Antimalware File Scan
The Antimalware File Scan app provides a quick way to check for viruses on your file shares. The scanner check:
- User Home Directories
Installation
If your system does not have this app available, you can install it via the Marketplace.
Menu
You can find this feature in the menu system at the following location:
Configuration
Before you can scan your file system, you must select folders to scan. Click on the Scanner button and enter *Edit* mode.
On this form, you'll be able to make several configuration changes as described in the sections below.
Schedule
To configure automated, daily settings, select an hour of the day to start a file system scan.
Actions
Select if you want the scanner to automatically quarantine the files
Email Notifications
Once a scan has successfully run (either automated or manual), you'll want to be alerted in the event there were errors or infected files discovered during the scan. Enabling email alerts and providing an address to send to is a convenient way to stay informed of scans running on the server.
Alert on Virus
Sends alerts any time an infected file is discovered.
Alerts on Error
Sends alerts any time there were errors or warning during a scan.
Notify Email
The email address to send notifications to. Antimalware file scanning uses the Mail Notification app to send notifications out in the event a mail server is not running on your server. Make sure you have configured and tested to receive email alerts.
Directories
Directories to include in your scan. Preset folders are defined in the table below but depend on which apps you have installed:
Name | Folder |
---|---|
Home | /home |
Flexshare | /var/flexshare |
Web | /var/www |
FTP | /var/ftp |
Web Proxy Cache | /var/spool/squid |
/var/spool/imap |
Custom Directories
If you want to include folders not on the default list (eg. mount points, root etc.) or if you want to be more selective (eg. some users home directories, but not all), you can do this by editing the /etc/avscan.conf configuration file using your favourite editor or shell scripts.
For example, if you had a mount point named /backup and wanted it included, you could run:
echo "/backup" >> /etc/avscan.conf
$clam_scan_options = '';
to something like:
$clam_scan_options = '--exclude="\.(jpg|jpeg|mkv)$"';
The exclude parameter is a regex of the file names to exclude.
There is a similar parameter “–exclude-dir” which can contain a regex of folders to exclude. Both parameters can be repeated multiple times. For more information check out the man page for clamscan
Antimalware Signatures and Updates
ClamAV Community Updates
The Antimalware File Scan app uses the ClamAV engine to scan for viruses. The ClamAV engine is used in multiple apps available for ClearOS - Content Filter Scanning, Mail Antimalware and the File Scan app to name a few. The engine is set to update itself with community signatures once per hour, by default.
These updates come from the ClamAV community. If this is a valuable service to you, please consider donating to the ClamAV Signature Update Team.
ClearCenter Antimalware Updates
ClearCenter provides a value-added service for a fee to increase the number of signatures available to the ClamAV engine. For information on this app/service, click here.
Summary Data
When at least one successful scan has been run, the main scanner form will auto-populate with addition fields showing a collection of statistics and interesting summary data. Most of the data fields (shown in the screenshot to the right) is self-evident.
One frequently asked question is “What is the difference between Total Data Scanned and Total Data Read”. Often, these totals will be exactly or nearly the same. However, if you have large files on your server or archive files (.tar, .tgz etc.) comprised of many individual files that when combined total more than 25MB, you may see these numbers differ.
If your total data scanned is significantly lower than the total scanned, the difference in bytes is what is *not* being scanned through the filter. While unlikely, viruses could be missed in these cases.
ClamAV's scanner uses two default settings that controls the way the scanner iterates and scans through folders and files.
MaxScanSize
Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. The system default is 100MB.
Modifying this parameter for the ClearOS scanner can be done by adding a line in /etc/clearos/file_scan.conf e.g:
max-scansize=80M
MaxFileSize
Files larger than this limit won’t be scanned. It affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container). The system default is 25MB.
Modifying this parameter for the ClearOS scanner can be done by adding a line in /etc/clearos/file_scan.conf e.g:
max-filesize=30M
Excluding Files and Folders from scanning
There are a couple of hidden options which you can use to exclude files and folders from being scanned. You can add these parameters with a couple of lines in /etc/clearos/file_scan.conf:
exclude= exclude-dir=
These take a regex of what you what to exclude. As an example:
exclude="\.(jpg|jpeg)$"
will exclude all files with the jpg and jpeg file extensions from the scan. Similarly:
exclude-dir="(\/shares\/(foscam|docker|shared\/Photos)\/|\/home\/foscam\/)"
will exclude the following folders and their sub-folders:
/shares/foscam/ /shares/docker/ /shares/shared/Photos/ /home/foscam/
Please consult “man clamscan” for more information.