The Antimalware File Scan app provides a quick way to check for viruses on your file shares. The scanner check:
If your system does not have this app available, you can install it via the Marketplace.
You can find this feature in the menu system at the following location:
<navigation>Server|File|Antimalware File Scan</navigation>
Before you can scan your file system, you must select folders to scan. Click on the *Settings* button and enter *Edit* mode. On this form, you'll be able to make several configuration changes as described in the sections below.
To configure automated, daily settings, select an hour of the day to start a file system scan.
Once a scan has successfully run (either automated or manual), you'll want to be alerted in the event there were errors or infected files discovered during the scan. Enabling email alerts and providing an address to send to is a convenient way to stay informed of scans running on the server.
Sends alerts any time an infected file is discovered.
Sends alerts any time there were errors or warning during a scan.
The email address to send notifications to. Antimalware file scanning uses the Mail Notification app to send notifications out in the event a mail server is not running on your server. Make sure you have configured and tested outgoing email alerts.
Directories to include in your scan. Preset folders are defined in the table below.
< 80% 40% 60% > | |
Name | Folder |
---|---|
Home | /home |
Flexshare | /var/flexshare |
Web | /var/www |
FTP | /var/ftp |
Web Proxy | /var/spool/squid |
Mailboxes | /var/spool/imap |
If you want to include folders not on the default list (eg. mount points, root etc.) or if you want to be more selective (eg. some users home directories, but not all), you can do this by editing the /etc/avscan.conf configuration file using your favourite editor or shell scripts.
For example, if you had a mount point named /backup and wanted it included, you could run:
echo "/backup" >> /etc/avscan.conf
The Antimalware File Scan app uses the ClamAV engine to scan for viruses. The ClamAV engine is used in multiple apps available for ClearOS - Content Filter Scanning, Mail Antimalware and the File Scan app to name a few. The engine is set to update itself with community signatures once per hour, by default.
These updates come from the ClamAV community. If this is a valuable service to you, please consider donating to the ClamAV Signature Update Team.
ClearCenter provides a value-added service for a fee to increase the number of signatures available to the ClamAV engine. For information on this app/service, click here.
When at least one successful scan has been run, the main scanner form will auto-populate with addition fields showing a collection of statistics and interesting summary data. Most of the data fields (shown in the screenshot to the right) is self-evident.
One frequently asked question is “What is the difference between Total Data Scanned and Total Data Read”. Often, these totals will be exactly or nearly the same. However, if you have large files on your server or archive files (.tar, .tgz etc.) comprised of many individual files that when combined total more than 25MB, you may see these numbers differ.
If your total data scanned is significantly lower than the total scanned, the difference in bytes is what is *not* being scanned through the filter. While unlikely, viruses could be missed in these cases.
ClamAV's scanner uses two default settings that controls the way the scanner iterates and scans through folders and files.
Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value.
The system default is 100MB.
Modifying this parameter for the ClearOS scanner can be done by editing the max-scansize parameter found in:
/etc/clearos/file_scan.conf
Files larger than this limit won’t be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container).
The system default is 25MB.
Modifying this parameter for the ClearOS scanner can be done by editing the max-filesize parameter found in:
/etc/clearos/file_scan.conf