ClamAV

From Wikislax

(Difference between revisions)
Jump to: navigation, search
m (Protected "ClamAV" ([edit=sysop] (indefinite) [move=sysop] (indefinite)))
(Installing ClamAV)
 
Line 20: Line 20:
  # make
  # make
  # make install
  # make install
 +
# make clean
  # ldconfig
  # ldconfig
  # groupadd milter
  # groupadd milter

Latest revision as of 07:50, 8 July 2012

Contents

What is ClamAV ?

Clamav is an Open Source antivirus.

Installing ClamAV

Get the tarball from the download page (do not download the Clamav virus database as it is already included in the source package). Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang).

Note : in recent version clamav-0.96.5 ./configure warns about vulnerability CVE-2010-0405 requiring bzip2 1.0.6 or above. However bzip2 does not compile properly on 64 bits so we will not take the warning into account. The level of risk is "information disclosure" so anyway very limited as executing behind a firewall.

# tar -C /usr/local -xvf clamav-x.y.tar.gz
# cd /usr/local/
# chown -R root:root clamav-x.y.z
# cd clamav-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
--sysconfdir=/etc --with-user=milter --with-group=milter
# make
# make install
# make clean
# ldconfig
# groupadd milter
# useradd -g milter -s /bin/false milter
# cd /var/log
# mkdir -m 700 milter
# chown milter:milter milter
# cd /var/run
# mkdir -m 700 milter
# chown milter:milter milter
# clamscan -r -l scan.txt /usr/local/clamav-x.y
The freshclam program affords updating the database signature files:
. . .

Configuring ClamAV

Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter :

# vi /etc/clamd.conf
. . .
#Example
LogFile /var/log/milter/clamd.log
PidFile /var/run/milter/clamd.pid
LocalSocket /var/spool/MIMEDefang/clamd.sock
TCPAddr 127.0.0.1
DetectBrokenExecutables yes
User milter
<esc>
:x
# vi freshclam.conf
. . .
#Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/milter/freshclam.log
LogFileMaxSize 0
LogTime yes
PidFile /var/run/milter/freshclam.pid
DatabaseOwner milter
DatabaseMirror db.FR.clamav.net
NotifyClamd /etc/clamd.conf
<esc>
:x

Running ClamAV

clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :

# vi /etc/rc.d/rc.local
. . .
# start clamd
if [ -x /usr/local/sbin/clamd ]; then
        echo "Starting clamd daemon: /usr/local/sbin/clamd"
        /usr/local/sbin/clamd
fi

# start freshclam
if [ -x /usr/local/bin/freshclam ]; then
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
        /usr/local/bin/freshclam -d
fi
<esc>
:x
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop clamd
if [ -r /var/run/milter/clamd.pid ]; then
        echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`"
        kill -INT `cat /var/run/milter/clamd.pid`
fi

# stop freshclam
if [ -r /var/run/milter/freshclam.pid ]; then
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`"
        kill -INT `cat /var/run/milter/freshclam.pid`
fi
<esc>
:x

At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.

Testing ClamAV

eicar.com is a test signature for ClamAV. Make sure it works for you.

# clamscan -r -l scan.txt ./eicar.com 
./eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 880591
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.407 sec (0 m 5 s)


SpamAssassin Main Page MIMEDefang
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox