Skip to main content
This document is for:
Invicti Enterprise on-demand, Invicti Enterprise on-premises

Malware analysis with ClamAV in Invicti Enterprise

You need to download and install ClamAV to enable a Invicti Enterprise scan agent to carry out malware analysis for your web application.

ClamAV is an open-source, free, and widely used project backed by Cisco.

To enable Invicti Enterprise to perform malware analysis, see Malware Analyzer.

note

ClamAV is optional. If you want a Invicti Enterprise scan agent to identify malware, you need to use it.

Minimum requirements

These are the minimum requirements

Software requirements

  • Ubuntu
    • 18.04 (64bit, 32bit)
    • 20.04 (64bit)
  • Debian
    • 9 (64bit, 32bit)
    • 10 (64bit, 32bit)
  • CentOS
    • 7 (64bit, 32bit)
    • 8 (64bit)
  • Fedora
    • 30 (64bit)
    • 31 (64bit)
  • Windows
    • 7 (64bit, 32bit)
    • 10 (64bit, 32bit)

Hardware requirements

  • 2 GHz or faster recommended
  • 2 GB RAM (4 GB or higher recommended)
  • 5 GB free disk space

Required access

User(s) must have administrator privileges to run the required commands.

Download and configure ClamAV in Windows

To use ClamAV in Windows OS, you need to download and install ClamAV.

  1. From ClamAV, download the program relevant to your environment.
  2. Extract the .zip file to a folder.
  3. Navigate to the conf_examples folder, and copy the clamd.conf.sample and the freshclam.conf.sample file.
  4. Paste the clamd.conf.sample and freshclam.conf.sample files into the ClamAV’s main folder, and remove the .sample extension from the files. The Rename popup is displayed. Select Yes.
  5. Open the freshclam.conf file with a text editor, and edit Log and Database directories, if necessary. Remove hashtags from the Log and Database lines.

Set ClamAV as a Windows Service

  1. Open Command Prompt and navigate to the extracted folder.
  2. To update the ClamAV, run freshclam.exe.
  3. To configure ClamAV as a Windows service, run clamd install.
  4. Run sc config ClamD start auto so that the ClamAV service starts automatically.
  5. Run sc config FreshClam start auto so that the ClamAV virus update service starts automatically.

Download and configure ClamAV in Linux

To use ClamAV in Linux OS, you need to download and install ClamAV.

Set ClamAV as a Linux Service

  1. Open a terminal window.
  2. Run sudo apt-get install clamav clamav-daemon.
    tip

    You may want to run sudo apt update & sudo apt upgrade first before installing ClamAV to update your system.

  3. Run sudo nano /etc/clamav/freshclam.conf and increase ReceiveTimeout to 300.
  4. Run sudo systemctl restart clamav-freshclam to apply changed configuration. Then, you may wait 2–3 minutes so that ClamAV updates the virus database.
  5. Run sudo nano /etc/clamav/clamd.conf to edit the file.
  6. Then, delete the following entries from the clamd.conf file:
    • LocalSocket /var/run/clamav/clamd.ctl
    • FixStaleSocket true
    • LocalSocketGroup clamav
    • LocalSocketMode 666
  7. And, add the following entries to the clamd.config file:
    • TCPSocket 3310
    • TCPAddr 127.0.0.1
  8. Run sudo systemctl restart clamav-daemon to apply changed configurations.
note

You can run sudo apt --purge autoremove clamav-daemon to uninstall ClamAV from your machine.

After the installation, you can run a test to confirm that ClamAV is working as expected.

Test ClamAV

  1. Open a terminal window.
  2. Run wget https://secure.eicar.org/eicar.com.txt
  3. Run sudo clamdscan 
    echo VERSION | nc -v 127.0.0.1 3310
    echo “SCAN ~/eicar.com.txt” | nc -v 127.0.0.1 3310
Was this page useful?