Anti-virus

The anti-virus portion of Warden is powered by ClamAV®. ClamAV is an open source anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.

Features

  • Command-line scanner
  • Milter interface for postfix
  • Advanced database updater with support for scripted updates and digital signatures
  • Virus database updated multiple times per day
  • Built-in support for all standard mail file formats
  • Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
  • Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
  • Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF

Updating signatures

Centos / RHEL users can manually run the freshclam command to update any ClamAV database signatures. On Centos/RHEL the freshcam command is run by a cron and on Debian/Ubuntu freshclam has its own running service.:

freshclam

Signatures are stored in the directory /var/lib/clamav.

Reporting Malware

If you have a virus that is not detected by ClamAV, please fill out https://www.clamav.net/reports/malware and the ClamAV Detection Content Team will review your submission and update the virus database.

Related Files

File Description
/etc/clamd.d/scan.conf Configuration file for ClamAV on Centos 7 / RHEL 7
/etc/clamd.conf Configuration file for ClamAV on Centos 6 / RHEL 6
/etc/clamav/clamd.conf Configuration file for ClamAV on Debian / Ubuntu
/etc/freshclam.conf Configuration file for ClamAV signature updates on Centos / RHEL
/etc/clamav/freshclam.conf Configuration file for ClamAV signature updates on Debian / Ubuntu