Support Documentation User Guide Antimalware File Scan

Antimalware File Scan

Overview

The Antimalware File Scan app provides a quick way to check for viruses on your file shares. The scanner check:

Installation

If your system does not have this app available, you can install it via the Marketplace.

Menu

You can find this feature in the menu system at the following location:

Server File Antimalware File Scan

Configuration

Before you can scan your file system, you must select folders to scan. Click on the *Settings* button and enter *Edit* mode. On this form, you'll be able to make several configuration changes as described in the sections below.

Schedule

To configure automated, daily settings, select an hour of the day to start a file system scan.

Email Notifications

Once a scan has successfully run (either automated or manual), you'll want to be alerted in the event there were errors or infected files discovered during the scan. Enabling email alerts and providing an address to send to is a convenient way to stay informed of scans running on the server.

Alert on Virus

Sends alerts any time an infected file is discovered.

Alerts on Error

Sends alerts any time there were errors or warning during a scan.

Notify Email

The email address to send notifications to. Antimalware file scanning uses the Mail Notification app to send notifications out in the event a mail server is not running on your server. Make sure you have configured and tested outgoing email alerts.

Directories

Directories to include in your scan. Preset folders are defined in the table below.

Name Folder
Home /home
Flexshare /var/flexshare
Web /var/www
FTP /var/ftp
Web Proxy /var/spool/squid
Mailboxes /var/spool/imap

Custom Directories

If you want to include folders not on the default list (eg. mount points, root etc.) or if you want to be more selective (eg. some users home directories, but not all), you can do this by editing the /etc/avscan.conf configuration file using your favourite editor or shell scripts.

For example, if you had a mount point named /backup and wanted it included, you could run:

echo "/backup" >> /etc/avscan.conf

Antimalware Signatures and Updates

ClamAV Community Updates

The Antimalware File Scan app uses the ClamAV engine to scan for viruses. The ClamAV engine is used in multiple apps available for ClearOS - Content Filter Scanning, Mail Antimalware and the File Scan app to name a few. The engine is set to update itself with community signatures once per hour, by default.

These updates come from the ClamAV community. If this is a valuable service to you, please consider donating to the ClamAV Signature Update Team.

ClearCenter Antimalware Updates

ClearCenter provides a value-added service for a fee to increase the number of signatures available to the ClamAV engine. For information on this app/service, click here.

Summary Data

File Scan

When at least one successful scan has been run, the main scanner form will auto-populate with addition fields showing a collection of statistics and interesting summary data. Most of the data fields (shown in the screenshot to the right) is self-evident.

One frequently asked question is “What is the difference between Total Data Scanned and Total Data Read”. Often, these totals will be exactly or nearly the same. However, if you have large files on your server or archive files (.tar, .tgz etc.) comprised of many individual files that when combined total more than 25MB, you may see these numbers differ.

If your total data scanned is significantly lower than the total scanned, the difference in bytes is what is *not* being scanned through the filter. While unlikely, viruses could be missed in these cases.

ClamAV's scanner uses two default settings that controls the way the scanner iterates and scans through folders and files.

MaxScanSize

Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value.

The system default is 100MB.

Disabling this limit or setting it too high may result in severe damage to the system.

Modifying this parameter for the ClearOS scanner can be done by editing the max-scansize parameter found in:

/etc/clearos/file_scan.conf

MaxFileSize

Files larger than this limit won’t be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container).

The system default is 25MB.

Disabling this limit or setting it too high may result in severe damage to the system.

Modifying this parameter for the ClearOS scanner can be done by editing the max-filesize parameter found in:

/etc/clearos/file_scan.conf

Links


 
TryBuy