Purpose

This plugin will install an antivirus tool (clamav) to run a full system scan on a daily basis.

Signature files

Signature files are automatically updated on a daily basis, provided that internet access is readily available. You can check the current version of the signature using the following command:

$ clamscan --version
ClamAV 0.103.10/27153/Sat Jan 13 10:38:06 2024

Where the output is of the form scanner version/signature version/signature date

For those systems with restricted access, you will need to manually update the signature files using NAT Gateway.

1. Activate NAT Gateway

2. Run the command: DISOWN: freshclam --quiet. NB this may take longer than 30mins to complete (the maximum timeout of the NAT Gateway). Always check the output of the version command (see above) before and after the update to ensure it has finished successfully. If the update failed to complete, simply start from step 1 again to continue the download.

3. Stop the NAT Gateway

Logging

A full summary of each scan will be logged to the cloud in the malware_scan table.

Threat handling

When a threat is detected, the infected files will be moved to /opt/clamav/quarantine

Ad hoc scanning

In addition to a daily scan, you can run ad hoc scans or "quick scans" to examine new files. Using REMOTE SHELL, simply run one of the following commands

Scan a file

clamscan --move=/opt/clamav/quarantine /path/to/file

Scan a directory

clamscan --move=/opt/clamav/quarantine --recursive=yes --infected /home

Disable daily scanning

To modify or disable daily scanning, but leave the plugin installed, simply edit/remove the following file

/etc/cron.daily/clamav-daily-scan

Cloud devices

This plugin is NOT compatible with Cloud devices