4
3
How do I know if ClamAv is actively running?
I installed it with
sudo aptitude install clamav
But I don't see it anywhere and am not sure if it's actually doing anything.
lipton
Posted 2009-09-18T06:22:15.403
Reputation: 789
How can I tell if ClamAv is running?
Answers
8
ClamAV is designed to be an on-demand scanner, and will only run when you invoke it to run (which mean you probably won't see any of its processes if you did not manually invoke it). Also, when you installed the clamav package, you only installed the command-line scanner and scanning engine.
If you want to install the full package of ClamAV, I suggest you use this
sudo aptitude install clamav clamav-daemon clamav-freshclam clamtk
A breakdown of what package does what :
- clamav - the command-line based ClamAV virus scanner and engine
- clamav-daemon - enables ClamAV to be an on-access scanner, which means it runs automatically without your intervention
- clamav-freshclam - enables automatic updates for ClamAV
- clamtk - the GUI frontend for ClamAV
With all these packages installed, ClamAV should perform like most other AV packages. Like alex said, once you installed these packages, running ps should allow you to see the ClamAV daemon running.
caliban
Posted 2009-09-18T06:22:15.403
Reputation: 18 979
1
Clamav-daemon doesn't do on-access scanning. It just keeps clamav loaded, so that scanning individual files doesn't require loading clamav every time.
If you want on-access scans, you need a kernel add-on like Dazuko (http://dazuko.dnsalias.org/wiki/index.php/Main_Page). There's been work on giving Linux support for stuff like this in recent kernels. It might be working in the latest, but you'll need to read the changelogs to find the tech, and then research how to use it a little. You might also be able to get away with using incron, which lets you run jobs when files are modified
Ahh, there are also layered filesystem options like ClamFS and AVFS these days. – Lee B – 2009-09-18T09:02:46.983
0
Try searching for the process associated with ClamAv. You can use top or ps to find it. There's a bit more information about the processes that ClamAV uses in this article; it's a bit old, but maybe it can guide you in the right direction.
alex
Posted 2009-09-18T06:22:15.403
Reputation: 16 172
0
And to test any virus or malware scanner, there's the harmless Eicar Test File.
Arjan
Posted 2009-09-18T06:22:15.403
Reputation: 29 084
Why exactly do you run clamav? If you're just a desktop linux user, you don't need clamav. – Peltier – 2009-09-18T06:58:45.813
1Alot of Linux users install ClamAV so they can scan files in case it gets emailed to a Windows user. – caliban – 2009-09-18T07:19:46.190