SUPPORT

Contact Support

OPEN A TICKET

Malware Analysis with ClamAV in Netsparker Enterprise

In order to enable a Netsparker Enterprise scan agent to carry out malware analysis for your web application, you need to download and install ClamAV.

ClamAV is an open-source, free, and widely used project backed by Cisco.

In order to enable Netsparker Enterprise to perform malware analysis, see Malware Analyzer.

ClamAV is optional. If you want a Netsparker Enterprise agent to identify malware, you need to use it.
Please note that you may need administrator privileges to run the following operations.

How to Set ClamAV as a Windows Service

  1. From ClamAV, download the program relevant to your environment

ClamAV Windows Selection Image

  1. Extract .zip file to a folder
  2. Navigate to the conf_examples folder and copy the clamd.conf.sample and the freshclam.conf.sample file

Copy and Paste in Windows Image

  1. Paste the clamd.conf.sample and freshclam.conf.sample files into the ClamAV's main folder and delete .sample extension from the files. The Rename popup is displayed. Click Yes.
  2. Open the freshclam.conf file with a text editor, and edit Log and Database directories, if necessary. Remove hashtags from the Log and Database lines.

FreshClam Edit Image

  1. Now, open Command Prompt and navigate to the extracted folder
  2. Run freshclam.exe to update the ClamAV

Command Prompt Update Image

  1. Next, run clamd install to configure ClamAV as a windows service
  2. Now, run sc config Clamd start auto so that the ClamAV service starts automatically
  3. Then, run sc config FreshClam start auto so that the ClamAV virus update service starts automatically.
How to Set ClamAV as a Linux Service
  1. Open terminal
  2. Run sudo apt-get install clamav clamav-daemon
You may want to run sudo apt update & sudo apt upgrade first before installing ClamAV to update your system.

  1. Run sudo nano /etc/clamav/freshclam.conf and increase ReceiveTimeout to 300
  2. Run sudo systemctl restart clamav-freshclam to apply the changed configuration. Then, you may wait 2 - 3 minutes so that ClamAV updates the virus database.
  3. Run sudo nano /etc/clamav/clamd.conf in order to edit the file.
    • Then, delete the following entries from the clamd.conf file:
      • LocalSocket /var/run/clamav/clamd.ctl
      • FixStaleSocket true
      • LocalSocketGroup clamav
      • LocalSocketMode 666
    • And, add the following entries to the clamd.config file:
      • TCPSocket 3310
      • TCPAddr 127.0.0.1
  1. Run sudo systemctl restart clamav-daemon to apply changed configurations.
You can run sudo apt --purge autoremove clamav-daemon to uninstall ClamAV from your machine.

After the installation, you can run a test to confirm that ClamAV is working as expected.

How to test ClamAV
  1. Open terminal
  2. Run wget https://secure.eicar.org/eicar.com.txt
  3. Run sudo clamdscan

ClamAV Test Success Image

  1. echo VERSION | nc -v 127.0.0.1 3310
  2. echo "SCAN ~/eicar.com.txt" | nc -v 127.0.0.1 3310

Tweet
Share
Share

TOP ARTICLES

CATEGORIES

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd

  • 220 Industrial Blvd Ste 102
    Austin, TX 78745
© Netsparker 2021, by Invicti
Subscription Services Agreement | Privacy Policy | Data Protection Policy | Sitemap