Scan and remove viruses using Clamav in Ubuntu

Recently my USB drive got infected. The virus duplicates existing files, but with an .exe extension. All of them are of 411,something kB in size. Later, this is scanned and identified as Trojan virus.

A short googling shows that clamav is a popular antivirus in Ubuntu, Linux in general. Without further ado, I then proceed to sudo apt-install clamav. The version 0.99 is installed. Before scanning, first we need to update the virus databases. The sudo freschclam command,  which is used to accomplish the job, doesn’t work. Maybe I haven’t tried hard enough. But some people suggest that it might be due to old version problem. So then I decide to uninstall clamav 0.99, and reinstall to the new version 0.100.0.

This time I install the clamav from the sources. I am fully aware that is not the only way to get clamav working nor a comprehensive and thorough tutorial. But here I am just showing the steps I have taken which leads me to a success. Oh btw, my OS is Ubuntu 16.04.

  1. sudo apt-get remove clamav (uninstall the existing clamav)
  2. sudo apt-get autoremove (uninstall dependencies, just to make sure they don’t mix up with the new version and cause problems)
  3. Download the source from https://www.clamav.net/downloads/production/clamav-0.100.0.tar.gz. This is version 0.100.0.
  4. Then go to the containing directory, and unzip it.
  5. ./configure (for checking dependencies and prepare some other stuff before compilation). Fail at this stage due to missing openssl library
  6. sudo apt-get install libssl-dev
  7. ./configure (again)
  8. sudo make (building the executable from sources. Might take some time to finish)
  9. sudo make install (installing all the files built from previous step to the appropriate directories)
  10. sudo freshclam (to download the virus databases). But fail at this stage because unable to parse the freshclam.conf. Actually it does not exist yet, but the example configuration file is provided.
  11. cd /usr/local/etc/ (go to the directory containing example conf file)
  12. sudo cp freshclam.conf.sample freshclam.conf
  13. sudo nano freshclam.conf (edit the file)
  14. Comment out the word ‘Example’ and save it
    # Comment or remove the line below.
    #Example
  15. sudo freshclam (again. it works now. take some time to download the databases)
  16. sudo clamscan -r -i –move=/home/yoppy/virus /media/yoppy/USB-drive-path
    -r is for recursive scanning. -i for showing detected scan only. Now we are ready to scan dan move the virus to another folder. And, delete it afterward. We can also delete the virus immediately with –remove option

clamscan virus detected

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s