From Wikislax

Revision as of 13:43, 7 April 2012 by WikiSysop (Talk | contribs)
Jump to: navigation, search


What is ClamAV ?

Clamav is an Open Source antivirus.

Installing ClamAV

Get the tarball from the download page (do not download the Clamav virus database as it is already included in the source package). Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang).

Note : in recent version clamav-0.96.5 ./configure warns about vulnerability CVE-2010-0405 requiring bzip2 1.0.6 or above. However bzip2 does not compile properly on 64 bits so we will not take the warning into account. The level of risk is "information disclosure" so anyway very limited as executing behind a firewall.

# tar -C /usr/local -xvf clamav-x.y.tar.gz
# cd /usr/local/
# chown -R root:root clamav-x.y.z
# cd clamav-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
--sysconfdir=/etc --with-user=milter --with-group=milter
# make
# make install
# ldconfig
# groupadd milter
# useradd -g milter -s /bin/false milter
# cd /var/log
# mkdir -m 700 milter
# chown milter:milter milter
# cd /var/run
# mkdir -m 700 milter
# chown milter:milter milter
# clamscan -r -l scan.txt /usr/local/clamav-x.y
The freshclam program affords updating the database signature files:
. . .

Configuring ClamAV

Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter :

# vi /etc/clamd.conf
. . .
LogFile /var/log/milter/clamd.log
PidFile /var/run/milter/
LocalSocket /var/spool/MIMEDefang/clamd.sock
DetectBrokenExecutables yes
User milter
# vi freshclam.conf
. . .
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/milter/freshclam.log
LogFileMaxSize 0
LogTime yes
PidFile /var/run/milter/
DatabaseOwner milter
NotifyClamd /etc/clamd.conf

Running ClamAV

clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :

# vi /etc/rc.d/rc.local
. . .
# start clamd
if [ -x /usr/local/sbin/clamd ]; then
        echo "Starting clamd daemon: /usr/local/sbin/clamd"

# start freshclam
if [ -x /usr/local/bin/freshclam ]; then
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
        /usr/local/bin/freshclam -d
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop clamd
if [ -r /var/run/milter/ ]; then
        echo "Stopping clamd: kill -INT `cat /var/run/milter/`"
        kill -INT `cat /var/run/milter/`

# stop freshclam
if [ -r /var/run/milter/ ]; then
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/`"
        kill -INT `cat /var/run/milter/`

At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.

Testing ClamAV is a test signature for ClamAV. Make sure it works for you.

# clamscan -r -l scan.txt ./ 
./ Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 880591
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.407 sec (0 m 5 s)

SpamAssassin Main Page MIMEDefang
Personal tools