Security/ClamAV: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 47: Line 47:
|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
cat <<'EXE' | bash
clamscan -r --bell -i /
clamscan -r --bell -i /
clamscan -r        -i /
clamscan -r        -i /
clamscan -r          /
clamscan -r          /
EXE
</syntaxhighlight>
</syntaxhighlight>


|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
cat <<'EXE' | bash
clamscan -r --bell -i ${HOME}/
clamscan -r --bell -i /home/chorke/
clamscan -r        -i ${HOME}/
clamscan -r        -i /home/chorke/
clamscan -r          ${HOME}/
clamscan -r          /home/chorke/
</syntaxhighlight>
EXE
|-
|valign='top'|
<syntaxhighlight lang='bash'>
sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r          --exclude-dir='^/(sys|proc|dev|run)' /
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r          --exclude-dir='^/(sys|proc|dev|run)' /root/
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' \
/var/www \
/var/tmp \
/uploads \
/home   \
/tmp
</syntaxhighlight>
 
|valign='top'|
|-
!scope='col'| Scan » Manual
!scope='col'| Scan » Manual
|-
|valign='top'|
<syntaxhighlight lang='bash'>
systemctl list-unit-files --state=enabled | grep -i upload
systemctl list-timers --all              | grep -i upload
systemctl list-units                      | grep -i upload
journalctl                                | grep -i upload
systemctl status upload*
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
grep -R 'upload' /etc/profile /etc/profile.d ~/.bashrc ~/.profile 2>/dev/null
grep -R 'upload' /etc/cron* /var/spool/cron 2>/dev/null
 
ls -l /etc/rc.local
ausearch -x upload
</syntaxhighlight>
</syntaxhighlight>
|}
|}

Latest revision as of 15:11, 23 January 2026

Security » ClamAV

Security » ClamAV

ClamAV » Install 

cat <<'EXE' | sudo bash
apt-get update
apt-get install -y clamav clamav-daemon
apt-get clean
EXE

ClamAV » Config 

cat <<'EXE' | sudo bash
systemctl stop    clamav-freshclam
systemctl stop    clamav-daemon

freshclam

systemctl start   clamav-freshclam
systemctl stop    clamav-daemon

systemctl status  clamav-daemon
systemctl status  clamav-freshclam

systemctl disable clamav-daemon
systemctl enable  clamav-freshclam
EXE

ClamAV » Scan 

clamscan -r --bell -i /
clamscan -r        -i /
clamscan -r           /

clamscan -r --bell -i ${HOME}/
clamscan -r        -i ${HOME}/
clamscan -r           ${HOME}/

sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /
sudo clamscan -r           --exclude-dir='^/(sys|proc|dev|run)' /

sudo clamscan -r --bell -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' /root/
sudo clamscan -r           --exclude-dir='^/(sys|proc|dev|run)' /root/

sudo clamscan -r        -i --exclude-dir='^/(sys|proc|dev|run)' \
 /var/www \
 /var/tmp \
 /uploads \
 /home    \
 /tmp
Scan » Manual Scan » Manual 
systemctl list-unit-files --state=enabled | grep -i upload
systemctl list-timers --all               | grep -i upload
systemctl list-units                      | grep -i upload
journalctl                                | grep -i upload
systemctl status upload*

grep -R 'upload' /etc/profile /etc/profile.d ~/.bashrc ~/.profile 2>/dev/null
grep -R 'upload' /etc/cron* /var/spool/cron 2>/dev/null

ls -l /etc/rc.local
ausearch -x upload

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/ClamAV&oldid=16372"