Excellent software and practical tutorials
How to Install Antivirus Tools on Ubuntu Server
On Ubuntu server, installAntivirus toolsIt is an important step to improve server security and can effectively detect and prevent malware intrusion. ClamAV and Maldet (Maldet (Linux Malware Detection) are the most commonly used. By installing and configuring ClamAV and Maldet, administrators can achieve comprehensive security protection on Ubuntu servers. The combination of the two can effectively resist viruses, Trojans and other malicious files
Can ClamAV and Maldet be installed at the same time?
ClamAV and Maldet can be installed simultaneously and used together, and in fact provide stronger malware detection capabilities when used together.
Advantages of collaboration:
- ClamAV is a general-purpose open source antivirus software suitable for detecting most malware and viruses.
- Maldet (Linux Malware Detect) focuses on detecting common Trojans and malicious codes in the Web environment, especially web page files on Linux servers, uploaded malicious scripts, etc.
Maldet can also be configured to use ClamAV's virus database for scanning, which can expand its signature library and detect more viruses.
1. Install ClamAV
On Debian/Ubuntu systems, ClamAV can be installed using the following command:
ClamAV usually consists of two services: clamd and clamav-freshclam. You can check their status separately:
sudo systemctl status clamav-daemon
sudo systemctl status clamav-freshclam
If the service is running, you will see a status similar to "active (running)". If it is not running, you can start the service with the following command:
sudo systemctl start clamav-daemon
sudo systemctl start clamav-freshclam
After the installation is complete, check the status. If it does not start normally, use the above command to start it.
Set startup
sudo systemctl enable clamav-daemon
sudo systemctl enable clamav-freshclam
Update virus database
After the installation is complete, you can update the virus database:
Ubuntu updates the virus database and reports an error
ERROR: Failed to lock the log file /var/log/clamav/freshclam.log: Resource temporarily unavailable
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
Check if there are other freshclam instances running, as multiple instances may cause resource conflicts.
ps aux | grep freshclam
If you find any extra freshclam processes, you can kill them:
sudo killall freshclam
Then try running freshclam again:
sudo freshclam
root@C207:~# sudo freshclam
Sat Nov 9 01:18:06 2024 -> ClamAV update process started at Sat Nov 9 01:18:06 2024
Sat Nov 9 01:18:06 2024 -> daily.cld database is up-to-date (version: 27452, sigs: 2067676, f-level: 90, builder: raynman)
Sat Nov 9 01:18:06 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Sat Nov 9 01:18:06 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)
Sat Nov 9 01:18:06 2024 -> ClamAV update process started at Sat Nov 9 01:18:06 2024
Sat Nov 9 01:18:06 2024 -> daily.cld database is up-to-date (version: 27452, sigs: 2067676, f-level: 90, builder: raynman)
Sat Nov 9 01:18:06 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Sat Nov 9 01:18:06 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)
The output shows that freshclam has started successfully and confirmed that the virus databases (daily.cld, main.cvd, and bytecode.cvd) are all up to date. This means that the problem has been resolved and freshclam is able to update the virus database normally.
The previous log file locking issue may be caused by file permissions or resource conflicts. By clearing the cache, adjusting permissions, or killing other freshclam processes, freshclam has been successfully run and updates the database normally.
Now ClamAV should be able to detect viruses normally. If you have problems running clamd or performing further scans, please feel free to get in touch!
Testing ClamAV scanning capabilities
You can use the clamscan command to manually scan a file or directory to make sure ClamAV is functioning properly:
sudo clamscan /home/cyberpanel
If the ClamAV status shows OK and the scan function is working properly, it is ready to perform virus scanning effectively.
2. Install Maldet
First install inotifywait
maldet uses inotifywait for file system monitoring.
sudo apt-get install inotify-tools
Download and install Maldet from the official website:
3. Configure Maldet to use ClamAV
After the installation is complete, edit Maldet's configuration file.
Maldet can be integrated with ClamAV to enhance virus scanning capabilities. In the /usr/local/maldetect/conf.maldet file, enable the following options:
Find the following option in the file and changeclamav_scanSet to1:
Note: If you install clamscan, it will be enabled by default. If it is not enabled, you need to change it manually.
After enabling, modify the virus handling method and choose to enable isolation of infected files or automatic file cleaning.
Automatically quarantine infected files
Set quarantine_hits to 1:
quarantine_hits="1"
Automatic file cleaning
Set quarantine_clean to 1:
quarantine_clean="1"
After saving and exiting, reload the configuration to make it take effect.
This will enable Maldet's ClamAV integration, allowing Maldet to use ClamAV's virus database when scanning, improving the efficiency of virus detection.
scan_clamscan="1" option enables Maldet to integrate with ClamAV. This means that Maldet will use ClamAV's virus database to enhance detection capabilities during scanning.
Check the maldet service status
Maldet is usually run as a service, so you can view its service status through the systemctl command:
sudo systemctl status maldet
If maldet is not started, you can start it with the following command:
sudo systemctl start maldet
Set up startup
sudo systemctl enable maldet
4. Restart the service and start scanning
- Run ClamAV's background service so that it can work properly when Maldet calls ClamAV:
- Run Maldet to scan:
Precautions
- Performance overhead: Running Maldet and ClamAV at the same time will take up more CPU and memory resources, especially for servers with increased file systems. You can set up scheduled scans to reduce resource usage.
- Regular updates: Make sure to regularly update the virus databases of ClamAV and Maldet to check for the latest virus signatures.
ClamAV and Maldet work well together to provide more comprehensive malware detection for your server.
