From Wikislax

Jump to: navigation, search


What is ClamAV ?

Clamav is an Open Source antivirus.

Installing ClamAV

Get the tarball from the download page (do not download the Clamav virus database as it is already included in the source package). Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang).

Note : in recent version clamav-0.96.5 ./configure warns about vulnerability CVE-2010-0405 requiring bzip2 1.0.6 or above. However bzip2 does not compile properly on 64 bits so we will not take the warning into account. The level of risk is "information disclosure" so anyway very limited as executing behind a firewall.

# tar -C /usr/local -xvf clamav-x.y.tar.gz
# cd /usr/local/
# chown -R root:root clamav-x.y.z
# cd clamav-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
--sysconfdir=/etc --with-user=milter --with-group=milter
# make
# make install
# make clean
# ldconfig
# groupadd milter
# useradd -g milter -s /bin/false milter
# cd /var/log
# mkdir -m 700 milter
# chown milter:milter milter
# cd /var/run
# mkdir -m 700 milter
# chown milter:milter milter
# cd /usr/local/share
# mkdir clamav
# chown milter:milter clamav

Configuring ClamAV

Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter :

# cd /etc
# cp clamd.conf.sample clamd.conf
# vi clamd.conf
. . .
LogFile /var/log/milter/clamd.log
PidFile /var/run/milter/
LocalSocket /var/spool/MIMEDefang/clamd.sock
DetectBrokenExecutables yes
User milter
# cp freshclam.conf.sample freshclam.conf
# vi freshclam.conf
. . .
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/milter/freshclam.log
LogFileMaxSize 0
LogTime yes
PidFile /var/run/milter/
DatabaseOwner milter
NotifyClamd /etc/clamd.conf

Running ClamAV

clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :

# vi /etc/rc.d/rc.local
. . .
# start clamd
if [ -x /usr/local/sbin/clamd ]; then
        echo "Starting clamd daemon: /usr/local/sbin/clamd"

# start freshclam
if [ -x /usr/local/bin/freshclam ]; then
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
        /usr/local/bin/freshclam -d
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop freshclam
if [ -r /var/run/milter/ ]; then
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/`"
        kill -INT `cat /var/run/milter/`

# stop clamd
if [ -r /var/run/milter/ ]; then
        echo "Stopping clamd: kill -INT `cat /var/run/milter/`"
        kill -INT `cat /var/run/milter/`

At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.

Testing ClamAV

download the ClamAV database first:

# freshclam is a test signature for ClamAV. Make sure it works for you.

# clamscan -r -l scan.txt ./ 
./ Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 880591
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.407 sec (0 m 5 s)

SpamAssassin Main Page MIMEDefang
Personal tools