Recently my USB drive got infected. The virus duplicates existing files, but with an .exe extension. All of them are of 411,something kB in size. Later, this is scanned and identified as Trojan virus.
A short googling shows that clamav is a popular antivirus in Ubuntu, Linux in general. Without further ado, I then proceed to sudo apt-install clamav. The version 0.99 is installed. Before scanning, first we need to update the virus databases. The sudo freschclam command, which is used to accomplish the job, doesn’t work. Maybe I haven’t tried hard enough. But some people suggest that it might be due to old version problem. So then I decide to uninstall clamav 0.99, and reinstall to the new version 0.100.0.
This time I install the clamav from the sources. I am fully aware that is not the only way to get clamav working nor a comprehensive and thorough tutorial. But here I am just showing the steps I have taken which leads me to a success. Oh btw, my OS is Ubuntu 16.04.
- sudo apt-get remove clamav (uninstall the existing clamav)
- sudo apt-get autoremove (uninstall dependencies, just to make sure they don’t mix up with the new version and cause problems)
- Download the source from https://www.clamav.net/downloads/production/clamav-0.100.0.tar.gz. This is version 0.100.0.
- Then go to the containing directory, and unzip it.
- ./configure (for checking dependencies and prepare some other stuff before compilation). Fail at this stage due to missing openssl library
- sudo apt-get install libssl-dev
- ./configure (again)
- sudo make (building the executable from sources. Might take some time to finish)
- sudo make install (installing all the files built from previous step to the appropriate directories)
- sudo freshclam (to download the virus databases). But fail at this stage because unable to parse the freshclam.conf. Actually it does not exist yet, but the example configuration file is provided.
- cd /usr/local/etc/ (go to the directory containing example conf file)
- sudo cp freshclam.conf.sample freshclam.conf
- sudo nano freshclam.conf (edit the file)
- Comment out the word ‘Example’ and save it
# Comment or remove the line below.
- sudo freshclam (again. it works now. take some time to download the databases)
- sudo clamscan -r -i –move=/home/yoppy/virus /media/yoppy/USB-drive-path
-r is for recursive scanning. -i for showing detected scan only. Now we are ready to scan dan move the virus to another folder. And, delete it afterward. We can also delete the virus immediately with –remove option