ClamAV
From Wikislax
m (Protected "ClamAV" ([edit=sysop] (indefinite) [move=sysop] (indefinite))) |
(→Installing ClamAV) |
||
| Line 20: | Line 20: | ||
# make | # make | ||
# make install | # make install | ||
| + | # make clean | ||
# ldconfig | # ldconfig | ||
# groupadd milter | # groupadd milter | ||
Latest revision as of 07:50, 8 July 2012
Contents |
What is ClamAV ?
Clamav is an Open Source antivirus.
Installing ClamAV
Get the tarball from the download page (do not download the Clamav virus database as it is already included in the source package). Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang).
Note : in recent version clamav-0.96.5 ./configure warns about vulnerability CVE-2010-0405 requiring bzip2 1.0.6 or above. However bzip2 does not compile properly on 64 bits so we will not take the warning into account. The level of risk is "information disclosure" so anyway very limited as executing behind a firewall.
# tar -C /usr/local -xvf clamav-x.y.tar.gz # cd /usr/local/ # chown -R root:root clamav-x.y.z # cd clamav-x.y # ./configure --help | less # ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \ --sysconfdir=/etc --with-user=milter --with-group=milter # make # make install # make clean # ldconfig # groupadd milter # useradd -g milter -s /bin/false milter # cd /var/log # mkdir -m 700 milter # chown milter:milter milter # cd /var/run # mkdir -m 700 milter # chown milter:milter milter # clamscan -r -l scan.txt /usr/local/clamav-x.y The freshclam program affords updating the database signature files: . . .
Configuring ClamAV
Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter :
# vi /etc/clamd.conf . . . #Example LogFile /var/log/milter/clamd.log PidFile /var/run/milter/clamd.pid LocalSocket /var/spool/MIMEDefang/clamd.sock TCPAddr 127.0.0.1 DetectBrokenExecutables yes User milter <esc> :x # vi freshclam.conf . . . #Example DatabaseDirectory /usr/local/share/clamav UpdateLogFile /var/log/milter/freshclam.log LogFileMaxSize 0 LogTime yes PidFile /var/run/milter/freshclam.pid DatabaseOwner milter DatabaseMirror db.FR.clamav.net NotifyClamd /etc/clamd.conf <esc> :x
Running ClamAV
clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :
# vi /etc/rc.d/rc.local
. . .
# start clamd
if [ -x /usr/local/sbin/clamd ]; then
echo "Starting clamd daemon: /usr/local/sbin/clamd"
/usr/local/sbin/clamd
fi
# start freshclam
if [ -x /usr/local/bin/freshclam ]; then
echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
/usr/local/bin/freshclam -d
fi
<esc>
:x
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop clamd
if [ -r /var/run/milter/clamd.pid ]; then
echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`"
kill -INT `cat /var/run/milter/clamd.pid`
fi
# stop freshclam
if [ -r /var/run/milter/freshclam.pid ]; then
echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`"
kill -INT `cat /var/run/milter/freshclam.pid`
fi
<esc>
:x
At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.
Testing ClamAV
eicar.com is a test signature for ClamAV. Make sure it works for you.
# clamscan -r -l scan.txt ./eicar.com ./eicar.com: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 880591 Engine version: 0.96.5 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 5.407 sec (0 m 5 s)
| SpamAssassin | Main Page | MIMEDefang |
