Using clamscan to do your virus washing and tired of waiting for it to finish? Why not try new, improved clamdscan instead? It mightn’t wash whiter, but it’ll definitely wash quicker.
ClamXAV keeps threats at bay and puts you firmly in charge of your Mac’s security. Scan a specific file or your entire hard drive. Set it to scan automatically or run instant checks on suspicious files. It’s entirely up to you. Brew link clamav fails on macOS High Sierra. Had to run following commands to get ClamAV working: sudo mkdir /usr/local/sbin sudo chown -R $(whoami) $(brew -prefix)/. (standard brew fix does not work anymore on OS X 10.13) brew link clamav.
In Linux – Setting up ClamAV on RHEL we worked through installing the ClamAV antivirus package on Red Hat Enterprise Linux to support some simple, command-line virus checks:-
MacOS Sierra に ClamAV を導入する ClamAV に関する比較的新し目のドキュメントが少なかったので、ここに作成します。 ClamAV is 何 “ Clam AntiVirus (クラム・アンチウイルス。略称Clam AV)とは、オープンソース (GPL) で提供されているクロスプラットフォームのアンチウイルスソフトウェアである。. Building ClamAV® on Mac OS X 10.4 through macOS 11.0 Big Sur I'm running ClamXav Sentry as 'launch agent' with ClamAV antivirus scanning engine of my own custom build. I've tested for building ClamAV (from version 0.90.x to version 0.103.x) on Mac OS X 10.4 through macOS 11.0 Big Sur.
2 4 6 8 10 12 | myfile.jar: OK ----------- SCAN SUMMARY ----------- Engine version: 0.98.4 Scanned files: 1 Data scanned: 0.29 MB Time: 12.771 sec (0 m 12 s) |
One thing kinda leaps out from this report – on my box this single file took around 13 seconds to process. As we’ve previously observed, processing multiple files in one batch definitely improves things:-
2 4 6 8 10 12 14 | myfile1.jar: OK myfile3.jar: OK ----------- SCAN SUMMARY ----------- Engine version: 0.98.4 Scanned files: 3 Data scanned: 0.29 MB Time: 15.916 sec (0 m 15 s) |
13 seconds for one file, 16 seconds for three makes it pretty obvious that clamscan is doing a lot of work when it starts up. This extra time is spent loading the virus database into memory and those nice people from ClamAV have a ready-made way to avoid it. Use clamdscan instead.
Well, okay, it’s not quite that simple. The difference between these two tools is that plain clamscan loads its own virus database and does the processing itself whereas clamdscan is a thin client for the clamd daemon, which keeps its virus database in memory ready to use. So in order to use clamdscan, you need to have clamd running.
Installing clamd
If you’ve built from source you probably have everything you need to use clamd on your server though you won’t have a script in /etc/init.d to manage it as a service. Since all it needs to do is launch or kill the clamd process (/usr/local/sbin/clamd on my source build) you can easily crib one from your other init.d scripts. The meat of it should look something like this:-
2 4 6 8 10 12 14 16 18 | start) daemon/usr/local/sbin/clamd echo ;; echo-n'Stopping Clam AntiVirus Daemon: ' rm-f/var/run/clamav/clamd.sock RETVAL=$? [$RETVAL-eq0]&& rm -f /var/lock/subsys/clamd esac |
If you’ve installed a pre-packaged version you might find clamd isn’t part of the basic ClamAV package. On RHEL you need to add the clamd package as well:-
Or if you’re installing from the distribution media:-
Configuring clamd
If you’re lucky enough to be using the RHEL pre-canned build you’ll find /etc/clamd.conf pretty much good-to-go. Unlike clamscan though, where you can fine-tune a lot of scanning options, clamd will take those settings from this configuration file instead. So if you are using any exotic options you’ll need to make sure they’re set in this file. You might want to review the options in there anyway, perhaps to enable logging.
If you’ve built from source you might find clamd.conf lurking elsewhere – it’s in /usr/local/etc on my source build and named clamd.conf.sample. You’ll need to rename it and comment out the Example line at the top. You’ll also need to enable connections to it – you can use a local socket or a TCP/IP port by uncommenting the LocalSocket and TCPSocket options respectively. You might also want to enable the PidFile for your daemon management script.
Once it’s configured up, you just need to start the service:-
You might also want to make sure it automatically starts up when the server boots:-
Finally, if you’ve scripted up the freshclam command to keep your virus definitions up-to-date clamd won’t automatically pick up these changes. You can add the following command to your cron job, after freshclam has run, to get clamd to reload them:-
Using clamd
Once clamd is up and running don’t think (like I did!) that clamscan will magically find it and use it. You need to switch to using clamdscan instead:-
2 4 6 8 | myfile1.jar: OK myfile3.jar: OK ----------- SCAN SUMMARY ----------- Time: 0.800 sec (0 m 0 s) |
Much faster! When migrating any scripted clamscan commands over to using clamdscan remember that most of the command line options for configuring your scan won’t work any more – clamd will use the settings in clamd.conf – so you’ll need to make sure this file contains the common set of options you want to use.
Hi,I've been banging my head trying to figure this out on my own for the
better part of a day now. I'm running Amazon Linux, have got the
proper clamav packages installed to have the following stuff working.
* clamd is running
* clamscan runs from the command line
* clamdscan runs from the command line
However, clamdscan doesn't recursively crawl the file system, it only
seems to want to scan a single file.
Before i craft a 'find | xargs clamdscan' type of solution for this,
can I just get confirmation that recursive scanning with just
clamdscan is not possible?
I suspect that most people use clamdscan to do 'one off' scanning,
(mail servers, etc) In my use case I want to leverage clamd, so that I can take advantage
of the SysLogging capabilities of clamd, but I'm looking for more of a
traditional daily 'scan the entire file system' solution.
--
/John
_______________________________________________
Help us build a comprehensive ClamAV guide:
Clamav Mac Download
https://github.com/vrtadmin/clamav-faq
Clamav For Linux
http://www.clamav.net/contact.html#ml