Run Clam Antivirus Software

Document created by RSA Information Design and Development on Jan 24, 2020
Version 1Show Document
  • View in full screen mode

Each RSA Authentication Manager instance includes Clam Antivirus (ClamAV) software. ClamAV is an open-source software toolkit that is intended to reduce the risk of intrusion or malicious system or data access. Apply software updates to ClamAV only as part of RSA-delivered updates. You are responsible for updating antivirus definition files and running ClamAV in order to scan any Authentication Manager instance for known malware.

Before you begin 

  • This procedure assumes a knowledge of Linux commands.
  • For the operating system account User ID rsaadmin, obtain the operating system password.
  • To access the operating system with a secure shell (SSH) client, you must enable SSH. You can also access the operating system on a virtual appliance in the VMware vSphere client, the Hyper-V System Center Virtual Machine Manager Console,or the Hyper-V Manager.For instructions on using SSH, see Enable SSH on the Appliance.

Procedure 

  1. Log on to the appliance with the User ID rsaadmin and the current operating system password:
    • On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using an SSH client.
    • On a VMware virtual appliance, log on to the appliance using an SSH client, or the VMware vSphere client.
    • On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
  2. Update the antivirus definition files. Choose one of the following procedures:
    • If the Authentication Manager instance has access to the Internet, you can automatically download and apply the latest antivirus definition files. Type the following command:

      sudo /usr/bin/freshclam

    • If the Authentication Manager instance does not have access to the Internet, manually download the main.cvd and daily.cvd antivirus definition files from the ClamAV web site: http://www.clamav.net/

      Copy the files into the /var/lib/clamav/ directory on the instance.

  3. To scan files and directories for viruses manually, type the following line:
  4. sudo clamscan -r / --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/opt/rsa/am/rsapgdata --follow-dir-symlinks=0 --follow-file-symlinks=0 --log=/var/log/clamav.log

    To schedule automatic virus scans, create a cron job that runs the same command.

  5. Check the scan results in /var/log/clamav.log.

 

 

We want your feedback! Tell us what you think of this page.


Attachments

    Outcomes