×

Warning

JUser: :_load: Unable to load user with ID: 3246
Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 06 January 2009 10:26

Clam anti-virus on Ubuntu

By
There are quite a few anti-virus packages that work with Linux, such as ClamAV, AVG, Avast!, Panda, NOD32, Avira, F-Prot, Kaspersky, eScan and Sophos. I got these names from a quick Google search and it may not be an exhaustive list. Most of those packages are proprietary, some are free and open source. Many of them charge licence fees. However, this article is about ClamAV, so lets get on with it!

Ordinarily I don't use anti-virus software on my Linux machines. If I can't get infected by viruses, trojans and spyware that is designed for Windows, and there is effectively none of this malware that is targeted towards Linux, why would I bother?

Well, sometimes I work with Windows users and have to fix their machines. Using ClamAV, I am able to scan their machines and get rid of most, if not all, of their infections. It is also useful for scanning USB keys and digital cameras and iPods.

Cameras and iPods? Huh?

When I worked in China, I fixed any number of machines that had become infected by their owners taking photos, then taking the memory cards out and plugging them into an infected photo printing machine (and most, if not all of these seem to be infected with something even in Australia. As an aside many of these photo printing machines run Windows NT4 and often don't run anti-virus software). They'd then put the memory card, now carrying lots of nasties, back into the camera and then plug that into their laptop, infecting it.

Same with iPods in disk mode. Plug it into someone's laptop or PC, get infected, then transfer the infection back to your own laptop or PC. I'd get the call when they could no longer use their laptops.

USB keys are notoriously good for this too. In fact, just a few weeks ago, while transferring a group assignment presentation file from a fellow student's laptop onto mine, I noticed that his USB key was infected. Ironically as he was an international student, it was infected with malware that I had encountered in China! I was very glad to be using Linux.

I have also read news stories that digital photo frames, being USB based, can achieve the same thing. Although the chance of infecting a second machine is pretty remote (they aren't the sort of thing that gets carried around a lot and plugged into lots of different machines), the problem with these is this: you don't change the photos often.

So for arguments sake, say your machine gets infected, then you load up some photos and leave the display frame for six months. In that time you have noticed the infection on your machine and cleaned it. But the next time that you plug in your display frame, you reinfect the machine! Yes, hopefully your AV software will now be updated, know about that particular malware and pick it up and warn you, but do you really trust it that much?

Anyway, as much as I love to discuss infection vectors...onto ClamAV and Ubuntu on Page 2


To make it actually useful, there are two components to install: clamav and nautilus-clamscan. The first is the actual ClamAV application, including the automatic updating mechanism, and the second is the integration with Nautilus which enables you to right-click on files and folders and select "Scan for viruses".

Go to System, Administration, Synaptic Package Manager. Click on Search and type in clamav. You'll see clamav appear. Right-click on it and select "Mark for Installation". You might have to accept some other required packages; click Mark. Click on Search again and type in nautilus-clamscan. When that appears (it should be all alone), right-click on it and select "Mark for Installation". It too, might have some dependancies.

Click on Apply and wait for the packages to download and install. clamav-base (one of the dependancies) is quite large at about 19.5MB so depending on your Internet connection, it might take a while to download.

When the installation has finished, you should be able to right-click on a file or folder and select "Scan for viruses". How long it takes will depend on the size of the files that you are scanning.

ClamAV comes with its own updater that works in the background; you never see it doing anything. I believe that it looks for updates every 4 hours or so. If you want to check that it is up to date, start a Command Line Interface and type in "sudo freshclam" and your password. It should tell you that everything is up to date, unless of course that an update has been released between checks, then it will download and install the update.

You can also invoke the scanner from the command line. Simply move into the directory which you want to scan and type in "clamscan". "clamscan -h" gives quite a few options which may be worth looking at too, including -v for verbose mode, and -r for recursive scanning into sub-directories.

Installing and scanning can be used equally well on an installed system and from the LiveCD. In fact, quite often when in China cleaning a client's laptop involved booting the LiveCD and double-clicking on the icon for their hard disk drive, which mounts it so it is accessible from Linux. Then I would establish an Internet connection (often I worked with backpackers in cafes with open wireless connections), install and update ClamAV and scan their Windows hard disk.

No one anti-virus system is perfect, and I am not positing that ClamAV is perfect. However in my experience it has been enough to get a non-booting infected Windows system clean enough to boot up and continue the cleanup process often using other tools such as AVG anti-virus and anti-spyware, Spy-Bot, AdAware and HijackThis.

As always, please leave feedback, comments and questions. However, I will only respond to comments left on iTWire article discussion forums. The direct link for this article is here.

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments