Additionally Linux Malware Detect can be configured to use ClamAV® when scanning and file monitoring. ClamAV is an open source anti-virus engine used in a variety of situations including web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.
Centos / RHEL users can manually run the freshclam command to update any ClamAV database signatures. On Centos/RHEL the freshcam command is run by a cron and on Debian/Ubuntu freshclam has its own running service.:
Signatures are stored in the directory
We supplement the ClamAV signtures with Malware Expert PHP signatures. You can remove these signatures by going to
Signature Settings ->
Database custom URLs.
http://cdn.malware.expert/malware.expert.ndb - A generic Hex pattern PHP malware, which can cause false positive alarms, because there are generic eval, base64 and other hex pattern signatures (very low false positive rate).
http://cdn.malware.expert/malware.expert.hdb - Static MD5 pattern for files, and there are no false positive.
http://cdn.malware.expert/malware.expert.ldb - LDB signatures which use multi-words search for malware in files.
http://cdn.malware.expert/malware.expert.fp - False positives.
If you have a virus that is not detected by ClamAV, please fill out https://www.clamav.net/reports/malware and the ClamAV Detection Content Team will review your submission and update the virus database.
||Configuration file for ClamAV on Centos 7 / RHEL 7|
||Configuration file for ClamAV on Centos 6 / RHEL 6|
||Configuration file for ClamAV on Debian / Ubuntu|
||Configuration file for ClamAV signature updates on Centos / RHEL|
||Configuration file for ClamAV signature updates on Debian / Ubuntu|