Malware Analysis with ClamAV in Netsparker Enterprise

You need to download and install ClamAV in order to enable a Netsparker Enterprise scan agent to carry out malware analysis for your web application.

ClamAV is an open-source, free, and widely used project backed by Cisco.

In order to enable Netsparker Enterprise to perform malware analysis, see Malware Analyzer.

ClamAV is optional. If you want a Netsparker Enterprise scan agent to identify malware, you need to use it.

Minimum Requirements

Software Requirements

• Ubuntu

• 18.04 (64bit, 32bit)
• 20.04 (64bit)

• Debian

• 9 (64bit, 32bit)
• 10 (64bit, 32bit)

• CentOS

• 7 (64bit, 32bit)
• 8 (64bit)

• Fedora

• 30 (64bit)
• 31 (64bit)

• Windows

• 7 (64bit, 32bit)
• 10 (64bit, 32bit)

Hardware Requirements

• 2 GHz or faster recommended
• 2 GB RAM (4 GB or higher recommended)
• 5 GB free disk space

Required Access

• User(s) must have administrator privileges to run the required commands.

Downloading and Configuring ClamAV in Windows

In order to use ClamAV in Windows OS, you need to download and install ClamAV.

How to Download and Configure ClamAV

1. From ClamAV, download the program relevant to your environment
2. Extract .zip file to a folder
3. Navigate to the conf_examples folder, and copy the clamd.conf.sample and the freshclam.conf.sample file
4. Paste the clamd.conf.sample and freshclam.conf.sample files into the ClamAV's main folder, and remove .sample extension from the files. The Rename popup is displayed. Select Yes.
5. Open the freshclam.conf file with a text editor, and edit Log and Database directories, if necessary. Remove hashtags from the Log and Database lines.

How to Set ClamAV as a Windows Service

1. Open Command Prompt and navigate to the extracted folder.
2. To update the ClamAV, run freshclam.exe
3. To configure ClamAV as a Windows service, run clamd install
4. Run sc config ClamD start auto so that the ClamAV service starts automatically.
5. Run sc config FreshClam start auto so that the ClamAV virus update service starts automatically.

Downloading and Configuring ClamAV in Linux

In order to use ClamAV in Linux OS, you need to download and install ClamAV.

How to Set ClamAV as a Linux Service

1. Open a terminal window.
2. Run sudo apt-get install clamav clamav-daemon

You may want to run sudo apt update & sudo apt upgrade first before installing ClamAV to update your system.

3. Run sudo nano /etc/clamav/freshclam.conf and increase ReceiveTimeout to 300
4. Run sudo systemctl restart clamav-freshclam to apply changed configuration. Then, you may wait 2 - 3 minutes so that ClamAV updates the virus database.
5. Run sudo nano /etc/clamav/clamd.conf in order to edit the file.

• Then, delete the following entries from the clamd.conf file:
• LocalSocket /var/run/clamav/clamd.ctl
• FixStaleSocket true
• LocalSocketGroup clamav
• LocalSocketMode 666

• And, add the following entries to the clamd.config file:

• TCPSocket 3310
• TCPAddr 127.0.0.1

6. Run sudo systemctl restart clamav-daemon to apply changed configurations.

You can run sudo apt --purge autoremove clamav-daemon to uninstall ClamAV from your machine.

After the installation, you can run a test to confirm that ClamAV is working as expected.

How to test ClamAV

1. Open a terminal window.
2. Run wget https://secure.eicar.org/eicar.com.txt
3. Run sudo clamdscan

4. echo VERSION | nc -v 127.0.0.1 3310
5. echo "SCAN ~/eicar.com.txt" | nc -v 127.0.0.1 3310