5

I have a CentOS server storing files for windows users.

How do I scan for windows viruses in these files, and meanwhile prevent quarantine and other measures?

I do not want the files altered in any way, and would prefer if it can be done purely in command line with parsable results.

The antivirus we have a license for is Kaspersky Endpoint Security. That is the preferred antivirus, but the question applies to Linux Anti-viruses in general.

DannyZB
  • 289
  • 3
  • 8
  • Did you check out kapersky for linux ? – user9517 Oct 12 '16 at 22:54
  • This is definitely possible since [VirusTotal](https://virustotal.com) does so, but I would also like to know how to do so. – Sainan Oct 12 '16 at 23:02
  • Yes. Actually mentioned it in the question as the antivirus of choice. Do you know how to : 1. Run it from commandline 2. Prevent it from quarantining and 3. does it find windows viruses? 4. How to parse it's results in commandline? (for automation) if you have an accurate answer I am sure this is a common problem! – DannyZB Oct 12 '16 at 23:03
  • Do you setup your windows OS AV to scan network share ? – yagmoth555 Oct 13 '16 at 02:01
  • It's not a network share. It's a RedHat EL server with files stored on it(part of a product). Some relevant resources I've found so far: https://support.kaspersky.com/4320 https://support.kaspersky.com/4318 https://support.kaspersky.com/4322 https://support.kaspersky.com/4323 https://support.kaspersky.com/4326 – DannyZB Oct 13 '16 at 07:51
  • https://docs.s.kaspersky-labs.com/english/kav8.0_linuxfs_installation_en.pdf I looked into Norton and their Linux AV does scan for windows viruses - though it has a shaky reputation and compatibility issues .. I've seen some sites advertise using ESET and AVG – DannyZB Oct 13 '16 at 08:48
  • ./kav4fs-control --action Skip --scan-file with Kaspersky File Server Security for Linux - now just to test it for effectiveness with windows viruses :) – DannyZB Oct 13 '16 at 11:28
  • This is really the wrong approach to take, you need antivirus protection on the user pcs to prevent entry to the system and limit damage. By the time it has got onto network shares it is too late. – JamesRyan Oct 13 '16 at 13:25
  • JamesRyan: this isn't for network shares. it's meant for cloud storage services ( Dropbox, box and the like ) - there are many SaaS services that could use simple, integrated virus scanning. – DannyZB Oct 13 '16 at 17:58
  • Just got a reply from Kaspersky support! their linux antivirus also scans for windows viruses. https://support.kaspersky.com/4386 shows how installation goes - it just includes a simple installer packages. The command for scanning is /opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file , some log parsing is required to fetch results – DannyZB Oct 17 '16 at 17:19

1 Answers1

1

Untested, but if you are happy using ClamAV the following should work:

Install the ClamAV (enabling EPEL repo first):

yum install -y epel-release
yum install clamav

Via: https://www.clamav.net/documents/installing-clamav#rhel

Then you can update ClamAV:

/usr/bin/freshclam

Then scan:

/usr/bin/clamscan -r --infected /

--infected (-i): Only print infected files. --recursive (-r): Scan directories recursively. All the subdirectories in the given directory will be scanned.

It's worth noting that by default clamscan does not remove files, you would have to manually set the switch: --remove[=yes/no(*)]

Via: https://linux.die.net/man/1/clamscan

Regarding scanning for windows signatures in linux I will refer you to this accepted answer on AskUbuntu: Does ClamAV Scan Windows virus?

In practice however, you will mainly use a virusscanner to protect your Windows partners. ClamAV does scan for Windows viruses as well.

Community
  • 1
Andy Verhoef
  • 81
  • 4
  • Thanks for the comment. While this may be true, I rather doubt ClamAV is very effective against Windows threats - It's not one of the leading antiviruses. – DannyZB Oct 13 '16 at 07:52
  • You're probably right. I guess it was designed for mail scanning. Have you looked into setting up a windows client (VM or physical) and just using a commercial client? – Andy Verhoef Oct 13 '16 at 22:47
  • 1
    **clamav** is part of CentOS. Every windows-threat that was detected SEP was confirmed by clamscan. So it should work. – Nils May 16 '17 at 19:58