Freepoorman
Active Member
I guess I'm a bit paranoid but if I see an unexplained spike in my CPU and RAM usage, I sometimes feel compelled to do a complete virus and malware scan just to help me relax better.
I tried using a GUI for ClamAV but it's just slow and a bit janky. So I did some research and put together a txt file with instructions that I use as a reference every time I want to scan my entire system:
1. Update ClamAV:
2. Full System scan and automatic quarantine of infected files:
3. Watch the log file for infected files found in another terminal window (or use Terminator to view everything at the same time):
-------------Wait for scan to finish-------------
4. Check the log file to see the results (Optional):
Use up/down arrows to move up/down 1 line.
Use Pg.Up/Pg.Down keys to move up/down 1 page.
Use the "q" key to exit the less viewer.
5. Open the quarantine directory and list contents in long format:
6. Delete infected files:
This is quite a process compared to what I am used to, but it works ok...
Maybe there is an easier way to get similar results?
I tried using a GUI for ClamAV but it's just slow and a bit janky. So I did some research and put together a txt file with instructions that I use as a reference every time I want to scan my entire system:
1. Update ClamAV:
Code:
sudo freshclam
2. Full System scan and automatic quarantine of infected files:
Code:
mkdir /home/<user>/quarantine
Code:
sudo clamscan -r -v --infected --move=/home/<user>/quarantine --log=/var/log/clamscan.log --hidden /
3. Watch the log file for infected files found in another terminal window (or use Terminator to view everything at the same time):
Code:
watch -n 1 'tail -n 50 /var/log/clamscan.log | grep -i infected'
-------------Wait for scan to finish-------------
4. Check the log file to see the results (Optional):
Code:
sudo less /var/log/clamscan.log
Use up/down arrows to move up/down 1 line.
Use Pg.Up/Pg.Down keys to move up/down 1 page.
Use the "q" key to exit the less viewer.
5. Open the quarantine directory and list contents in long format:
Code:
cd /home/<user>/quarantine && ls -l
6. Delete infected files:
Code:
sudo shred -u /home/<user>/quarantine/<infected_file>
This is quite a process compared to what I am used to, but it works ok...
Maybe there is an easier way to get similar results?