A client of mine got some infected emails in their mail server, leading to infected Thunderbird on Windows, crashing the whole operating system. In order to clean up the mess, I had to scan the mail server and remove the emails that were spreading the virus. ClamAV turns out to be a pretty good option for scanning and cleaning Linux for known infections.
Installation command is as simple as this:
On Debian based distros (Ubuntu, Mint and others):
1 |
sudo apt–get install clamav |
On CentOS and Fedora is:
1 |
sudo yum install clamav |
First thing after installation is to update the definitions:
1 |
sudo freshclam |
Here comes the good part – scanning with moving infected files to another directory, logging the whole process and running it in the background:
1 |
clamscan –r –i —move=/root/2017.01.29–clamav–mail–scan–quarantine/ /some/place/bad/ > ~/2017.01.29–clamav–scan–and–quarantine–mail.log & |
Some explanation would be helpful, although it might seem obvious to most. -r is for recursive scanning under the current directory. -i logs only infected files, otherwise you’ll have your terminal flooded with ‘filename – OK’ lines. –move=/some/directory/address would be the place you’ll have all infected files moved and –remove would be the flag for extermination of the infected files. Needless to say, you won’t be able to restore them easily after removing them. /some/place/bad/ is the location that you’ll be scanning. If you don’t want to see any output from the command, use > /address/and/name/of-a-file.log . Furthermore, adding & at the end will let the process run in the background.
If you want to monitor the process at some point, you can always run this:
1 |
watch tail /address/and/name/of–a–file.log |
Stop it by Ctrl + C, when you see the summary of the scan or you get fed up of almost useless info.
The image is distributed under Creative Commons Attribution-NoDerivs 2.5 Generic (CC BY-ND 2.5)