First I would like ask for pardon because my poor english (I was Larry Hagman on the PCBsd).A few years ago I tried the ClamTK in PcBSD with the above mentioned problems. Later I changed it for the ClamAv and that was better! I could setup tha ClamAv to run as a daemon so:
add these two lines to /etc/rc.conf
the update procedure, the missing update notificaton after 7 days worked perfectly and the ClamAV worked as a daemon from the system boot up!
Sorry in the TrueOS the ClamAV can't run as a daemon and can't update automatically (only as cron job), I must to do these manually, freshclam and clamscan -r / . Maybe more solution:
Scan a data stream: cat testfile | clamscan -
Load database from a file: clamscan -d /tmp/newclamdb -r /tmp
Scan all files (and subdirectories) in /home: clamscan -r /home
Scan a current working directory: clamscan
Scan a single fiE: clamscan filename
To check all files on the computer, displaying the name of each file: clamscan -r /
To check all files on the computer, but only display infected files an
ring a bell when found: clamscan -r --bell -i /
search and cleaning:
sudo clamscan -r -remove /
clamscan --remove DIRECTORY
sudo clamscan --remove /
sudo clamscan -r
I'm using this combined with some intrusion detector. For example one of my favorite is the Lynis (from same source as RkHunter). No need to install ,check all the system and after the check give some useful advice in a log file.
Maybe goods are the Snort and the Suricata, but the setup of these two is difficulter.
From the Suricata: