Index.
03-Jul-2011: initial release. 22-Nov-2011: updated console error message.
Introduction.
Installing ClamAV is a bit different then the usual Arch Linux method. Because the standard ClamAV package doesn’t contain the milter daemon, I have made my own package. The milter daemon is needed by the postfix mail server that will be described in it’s own article. The ClamAV milter daemon is static linked against Sendmail’s libmilter, so there is no need to install libmilter from AUR. In the download areas you can find this package.
Installation.
Install libtool and clamav-milter:
[root@homsrv ~]# pacman -S clamav-milter resolving dependencies... looking for inter-conflicts... Targets (2): libtool-2.4-3 clamav-milter-0.97.1-1 Total Download Size: 3.46 MB Total Installed Size: 13.23 MB Proceed with installation? [Y/n] :: Retrieving packages from core... libtool-2.4-3-i686 380.8K 770.3K/s 00:00:00 [######################] 100% :: Retrieving packages from mbse-extra... clamav-milter-0.97... 3.1M 92.0K/s 00:00:34 [######################] 100% (2/2) checking package integrity [######################] 100% (2/2) checking for file conflicts [######################] 100% (1/2) installing libtool [######################] 100% (2/2) installing clamav-milter [######################] 100% [root@homsrv ~]#
Use pacman -U clamav-milter-0.97.1-1 to install a local downloaded clamav-milter. There are three configuration files in /etc/clamav, you need to edit them, here I will show the diff files compared with the originals. First /etc/clamav/clamav-milter.conf:
--- clamav-milter.conf.orig 2011-06-22 14:50:35.000000000 +0200 +++ clamav-milter.conf 2011-06-22 14:54:16.000000000 +0200 @@ -1,12 +1,4 @@ ## -## Example config file for clamav-milter -## - -# Comment or remove the line below. -Example - - -## ## Main options ## @@ -26,7 +18,7 @@ # Sets the permissions on the (unix) milter socket to the specified mode. # Default: disabled (obey umask) -#MilterSocketMode 660 +MilterSocketMode 666 # Remove stale socket after unclean shutdown. # @@ -185,13 +177,13 @@ # Note that while "Replace" can potentially break DKIM signatures, "Add" may # confuse procmail and similar filters. # Default: no -#AddHeader Replace +AddHeader Replace # When AddHeader is in use, this option allows to arbitrary set the reported # hostname. This may be desirable in order to avoid leaking internal names. # If unset the real machine name is used. # Default: disabled -#ReportHostname my.mail.server.name +ReportHostname mail.wpl.uk # Execute a command (possibly searching PATH) when an infected message is found. # The following parameters are passed to the invoked program in this order: @@ -212,7 +204,7 @@ # A full path is required. # # Default: disabled -LogFile /var/log/clamav/clamav-milter.log +#LogFile /var/log/clamav/clamav-milter.log # By default the log file is locked for writing - the lock protects against # running clamav-milter multiple times. @@ -233,23 +225,23 @@ # Log time with each message. # # Default: no -LogTime yes +#LogTime yes # Use system logger (can work together with LogFile). # # Default: no -#LogSyslog yes +LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # # Default: LOG_LOCAL6 -#LogFacility LOG_MAIL +LogFacility LOG_MAIL # Enable verbose logging. # # Default: no -#LogVerbose yes +LogVerbose yes # This option allows to tune what is logged when a message is infected. # Possible values are Off (the default - nothing is logged), @@ -269,5 +261,5 @@ # See LogInfected for possible values and caveats. # Useful in debugging but drastically increases the log size. # Default: disabled -#LogClean Basic +LogClean Basic
Next, /etc/clamav/clamd.conf:
--- clamd.conf.orig 2011-06-22 14:50:44.000000000 +0200 +++ clamd.conf 2011-06-22 15:00:23.000000000 +0200 @@ -1,17 +1,10 @@ -## -## Example config file for the Clam AV daemon -## Please read the clamd.conf(5) manual before editing this file. -## - - -# Comment or remove the line below. -Example +## /etc/clamav/clamd.conf # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled -LogFile /var/log/clamav/clamd.log +#LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please @@ -31,7 +24,7 @@ # Log time with each message. # Default: no -LogTime yes +#LogTime yes # Also log clean files. Useful in debugging but drastically increases the # log size. @@ -40,16 +33,16 @@ # Use system logger (can work together with LogFile). # Default: no -#LogSyslog yes +LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 -#LogFacility LOG_MAIL +LogFacility LOG_MAIL # Enable verbose logging. # Default: no -#LogVerbose yes +LogVerbose yes # Log additional information about the infected file, such as its # size and hash, together with the virus name. @@ -209,7 +202,7 @@ # Detect Possibly Unwanted Applications. # Default: no -#DetectPUA yes +DetectPUA yes # Exclude a specific PUA category. This directive can be used multiple times. # See http://www.clamav.net/support/pua for the complete list of PUA @@ -403,6 +396,7 @@ # to the system. # Default: 25M #MaxFileSize 30M +MaxFileSize 100M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how
And finally /etc/clamav/freshclam.conf:
--- freshclam.conf.orig 2011-06-22 14:50:54.000000000 +0200 +++ freshclam.conf 2011-06-22 15:01:44.000000000 +0200 @@ -1,11 +1,4 @@ -## -## Example config file for freshclam -## Please read the freshclam.conf(5) manual before editing this file. -## - - -# Comment or remove the line below. -Example +## /etc/clamav/freshclam.conf # Path to the database directory. # WARNING: It must match clamd.conf's directive! @@ -14,7 +7,7 @@ # Path to the log file (make sure it has proper permissions) # Default: disabled -UpdateLogFile /var/log/clamav/freshclam.log +#UpdateLogFile /var/log/clamav/freshclam.log # Maximum size of the log file. # Value of 0 disables the limit. @@ -34,12 +27,12 @@ # Use system logger (can work together with UpdateLogFile). # Default: no -#LogSyslog yes +LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 -#LogFacility LOG_MAIL +LogFacility LOG_MAIL # This option allows you to save the process identifier of the daemon # Default: disabled @@ -118,7 +111,7 @@ # Send the RELOAD command to clamd. # Default: no -NotifyClamd /etc/clamav/clamd.conf +#NotifyClamd /etc/clamav/clamd.conf # Run command after successful database update. # Default: disabled
Now edit /etc/conf.d/clamav like this:
# clamav startup script config options # change these to "yes" to start START_FRESHCLAM="no" START_CLAMD="yes" START_MILTER="yes" # Options to pass to freshclam (man freshclam for more info). FRESHCLAM_OPTS="-c 12"
Put the next script in /etc/cron.hourly as freshclam and make it chmod 755 so that we regular update the virus definitions:
#!/bin/sh /usr/bin/freshclam --quiet
When the package is fresh installed there is no signature virus database present so we need to download one before we can start the ClamAV package. After the download we can start it:
[root@homsrv ~]# freshclam ClamAV update process started at Wed Jun 22 15:06:04 2011 Downloading main.cvd [100%] main.cvd updated (version: 53, sigs: 846214, f-level: 53, builder: sven) Downloading daily.cvd [100%] daily.cvd updated (version: 13227, sigs: 129691, f-level: 60, builder: guitar) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 143, sigs: 40, f-level: 60, builder: edwin) Database updated (975945 signatures) from database.clamav.net (IP: 81.26.223.45) [root@homsrv ~]# /etc/rc.d/clamav start :: Starting ClamD [BUSY] Bytecode: Security mode set to "TrustSigned". [DONE] :: Starting ClamAV Milter [DONE] [root@homsrv ~]#
Don’t forget to add clamav to the DAEMON=() array in /etc/rc.conf.
Console error message.
Since version 0.97.1 the message Bytecode: Security mode set to “TrustSigned” appeared on the console when ClamAV was started. This is fixed with version 0.97.3.
Download.
Here is the download archive including the new configuration files.
