Setting up ClamAV

Note: The following is part of a series of steps to setup an email server using Exim 4.x, with imap and webmail access. It will use winbind to get user information from an NT server. If you found this page via a search engine it may not cover what you need or you may need to start at the beginning to understand everything I have done.

See http://www.clamav.net/ for downloading and much more information.

(Note: These instructions reference software that is now possibly much newer with many new or different configuration options. This page is being left up for reference.)

Quick steps:

  1. Download and unpack.
  2. Configure, make, and make install
  3. (or)Building an RPM New
  4. Test the scanner.
  5. Edit clamav.conf if using the daemon
  6. Updating signature files

Here is everything the way I did it using v0.80.

1) Download, unpack, and install

Go here: http://www.clamav.net/ The manual is available in PDF and states were deb and rpm packages can be found.

Add the clamav usr and group if you want support for superuser and you are an admistrator. Per the instructions:
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

Unpack the tar.gz:
tar zxpf clamav-version.tar.gz


2) Configure, make, and make install

You'll need the zlib-devel rpm/package. If you are using snapshot 20021209 or newer and want bzip support you will need the bzip-devel rpm/package.

Change to the clamav-version directory and run:
./configure
Note: If you won't be running with the superuser (clamav) use:
./configure --disable-clamav
See the INSTALL file for many more configure options.

Then run:
make
su -c "make install"

Now, if you want real-time scanning, setup dazuko. http://www.dazuko.org/ A copy is included with Clam in the support directory. See the Clam PDF for more configuration info. (Note: I didn't do this as I don't have time to recompile the kernel at the moment.)


3) Building an RPM

There are some rpms available at http://www.clamav.net/ now.

For those of you interested in compiling your own RPMs, here is what I did:

  • Went to http://www.clamav.net/ and downloaded the source.
  • cd to /usr/src/redhat/SPECS
  • Created the clamav.spec file as I needed for my RedHat environment.
  • Installed the necessary packages for compiling: bzip2-devel and zlib-devel.
  • Ran rpmbuild -bi clamav.spec to test compiling.
  • Ran rpmbuild -bb clamav.spec to build the binaries or rpmbuild -ba clamav.spec to build all.

Note: I am running rpm 4.1.1-1.8x. See rpm.org for the latest.

To download my rpm or view my full spec file, go here.


5) Edit clamav.conf if using the daemon

Note: I'm only showing what I changed from the default. You may have/want to set other things or set them differently. Where the clamd.conf file is depends on the configuration options used when compiling. I have mine set to go in /etc/clamav/clamd.conf. Note that you should chmod 0600 clamd.conf.

# ...
 
# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid
 
# ...
 
# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /usr/share/clamav/socket
 
# ...
 
# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
User clamav
 
# ...

Note: since I placed the socket file elsewhere I had to create that directory and make it rw only to the clamav user. Example:
mkdir /usr/share/clamav/socket
chown clamav.clamav /usr/share/clamav/socket
chmod 0660 /usr/share/clamav/socket


6) Test the scanner

There is a test file located in the test directory where Clam was unpacked. Cd into the directory created when Clam was unpacked and run:
clamscan -r test
It should find the test virus. For complete options see the man clamscan or run:
clamscan --help


7) Updating signature files

Please edit the freshclam.conf file first. Mine is in /etc/clamav/freshclam.conf. Rem out "Example" and pick the closest mirror for a minimal config.

There are three ways - manually, via cron, or as a daemon. If you chose the latter two, first run it manually as root to make sure it works:
freshclam

Now create a log file and your database directory (see your freshclam.conf):
mkdir /var/clamav
chown /var/clamav
chmod 0655 /var/clamav
mkdir /var/log/clamav
chown clamav /var/log/clamav
chmod 0755 /var/log/clamav
touch /var/log/clamav/freshclam.log

For a cron job there should be a script included with the source you can use.

For a daemon method, see the manual.