Anti-virus

The anti-virus portion of Warden is powered by ClamAV®. ClamAV is an open source anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.

Features

  • Command-line scanner
  • Advanced database updater with support for scripted updates and digital signatures
  • Virus database updated multiple times per day
  • Built-in support for all standard mail file formats
  • Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
  • Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
  • Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF

Restarting ClamAV

Centos / RHEL / CloudLinux

// restart clamav
systemctl restart clamd@scan

// restart freshclam (Centos /RHEL / Cloudlinux 8 only)
systemctl restart clamav-freshclam

Debian / Ubuntu

// restart clamav
systemctl restart clamav-daemon

// restart freshclam
systemctl restart clamav-freshclam

Updating signatures

Centos/RHEL/Cloudlinux 7 users can manually run the freshclam command to update any ClamAV database signatures. On Centos/RHEL/Cloulinux 7 the freshcam command is run by a cron and on Centos/RHEL/Cloulinux 8 and Debian/Ubuntu freshclam has its own running service:

// Centos/RHEL/Cloudlinux 7 
freshclam
// Centos /RHEL/Cloudlinux 8 and Debian/Ubuntu
systemctl status clamav-freshclam

Signatures are stored in the directory /var/lib/clamav.

Reloading signatures

You can tell the ClamAV daemon to reload its signtures using the command:

clamdscan --reload

Reporting Malware

If you have a virus that is not detected by ClamAV, please fill out https://www.clamav.net/reports/malware and the ClamAV Detection Content Team will review your submission and update the virus database.

Related Files

File Description
/etc/clamd.d/scan.conf Configuration file for ClamAV on Centos/RHEL/Cloudlinux
/etc/clamav/clamd.conf Configuration file for ClamAV on Debian/Ubuntu
/etc/freshclam.conf Configuration file for ClamAV signature updates on Centos/RHEL/Cloudlinux
/etc/clamav/freshclam.conf Configuration file for ClamAV signature updates on Debian/Ubuntu