Tuesday, January 15, 2008

ClamAv Installation.

About ClamAV

---------------
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library


Steps
-----
groupadd  clamav
useradd -c "CLAMAV Owner" -m -d /var/lib/clamav -g clamav -u 40 -s /bin/bash clamav


cd /var/lib/clamav
mkdir {bin,db,log,run,template,tmp}
chown -R clamav:clamav /var/lib/clamav
chmod 700 /var/lib/clamav

Download latest version from

http://www.clamav.net/download/sources

wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.92.tar.gz

tar -xvzf clamav-0.92.tar.gz

./configure --prefix=/usr \
--sysconfdir=/etc \
--libexecdir=/usr/sbin \
--disable-clamuko \
--with-user=clamav \
--with-group=clamav \
--with-dbdir=/var/lib/clamav/db

make

make install

Configuration file

Now we have to create an init script for ClamAV (/etc/init.d/clamd):

--------------------------------------------------------------------------
#!/bin/bash


TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin


case "$1" in
start)
echo "Starting ClamAV..."
if [ -S /tmp/clamd ]; then
echo "ClamAV is already running!"
else
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
/usr/local/sbin/clamd
fi
echo "ClamAV is now up and running!"
;;
stop)
echo "Shutting down ClamAV..."
array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
if [ -S /tmp/clamd ]; then
rm -f /tmp/clamd
fi
echo "ClamAV stopped!"
;;
restart)
$0 stop && sleep 3
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
------------------------------------------------
chmod 755 /etc/init.d/clamd

Now we start ClamAV:

/etc/init.d/clamd start

If you run

ps aux (which use the socket /tmp/clamd) and a freshclam process which is responsible for getting the newest virus signature updates. They are located under /usr/local/share/clamav. The command

/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav

in our clamd init script makes sure that freshclam checks for new signatures 10 times per day.

In order to start ClamAV at boot time do the following:

ln -s /etc/init.d/clamd /etc/rc2.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc3.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc4.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc5.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc0.d/K20clamd
ln -s /etc/init.d/clamd /etc/rc1.d/K20clamd
ln -s /etc/init.d/clamd /etc/rc6.d/K20clamd


/etc/init.d/clamd start

you will now notice some clamd processesRun it using /scripts/restartsrv_clamav

now you will get an error message:

ERROR: Please edit the example config file /etc/clamav.conf.

You must at least remove the Example directive. My /etc/d.conf

No comments: