Run Clam Antivirus Software

Document created by RSA Information Design and Development Employee on Jan 24, 2020Last modified by RSA Information Design and Development Employee on Jul 27, 2020
Version 3Show Document
  • View in full screen mode

Each RSA Authentication Manager instance includes Clam Antivirus (ClamAV) software. ClamAV is an open-source software toolkit that is intended to reduce the risk of intrusion or malicious system or data access. Apply software updates to ClamAV only as part of RSA-delivered updates. You are responsible for updating antivirus definition files and running ClamAV in order to scan any Authentication Manager instance for known malware.

Before you begin 

  • This procedure assumes a knowledge of Linux commands.
  • For the operating system account User ID rsaadmin, obtain the operating system password.
  • To access the operating system with a secure shell (SSH) client, you must enable SSH. You can also access the operating system on a virtual appliance in the VMware vSphere client, the Hyper-V System Center Virtual Machine Manager Console,or the Hyper-V Manager.For instructions on using SSH, see Enable SSH on the Appliance.

Procedure 

  1. Log on to the appliance with the User ID rsaadmin and the current operating system password:
    • On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using an SSH client.
    • On a VMware virtual appliance, log on to the appliance using an SSH client, or the VMware vSphere client.
    • On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
  2. Update the antivirus definition files. Choose one of the following procedures:
    • If the Authentication Manager instance has access to the Internet, you can automatically download and apply the latest antivirus definition files. Type the following command:

      sudo /usr/bin/freshclam

    • If the Authentication Manager instance does not have access to the Internet, manually download the main.cvd, daily.cvd, and bytecode.cvd antivirus definition files from the ClamAV web site: http://www.clamav.net/

      Copy the files into the /var/lib/clamav/ directory on the instance.

  3. To scan files and directories for viruses manually, type the following line:
  4. sudo clamscan -r / --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/opt/rsa/am/rsapgdata --follow-dir-symlinks=0 --follow-file-symlinks=0 --log=/var/log/clamav.log

    To schedule automatic virus scans, create a cron job that runs the same command.

  5. Check the scan results in /var/log/clamav.log.

 

 

 

You are here
Table of Contents > Appliance Maintenance > Run ClamAV Software

Attachments

    Outcomes