Difference between pages "MediaWiki" and "ClamAV"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Created page with "{{RightTOC}} == What is Mediawiki ? == [http://www.mediawiki.org/wiki/MediaWiki Mediawiki] is the powerful wiki software used by [http://www.wikipedia.org Wikipedia]. == In...")
 
(Testing ClamAV)
 
Line 1: Line 1:
 
{{RightTOC}}
 
{{RightTOC}}
  
== What is Mediawiki ? ==
+
== What is ClamAV ? ==
  
[http://www.mediawiki.org/wiki/MediaWiki Mediawiki] is the powerful wiki software used by [http://www.wikipedia.org Wikipedia].
+
[http://www.clamav.net Clamav] is an Open Source antivirus.
  
== Installing Mediawiki ==
+
== Installing ClamAV ==
  
[http://www.mediawiki.org/wiki/Download Download] the software - a PHP application - so there is nothing to compile or make. Untar in any directory, for example /usr/local, and use a link from /var/www/htdocs/wiki.
+
Get the tarball from the [http://www.clamav.net/lang/en/download/sources/ download page]. Install in the standard way, create a user for running the software (e.g. '''milter''', as a single user has to be used by both '''Clamav''' and '''MIMEDefang''').
  
  # tar -C /usr/local -xvf mediawiki-x.y.z.tar.gz
+
  # tar -C /usr/local -xvf clamav-x.y.tar.gz
 
+
  # cd /usr/local/
== Multiple instances ==
+
  # chown -R root:root clamav-x.y.z
 
+
  # cd clamav-x.y
Instead of copying distribution files and directories under /var/www/htdocs for each wiki, it is possible to create directories of links pointing to the same original shared mediawiki installation, modifying only these files and directories differing across sites (obviously the databases will also have to differ) : '''/mw-config''', '''/images''', and '''LocalSettings.php'''.
+
  # ./configure --help | less
 
+
  # ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
  # cd /var/www/htdocs
+
  --sysconfdir=/etc --with-user=milter --with-group=milter
# mkdir wiki
+
  # make
# cd wiki
 
# mkdir mw-config
 
# mkdir images
 
# cp -R /usr/local/mediawiki-x.y.z/mw-config .
 
  # cp -R /usr/local/mediawiki-x.y.z/images .
 
  # ln -s /usr/local/mediawiki-x.y.z/* .
 
  ln: failed to create symbolic link './images': File exists
 
ln: failed to create symbolic link './mw-config': File exists # cd ..
 
# chown -R apache:apache wiki
 
 
 
== Configuring Mediawiki ==
 
 
 
Create an empty database wikidb and database user wikiuser on localhost. This can be done using [[phpMyAdmin]] on the User accounts tab. Keep % for the host name, choose "Create database with same name and grant all privileges" and click Go. Then point your browser to the newly created wiki directory to run the installation script. Click the “Install MediaWiki” button, make sure it worked, then move file LocalSettings.php to the wiki directory. Use your browser again to visit the newly configured wiki directory.
 
 
 
  # chown -R apache:apache LocalSettings.php
 
 
 
== Mediawiki Security ==
 
 
 
When releasing a free-write-access MediaWiki site, you might find that low-attention pages start to get filled with spam messages. To avoid that, you can restrict write-access to adminitrators by adding the lines below to LocalSettings.php. The login token is encrypted, so that would be hopefully enough to keep spammers out.
 
 
 
$wgGroupPermissions['*']['edit'] = false;
 
$wgGroupPermissions['user']['edit'] = false;
 
$wgGroupPermissions['sysop']['edit'] = true;
 
$wgGroupPermissions['*']['createaccount'] = false;
 
 
 
== Rendering Math ==
 
 
 
Mediawiki's '''extension:math''' affords rendering math. It requires compilation of '''texvc''' which requires installing '''ocaml''', that you can download from http://caml.inria.fr. Install in the usual way then compile using the instructions in INSTALL :
 
 
 
# tar -C /usr/local -xvf ocaml-x.y.z.tar.gz
 
# cd /usr/local
 
  # chown -R root:root ocaml-x.y.z
 
# cd ocaml-x.y.z
 
# ./configure -libdir /usr/local/lib64/ocaml
 
  # make world
 
# make bootstrap
 
# make opt
 
# make opt.opt
 
# umask 022
 
 
  # make install
 
  # make install
 
  # make clean
 
  # make clean
 +
# ldconfig
 +
# groupadd milter
 +
# useradd -g milter -s /bin/false milter
 +
# cd /var/log
 +
# mkdir -m 700 milter
 +
# chown milter:milter milter
 +
# cd /var/run
 +
# mkdir -m 700 milter
 +
# chown milter:milter milter
 +
# cd /usr/local/share
 +
# mkdir clamav
 +
# chown milter:milter clamav
  
Download [http://www.mediawiki.org/wiki/Extension:Math extension:math], run update.php so as to setup the math database files, compile '''texvc''' and '''texvccheck''', then link in /usr/bin :
+
== Configuring ClamAV ==
  
# tar -C /usr/local/mediawiki-x.y.z/extensions -xvf Math-RELx_y-ztttttt.tar.gz
+
Review the configuration files in '''/etc/clamd.conf''' and '''/etc/freshclam.conf'''. Comment out the '''Example''' line and set the other parameters as below. The User milter line tells the software to execute as user milter :
# su apache
 
$ ln -s /var/www/htdocs/math/LocalSettings.php /usr/local/mediawiki-x.y.z
 
$ cd /usr/local/mediawiki-x.y.z/maintenance
 
$ php update.php
 
$ rm /usr/local/mediawiki-x.y.z/LocalSettings.php
 
<ctrl>-d
 
# cd ../extensions/Math/math
 
# make
 
# ln -s /usr/local/mediawiki-x.y.z/extensions/Math/math/texvc /usr/bin
 
# cd ../texvccheck
 
# make
 
# ln -s /usr/local/mediawiki-x.y.z/extensions/Math/texvccheck/texvccheck /usr/bin
 
  
Also link '''latex''', '''dvips''', and '''dvipng''' in /usr/bin (/usr/local/bin doesn't work because of environment questions when ran under apache) :
+
# cd /etc
 +
# cp clamd.conf.sample clamd.conf
 +
# vi clamd.conf
 +
. . .
 +
#Example
 +
LogFile /var/log/milter/clamd.log
 +
PidFile /var/run/milter/clamd.pid
 +
LocalSocket /var/spool/MIMEDefang/clamd.sock
 +
TCPAddr 127.0.0.1
 +
User milter
 +
DetectBrokenExecutables yes
 +
<esc>
 +
:x
 +
# cp freshclam.conf.sample freshclam.conf
 +
# vi freshclam.conf
 +
. . .
 +
#Example
 +
DatabaseDirectory /usr/local/share/clamav
 +
UpdateLogFile /var/log/milter/freshclam.log
 +
LogFileMaxSize 2M
 +
LogTime yes
 +
PidFile /var/run/milter/freshclam.pid
 +
DatabaseOwner milter
 +
DatabaseMirror db.FR.clamav.net
 +
NotifyClamd /etc/clamd.conf
 +
<esc>
 +
:x
  
# ln -s /usr/share/texmf/bin/latex /usr/bin
+
== Running ClamAV ==
# ln -s /usr/share/texmf/bin/dvips /usr/bin
 
# ln -s /usr/share/texmf/bin/dvipng /usr/bin
 
  
'''Latex''' needs '''math''' and '''tmp''' directories :
+
clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update '''/etc/rc.d/rc.local''' and '''/etc/rc.d/rc.local_shutdown''' accordingly :
  
  # cd ../../../images
+
  # vi /etc/rc.d/rc.local
  # mkdir math
+
. . .
  # mkdir tmp
+
  # start clamd
# chown apache:apache *
+
  if [ -x /usr/local/sbin/clamd ]; then
 
+
        echo "Starting clamd daemon: /usr/local/sbin/clamd"
Last modify your '''LocalSettings.php''' file adding the lines below at the end of the file. Lines '''$wgShowDebug = true; $wgDebugComments = true; $wgEnableParserCache = false; $wgCachePages = false;''' will make troubleshooting easier. When testing, also use Firefox's « Tools » « Clear recent history... » « Cache » to reinitialize the cache before page reloads. Otherwise you can never be totally sure if your last change had no effect or was just not taken into account due to the cache.
+
        /usr/local/sbin/clamd
 
+
  fi
#################################################################################
 
  # math changes
 
#################################################################################
 
 
   
 
   
  require_once("$IP/extensions/Math/Math.php");
+
  # start freshclam
$wgTexvc = '/usr/bin/texvc';
+
if [ -x /usr/local/bin/freshclam ]; then
 +
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
 +
        /usr/local/bin/freshclam -d
 +
fi
 +
<esc>
 +
:x
 +
# vi /etc/rc.d/rc.local_shutdown
 +
. . .
 +
# stop freshclam
 +
if [ -r /var/run/milter/freshclam.pid ]; then
 +
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`"
 +
        kill -INT `cat /var/run/milter/freshclam.pid`
 +
fi
 
   
 
   
  # $wgUseTeX = true;
+
  # stop clamd
  # $wgShowDebug = true;
+
  if [ -r /var/run/milter/clamd.pid ]; then
  # $wgDebugComments = true;
+
        echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`"
  # $wgEnableParserCache = false;
+
        kill -INT `cat /var/run/milter/clamd.pid`
  # $wgCachePages = false;
+
  fi
 +
  <esc>
 +
  :x
  
From this point, mathematical expressions such as '''<math>\sqrt{1-e^2}</math>''' will be correctly displayed in mediawiki. Not working ? '''su apache''' then try execuring commands such as '''texvc /home/wiki/tmp /home/wiki/math "y=x+2"''' to observe behaviour interactively.
+
At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.
  
Also check page http://www.mediawiki.org/wiki/Manual:Troubleshooting_math_display_errors.
+
== Testing ClamAV ==
  
== Wiki Maintenance ==
+
Don't run '''rc.local''' now. Download the ClamAV database first:
  
Maintenance scripts are included in the maintenance subdirectory. To work, the maintenance scripts require a copy of the LocalSettings.php file in the parent directory. If the maintenance subdirectory is a link as described in the "Multiple instances" paragraph above, then the LocalSettings.php file must be copied or linked under the /usr/local/mediawiki-x.y.z first.
+
# freshclam
  
# cd /var/www/htdocs/wiki
+
eicar.com is a test signature for ClamAV. Make sure it works for you.
# ln -s LocalSettings.php /usr/local/mediawiki-x.y.z
 
# cd maintenance
 
# php deleteOldRevisions.php --help
 
# rm /usr/local/mediawiki-x.y.z/LocalSettings.php
 
  
Here are a few useful scripts. Be sure to check /usr/local/mediawiki-x.y.z/maintenance directory and README file to find more maintenance scripts.
+
# '''clamscan -r -l scan.txt ./'''[{{SERVER}}/wikislax/download/eicar.com.gz eicar.com]
 
+
./eicar.com: Eicar-Test-Signature FOUND
{| {{thead}}
+
|-
+
----------- SCAN SUMMARY -----------
! {{chead}} width="150" | Script
+
Known viruses: 4890369
! {{chead}} | Usage
+
Engine version: 0.99.2
|-
+
Scanned directories: 0
|changePassword.php
+
Scanned files: 1
|Reset the password of a specified user
+
Infected files: 1
|-
+
Data scanned: 0.00 MB
|deleteOldRevisions.php
+
Data read: 0.00 MB (ratio 0.00:1)
|Erase old revisions of pages from the database
+
Time: 6.302 sec (0 m 6 s)
|-
 
|edit.php
 
|Edit a page to change its content
 
|-
 
|importImages.php
 
|Import images into the wiki
 
|-
 
|importTextFile.php
 
|Import the contents of a text file into a wiki page
 
|-
 
|moveBatch.php
 
|Move a batch of pages
 
|-
 
|nukePage.php
 
|Wipe a page and all revisions from the database
 
|-
 
|undelete.php
 
|Undelete all revisions of a page
 
|}
 
  
<br clear=all>
+
<br/>
  
{{pFoot|[[PhpMyAdmin]]|[[Main Page]]|[[RoundCube]]}}
+
{{pFoot|[[SpamAssassin]]|[[Main Page]]|[[Milter]]}}

Revision as of 07:18, 7 July 2018

What is ClamAV ?

Clamav is an Open Source antivirus.

Installing ClamAV

Get the tarball from the download page. Install in the standard way, create a user for running the software (e.g. milter, as a single user has to be used by both Clamav and MIMEDefang). 

# tar -C /usr/local -xvf clamav-x.y.tar.gz
# cd /usr/local/
# chown -R root:root clamav-x.y.z
# cd clamav-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
--sysconfdir=/etc --with-user=milter --with-group=milter
# make
# make install
# make clean
# ldconfig
# groupadd milter
# useradd -g milter -s /bin/false milter
# cd /var/log
# mkdir -m 700 milter
# chown milter:milter milter
# cd /var/run
# mkdir -m 700 milter
# chown milter:milter milter
# cd /usr/local/share
# mkdir clamav
# chown milter:milter clamav

Configuring ClamAV

Review the configuration files in /etc/clamd.conf and /etc/freshclam.conf. Comment out the Example line and set the other parameters as below. The User milter line tells the software to execute as user milter : 

# cd /etc
# cp clamd.conf.sample clamd.conf
# vi clamd.conf
. . .
#Example
LogFile /var/log/milter/clamd.log
PidFile /var/run/milter/clamd.pid
LocalSocket /var/spool/MIMEDefang/clamd.sock
TCPAddr 127.0.0.1
User milter
DetectBrokenExecutables yes
<esc>
:x
# cp freshclam.conf.sample freshclam.conf
# vi freshclam.conf
. . .
#Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/milter/freshclam.log
LogFileMaxSize 2M
LogTime yes
PidFile /var/run/milter/freshclam.pid
DatabaseOwner milter
DatabaseMirror db.FR.clamav.net
NotifyClamd /etc/clamd.conf
<esc>
:x

Running ClamAV

clamd and freshclam run as daemons so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly : 

# vi /etc/rc.d/rc.local
. . .
# start clamd
if [ -x /usr/local/sbin/clamd ]; then
        echo "Starting clamd daemon: /usr/local/sbin/clamd"
        /usr/local/sbin/clamd
fi

# start freshclam
if [ -x /usr/local/bin/freshclam ]; then
        echo "Starting freshclam daemon: /usr/local/bin/freshclam -d"
        /usr/local/bin/freshclam -d
fi
<esc>
:x
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop freshclam
if [ -r /var/run/milter/freshclam.pid ]; then
        echo "Stopping freshclam: kill -INT `cat /var/run/milter/freshclam.pid`"
        kill -INT `cat /var/run/milter/freshclam.pid`
fi

# stop clamd
if [ -r /var/run/milter/clamd.pid ]; then
        echo "Stopping clamd: kill -INT `cat /var/run/milter/clamd.pid`"
        kill -INT `cat /var/run/milter/clamd.pid`
fi
<esc>
:x

At this stage freshclam can be launched manually to initialize the virus database however clamd will fail as it requires a socket created by MIMEDefang when starting up. So we will delay clamd execution until MIMEDefang Sendmail with Milter are ready for use.

Testing ClamAV

Don't run rc.local now. Download the ClamAV database first: 

# freshclam

eicar.com is a test signature for ClamAV. Make sure it works for you. 

# clamscan -r -l scan.txt ./eicar.com 
./eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4890369
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 6.302 sec (0 m 6 s)


SpamAssassin Main Page Milter
Retrieved from "http://studioware.com/wikislax/index.php?title=MediaWiki&oldid=61"