Malware Analysis with ClamAV in Acunetix 360
In order to enable an Acunetix 360 scan agent to carry out malware analysis for your web application, you need to download and install ClamAV.
ClamAV is an open-source, free, and widely used project backed by Cisco.
In order to enable Acunetix 360 to perform malware analysis, see Malware Analyzer.
How to Set ClamAV as a Windows Service
- From ClamAV, download the program relevant to your environment
- Extract .zip file to a folder
- Navigate to the conf_examples folder and copy the clamd.conf.sample and the freshclam.conf.sample file
- Paste the clamd.conf.sample and freshclam.conf.sample files into the ClamAV's main folder and delete .sample extension from the files. The Rename popup is displayed. Click Yes.
- Open the freshclam.conf file with a text editor, and edit Log and Database directories, if necessary. Remove hashtags from the Log and Database lines.
- Now, open Command Prompt and navigate to the extracted folder
- Run freshclam.exe to update the ClamAV
- Next, run clamd install to configure ClamAV as a windows service
- Now, run sc config ClamD start auto so that the ClamAV service starts automatically
- Then, run sc config FreshClam start auto so that the ClamAV virus update service starts automatically.
How to Set ClamAV as a Linux Service
- Open terminal
- Run sudo apt-get install clamav clamav-daemon
You may want to run sudo apt update & sudo apt upgrade first before installing ClamAV to update your system.
- Run sudo nano /etc/clamav/freshclam.conf and increase ReceiveTimeout to 300
- Run sudo systemctl restart clamav-freshclam to apply changed configuration. Then, you may wait 2 - 3 minutes so that ClamAV updates the virus database.
- Run sudo nano /etc/clamav/clamd.conf in order to edit the file.
- Then, delete the following entries from the clamd.conf file:
- LocalSocket /var/run/clamav/clamd.ctl
- FixStaleSocket true
- LocalSocketGroup clamav
- LocalSocketMode 666
- And, add the following entries to the clamd.config file:
- TCPSocket 3310
- TCPAddr 127.0.0.1
- Run sudo systemctl restart clamav-daemon to apply changed configurations.
You can run sudo apt --purge autoremove clamav-daemon to uninstall ClamAV from your machine.
After the installation, you can run a test to confirm that ClamAV is working as expected.
How to test ClamAV
- Open terminal
- Run wget https://secure.eicar.org/eicar.com.txt
- Run sudo clamdscan
- echo VERSION | nc -v 127.0.0.1 3310
- echo "SCAN ~/eicar.com.txt" | nc -v 127.0.0.1 3310