(Take the quote marks (") out when installing the repository)
install
clamav
clamav-db
clamtk gui this needs perl
Klamav (kde3) you need this to for Kmail integration/screening config
install the Clamav addon for firefox (Fireclam) for download screening
Having done this
goto yast System Services (runlevel) expert mode
Configure
Clamav-milter B 2 3 5 and start
clamd B 2 3 5 and start
save and finish
I want to add that most Linux users do not run Clamav or any other AV software (apart from the fact that Linux is allready a good AV tool in itself). Only eception is when they have to deal with files coming and going from/to Windows systems and thus want to suppress Windows viruses as a service to the poor Windows users.
So before you install Anti Vurus, please be sure you need it.
Hi Henk
I was of the same opinion up to recently when I tested google chromium…just for one day then I got rid of it. Chromium imported a trojan !!! which I found via clamav (which I installed for test purposes).
Then I looked at the clamav virus database. … the number of linux viruses made me write this howto.
Thanks for the comment.
cheers Otto
Nice that people say they exist. But I haven’t seen one case here on the forums. And look around on the Internet and try to gather a list of Linux viruses that did harm to the system (and please report here, I and many others here would be interested.
But of course, everybody is free to install one or more of those packages.
FWIW, I run Avast A-V as a weekly cron that scanning user data folders.
Much easier to configure than ClamAV, comes with a GUI interface, virus database updates daily if desired.
Its called Avast for Linux or Avast for Workstations.
No I don’t think so for Kmail or Firefox but I’ve never tried it.
Check the Avast web site to see it they’ve integrated direct email support.
Firefox has been so slow lately that I’m not sticking anything in there to slow it down.
I just run the weekly cron to update the virus defs and scan the folders.
Sometimes I run an individual file scans if I want to move a Windows file just downloaded.
As others wrote its mostly for the Windows files I download in Linux that I run the scan.
The danger isn’t from Linux viruses, the danger is from infected Windows files and OS independent files like .pdf, .jpg, mpg, etc.
While a virus could be hidden in a .pdf or .jpg file it wouldn’t run on Linux but that same file might infect your Windows box.
otto oz wrote:
> Hi Henk
> I was of the same opinion up to recently when I tested google
> chromium…just for one day then I got rid of it. Chromium imported a
> trojan !!! which I found via clamav (which I installed for test
> purposes).
no! chromium didn’t import a trojan, instead ClamAV looked at chromium
and incorrectly decided that chromium itself was a trojan!
> Then I looked at the clamav virus database. … the number of linux
> viruses made me write this howto.
please provide here a link to the list of Linux viruses which ClamAV
looks for…
i’d be VERY interested in seeing that list…because i’ve been using
Linux since 1998 or so and so far i’ve never seen the name of ONE,
much less a list of viruses which attack Linux systems
please stop acting like a proprietary-pusher trying to FUD up the
Linuxscape…
there are no known Linux viruses…sure there are root kits readily
available–but as far as i know ClamAV has no idea how to look for
those!! for the non-windows user ClamAV is nothing more than a cpu
cycle waster.
I guess it’s time again to post that Unix/Linux virus:
From: bad guy
To: gullible user
Subject: Unix/Linux honor system virus
Dear user,
Please delete 10 files at random from your directories and forward this email to 10 of your friends.
Thank you
Now we have talked enough about the unusefullness of installing Clamav at all, I like to return to the technical side of your thread.
In my openSUSE 11.2 system the package clamav is in the OSS repo. I have no doubt that it will draw in all dependancies it might need when I would try to install it.
Can you explain why you decided for going somewhere else and install it “the hard way” instead of the “simple” openSUSE way? Isn’t it in openSUSE 11.3 or what?
A Howto should at least explain to the noob and guru alike why one should not install a package as usual and revert to the way you point to.
ken yap wrote:
> Please delete 10 files at random from your directories and forward this email to 10 of your friends.
oh man!
you are mean and sneaky!!
your virus just killed my system!
i didn’t do anything but now i can’t control it…
it keeps sending emails to all my friends telling them to buy some
pills to make something grow!
oh woe is me!
i guess it is high time i installed ClamAV Professional Super Delux
Ultimate Enterprise 2010
:\ From time to time the scan finds a virus in a downloaded Windows files and once long ago in tar.gz or something, but never in Linux file.
Unimportant files, lol! like try_me_win_app.iso or try_win_app.zip, not corrected are deleted.
Last, windows files are rescanned by A-V utilities from Windows before use.
I used this repository because it had the more recent version of clamav-db
“http://download.opensuse.org/repositories/security/SLE_10/”
So if you install what is in your current repositories including KDE3 Klam and the firefox addon …it should all work.
Still check the runlevels in yast to ensure that the daemons will start at boot.
I added the perl repository to see what Clamtk looks like and to give options what to use for scanning.
Also you may want to update to 11.3
Just a comment to the replies above. I installed clamav after I got rid of chromium and found the trojan in chromium cache.
URL for Clamav Clam AntiVirus
Whilst I think Linux is by far saver re viruses than windows, that will not last forever. I did not write this HOWTO to scare people, just to make them aware.
Just install clamav from the oss repo, and make sure the “freshclam” service is enabled. This will
periodically download and update the database to the latest.
And the engine itself is updated via the standard update method (zypper patch, YOU…).
> Just a comment to the replies above. I installed clamav after I got
> rid of chromium and found the trojan in chromium cache.
You have already been told that this is false. It is a false positive on chromium itself.
>
> Whilst I think Linux is by far saver re viruses than windows, that will
> not last forever. I did not write this HOWTO to scare people, just to
> make them aware.
Then use the correct info.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))
Lots of references there. Henk is right when he says that Linux is an AV environment by itself - but it is not immune. For those of us who believe that it is “better safe than sorry”, and who don’t mind wasting a few cpu cycles, ClamAV is a reputable product. I do like your point about rootkits, as they have been more “successful” on the Linux platform (or at least, I think they have been). There are plenty of examples of rights escalation by web page scripts now - even on Linux - that we should all keep this in mind. Having some software to “look over my shoulder” is welcome in my office.
so, i will install ClamAV tonight…or, tomorrow… or …
check back with me in a couple of years and ask if i’ve installed it
yet…
in all fairness, i am the only user of this machine, i exercise pretty
good physical control and am more than a little careful with the
security ‘thing’…
i’m thinking someday i might decide to install an AV program, but this
is not that day.
