Antivirus
Clamav virus scanner
Purpose
This plugin will install an antivirus tool (clamav
) to run a full system scan on a daily basis.
Signature files
Signature files are automatically updated on a daily basis, provided that internet access is readily available. You can check the current version of the signature using the following command:
Where the output is of the form scanner version/signature version/signature date
For those systems with restricted access, you will need to manually update the signature files using NAT Gateway.
Activate NAT Gateway
Run the command:
DISOWN: freshclam --quiet
. NB this may take longer than 30mins to complete (the maximum timeout of the NAT Gateway). Always check the output of the version command (see above) before and after the update to ensure it has finished successfully. If the update failed to complete, simply start from step 1 again to continue the download.Stop the NAT Gateway
Logging
A full summary of each scan will be logged to the cloud in the malware_scan
table.
Threat handling
When a threat is detected, the infected files will be moved to /opt/clamav/quarantine
Ad hoc scanning
In addition to a daily scan, you can run ad hoc scans or "quick scans" to examine new files. Using REMOTE SHELL, simply run one of the following commands
Scan a file
Scan a directory
Disable daily scanning
To modify or disable daily scanning, but leave the plugin installed, simply edit/remove the following file
Cloud devices
This plugin is NOT compatible with Cloud devices
Last updated