CLAMAV Best Practices

Support for security such as Firewalls and securing linux
Post Reply
david.livelsberger
Posts: 1
Joined: 2017/07/20 15:15:14

CLAMAV Best Practices

Post by david.livelsberger » 2017/10/13 11:25:39

To ensure compliance with our parent company's audit rules, I am installing clamav anti-virus software on our CENTOS 6 cloud servers located at Rackspace. I have installed and configured the software on a test server. My first question for the forum is what directories should I scan? Right now, I am only scanning the /home directory. My second question, is how do I add to a script that I want to scan more than one directory?
I am including below a code snippet from the shell script that runs in CRON.

clamscan /home -r \
--move=/var/log/clamav \
--log=$LOG_FILE

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CLAMAV Best Practices

Post by TrevorH » 2017/10/13 13:29:44

Reading man clamscan seems to show that you can specify --include-dir= multiple times in the same clamscan run so that's how I'd do it. Depending on your server use case you might want to scan more than /home - for example a mail server might have a spool directory that you'd want to scan though for a mail server it would probably be better to implement a scanning technique that calls out from the mail server software to scan mails as they arrive...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply