You are not logged in.
- Topics: Active | Unanswered
#1 2016-02-12 08:30:59
- Utini
- Member
- Registered: 2015-09-28
- Posts: 452
- Website
Improving ClamAV setup + Archwiki with your help !
Hey there,
I know that ClamAV is mostly useless (as every signature-based-scanning AV these days) but I am still willing to spend some of my ressources (8 CPU's, 16GB RAM) for a bit of increased security.
Our great Arch wiki has not so much information on ClamAV though and I am interested in adding some information to the ClamAV Archwiki as well as improve my own setup.
For that, I have a few question and hope to gather some ppl that will join my discussion here:
1. I installed ClamAV and afterwards enabled + started clamd.service (the actual scanner) and freshclam.service (the updater service).
2. As clamd failed to start I had to first run "freshclam -v" and afterwards start clamd.service again.
3. The "testing procedure" worked and so I knew ClamAV was set up correctly.I ran my first scan with the following command:
clamscan —recursive=yes —infected —bytecode-timeout=190000 —exclude-dir='^/sys|^/proc|^/dev|^/lib|^/bin|^/sbin' /The "--bytecode-timeout" was added due to files being skipped during the scan. The other options are copied from the Archwiki.
1. Shouldn't I run clamscan as "root" or with "sudo" ?
2. Why skipping any directories, can't malware hide inside there too?
3. ClamAV listens on port 3310 (if you manually enable this option in the config files) so other applications can trigger data scans over this port. But what actual application uses this feature?
4. Are there any commands/tricks to increase the scan speed? E.g. use multithread, higher priority, etc?
5. You can modifiy how often "freshclam" checks for updates with "Checks" but is there also a way to only check for updates when the system is at "idle"?
6. Are there any 3rd aprty signature-databases one could/should add?
7. Is there a way to automate scanings? E.g. "on schedule when on idle" or "after extracting an archive" or "every firefox download" or... ?
8. If I use iptables or gufw, what firewall rules do I need to set? Especially to keep the port "3310 function" working?
9. Is there a way to scan AUR packages before/after installing with e.g. pacaur?
.... to be continuedI have looked for all of those questions on google but there isn't much information. Maybe some great and almighty "Archers" can fix dat? 
Thanks in advance !
Last edited by Utini (2016-02-12 09:31:24)
Setup 1: Thinkpad T14s G3, 14" FHD - R7 6850U - 32GB RAM - 2TB Solidigm P44 Pro NVME
Setup 2: Thinkpad X1E G1, 15.6" FHD - i7-8850H - 32GB RAM - NVIDIA GTX 1050Ti - 2x 1TB Samsung 970 Pro NVME
Accessories: Filco Majestouch TKL MX-Brown Mini Otaku, Benq XL2420T (144Hz), Lo(w)gitech G400, Puretrak Talent, Sennheiser HD800S + Meier Daccord FF + Meier Classic FF
Offline