How to configure ClamAV to be used by Acunetix

Acunetix v13 introduces malware scanning for files scanned by Acunetix. Malware Scanning is done when scanning a target using full scans. Acunetix malware scanning is designed specifically to detect JavaScript malware, which might have been injected into your web application. This can happen when using third-party libraries, which might have already been infected, or as a result of a previous hack (during which attackers have injected the malware). Malware scanning is automatically done when doing a full scan, a high risk vulnerabilities scan, or a malware scan.    

When Acunetix is installed on Linux, it uses ClamAV for malware scanning. Follow this procedure to install and configure ClamAV to be used by Acunetix. 

  1. Install ClamAV
    • sudo apt-get install clamav clamav-daemon
  2. Configure the clamav daemon to listen on TCPport 3310
    • sudo vim /etc/clamav/clamd.conf
    • Add the following:
      • TCPSocket 3310
      • TCPAddr
    • Save the file
  3. Restart the clamav-daemon
    • sudo service clamav-daemon restart
  4. Verify that both ClamAV services are running
    • sudo service clamav-freshclam status
    • sudo service clamav-daemon status

Once the above is done, Acunetix will automatically use ClamAV to run malware scans. You can perform the following tests to confirm that ClamAV is installed correctly:

  1. Confirm that ClamAV is listening on the correct port
    • nc localhost 3310
  2. Confirm that ClamAV is scanning and reporting viruses correctly
    • curl --output eicar
    • clamdscan eicar

      The above command should have the following output:

      /home/ab/eicar: Eicar-Test-Signature FOUND
      ----------- SCAN SUMMARY -----------
      Infected files: 1