In order to enable a Netsparker Enterprise scan agent to carry out malware analysis for your web application, you need to download and install ClamAV.
ClamAV is an open-source, free, and widely used project backed by Cisco.
In order to enable Netsparker Enterprise to perform malware analysis, see Malware Analyzer.
ClamAV is optional. If you want a Netsparker Enterprise agent to identify malware, you need to use it.
Please note that you may need administrator privileges to run the following operations.
How to Set ClamAV as a Windows Service
- From ClamAV, download the program relevant to your environment
- Extract .zip file to a folder
- Navigate to the conf_examples folder, and copy the clamd.conf.sample and the freshclam.conf.sample file
- Paste the clamd.conf.sample and freshclam.conf.sample files into the ClamAV's main folder, and remove .sample extension from the files. The Rename popup is displayed. Click Yes.
- Open the freshclam.conf file with a text editor, and edit Log and Database directories, if necessary. Remove hashtags from the Log and Database lines.
- Now, open Command Prompt and navigate to the extracted folder
freshclam.exeto update the ClamAV
- Next, run
clamd installto configure ClamAV as a windows service
- Now, run
sc config Clamd start autoso that the ClamAV service starts automatically
- Then, run
sc config FreshClam start autoso that the ClamAV virus update service starts automatically.
How to Set ClamAV as a Linux Service
- Open terminal
sudo apt-get install clamav clamav-daemon
You may want to run
sudo apt update & sudo apt upgradefirst before installing ClamAV to update your system.
sudo nano /etc/clamav/freshclam.confand increase ReceiveTimeout to 300
sudo systemctl restart clamav-freshclamto apply the changed configuration. Then, you may wait 2 - 3 minutes so that ClamAV updates the virus database.
sudo nano /etc/clamav/clamd.confin order to edit the file.
- Then, delete the following entries from the clamd.conf file:
- LocalSocket /var/run/clamav/clamd.ctl
- FixStaleSocket true
- LocalSocketGroup clamav
- LocalSocketMode 666
- And, add the following entries to the clamd.config file:
- TCPSocket 3310
- TCPAddr 127.0.0.1
sudo systemctl restart clamav-daemonto apply changed configurations.
You can run
sudo apt --purge autoremove clamav-daemonto uninstall ClamAV from your machine.
After the installation, you can run a test to confirm that ClamAV is working as expected.
How to test ClamAV
- Open terminal
echo VERSION | nc -v 127.0.0.1 3310
echo "SCAN ~/eicar.com.txt" | nc -v 127.0.0.1 3310