Security/ClamAV: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Security » ClamAV==
==Security » ClamAV==
{|class='wikitable mw-collapsible' style='width:100%'
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left'|
!scope='col' style='text-align:left'|
Security » [https://github.com/fail2ban/fail2ban/wiki ClamAV]
Security » [https://github.com/fail2ban/fail2ban/wiki ClamAV]
|-
|-
|valign='top'|
|valign='top'|
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:3px 0 3px 0'
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'|
!scope='col' style='text-align:left'|
ClamAV » Install
ClamAV » Install
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight lang='bash'>
cat <<'EXE' | sudo bash
cat <<'EXE' | sudo bash
apt-get update
apt-get update
Line 18: Line 18:
</syntaxhighlight>
</syntaxhighlight>
|}
|}
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left|
!scope='col' style='text-align:left|
ClamAV » Config
ClamAV » Config
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight lang='bash'>
cat <<'EXE' | sudo bash
cat <<'EXE' | sudo bash
systemctl stop    clamav-freshclam
systemctl stop    clamav-freshclam
Line 41: Line 41:
</syntaxhighlight>
</syntaxhighlight>
|}
|}
{|class='wikitable mw-collapsible' style='width:100%;margin:6px 0 3px 0'
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left|
!scope='col' style='text-align:left' colspan='2'|
ClamAV » Scan
ClamAV » Scan
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
clamscan -r --bell -i /
clamscan -r        -i /
clamscan -r          /
</syntaxhighlight>
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
clamscan -r --bell -i ${HOME}/
clamscan -r        -i ${HOME}/
clamscan -r          ${HOME}/
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r          --exclude-dir='^/(sys|proc|dev|run)' /
</syntaxhighlight>
|valign='top'|
<syntaxhighlight lang='bash'>
sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r          --exclude-dir='^/(sys|proc|dev|run)' /root/
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' \
/var/www \
/var/tmp \
/uploads \
/home    \
/tmp
</syntaxhighlight>
|valign='top'|
|-
!scope='col'| Scan » Manual
!scope='col'| Scan » Manual
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight lang='bash'>
cat <<'EXE' | bash
systemctl list-unit-files --state=enabled | grep -i upload
clamscan -r --bell -i /home/chorke/
systemctl list-timers --all              | grep -i upload
clamscan -r          /home/chorke/
systemctl list-units                      | grep -i upload
EXE
journalctl                                | grep -i upload
systemctl status upload*
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
grep -R 'upload' /etc/profile /etc/profile.d ~/.bashrc ~/.profile 2>/dev/null
grep -R 'upload' /etc/cron* /var/spool/cron 2>/dev/null
 
ls -l /etc/rc.local
ausearch -x upload
</syntaxhighlight>
</syntaxhighlight>
|}
|}
Line 56: Line 109:


==References==
==References==
{|class='wikitable mw-collapsible' style='width:100%'
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='3'|
!scope='col' style='text-align:left' colspan='3'|
References
References
Line 86: Line 139:
|valign='top' style='width:33%'|
|valign='top' style='width:33%'|
* [[Jasypt|Security » Jasypt]]
* [[Jasypt|Security » Jasypt]]
* [[Security/Lynis|Security » Lynis]]


|-
|-

Latest revision as of 15:11, 23 January 2026

Security » ClamAV

Security » ClamAV

ClamAV » Install 

cat <<'EXE' | sudo bash
apt-get update
apt-get install -y clamav clamav-daemon
apt-get clean
EXE

ClamAV » Config 

cat <<'EXE' | sudo bash
systemctl stop    clamav-freshclam
systemctl stop    clamav-daemon

freshclam

systemctl start   clamav-freshclam
systemctl stop    clamav-daemon

systemctl status  clamav-daemon
systemctl status  clamav-freshclam

systemctl disable clamav-daemon
systemctl enable  clamav-freshclam
EXE

ClamAV » Scan 

clamscan -r --bell -i /
clamscan -r        -i /
clamscan -r           /

clamscan -r --bell -i ${HOME}/
clamscan -r        -i ${HOME}/
clamscan -r           ${HOME}/

sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r           --exclude-dir='^/(sys|proc|dev|run)' /

sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r           --exclude-dir='^/(sys|proc|dev|run)' /root/

sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' \
 /var/www \
 /var/tmp \
 /uploads \
 /home    \
 /tmp
Scan » Manual Scan » Manual 
systemctl list-unit-files --state=enabled | grep -i upload
systemctl list-timers --all               | grep -i upload
systemctl list-units                      | grep -i upload
journalctl                                | grep -i upload
systemctl status upload*

grep -R 'upload' /etc/profile /etc/profile.d ~/.bashrc ~/.profile 2>/dev/null
grep -R 'upload' /etc/cron* /var/spool/cron 2>/dev/null

ls -l /etc/rc.local
ausearch -x upload

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/ClamAV&oldid=16372"