ClamAV on Ubuntu

I’m investigating the use of virus checkers as part of a larger project. Ultimately there are 2 solutions that I can use – one being ClamAV. My initial testing is being done on a Ubuntu box and so I thought I’d document my findings here.

Its worth noting that I’m using a very low-spec Ubuntu 9.10 box – although I suspect the version makes no difference.

1. Installing ClamAV

Installation of ClamAV (clamscan) is incredibly straight forward. At the command line just type:

sudo apt-get install clamav

2. Using ClamAV

At the terminal window, to scan the current directory just type:

clamscan

There are a number of other options, most of which are specified via:

clamscan -h

3. Calling ClamAV via Java code:

The following code can be used within a Java program to call clamscan:


private final String command = "clamscan --stdout ";
private final int NO_VIRUS_DETECTED = 0;
private final int VIRUS_DETECTED = 1;

private boolean doVirusScan(String scanPath) {
    try {
        Process p = Runtime.getRuntime().exec(COMMAND + scanPath);
        p.waitFor();
        int retVal = p.exitValue();

        // capture output - note move into seperate function?
        StringBuffer buff = new StringBuffer();
        int b;
        while ((b = p.getInputStream().read() != -1) {
            buff.append((char) b);
        }

        p = null;

        if (retVal != NO_VIRUS_DETECTED) {
            // do something!
        }
    } catch (Exception e) {
    }
}

I’m finding though that this code is taking about 7-14 seconds to execute against a known file, which isn’t really acceptable for the end solution. There is a daemonised version available, so now to investigate that. (Please note – first experience of daemons, so things could go wrong here – I’m live typing this blog to recall everything that happens).

ClamAV Daemon

1. Installation

To install:

sudo apt-get install clamav-daemon

(Note I also had to run something like sudo apt-get update before hand – fortunately Ubuntu told me this! – Thumbs up Ubuntu!)

2. To Use

clamdscan .

However this is currently failing for me. I’m getting the output of:

lstat()) failed : Permission denied. ERROR

With much playing around and a few unanswered questions on various forums, I managed to get something going. It appears the command required, which is documented in the man pages!, is:

clamdscan --fdpass .

where ‘.’ signifies the current directory. Unfortunately clamdscan doesn’t appear to give a summary of the number of files actually – however I’ve used it on various directories containing a varying number of files and it appears to take longer on the larger directories.

3. Calling from Java

Only one line from the previous code sample needs to change, essentially the variable containing the command line call:

private final String command = "clamdscan --stdout --fdpass ";

Running this against a known file returns a result within 1 seconds, which is much better performance.

Advertisements

2 thoughts on “ClamAV on Ubuntu

  1. Some problems I found with this script. I’m new to Java, so I could be wrong.

    In line 7, I think COMMAND is supposed to be lower case, since you’re trying to call the clamdscan command plus the path you wish to scan.

    I also removed lines 12-18. Would you be able to explain their function to me?

  2. No problems. Its been a while since this post so all a bit hazy with the ClamAV stuff.

    The lines 12-18 in Java are consuming the programming output – something that is required when running a process.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s