.
http://linux.die.net/man/1/clamdscan

What this suggests is that when clamscan runs it's database is being loaded multiple times. ??? If that is the case basically what they are saying is you can use clamdscan instead of clamscan. From my reading clamdscan is supposed to increase the speed of the scanning of a file or directory, etc. I have yet to try it. However the command from the man page above suggests it is used in exactly the same way as clamscan.

Code: Select all

clamdscan --bell -r --log=/virus.log -i /root/my-documents/Downloaded
The above command should scan directory root/my-documents/Downloaded recursively (-r) and log (--log) the result in the virus.log file, will beep (--bell) each time a virus has been detected and only print (-i) infected files to the output.

I'll run this and let you know if anything improves.

y.
[url]http://www.busygamemaster.com[/url]

User avatar
yorkiesnorkie
Posts: 504
Joined: Mon 04 Jun 2007, 13:11
Location: George's Island

#15 Post by yorkiesnorkie »

Hah, I forgot that I took clamdscan out of the pet I made... I'm going to have another go-around at compiling this anyway for 214xrc5.

y.
[url]http://www.busygamemaster.com[/url]

Post Reply