Installing ClamAV

Clam Antivirus is command line virus scanner written entirely in C and its database is kept up to date. For more information, Please see: http://www.clamav.net/

Installing clamav


# cd /usr/ports/security/clamav
# make install clean

Make sure the following are checked:

ARC
ARJ
DMG_XAR
DOCS
IPV6 (Optional)
LHA
LLVM
UNRAR
UNZOO

Now we want to create the clamav and freshclam service scripts:


# mkdir -m 1755 /var/qmail/supervise/clamav
# mkdir -m 1755 /var/qmail/supervise/freshclam
# mkdir -m 755 /var/qmail/supervise/clamav/log
# mkdir -m 755 /var/qmail/supervise/freshclam/log
# mkdir -m 1755 /var/log/qmail/clamav
# mkdir -m 1755 /var/log/qmail/freshclam
# cd /var/qmail/supervise/clamav
# cp ~root/qmail/clamav-run .
# mv clamav-run run
# chmod 755 run
# cd log
# cp ~root/qmail/service-any-log-run run
# chmod 755 run
# vi run

Change the last line to read /var/log/qmail/clamav like so

exec /usr/local/bin/multilog t n20 s1048576 /var/log/qmail/clamav


# cd /var/qmail/supervise/freshclam
# cp ~root/qmail/freshclam-run .
# mv freshclam-run run
# chmod 755 run
# cd log
# cp ~root/qmail/service-any-log-run run
# chmod 755 run
# vi run

Change the last line to read /var/log/qmail/clamav like so

exec /usr/local/bin/multilog t n20 s1048576 /var/log/qmail/freshclam

Now we need to edit the clamd.conf file so it will run correctly via daemontools:


# vi /usr/local/etc/clamd.conf


#Example - must be commented out or removed
#LogFile - multilog will handle logging
#LogSysLog no - see LogFile
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
FixStaleSocket yes - optional
User - should be uncommented and set to qscand
Foreground yes - required to run clamav via daemontools

Now we need to edit the freshclam.conf file so it will run correctly via daemontools:


# vi /usr/local/etc/freshclam.conf


# Example
DatabaseDirectory /var/db/clamav
# UpdateLogFile - multilog will handle logging
# LogSyslog no - see UpdateLogFile
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner - change from clamav to qscand
Foreground yes - required to run freshclam via daemontools

For your information when this is setup, freshclam is going to run every 2 hours by default. If you want to change it so it more or less frequent, just change this section in freshclam.conf


# Number of database checks per day.
# Default: 12 (every two hours)
# Checks 24

Now to set some file permissions before we start clamav:


# chown -R qscand:qscand /var/log/clamav
# chown -R qscand:qscand /var/run/clamav/
# chown qscand:qscand /var/db/clamav/

Now to create the symlinks to the service:


# ln -s /var/qmail/supervise/clamav /service/
# ln -s /var/qmail/supervise/freshclam /service/

Note: I want to point out before you run the next command that it could take some time for the clamav service to come up due to the updates for freshclam being downloaded. This is normal and it could take several seconds or several minutes for freshclam to update clamav. Don't panic if clamav is stuck at 0 or 1. Just check the freshclam logs to find out when the download is complete and it says it has notified clamav of the database update.

We need to check freshclam first. This service will eventually come up once the database has been updated


# svstat /service/freshclam/ /service/freshclam/log


/service/freshclam/: up (pid 82409) 69 seconds
/service/freshclam/log: up (pid 82410) 69 seconds

Now we can check to see if clamav is running:


# svstat /service/clamav/ /service/clamav/log


/service/clamav: up (pid 82396) 63 seconds
/service/clamav/log: up (pid 82446) 25 seconds

Now to remove the startup scripts:


# rm /usr/local/etc/rc.d/clamav-clamd
# rm /usr/local/etc/rc.d/clamav-freshclam

I am going to give you a choice on whether you want to install simscan or qmail-scanner. Here are a couple differences:

Simscan
Simscan logs to qmail-smtpd
Simscan can take a shorter amount of time to scan a message

If you would like to use simscan to scan messages follow this link Installing Simscan

Qmail-Scanner
Qmail-Scanner logs to /var/spool/qscan
Qmail-Scanner can take a bit longer to scan messages

If you would like to use qmail-scanner to scan messages follow this link Installing qmail-scanner