At the request of someone who read one of my previous Raspberry Pi posts, I got a request to do something on the installation of an anti-virus package for the RPi. The package I am familiar with is ClamAV, so that is the one I started with. To get the process started, you will want to run the following two commands. The first one updates the files that apt-get uses to know what files are the latest. The second one installs ClamAV.
sudo apt-get update
sudo apt-get install clamav
Now that ClamAV is installed, we need to do a manual update of the signatures so that we have the latest ones to work with. You do this by using the following command – sudo freshclam.
If ClamAV didnt finish setting things up during the install, you may get some errors when freshclam runs that will look something like this –
ERROR: Can’t open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
If you get that type of error, you will probably need to do this to fix the problem –
sudo touch /var/log/clamav/freshclam.log
sudo chmod 600 /var/log/clamav/freshclam.log
sudo chown clamav /var/log/clamav/freshclam.log
The touch command creates an “empty” file with the name specified. The chmod command assigns read and write permissions to the file owner specified. Using 666 instead of 600 will give read and write permissions to all users. Chown assigns an “owner” to the file.
There are two configuration files for ClaMAV that you need to know where they are –
The freshclam.conf file is the one that you will probably be making the most changes to. In the freshclam.conf file, you may want to tweak one of the lines – UpdateLogFile /var/log/clamav/freshclam.log. With the touch/chmod lines listed above, you will want to change the UpdateLogFile line to be just /var/log/freshclam.log. You will either need to do that or modify the lines where you create and assign the rights to the file to point to the path where the file resides. One of the things you can look at in this file is when freshclam runs as to what it does or doesn’t do, so you will definitely want to get this one right. I would be careful about making any changes to the clamd.conf file until you have read the documentation for Clamav/Freschclam.
If you make a change to the clamav, you will need to restart the clamav service. You can do this by using this command – sudo service clamav-freshclam restart. If you want the logging from clamav/freshclam to show up in your syslog or messages log files, change the LogSyslog variable in freshclam.conf to True and restart the clamav-freshclam service.
To automatically schedule a clamscan of your RPi, use the sudo crontab -e to edit the cron scheduler file. Put this line in the file 00 00 * * * clamscan -r /, save and exit the file. As you exit the file you will notice that it is saving to a temp location, once you have exited the file, crontab will automatically swap the file into place and restart the crontab service. As a part of the startup process, you will need to keep the freshclam process running. You have run it manually so far but that isn’t something that you want to do on a long term basis. You can either start the freshclam as a daemon (freshclam -d) or edit the crontab file using either the root or clamav account to start it that way. If you go that route, you will want to put this line in the crontab file – N * * * * /usr/local/bin/freshclam –quiet. The -quiet option is important as it will cause freshclam to run in the background with no prompts appearing on the screen.
As with any changes you make in Linux, it is always a good idea to make a backup copy of the file(s) you are changing before making and testing the change. If you forget to or restoring your pre-change file doesn’t fix the problem, you can always use the sudo dpkg-reconfigure clamav-base to help rebuild the config file back to the starting point. I have walked you through a basic install of clamav. This implemention does not include on-access scanning. That is something I am looking at but with the resources available on the Pi, that might put more of a load on the resources that is justified. I have found several references for on-demand scanning, just need to see if the benefit is worth the effort.
For more information on the clamav/freshclam app and how to configure it, please check this link – http://www.clamav.net/doc/latest/. I apologize for the length of the YouTube video accompanying this post but I wanted you to see the whole thing so you would have a basis for comparison when you do it yourself.
To see more of my posts about the Raspberry Pi, please go to http://www.ronnutter.com/category/raspberry-pi/