My tiny contribution to ClamAV
By Rayed
ClamAV is an open source Anti Virus software for UNIX systems, we use it here in SAUDI NET to stop Virus in email message it stops thousands of viruses everyday, I also use it in our personal hosting service that we provide for our customers, unfortunately some customers upload virus intentionally and unintentionally, so I installed ClamAV to scan and delete viruses.
Last week I noticed one of our trouble making customers uploading sospious files, I ran “clamscan” on the user directory but it didn’t detect it, when I tried to download it my PC anti-virus software “MicroTrend” stopped the download warning me about the Virus. So I went home and downloaded it again and scanned it using Norton AV, it didn’t detect it either!
I submitted the file ClamAV virus database, it is very simple form where you need to upload the infected file, and some basic information about it.
Today I recived and email telling me that the virus is added to ClamAV database. I went to myweb server, updated the virus database:
# freshclam
ClamAV update process started at Sun Feb 26 15:15:12 2006
main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm)
Downloading daily.cvd [*]
daily.cvd updated (version: 1304, sigs: 1000, f-level: 7, builder: ccordes)
Database updated (45686 signatures) from database.clamav.net
Clamd successfully notified about the update.
Then I ran “clamscan” again:
# clamscan --remove -ir .
./xxxx.scr: Trojan.Downloader.Small-1060 FOUND
./xxxx.scr: Removed
It feels good 🙂