Difference between revisions of "ClamAV"
(→Testing ClamAV) |
(→Testing ClamAV) |
||
Line 109: | Line 109: | ||
eicar.com is a test signature for ClamAV. Make sure it works for you. | eicar.com is a test signature for ClamAV. Make sure it works for you. | ||
− | # '''clamscan -r -l scan.txt ./'''[{{SERVER}}/wikislax/download/eicar.com eicar.com] | + | # '''clamscan -r -l scan.txt ./'''[{{SERVER}}/wikislax/download/eicar.com.gz eicar.com] |
./eicar.com: Eicar-Test-Signature FOUND | ./eicar.com: Eicar-Test-Signature FOUND | ||
Revision as of 06:18, 7 July 2018
What is ClamAV ?
Clamav is an Open Source antivirus.
Installing ClamAV
Get the tarball from the download page. Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang).
# tar -C /usr/local -xvf clamav-x.y.tar.gz # cd /usr/local/ # chown -R root:root clamav-x.y.z # cd clamav-x.y # ./configure --help | less # ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \ --sysconfdir=/etc --with-user=milter --with-group=milter # make # make install # make clean # ldconfig # groupadd milter # useradd -g milter -s /bin/false milter # cd /var/log # mkdir -m 700 milter # chown milter:milter milter # cd /var/run # mkdir -m 700 milter # chown milter:milter milter # cd /usr/local/share # mkdir clamav # chown milter:milter clamav
Configuring ClamAV
Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter :
# cd /etc # cp clamd.conf.sample clamd.conf # vi clamd.conf . . . #Example LogFile /var/log/milter/clamd.log PidFile /var/run/milter/clamd.pid LocalSocket /var/spool/MIMEDefang/clamd.sock TCPAddr 127.0.0.1 User milter DetectBrokenExecutables yes <esc> :x # cp freshclam.conf.sample freshclam.conf # vi freshclam.conf . . . #Example DatabaseDirectory /usr/local/share/clamav UpdateLogFile /var/log/milter/freshclam.log LogFileMaxSize 2M LogTime yes PidFile /var/run/milter/freshclam.pid DatabaseOwner milter DatabaseMirror db.FR.clamav.net NotifyClamd /etc/clamd.conf <esc> :x
Running ClamAV
clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :
# vi /etc/rc.d/rc.local . . . # start clamd if [ -x /usr/local/sbin/clamd ]; then echo "Starting clamd daemon: /usr/local/sbin/clamd" /usr/local/sbin/clamd fi # start freshclam if [ -x /usr/local/bin/freshclam ]; then echo "Starting freshclam daemon: /usr/local/bin/freshclam -d" /usr/local/bin/freshclam -d fi <esc> :x # vi /etc/rc.d/rc.local_shutdown . . . # stop freshclam if [ -r /var/run/milter/freshclam.pid ]; then echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`" kill -INT `cat /var/run/milter/freshclam.pid` fi # stop clamd if [ -r /var/run/milter/clamd.pid ]; then echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`" kill -INT `cat /var/run/milter/clamd.pid` fi <esc> :x
At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.
Testing ClamAV
Don't run rc.local now. Download the ClamAV database first:
# freshclam
eicar.com is a test signature for ClamAV. Make sure it works for you.
# clamscan -r -l scan.txt ./eicar.com ./eicar.com: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 4890369 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 6.302 sec (0 m 6 s)
SpamAssassin | Main Page | Milter |