About ClamAV
---------------Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library
Steps
-----
groupadd clamavchmod 755 /etc/init.d/clamd
useradd -c "CLAMAV Owner" -m -d /var/lib/clamav -g clamav -u 40 -s /bin/bash clamav
cd /var/lib/clamav
mkdir {bin,db,log,run,template,tmp}
chown -R clamav:clamav /var/lib/clamav
chmod 700 /var/lib/clamav
Download latest version from
http://www.clamav.net/download/sources
wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.92.tar.gz
tar -xvzf clamav-0.92.tar.gz
./configure --prefix=/usr \
--sysconfdir=/etc \
--libexecdir=/usr/sbin \
--disable-clamuko \
--with-user=clamav \
--with-group=clamav \
--with-dbdir=/var/lib/clamav/db
make
make install
Configuration file
Now we have to create an init script for ClamAV (/etc/init.d/clamd):
--------------------------------------------------------------------------
#!/bin/bash
TMPDIR=/tmp
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
case "$1" in
start)
echo "Starting ClamAV..."
if [ -S /tmp/clamd ]; then
echo "ClamAV is already running!"
else
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
/usr/local/sbin/clamd
fi
echo "ClamAV is now up and running!"
;;
stop)
echo "Shutting down ClamAV..."
array=(`ps ax | grep -iw '/usr/local/bin/freshclam' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
array=(`ps ax | grep -iw '/usr/local/sbin/clamd' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
if [ -S /tmp/clamd ]; then
rm -f /tmp/clamd
fi
echo "ClamAV stopped!"
;;
restart)
$0 stop && sleep 3
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
------------------------------------------------
Now we start ClamAV:
/etc/init.d/clamd start
If you run
ps aux (which use the socket /tmp/clamd) and a freshclam process which is responsible for getting the newest virus signature updates. They are located under /usr/local/share/clamav. The command
/usr/local/bin/freshclam -d -c 10 --datadir=/usr/local/share/clamav
in our clamd init script makes sure that freshclam checks for new signatures 10 times per day.
In order to start ClamAV at boot time do the following:
ln -s /etc/init.d/clamd /etc/rc2.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc3.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc4.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc5.d/S20clamd
ln -s /etc/init.d/clamd /etc/rc0.d/K20clamd
ln -s /etc/init.d/clamd /etc/rc1.d/K20clamd
ln -s /etc/init.d/clamd /etc/rc6.d/K20clamd
/etc/init.d/clamd start
now you will get an error message:
ERROR: Please edit the example config file /etc/clamav.conf.
You must at least remove the Example directive. My /etc/d.conf
No comments:
Post a Comment