Contents
Introduction
Pre-requisites
Installing Packages and Clam AV
Configuring Clamd: Editing clamd.conf
Configuring Freshclam
Introduction
Clam AntiVirus is a Open Source anti-virus toolkit for Unix like Operating Systems. This is made to integrate with mail servers for attachement scanning rather than to work on machines to scan resident files. It provides a flexible and scalable multi-threaded daemon, a command line scanner and a tool for automatic virus definitions update on the Internet. The virus database is kept updated and is freely downloadable. It ships with a library on which most of the programs are based. More information can be had from its site clamav.net
Pre-requisites
- zlib and zlib-devel: zlib provides ability to work with .zip files.
- gmp: GMP is a free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating point numbers. There is no practical limit to the precision except the ones implied by the available memory in the machine GMP runs on. In our case, GMP allows clam antivirus to verify the digital signatures of the virus databases.
- curl: curl is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP ...phew. ClamAV uses curl version >= 7.10.0 to follow the links inside a mail message and check if they are pointing to viruses. We're not currently enabling this feature here, but we want to be able to use it eventually.
- bzip2 and bzip2-devel: This library is used to unpack bzip2 compressed files.
Installing Packages and Clam AV
First step would be to install the libraries required by clamav. To install zlib, gmp, curl and bzip2 libraries on debian you will issue commands as shown below.
# apt-get install libgmp3# apt-get install libgmp3-dev
# apt-get install zlib1g
# apt-get install zlib1g-dev
# apt-get install zlibc
# apt-get install curl
# apt-get install bzip2
# groupadd clamav
# useradd -g clamav -s /usr/bin/true -c "Clam Antivirus" clamav
$ ./configure --with-libcurl --with-dbdir=/var/clamdb --enable-shared
$ make
# make install
apt-get install curl will also install libcurl3 which is prerequisite for curl to work.
Configuring Clamd: Editing clamd.confNext step is to edit clamd.conf file. If you don't edit this file, clamd won't start. To locate where your clamd.conf file is located, you need to issue clamd command. On issueing this command you will get the output as follows, which indicate the location of your clamd.conf file.
$ /usr/local/sbin/clamdERROR: Please edit the example config file /usr/local/etc/clamd.conf.
ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf
A clamd.conf file minus comments would look as shown below. These are the directives used in clam.conf file. I will try to explain only options we are going to use. For rest of the options, please refer to the clamd.conf man page.
#### Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
Example
# A full path is required.
# Default: disabled
LogFile /tmp/clamd.log
#LogFileUnlock
#LogFileMaxSize 2M
#LogTime
#LogClean
#LogSyslog
#LogFacility LOG_MAIL
#LogVerbose
#PidFile /var/run/clamd.pid
#TemporaryDirectory /var/tmp
#DatabaseDirectory /var/lib/clamav
LocalSocket /tmp/clamd
FixStaleSocket
#TCPSocket 3310
#TCPAddr 127.0.0.1
#MaxConnectionQueueLength 30
#StreamMaxLength 20M
#StreamMinPort 30000
#StreamMaxPort 32000
#MaxThreads 20
#ReadTimeout 300
#IdleTimeout 60
#MaxDirectoryRecursion 20
#FollowDirectorySymlinks
#FollowFileSymlinks
#SelfCheck 600
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
#User clamav
#AllowSupplementaryGroups
#ExitOnOOM
#Foreground
#Debug
#LeaveTemporaryFiles
#DisableDefaultScanOptions
#ScanPE
#DetectBrokenExecutables
#ScanOLE2
#ScanMail
#MailFollowURLs
#ScanHTML
#ScanArchive
#ScanRAR
#ArchiveMaxFileSize 15M
#ArchiveMaxRecursion 9
#ArchiveMaxFiles 1500
#ArchiveMaxCompressionRatio 300
#ArchiveLimitMemoryUsage
#ArchiveBlockEncrypted
#ArchiveBlockMax
#ClamukoScanOnAccess
#ClamukoScanOnOpen
#ClamukoScanOnClose
#ClamukoScanOnExec
#ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/guru
#ClamukoMaxFileSize 10M
Let us start building clamd.conf file now.
Comment out the line saying Example in file clamd.conf.
#ExampleEdit the line specifying LogFile as shown. We do not want to run multiple clamd processes so we will not use LogFileUnlock.
LogFile /var/log/clamd/clamd.logSet maximum log file size to 1 Mb.
LogFileMaxSize 1MLog time with each message. We do not want to use system logger so we will not enable LogSysLog. We also don't want verbose logging so we will not use LogVerbose either. We intend to use system specific temporary file directory so we will not specify it using TemporaryDirectory.
LogTimeWe want clamd to listen only on localhost so we specify TCPAddr.
TCPAddr 127.0.0.1We want clamd to run as user clamav so we will add a directive User.
User clamavWe want to perform HTML normalisation and decryption of MS Script Encoder code so we will use ScanHTML.
ScanHTMLYou need to create a directory /var/log/clamd. chown it to user clamav. Then start clamd daemon.
# mkdir /var/log/clamd# chown clamav:clamav /var/log/clamd
Configuring freshclam
ClamAV comes with freshclam, a tool which periodically checks for new database releases and keeps your database up to date. Before you configure it in crontab you need to edit the /usr/local/etc/freshclam.conf file.
Initially you can just comment out Example directive and start off with downloading updates. For fine control over downloads you may want to take a closer look at man freshclam.conf. Next you need to create log files and change ownerships and permissions as follows.
# touch /var/log/freshclam.log# chmod 600 /var/log/freshclam.log
# chown clamav /var/log/freshclam.log
Then you will have to create a crontab entry for root's crontab. To do it, issue following command.
# crontab -eTo update virus definitions every 35th minute of each hour you would add an entry like one shown below in root's crontab. Remember, you need to issue this command as root.
35 * * * * /usr/local/bin/freshclam --quietNext we will install simscan which will act as a glue to qmail-ldap and spamassassin, clamav. Simscan will invoke spamassassin and clamav as per configuration. Now you need to refer to simscan documentation for further installation instructins.