Pages

Showing posts with label clamav. Show all posts
Showing posts with label clamav. Show all posts

Tuesday, April 18, 2017

The GUI for Clam antivirus - clamtk .

Today I will show you how to use a GUI for clam antivirus named clamtk.
The ClamTk is a graphical front-end for ClamAV using Perl and Gtk libraries.
[root@localhost mythcat]# dnf search clamtk
Last metadata expiration check: 1:24:49 ago on Tue Apr 18 17:01:00 2017.
============================= N/S Matched: clamtk ==============================
clamtk.noarch : Easy to use graphical user interface for Clam anti virus
First, you need to install it, see all packages need by this GUI:
[root@localhost mythcat]# dnf install clamtk.noarch 
Last metadata expiration check: 1:31:00 ago on Tue Apr 18 17:01:00 2017.
Dependencies resolved.
================================================================================
 Package                     Arch       Version               Repository   Size
================================================================================
Installing:
 clamtk                      noarch     5.24-1.fc25           updates     218 k
 perl-Cairo                  x86_64     1.106-3.fc25          fedora      125 k
 perl-File-Listing           noarch     6.04-13.fc25          fedora       17 k
 perl-Glib                   x86_64     1.321-2.fc25          fedora      364 k
 perl-Gtk2                   x86_64     1.2498-3.fc25         fedora      1.8 M
 perl-HTTP-Cookies           noarch     6.01-13.fc25          fedora       29 k
 perl-HTTP-Negotiate         noarch     6.01-13.fc25          fedora       21 k
 perl-JSON                   noarch     2.90-7.fc25           fedora       98 k
 perl-LWP-Protocol-https     noarch     6.07-1.fc25           updates      16 k
 perl-Locale-gettext         x86_64     1.07-4.fc25           fedora       26 k
 perl-NTLM                   noarch     1.09-13.fc25          fedora       23 k
 perl-Net-HTTP               noarch     6.13-1.fc25           updates      41 k
 perl-Pango                  x86_64     1.227-3.fc25          fedora      190 k
 perl-Test-Simple            noarch     1.302062-1.fc25       fedora      410 k
 perl-Text-CSV               noarch     1.91-4.fc25           updates     103 k
 perl-Time-Piece             x86_64     1.31-385.fc25         updates      88 k
 perl-WWW-RobotRules         noarch     6.02-14.fc25          fedora       22 k
 perl-libwww-perl            noarch     6.15-3.fc25           fedora      208 k

Transaction Summary
================================================================================
Install  18 Packages

Total download size: 3.7 M
Installed size: 10 M
Is this ok [y/N]: y
Downloading Packages:
(1/18): clamtk-5.24-1.fc25.noarch.rpm           517 kB/s | 218 kB     00:00    
(2/18): perl-Glib-1.321-2.fc25.x86_64.rpm       662 kB/s | 364 kB     00:00    
(3/18): perl-Locale-gettext-1.07-4.fc25.x86_64. 296 kB/s |  26 kB     00:00    
(4/18): perl-Gtk2-1.2498-3.fc25.x86_64.rpm      2.3 MB/s | 1.8 MB     00:00    
(5/18): perl-libwww-perl-6.15-3.fc25.noarch.rpm 1.4 MB/s | 208 kB     00:00    
(6/18): perl-JSON-2.90-7.fc25.noarch.rpm        181 kB/s |  98 kB     00:00    
(7/18): perl-Cairo-1.106-3.fc25.x86_64.rpm      439 kB/s | 125 kB     00:00    
(8/18): perl-Pango-1.227-3.fc25.x86_64.rpm      1.7 MB/s | 190 kB     00:00    
(9/18): perl-File-Listing-6.04-13.fc25.noarch.r 204 kB/s |  17 kB     00:00    
(10/18): perl-HTTP-Cookies-6.01-13.fc25.noarch. 375 kB/s |  29 kB     00:00    
(11/18): perl-HTTP-Negotiate-6.01-13.fc25.noarc 250 kB/s |  21 kB     00:00    
(12/18): perl-Test-Simple-1.302062-1.fc25.noarc 1.5 MB/s | 410 kB     00:00    
(13/18): perl-NTLM-1.09-13.fc25.noarch.rpm      160 kB/s |  23 kB     00:00    
(14/18): perl-WWW-RobotRules-6.02-14.fc25.noarc 168 kB/s |  22 kB     00:00    
(15/18): perl-Net-HTTP-6.13-1.fc25.noarch.rpm   315 kB/s |  41 kB     00:00    
(16/18): perl-Time-Piece-1.31-385.fc25.x86_64.r 638 kB/s |  88 kB     00:00    
(17/18): perl-LWP-Protocol-https-6.07-1.fc25.no  77 kB/s |  16 kB     00:00    
(18/18): perl-Text-CSV-1.91-4.fc25.noarch.rpm   297 kB/s | 103 kB     00:00    
--------------------------------------------------------------------------------
Total                                           1.3 MB/s | 3.7 MB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : perl-Glib-1.321-2.fc25.x86_64                              1/18 
  Installing  : perl-Net-HTTP-6.13-1.fc25.noarch                           2/18 
  Installing  : perl-Cairo-1.106-3.fc25.x86_64                             3/18 
  Installing  : perl-Pango-1.227-3.fc25.x86_64                             4/18 
  Installing  : perl-Time-Piece-1.31-385.fc25.x86_64                       5/18 
  Installing  : perl-Text-CSV-1.91-4.fc25.noarch                           6/18 
  Installing  : perl-WWW-RobotRules-6.02-14.fc25.noarch                    7/18 
  Installing  : perl-NTLM-1.09-13.fc25.noarch                              8/18 
  Installing  : perl-HTTP-Negotiate-6.01-13.fc25.noarch                    9/18 
  Installing  : perl-HTTP-Cookies-6.01-13.fc25.noarch                     10/18 
  Installing  : perl-File-Listing-6.04-13.fc25.noarch                     11/18 
  Installing  : perl-libwww-perl-6.15-3.fc25.noarch                       12/18 
  Installing  : perl-LWP-Protocol-https-6.07-1.fc25.noarch                13/18 
  Installing  : perl-Test-Simple-1.302062-1.fc25.noarch                   14/18 
  Installing  : perl-Gtk2-1.2498-3.fc25.x86_64                            15/18 
  Installing  : perl-Locale-gettext-1.07-4.fc25.x86_64                    16/18 
  Installing  : perl-JSON-2.90-7.fc25.noarch                              17/18 
  Installing  : clamtk-5.24-1.fc25.noarch                                 18/18 
  Verifying   : clamtk-5.24-1.fc25.noarch                                  1/18 
  Verifying   : perl-Glib-1.321-2.fc25.x86_64                              2/18 
  Verifying   : perl-Gtk2-1.2498-3.fc25.x86_64                             3/18 
  Verifying   : perl-JSON-2.90-7.fc25.noarch                               4/18 
  Verifying   : perl-Locale-gettext-1.07-4.fc25.x86_64                     5/18 
  Verifying   : perl-libwww-perl-6.15-3.fc25.noarch                        6/18 
  Verifying   : perl-Cairo-1.106-3.fc25.x86_64                             7/18 
  Verifying   : perl-Pango-1.227-3.fc25.x86_64                             8/18 
  Verifying   : perl-Test-Simple-1.302062-1.fc25.noarch                    9/18 
  Verifying   : perl-File-Listing-6.04-13.fc25.noarch                     10/18 
  Verifying   : perl-HTTP-Cookies-6.01-13.fc25.noarch                     11/18 
  Verifying   : perl-HTTP-Negotiate-6.01-13.fc25.noarch                   12/18 
  Verifying   : perl-NTLM-1.09-13.fc25.noarch                             13/18 
  Verifying   : perl-WWW-RobotRules-6.02-14.fc25.noarch                   14/18 
  Verifying   : perl-Net-HTTP-6.13-1.fc25.noarch                          15/18 
  Verifying   : perl-LWP-Protocol-https-6.07-1.fc25.noarch                16/18 
  Verifying   : perl-Text-CSV-1.91-4.fc25.noarch                          17/18 
  Verifying   : perl-Time-Piece-1.31-385.fc25.x86_64                      18/18 

Installed:
  clamtk.noarch 5.24-1.fc25                                                     
  perl-Cairo.x86_64 1.106-3.fc25                                                
  perl-File-Listing.noarch 6.04-13.fc25                                         
  perl-Glib.x86_64 1.321-2.fc25                                                 
  perl-Gtk2.x86_64 1.2498-3.fc25                                                
  perl-HTTP-Cookies.noarch 6.01-13.fc25                                         
  perl-HTTP-Negotiate.noarch 6.01-13.fc25                                       
  perl-JSON.noarch 2.90-7.fc25                                                  
  perl-LWP-Protocol-https.noarch 6.07-1.fc25                                    
  perl-Locale-gettext.x86_64 1.07-4.fc25                                        
  perl-NTLM.noarch 1.09-13.fc25                                                 
  perl-Net-HTTP.noarch 6.13-1.fc25                                              
  perl-Pango.x86_64 1.227-3.fc25                                                
  perl-Test-Simple.noarch 1.302062-1.fc25                                       
  perl-Text-CSV.noarch 1.91-4.fc25                                              
  perl-Time-Piece.x86_64 1.31-385.fc25                                          
  perl-WWW-RobotRules.noarch 6.02-14.fc25                                       
  perl-libwww-perl.noarch 6.15-3.fc25                                           

Complete!
By using the mouse with a double-click you can make changes into anti-virus settings.
The first step when opening ClamTK GUI is to select "Update Assistant".
You can choose "I would like to update signatures myself".
You should go back to the home screen of ClamTK and click "Settings"
Also, you can use this GUI to scan, update and analysis your operating system.

Wednesday, March 15, 2017

Fedora 25: First test with clamav antivirus.

This is a short tutorial about how to use ClamAV antivirus on Fedora 25.
First, you need to install it with this commands:
[root@localhost mythcat]# dnf install clamav.x86_64 
...

[root@localhost mythcat]# dnf install clamav-update.x86_64
...
Make settings into your /etc/freshclam.conf file. I used awk tool to show you my settings from /etc/freshclam.conf:
[root@localhost mythcat]# awk -F: '/^[^#]/ { print $1 }' /etc/freshclam.conf | uniq 
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
LogRotate yes
DatabaseOwner clamupdate
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 5
ScriptedUpdates yes
DetectionStatsCountry country-code
SafeBrowsing yes
Update the ClamAV antivirus with :
[root@localhost mythcat]# /usr/bin/freshclam
ClamAV update process started at Wed Mar 15 13:42:07 2017
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
WARNING: getfile: daily-21724.cdiff not found on database.clamav.net (IP: 195.30.97.3)
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
Trying host database.clamav.net (212.7.0.71)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 212.7.0.71)
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 23205, sigs: 1789155, f-level: 63, builder: neo)
Downloading safebrowsing.cvd [100%]
safebrowsing.cvd updated (version: 45693, sigs: 2756150, f-level: 63, builder: google)
Downloading bytecode-279.cdiff [100%]
Downloading bytecode-280.cdiff [100%]
Downloading bytecode-281.cdiff [100%]
Downloading bytecode-282.cdiff [100%]
Downloading bytecode-283.cdiff [100%]
Downloading bytecode-284.cdiff [100%]
Downloading bytecode-285.cdiff [100%]
Downloading bytecode-286.cdiff [100%]
Downloading bytecode-287.cdiff [100%]
Downloading bytecode-288.cdiff [100%]
Downloading bytecode-289.cdiff [100%]
Downloading bytecode-290.cdiff [100%]
Downloading bytecode-291.cdiff [100%]
bytecode.cld updated (version: 291, sigs: 55, f-level: 63, builder: neo)
Database updated (8764150 signatures) from database.clamav.net (IP: 157.25.5.183)
Now you can run it on Fedora 25 folder with this.
[root@localhost mythcat]# clamscan 
/home/mythcat/.bash_logout: OK
/home/mythcat/.bash_profile: OK
...
----------- SCAN SUMMARY -----------
Known viruses: 8758441
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 54
Infected files: 0
Data scanned: 71.80 MB
Data read: 189.96 MB (ratio 0.38:1)
Time: 13.968 sec (0 m 13 s)
This tool comes with many options and features for Fedora workstations and server. Just read the documentation and make your changes. To check all files on the computer, but only display infected files and ring a bell when found:
clamscan -r --bell -i / 
To check files in the all users home directories:
clamscan -r /home 
If you got this error:
LibClamAV Warning: fmap_readpage: pread fail: ... 
Then this comes from sysfs and is a virtual file system provided by the Linux kernel and need to be excluded with this arg:
--exclude-dir="^/sys"
--exclude-dir=^/sys  --exclude-dir=^/dev --exclude-dir=^/proc 
My result of scan ( the file FOUND is not a virus) :
/home/mythcat/devil-linux-1.8.0-rc2-x86_64/install-on-usb.exe: Win.Trojan.Delfiles-17 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 9042471
Engine version: 0.99.2
Scanned directories: 98653
Scanned files: 570740
Infected files: 1
Data scanned: 29750.14 MB
Data read: 48591.70 MB (ratio 0.61:1)
Time: 3819.053 sec (63 m 39 s)