Malware Analysis with ClamAV in Netsparker Enterprise
In order to enable a Netsparker Enterprise scan agent to carry out malware analysis for your web application, you need to download and install ClamAV.
ClamAV is an open-source, free, and widely used project backed by Cisco.
In order to enable Netsparker Enterprise to perform malware analysis, see Malware Analyzer.
ClamAV is optional. If you want a Netsparker Enterprise agent to identify malware, you need to use it.
Please note that you may need administrator privileges to run the following operations.
How to Set ClamAV as a Windows Service
- From ClamAV, download the program relevant to your environment
- Extract .zip file to a folder
- Navigate to the conf_examples folder and copy the clamd.conf.sample and the freshclam.conf.sample file
- Paste the clamd.conf.sample and freshclam.conf.sample files into the ClamAV's main folder and delete .sample extension from the files. The Rename popup is displayed. Click Yes.
- Open the freshclam.conf file with a text editor, and edit Log and Database directories, if necessary. Remove hashtags from the Log and Database lines.
- Now, open Command Prompt and navigate to the extracted folder
- Run
freshclam.exe
to update the ClamAV
- Next, run
clamd install
to configure ClamAV as a windows service - Now, run
sc config Clamd start auto
so that the ClamAV service starts automatically - Then, run
sc config FreshClam start auto
so that the ClamAV virus update service starts automatically.
How to Set ClamAV as a Linux Service
- Open terminal
- Run
sudo apt-get install clamav clamav-daemon
You may want to run sudo apt update & sudo apt upgrade
first before installing ClamAV to update your system.
- Run
sudo nano /etc/clamav/freshclam.conf
and increase ReceiveTimeout to 300 - Run
sudo systemctl restart clamav-freshclam
to apply the changed configuration. Then, you may wait 2 - 3 minutes so that ClamAV updates the virus database. - Run
sudo nano /etc/clamav/clamd.conf
in order to edit the file.
- Then, delete the following entries from the clamd.conf file:
- LocalSocket /var/run/clamav/clamd.ctl
- FixStaleSocket true
- LocalSocketGroup clamav
- LocalSocketMode 666
- And, add the following entries to the clamd.config file:
- TCPSocket 3310
- TCPAddr 127.0.0.1
- Run
sudo systemctl restart clamav-daemon
to apply changed configurations.
You can run sudo apt --purge autoremove clamav-daemon
to uninstall ClamAV from your machine.
After the installation, you can run a test to confirm that ClamAV is working as expected.
How to test ClamAV
- Open terminal
- Run
wget https://secure.eicar.org/eicar.com.txt
- Run
sudo clamdscan
echo VERSION | nc -v 127.0.0.1 3310
echo "SCAN ~/eicar.com.txt" | nc -v 127.0.0.1 3310