ClamAV VM by Anarion Technologies
ClamAV (Clam AntiVirus) is a robust, open-source antivirus engine designed to detect and mitigate malware and other malicious threats across various platforms. Originating from the need for a reliable and free security solution, ClamAV has become a popular choice for email scanning, web scanning, and endpoint security. It is known for its cross-platform compatibility, supporting multiple operating systems including Linux, Windows, and macOS, which makes it a versatile tool for a wide range of environments.
One of the standout features of ClamAV is its real-time scanning capability, allowing it to monitor and scan files on access, ensuring immediate detection of threats. This is particularly useful in environments where timely detection is critical to prevent the spread of malware. In addition to real-time scanning, ClamAV excels in mail gateway scanning, integrating seamlessly with mail servers to scan incoming and outgoing emails for malicious attachments and links, thus protecting users from phishing and other email-based attacks.
ClamAV is frequently updated, with its virus database receiving regular updates to keep pace with the ever-evolving landscape of cyber threats. This ensures that it remains effective against the latest malware and vulnerabilities. The engine also features a powerful command-line interface, providing users with the flexibility to integrate it into various systems and automate scanning tasks, making it ideal for both individual use and enterprise-level deployments.
ClamAV is often used in conjunction with other security tools to create a comprehensive defense strategy, leveraging its strengths to complement other protective measures. Maintained by Cisco Talos, a renowned security research group, ClamAV benefits from ongoing development and support, ensuring it remains a reliable tool in the fight against cyber threats. Whether used by individuals, small businesses, or large enterprises, ClamAV provides a robust and dependable solution for maintaining security and integrity in digital environments.
To subscribe to this product from Azure Marketplace and initiate an instance using the Azure compute service, follow these steps:
1. Navigate to Azure Marketplace and subscribe to the desired product.
2. Search for “virtual machines” and select “Virtual machines” under Services.
3. Click on “Add” in the Virtual machines page, which will lead you to the Create a virtual machine page.
4. In the Basics tab:
- Ensure the correct subscription is chosen under Project details.
- Opt for creating a new resource group by selecting “Create new resource group” and name it as “myResourceGroup.”
5. Under Instance details:
- Enter “myVM” as the Virtual machine name.
- Choose “East US” as the Region.
- Select “Ubuntu 18.04 LTS” as the Image.
- Leave other settings as default.
6. For Administrator account:
- Pick “SSH public key.”
- Provide your user name and paste your public key, ensuring no leading or trailing white spaces.
7. Under Inbound port rules > Public inbound ports:
- Choose “Allow selected ports.”
- Select “SSH (22)” and “HTTP (80)” from the drop-down.
8. Keep the remaining settings at their defaults and click on “Review + create” at the bottom of the page.
9. The “Create a virtual machine” page will display the details of the VM you’re about to create. Once ready, click on “Create.”
10. The deployment process will take a few minutes. Once it’s finished, proceed to the next section.
To connect to the virtual machine:
1. Access the overview page of your VM and click on “Connect.”
2. On the “Connect to virtual machine” page:
- Keep the default options for connecting via IP address over port 22.
- A connection command for logging in will be displayed. Click the button to copy the command. Here’s an example of what the SSH connection command looks like:
“`
ssh [email protected]
“`
3. Using the same bash shell that you used to generate your SSH key pair, you can either reopen the Cloud Shell by selecting >_ again
or going to https://shell.azure.com/bash.
4. Paste the SSH connection command into the shell to initiate an SSH session.
Usage/Deployment Instructions
Anarion Technologies – ClamAV
Note: Search product on Azure marketplace and click on “Get it now”
Click on Continue
Click on Create
Creating a Virtual Machine, enter or select appropriate values for zone, machine type, resource group and so on as per your choice.
After Process of Create Virtual Machine. You have got an Option Go to Resource Group Click Go to Resource Group
Copy the Public IP Address
SSH into your Terminal and run these following commands:
Verify ClamAVUser
Ensure that the clamav
user exists on your system. You can check this by running:
$ id clamav
If the user does not exist, you can create it with:
$ sudo useradd -r -s /bin/false clamav
Check Permissions
Make sure that the ClamAV user has the appropriate permissions for the directories and files it needs to access. You can change the ownership of ClamAV-related directories to the clamav
user by running:
$ sudo chown -R clamav:clamav /var/lib/clamav
$ sudo chown -R clamav:clamav /var/log/clamav
$ sudo chown -R clamav:clamav /var/run/clamav
Configuration Files
Verify thatthe ClamAV configuration files are set to use the clamav
user. The configuration files are usually located at /etc/clamav/clamd.conf
and /etc/clamav/freshclam.conf
. Check for the User
directive and ensure it is set to clamav
:
$ sudo nano /etc/clamav/clamd.conf
Look for:
User clamav
After making these changes, restart the ClamAV service:
$ sudo systemctl restart clamav-daemon
Ensure your ClamAV virus signatures are up to date.
Stop the ClamAV process:
$ sudo systemctl stop clamav-freshclam
Manually update the ClamAV signature database:
$ sudo freshclam
Restart the service to update the database in the background:
$ sudo systemctl start clamav-freshclam
Below are the most common options for using ClamAV clamscan
in the terminal.
Scan all files, starting from the current directory:
$ clamscan -r /
Scan files but only show infected files:
$ clamscan -r -i /path-to-folder
Scan files but don’t show OK
files:
$ clamscan -r -o /path-to-folder
Scan files and send results of infected files to a results file:
$ clamscan -r /path-to-folder | grep FOUND >> /path-folder/file.txt
Scan files and move infected files to a different directory:
$ clamscan -r –move=/path-to-folder /path-to-quarantine-folder
You can also create a cron job to run ClamAV scans automatically.
To learn more about clamscan options, check the manual:
$ man clamscan
Thankyou…