{"id":10414,"date":"2021-09-14T23:39:36","date_gmt":"2021-09-14T20:39:36","guid":{"rendered":"https:\/\/kifarunix.com\/?p=10414"},"modified":"2024-03-18T14:00:28","modified_gmt":"2024-03-18T11:00:28","slug":"install-clamav-on-debian-11","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-clamav-on-debian-11\/","title":{"rendered":"Install ClamAV on Debian 11"},"content":{"rendered":"\n<p>In this tutorial, we are going to learn how to Install ClamAV on Debian 11.&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.clamav.net\/\" target=\"_blank\">ClamAV<\/a>&nbsp;is an open source antivirus engine for detecting trojans, viruses, malware, adwares, rootkits and other malicious threats.<\/p>\n\n\n\n<p>Some of the features of ClamAV include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>built-in support for various archive formats, including Zip, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others.<\/li>\n\n\n\n<li>built-in support for almost all mail file formats<\/li>\n\n\n\n<li>built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others;<\/li>\n\n\n\n<li>built-in support for popular document formats including Microsoft Office and Mac Office files, HTML, RTF and PDF.<\/li>\n\n\n\n<li>support multiple signature languages such as hash-based signature matching, wildcards, boolean logic and any custom rules written in Bytecode language.<\/li>\n<\/ul>\n\n\n\n<p>ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. One of its main uses is on mail servers as a server-side email virus scanner.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing ClamAV on Debian 11<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Update System Package Cache<\/h3>\n\n\n\n<p>To begin with, update system package cache.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install ClamAV<\/h3>\n\n\n\n<p>As of this writing, the default Debian 11 repositories provides ClamAV version: 0.103.2.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt-cache policy clamav clamav-daemon<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nclamav:\n  Installed: 0.103.2+dfsg-2\n  Candidate: 0.103.2+dfsg-2\n  Version table:\n *** 0.103.2+dfsg-2 500\n        500 http:\/\/deb.debian.org\/debian bullseye\/main amd64 Packages\n        100 \/var\/lib\/dpkg\/status\nclamav-daemon:\n  Installed: 0.103.2+dfsg-2\n  Candidate: 0.103.2+dfsg-2\n  Version table:\n *** 0.103.2+dfsg-2 500\n        500 http:\/\/deb.debian.org\/debian bullseye\/main amd64 Packages\n        100 \/var\/lib\/dpkg\/status\n\n<\/code><\/pre>\n\n\n\n<p>The current stable release is version <strong><a href=\"https:\/\/www.clamav.net\/downloads\" target=\"_blank\" rel=\"noreferrer noopener\">0.104.0<\/a><\/strong>.<\/p>\n\n\n\n<p>Thus, in order to ensure that you are running the latest version of ClamAV, you need to build and install from sources.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Install ClamAV from Sources on Debian 11<\/h4>\n\n\n\n<p>Install required package dependencies and build tools.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install -y gcc make pkg-config python3 python3-pip python3-pytest valgrind \\\ncheck libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev sudo \\\nlibncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev cmake<\/code><\/pre>\n\n\n\n<p>Create ClamAV &nbsp;service account;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -r -M -d \/var\/lib\/clamav -s \/bin\/false -c \"Clam Antivirus\" clamav<\/code><\/pre>\n\n\n\n<p>Navigate to <a href=\"https:\/\/www.clamav.net\/downloads\" target=\"_blank\" rel=\"noreferrer noopener\">clamav.net downloads page<\/a> and download source code. You can run the command below to download it the current stable release version as of this writing.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>VER=<strong>0.104.0<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/www.clamav.net\/downloads\/production\/clamav-$VER.tar.gz<\/code><\/pre>\n\n\n\n<p>Extract the source code, compile and install ClamAV.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf clamav-$VER.tar.gz<\/code><\/pre>\n\n\n\n<p>Build and install ClamAV;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd clamav-$VER<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir build &amp;&amp; cd build<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake .. \\\n    -D CMAKE_INSTALL_PREFIX=\/usr \\\n    -D CMAKE_INSTALL_LIBDIR=lib \\\n    -D APP_CONFIG_DIRECTORY=\/etc\/clamav \\\n    -D DATABASE_DIRECTORY=\/var\/lib\/clamav \\\n    -D ENABLE_JSON_SHARED=OFF<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake --build .<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ctest<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nTest project \/root\/clamav-0.104.0\/build\n      Start  1: libclamav\n 1\/10 Test  #1: libclamav ........................   Passed    8.22 sec\n      Start  2: libclamav_valgrind\n 2\/10 Test  #2: libclamav_valgrind ...............   Passed   67.93 sec\n      Start  3: clamscan\n 3\/10 Test  #3: clamscan .........................   Passed    2.64 sec\n      Start  4: clamscan_valgrind\n 4\/10 Test  #4: clamscan_valgrind ................   Passed   35.01 sec\n      Start  5: clamd\n 5\/10 Test  #5: clamd ............................   Passed   10.02 sec\n      Start  6: clamd_valgrind\n 6\/10 Test  #6: clamd_valgrind ...................   Passed   46.44 sec\n      Start  7: freshclam\n 7\/10 Test  #7: freshclam ........................   Passed    2.03 sec\n      Start  8: freshclam_valgrind\n 8\/10 Test  #8: freshclam_valgrind ...............   Passed   20.16 sec\n      Start  9: sigtool\n 9\/10 Test  #9: sigtool ..........................   Passed    0.46 sec\n      Start 10: sigtool_valgrind\n10\/10 Test #10: sigtool_valgrind .................   Passed    1.23 sec\n\n100% tests passed, 0 tests failed out of 10\n\nTotal Test time (real) = 194.14 sec\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cmake --build . --target install<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring ClamAV<\/h3>\n\n\n\n<p>Once the installation is done, you need to configure ClamAV.<\/p>\n\n\n\n<p>There are three main configs;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>freshclam.conf<\/code> required for FreshClam<\/li>\n\n\n\n<li>&nbsp;<code>clamd.conf<\/code>&nbsp;required  by ClamD<\/li>\n\n\n\n<li>&nbsp;<code>clamav-milter.conf<\/code>&nbsp;required by ClamAV-Milter if you enabled ClamAV support for mail filtering (we didnt do that in this setup).<\/li>\n<\/ul>\n\n\n\n<p>From our installation, we set ClamAV to store the configs on <code>\/etc\/clamav<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -1 \/etc\/clamav\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>clamav-milter.conf.sample\nclamd.conf.sample\nfreshclam.conf.sample<\/code><\/pre>\n\n\n\n<p>Update these configs as follows;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/clamav\/freshclam.conf << 'EOL'\nDatabaseOwner clamav\nUpdateLogFile \/var\/log\/clamav\/freshclam.log\nLogVerbose false\nLogSyslog false\nLogFacility LOG_LOCAL6\nLogFileMaxSize 0\nLogRotate true\nLogTime true\nForeground false\nDebug false\nMaxAttempts 5\nDatabaseDirectory \/var\/lib\/clamav\nDNSDatabaseInfo current.cvd.clamav.net\nConnectTimeout 30\nReceiveTimeout 0\nTestDatabases yes\nScriptedUpdates yes\nCompressLocalDatabase no\nBytecode true\nNotifyClamd \/etc\/clamav\/clamd.conf\nChecks 24\nDatabaseMirror db.local.clamav.net\nDatabaseMirror database.clamav.net\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/clamav\/clamd.conf << 'EOL'\nLocalSocket \/var\/run\/clamav\/clamd.ctl\nFixStaleSocket true\nLocalSocketGroup clamav\nLocalSocketMode 666\nUser clamav\nScanMail true\nScanArchive true\nArchiveBlockEncrypted false\nMaxDirectoryRecursion 15\nFollowDirectorySymlinks false\nFollowFileSymlinks false\nReadTimeout 180\nMaxThreads 12\nMaxConnectionQueueLength 15\nLogSyslog false\nLogRotate true\nLogFacility LOG_LOCAL6\nLogClean false\nLogVerbose false\nPreludeEnable no\nPreludeAnalyzerName ClamAV\nDatabaseDirectory \/var\/lib\/clamav\nOfficialDatabaseOnly false\nSelfCheck 3600\nForeground false\nDebug false\nScanPE true\nMaxEmbeddedPE 10M\nScanOLE2 true\nScanPDF true\nScanHTML true\nMaxHTMLNormalize 10M\nMaxHTMLNoTags 2M\nMaxScriptNormalize 5M\nMaxZipTypeRcg 1M\nScanSWF true\nExitOnOOM false\nLeaveTemporaryFiles false\nAlgorithmicDetection true\nScanELF true\nIdleTimeout 30\nCrossFilesystems true\nPhishingSignatures true\nPhishingScanURLs true\nPhishingAlwaysBlockSSLMismatch false\nPhishingAlwaysBlockCloak false\nPartitionIntersection false\nDetectPUA false\nScanPartialMessages false\nHeuristicScanPrecedence false\nStructuredDataDetection false\nCommandReadTimeout 30\nSendBufTimeout 200\nMaxQueue 100\nExtendedDetectionInfo true\nOLE2BlockMacros false\nAllowAllMatchScan true\nForceToDisk false\nDisableCertCheck false\nDisableCache false\nMaxScanTime 120000\nMaxScanSize 100M\nMaxFileSize 25M\nMaxRecursion 16\nMaxFiles 10000\nMaxPartitions 50\nMaxIconsPE 100\nPCREMatchLimit 10000\nPCRERecMatchLimit 5000\nPCREMaxFileSize 25M\nScanXMLDOCS true\nScanHWP3 true\nMaxRecHWP3 16\nStreamMaxLength 25M\nLogFile \/var\/log\/clamav\/clamav.log\nLogTime true\nLogFileUnlock false\nLogFileMaxSize 0\nBytecode true\nBytecodeSecurity TrustSigned\nBytecodeTimeout 60000\nOnAccessMaxFileSize 5M\nEOL\n<\/code><\/pre>\n\n\n\n<p>Since we didn't compile ClamAV with mail filtering support, then the configs above are enough.<\/p>\n\n\n\n<p>Create the log, database and socket directories for FreshClam.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/var\/log\/clamav\/ \/var\/lib\/clamav \/var\/run\/clamav\/<\/code><\/pre>\n\n\n\n<p>Set the ownership of the log, database and socket directories to <strong>clamav<\/strong> user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown clamav: \/var\/log\/clamav\/ \/var\/lib\/clamav \/var\/run\/clamav\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Update the ClamAV Signature Database<\/h3>\n\n\n\n<p>For scanning to work, you need am updated virus database. There are two options for updating ClamAV database:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>clamav-freshclam<\/strong><\/code>: updates the database from Internet. This is recommended with Internet access.<\/li>\n\n\n\n<li><code><strong>Offline update<\/strong><\/code>&nbsp;for systems with no direct internet access.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Update Signature Database with&nbsp;<code>clamav-freshclam<\/code><\/h4>\n\n\n\n<p>If you have internet access, you can use&nbsp;<strong><code>clamav-freshclam<\/code><\/strong>&nbsp;to update the ClamAV virus signature database.<\/p>\n\n\n\n<p>Then update the virus database;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u clamav freshclam<\/code><\/pre>\n\n\n\n<p>The command will pull database updates and you might get an output similar to below.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nTue Sep 14 22:29:35 2021 -> ClamAV update process started at Tue Sep 14 22:29:35 2021\nTue Sep 14 22:29:35 2021 -> daily database available for download (remote version: 26294)\nTime:  1m 18s, ETA:    0.0s [========================>]   55.56MiB\/55.56MiB\nTue Sep 14 22:30:55 2021 -> Testing database: '\/var\/lib\/clamav\/tmp.6d40b4137a\/clamav-ec762c472f7babc64cd6617646a05aa9.tmp-daily.cvd' ...\nTue Sep 14 22:31:02 2021 -> Database test passed.\nTue Sep 14 22:31:02 2021 -> daily.cvd updated (version: 26294, sigs: 1972718, f-level: 90, builder: raynman)\nTue Sep 14 22:31:02 2021 -> main database available for download (remote version: 61)\nTime:  4m 00s, ETA:    0.0s [========================>]  160.41MiB\/160.41MiB\nTue Sep 14 22:35:05 2021 -> Testing database: '\/var\/lib\/clamav\/tmp.6d40b4137a\/clamav-f2c7c5efaa09e11ebb5085cbd4abe3f3.tmp-main.cvd' ...\nTue Sep 14 22:35:13 2021 -> Database test passed.\nTue Sep 14 22:35:13 2021 -> main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)\nTue Sep 14 22:35:13 2021 -> bytecode database available for download (remote version: 333)\nTime:    2.0s, ETA:    0.0s [========================>]  286.79KiB\/286.79KiB\nTue Sep 14 22:35:15 2021 -> Testing database: '\/var\/lib\/clamav\/tmp.6d40b4137a\/clamav-60d878c5920160c4068f0a9a43fc214e.tmp-bytecode.cvd' ...\nTue Sep 14 22:35:15 2021 -> Database test passed.\nTue Sep 14 22:35:15 2021 -> bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)\nTue Sep 14 22:35:15 2021 -> ^Clamd was NOT notified: Can't connect to clamd through \/var\/run\/clamav\/clamd.ctl: No such file or directory\n<\/code><\/pre>\n\n\n\n<p><code><strong>freshclam<\/strong><\/code>&nbsp;downloads the ClamAV databases, CVDs, and place them on under,&nbsp;<code>\/var\/lib\/clamav\/<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -1 \/var\/lib\/clamav\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>bytecode.cvd\ndaily.cvd\nfreshclam.dat\nmain.cvd<\/code><\/pre>\n\n\n\n<p>Create FreshClam service;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/clamav-freshclam.service << EOL\n[Unit]\nDescription=ClamAV virus database updater\nDocumentation=man:freshclam(1) man:freshclam.conf(5) https:\/\/www.clamav.net\/documents\n# If user wants it run from cron, don't start the daemon.\nConditionPathExists=!\/etc\/cron.d\/clamav-freshclam\nWants=network-online.target\nAfter=network-online.target\n\n[Service]\nUser=clamav\nGroup=clamav\nExecStart=\/usr\/bin\/freshclam -d --foreground=true\nStandardOutput=syslog\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Create and start ClamAV daemon service;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/clamav-daemon.service << EOL\n[Unit]\nDescription=Clam AntiVirus userspace daemon\nDocumentation=man:clamd(8) man:clamd.conf(5) https:\/\/www.clamav.net\/documents\/\n# Check for database existence\nConditionPathExistsGlob=\/var\/lib\/clamav\/main.{c[vl]d,inc}\nConditionPathExistsGlob=\/var\/lib\/clamav\/daily.{c[vl]d,inc}\n\n[Service]\nUser=clamav\nGroup=clamav\nExecStart=\/usr\/sbin\/clamd --foreground=true\n# Reload the database\nExecReload=\/bin\/kill -USR2 $MAINPID\nStandardOutput=syslog\nTimeoutStartSec=420\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Reload systemd daemon and ensure the services are enabled to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now clamav-daemon<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now clamav-freshclam<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">ClamAV Scanning<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Clamscan CLI Options and Example Usage<\/h4>\n\n\n\n<p>Clamscan is used to scan files and directories for viruses. From the man pages, the clamscan command syntax is:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan [options] [file\/directory\/-]<\/code><\/pre>\n\n\n\n<p>Some of the clamscan command options and their example usage is illustrated below;<\/p>\n\n\n\n<p>Print help information using&nbsp;<code>-h<\/code>&nbsp;or&nbsp;<code>--help<\/code>&nbsp;option.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -h<\/code><\/pre>\n\n\n\n<p><strong>Note:<\/strong>&nbsp;Options marked with [=yes\/no(*)] can be optionally followed by&nbsp;<strong>=yes&nbsp;<\/strong>or&nbsp;<strong>=no.&nbsp;<\/strong>If they get called without the boolean argument the scanner will assume \u2018yes\u2019. The asterisk marks the default internal setting for a given option.<\/p>\n\n\n\n<p>Scan specific directory or file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan \/home\/<\/code><\/pre>\n\n\n\n<p>Sample results<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nLoading:    16s, ETA:   0s [========================>]    8.56M\/8.56M sigs       \nCompiling:   3s, ETA:   0s [========================>]       41\/41 tasks \n\n\n----------- SCAN SUMMARY -----------\nKnown viruses: 8564637\nEngine version: 0.104.0\nScanned directories: 1\nScanned files: 0\nInfected files: 0\nData scanned: 0.00 MB\nData read: 0.00 MB (ratio 0.00:1)\nTime: 20.375 sec (0 m 20 s)\nStart Date: 2021:09:14 23:14:15\nEnd Date:   2021:09:14 23:14:35\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan \/home\/filename.docx<\/code><\/pre>\n\n\n\n<p>Do not display summary at the end of scanning.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan --no-summary \/home\/<\/code><\/pre>\n\n\n\n<p>Print infected files only (<strong><code>-i<\/code><\/strong>,&nbsp;<code><strong>--infected<\/strong><\/code>);<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -i \/<\/code><\/pre>\n\n\n\n<p>Skip printing OK files (<strong><code>-o<\/code>,&nbsp;<code>--suppress-ok-results<\/code><\/strong>);<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan <strong>-o<\/strong> \/home\/<\/code><\/pre>\n\n\n\n<p>Sound a bell on virus detection (<strong><code>--bell<\/code><\/strong>);<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan <strong>--bell<\/strong> -i \/home<\/code><\/pre>\n\n\n\n<p>Scan directories recursively&nbsp;<em>(<code>-r<\/code><\/em>,&nbsp;<em><code>--recursive<\/code><\/em>).<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan --bell -i <strong>-r<\/strong> \/home<\/code><\/pre>\n\n\n\n<p>Save scan report to FILE (<em><strong><code>-l FILE<\/code>,&nbsp;<code>--log=FILE<\/code><\/strong><\/em>);<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan --bell -i <strong>-r<\/strong> \/home <strong>-l home-scan.txt<\/strong><\/code><\/pre>\n\n\n\n<p>Scan files listed line by line in FILE (<strong><code>-f FILE<\/code>,<code>&nbsp;--file-list=FILE<\/code><\/strong>).<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -i <strong>-f \/tmp\/scan<\/strong><\/code><\/pre>\n\n\n\n<p>Remove infected files (<code><strong>--remove[=yes\/no(*)]<\/strong><\/code>). Be careful as this removes file completely.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>&nbsp;clamscan -r --remove \/home\/USER<\/code><\/pre>\n\n\n\n<p>Move infected files into DIRECTORY&nbsp;<code>(--move=DIRECTORY<\/code>). Directory must be writable for the user or unprivileged user running clamscan.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -r -i --move=\/home\/USER\/infected \/home\/<\/code><\/pre>\n\n\n\n<p>Copy infected files into DIRECTORY (\u2013copy=DIRECTORY). Directory must be writable for the user or unprivileged user running clamscan.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>clamscan -r -i --copy=\/home\/USER\/infected \/home\/<\/code><\/pre>\n\n\n\n<p>There is quite long list of options for various usage of clamscan. Consult&nbsp;<code>man clamscan<\/code>&nbsp;for more details.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ClamAV Return Codes<\/h3>\n\n\n\n<p>The following are the exit return codes for ClamAV.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>0 : No virus found.<\/li>\n\n\n\n<li>1 : Virus(es) found.<\/li>\n\n\n\n<li>2 : Some error(s) occurred.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Limiting Clamscan CPU Usage<\/h3>\n\n\n\n<p><code>clamscan<\/code>&nbsp;can be CPU intensive especially if it scanning a large directory.<\/p>\n\n\n\n<p>To limit the clamscan CPU time to certain levels, you can use two tools;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>nice<\/code><\/strong>: lowers the priority of clamscan (limits relative cpu time).<\/li>\n\n\n\n<li><strong><code>cpulimit<\/code><\/strong>: limits absolute cpu time.<\/li>\n<\/ul>\n\n\n\n<p>To use nice command,<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>nice -n 15 clamscan &amp;&amp; clamscan -ir \/<\/code><\/pre>\n\n\n\n<p>As long as no other process requires cputime, clamscan will maximize it. But as soon as another process with a higher priority needs cputime, clamscan will lost it.<\/p>\n\n\n\n<p>Using cpulimit;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cpulimit -z -e clamscan -l 20 &amp; clamscan -ir \/<\/code><\/pre>\n\n\n\n<p>Limits clamscan cpu time to 15% when scanning the entire root directory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Further Reading<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/www.clamav.net\/documents\/clam-antivirus-user-manual\" target=\"_blank\">ClamAV User Manual<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Related Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-gvm-21-04-on-debian-11-debian-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install GVM 21.04 on Debian 11\/Debian 10<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-modsecurity-with-nginx-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Modsecurity with Nginx on Rocky Linux 8<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we are going to learn how to Install ClamAV on Debian 11.&nbsp;ClamAV&nbsp;is an open source antivirus engine for detecting trojans, viruses, malware,<\/p>\n","protected":false},"author":1,"featured_media":9745,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121],"tags":[170,4084,169,3874,3958,4083,1578,4082],"class_list":["post-10414","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","tag-antivirus","tag-build-clamav-from-source","tag-clamav","tag-clamd","tag-debian-11","tag-debian-11-clamav","tag-freshclam","tag-install-clamav-on-debian-11","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10414"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=10414"}],"version-history":[{"count":3,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10414\/revisions"}],"predecessor-version":[{"id":21660,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10414\/revisions\/21660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9745"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=10414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=10414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=10414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}