Using clamscan to do your virus washing and tired of waiting for it to finish? Why not try new, improved clamdscan instead? It mightn’t wash whiter, but it’ll definitely wash quicker.
In Linux – Setting up ClamAV on RHEL we worked through installing the ClamAV antivirus package on Red Hat Enterprise Linux to support some simple, command-line virus checks:-
If your computer still has Mac OS X 10.6.8 to 10.9.5, you can use ClamXAV 2. Step 1 Find ClamXAV3.1.28690Installer.pkg in your Downloads Folder and double click it and follow the on-screen prompts to perform the installation. When asked for your admin name and password, these are the ones you use to log into your computer. Run sudo apt-get install clamav. Once ClamAv is installed you can set up a script for right click virus scanning in Nautilus. To update the virus database, open a terminal and enter the following command: sudo freshclam To automate this update you can set up a cron job. I'll show how to update the virus database every day at 8:57 AM.
2 4 6 8 10 12 | myfile.jar: OK ----------- SCAN SUMMARY ----------- Engine version: 0.98.4 Scanned files: 1 Data scanned: 0.29 MB Time: 12.771 sec (0 m 12 s) |
One thing kinda leaps out from this report – on my box this single file took around 13 seconds to process. As we’ve previously observed, processing multiple files in one batch definitely improves things:-
2 4 6 8 10 12 14 | myfile1.jar: OK myfile3.jar: OK ----------- SCAN SUMMARY ----------- Engine version: 0.98.4 Scanned files: 3 Data scanned: 0.29 MB Time: 15.916 sec (0 m 15 s) |
13 seconds for one file, 16 seconds for three makes it pretty obvious that clamscan is doing a lot of work when it starts up. This extra time is spent loading the virus database into memory and those nice people from ClamAV have a ready-made way to avoid it. Use clamdscan instead.
Well, okay, it’s not quite that simple. The difference between these two tools is that plain clamscan loads its own virus database and does the processing itself whereas clamdscan is a thin client for the clamd daemon, which keeps its virus database in memory ready to use. So in order to use clamdscan, you need to have clamd running.
Installing clamd
If you’ve built from source you probably have everything you need to use clamd on your server though you won’t have a script in /etc/init.d to manage it as a service. Since all it needs to do is launch or kill the clamd process (/usr/local/sbin/clamd on my source build) you can easily crib one from your other init.d scripts. The meat of it should look something like this:-
2 4 6 8 10 12 14 16 18 | start) daemon/usr/local/sbin/clamd echo ;; echo-n'Stopping Clam AntiVirus Daemon: ' rm-f/var/run/clamav/clamd.sock RETVAL=$? [$RETVAL-eq0]&& rm -f /var/lock/subsys/clamd esac |
If you’ve installed a pre-packaged version you might find clamd isn’t part of the basic ClamAV package. On RHEL you need to add the clamd package as well:-
Or if you’re installing from the distribution media:-
Configuring clamd
Clamav Mac Installer
If you’re lucky enough to be using the RHEL pre-canned build you’ll find /etc/clamd.conf pretty much good-to-go. Unlike clamscan though, where you can fine-tune a lot of scanning options, clamd will take those settings from this configuration file instead. So if you are using any exotic options you’ll need to make sure they’re set in this file. You might want to review the options in there anyway, perhaps to enable logging.
If you’ve built from source you might find clamd.conf lurking elsewhere – it’s in /usr/local/etc on my source build and named clamd.conf.sample. You’ll need to rename it and comment out the Example line at the top. You’ll also need to enable connections to it – you can use a local socket or a TCP/IP port by uncommenting the LocalSocket and TCPSocket options respectively. You might also want to enable the PidFile for your daemon management script.
Once it’s configured up, you just need to start the service:-
You might also want to make sure it automatically starts up when the server boots:-
Clamav Windows Download
Finally, if you’ve scripted up the freshclam command to keep your virus definitions up-to-date clamd won’t automatically pick up these changes. You can add the following command to your cron job, after freshclam has run, to get clamd to reload them:-
Using clamd
Once clamd is up and running don’t think (like I did!) that clamscan will magically find it and use it. You need to switch to using clamdscan instead:-
Clamav For Mac
2 4 6 8 | myfile1.jar: OK myfile3.jar: OK ----------- SCAN SUMMARY ----------- Time: 0.800 sec (0 m 0 s) |
Clamav Windows
Much faster! When migrating any scripted clamscan commands over to using clamdscan remember that most of the command line options for configuring your scan won’t work any more – clamd will use the settings in clamd.conf – so you’ll need to make sure this file contains the common set of options you want to use.