//Effective Virus, Malware, and Trojan Scanning with ClamAV

Effective Virus, Malware, and Trojan Scanning with ClamAV

In today’s software development world, security remains a crucial factor that cannot be ignored. Threats like viruses, trojans, and malware can hide in source files, system resources, or even in third-party libraries we use daily.

While commercial security solutions are effective, they often come with a high cost, making them unsuitable for small projects or startups. That’s where ClamAV comes in — a free, open-source, and easy-to-deploy alternative. ClamAV provides virus and malware scanning capabilities and integrates well into development workflows.

This article introduces ClamAV, its role in source code security, and how to use ClamAV in a Docker environment for automation and optimization of source code scanning.

Introduction to ClamAV

ClamAV is a well-known open-source antivirus engine widely used on Unix-based systems (Linux, macOS). It is especially suitable for servers and environments that do not run Windows. Besides virus scanning, ClamAV also detects malware, trojans, and other threats in emails, file systems, and data streams.

ClamAV is currently maintained by Cisco Talos — Cisco’s cybersecurity research team. It provides efficient malware detection but mainly focuses on known threats. It is not designed to handle zero-day threats effectively.

Why You Need ClamAV

Detect malicious code in untrusted resources: Even if your application, website, or system source code is clean, external libraries or dependencies may contain malware or trojans. ClamAV can detect threats in uploaded files or third-party packages.
Low cost: ClamAV is completely free and open-source, making it ideal for small projects or teams without the budget for commercial security software.
Automated scanning: Easily integrates into DevOps or CI/CD pipelines to scan source code or uploaded files automatically, offering early protection during development.
Regular updates: Maintained and updated frequently with the latest virus definitions, ensuring it can identify new threats effectively.

Benefits of Using ClamAV

Free and Open Source: No licensing fees and easily customizable to meet your needs.
Easy to Use and Integrate: ClamAV is simple to integrate into automated tools and processes.
Detects various types of malware: Can scan source code, compressed files, and emails; supports multiple operating systems.
Cross-platform support: Runs on Linux, Windows, and macOS — keeping your systems protected regardless of platform.

Guide: Create a Docker Container with ClamAV for Automated Source Code Scanning

This guide shows you how to build a Docker container that uses ClamAV to scan your source code. It allows for easy deployment and protects code in development environments.

Step 1: Create a Dockerfile for ClamAV

Create a Dockerfile that installs ClamAV and configures the environment to scan source code automatically.

# Use base image from clamav/clamav
FROM clamav/clamav:latest

# Update virus database during image build
RUN freshclam

# Default command: run freshclam and clamscan
CMD freshclam && clamscan -r --bell -i /scan

Notes:

-r: Recursively scan all files and subdirectories in /scan
–bell: Play a bell sound (if supported) when a virus is found
-i: Show only infected files (clean files are hidden)
/scan: The directory containing source code or files to scan (mounted from the host)

See also: Docker Image Build Tips

Step 2: Create docker-compose.yml

The docker-compose.yml file helps manage and deploy the ClamAV container more easily.

services:
  clamav:
    build:
      context: .
    image: clamav-scanner
    container_name: clamav-scanner

Step 3: Build the Docker Image

Open your terminal, navigate to the directory containing the Dockerfile and docker-compose.yml, then build the image:

docker compose build

Step 4: Run the Docker Container to Scan Code

Once built, run the container to scan your source code by mounting the source directory:

docker run --rm -v <full-path-source-code>:/scan clamav-scanner

Demo

1. Prepare Test Data

In this example, the project-a directory contains a normal.txt file and a eicar folder. The eicar folder includes test files from Eicar: eicar_com.zip, eicar.com, eicar.txt, and eicarcom2.zip. These are identified as viruses, while normal.txt is a clean file and not shown in scan results.

project-a/
├── normal.txt
└── eicar/
    ├── eicar_com.zip
    ├── eicar.com
    ├── eicar.txt
    └── eicarcom2.zip

2. Set Up ClamAV Cron Job

To schedule daily malware scans with cron, add this to your crontab:

# crontab -e
0 0 * * * docker run --rm -v /var/opt/www/project-a:/scan clamav-scanner

This configuration runs the malware scan every day at midnight for /var/opt/www/project-a/

3. Scan Result

vuongtoan@DESKTOP-S0923Q3:~/www/clamav$ docker run --rm -v ./project-a:/scan clamav-scanner
ClamAV update process started at Wed Dec 11 17:34:43 2024
daily.cld database is up-to-date (version: 27484, sigs: 2069620, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)
/scan/eicar/eicar.txt: Eicar-Signature FOUND
/scan/eicar/eicarcom2.zip: Win.Test.EICAR_HDB-1 FOUND
/scan/eicar/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/scan/eicar/eicar.com: Eicar-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8701412
Engine version: 1.4.1
Scanned directories: 2
Scanned files: 5
Infected files: 4
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 19.253 sec (0 m 19 s)
Start Date: 2024:12:11 17:34:43
End Date: 2024:12:11 17:35:02

Conclusion

ClamAV is a powerful and free virus scanner that helps protect your systems from malware threats. Deploying it in a Docker container simplifies source code scanning and ensures your code is clean from trojans or malicious files.

This is crucial in development environments to maintain application and system security. Consider integrating ClamAV into your development workflow to safeguard your source code and applications effectively!

Vương Toàn
PHP Developer

APPLY NOW

RiverCrane Vietnam sympathizes staffs' innermost feelings and desires and set up termly salary review policy. Performance evaluation is conducted in June and December and salary change is conducted in January and July every year. Besides, outstanding staffs receive bonus for their achievements periodically (monthly, yearly).

In order to broaden staffs' view about technologies over the world, RiverCrane Vietnam set up policy to send staffs to Japan for study. Moreover, the engineers can develop their career paths in technical or management fields.

Not only bringing chances to the staffs for their challenging, Rivercrane Vietnam also excites them with interesting annual trips. Exciting Gala Dinner with team building games will make the members of Rivercrane connected closer.

Activities such as Team Building, Company Building, Family Building, Summer Holiday, Mid-Autum Festival, etc. will be the moments worthy of remembrance for each individual in the project or the pride when one introduces the company to his or her family, and shares the message "We are One".

Rivercrane Vietnam ensures social insurance, medical insurance and unemployment insurance for staffs. The company commits to support staffs for any procedures regarding these insurances. In addition, other insurance policies are taken into consideration and under review.

Support budget for activities related to education, entertainment and sports. Support fee for purchasing technical books. Support fee for getting engineering or language certificates. Support fee for joining courses regarding technical management. Other supports following company's policy, etc.