Installing ClamAV

February 11, 2024 by Roberto Puzzanghera 24 comments

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Upgrading to v. 1.3.0

Version 1.3.0 (release notes here) will now also install the libclamav_rust, libclammspack, libclamunrar_iface, and libclamunrar static libraries required by libclamav, so there's no need to build some prerequisite anymore.

Prerequisites

Starting from v. 0.104.0 the installation of clamav is based only on CMake, which superseds the autotools installation. Therefore we have to change the way the program is configured at compile time.

Since the installation we are going to do is very basic, I suggest to install a package from your distro and come back here to read the post-install notes.

What follows concerns the installation from source. As already said, CMake is needed and if your distro doesn't provide a recent version you should update it via python pip3; refer to this page if you need to update your CMake.

If you have a recent CMake version (v. 3.21.3 works here) this is how you can install clamav from source.

clamav and freshclam requires these library dependencies:

  • libbz2 / bzip2
  • libz / zlib
  • libxml2
  • libpcre2
  • openssl
  • json-c
  • libjson-c / json-c
  • libmspack (built-in by default, enable with `ENABLE_EXTERNAL_MSPACK=ON`)
  • libiconv (built-in to `libc` 99% of the time, not required on Windows)
  • pthreads (provided by Linux/Unix; requires `pthreads-win32` on Windows)
  • llvm (optional, see: [Bytecode Runtime](#bytecode-runtime), below)
  • libcheck (default, disable with `ENABLE_TESTS=OFF`)

Optionally, if on a Linux distro with SystemD:

  • systemd, so ClamD, FreshClam, ClamOnAcc SystemD service.
  • libsystemd, so ClamD will support the `clamd.ctl` socket.

Goofy reported here the set of packages needed by ClamAV on Ubuntu 22.04.

Install

Create clamav user and group

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav

Download

CLAMAV_VER=1.3.0
cd /usr/local/src
wget http://www.clamav.net/downloads/production/clamav-${CLAMAV_VER}.tar.gz
tar -xzf clamav-${CLAMAV_VER}.tar.gz
cd clamav-${CLAMAV_VER}
chown -R root:root .

Build and install

First, make a "build" subdirectory. This will enable you to easily delete your build files if something goes wrong and you need to re-configure and try again.

The following configuration uses /usr/local as the default install prefix as the the previous v. 0.103 installation. If you have a 32b system change the libdir to /usr/local/lib. If you have a systemd based system use ENABLE_SYSTEMD=ON.

mkdir build 
cd build

cmake \
       -D CMAKE_INSTALL_PREFIX=/usr/local \
       -D CMAKE_INSTALL_FULL_LIBDIR=/usr/local/lib64 \
       -D APP_CONFIG_DIRECTORY=/usr/local/etc \
       -D ENABLE_MILTER=ON \
       -D ENABLE_SYSTEMD=OFF \
       -D ENABLE_TESTS=ON \
       -D CMAKE_BUILD_TYPE=Release ..

cmake --build .
ctest
cmake --build . --target install

Configuring

Create the log and the database directories:

mkdir -p /var/log/clamd
chown -R clamav:clamav /var/log/clamd/
chmod -R o-rx /var/log/clamd/

mkdir -p /usr/local/share/clamav
chown clamav:clamav /usr/local/share/clamav

/usr/local/etc/clamd.conf

Pay attention at these lines, in particular the one which sets the user who runs the daemon:

# This must be commented
# Example
LogFile /var/log/clamd/clamd.log
LogTime yes
LogRotate yes
DatabaseDirectory /usr/local/share/clamav/
User clamav
TCPSocket 3310
TCPAddr 127.0.0.1

/usr/local/etc/freshclam.conf

# Comment or remove the line below.
#Example
DatabaseDirectory /usr/local/share/clamav/
UpdateLogFile /var/log/clamd/freshclam.log
LogTime yes
LogRotate yes
DatabaseOwner clamav
DatabaseMirror database.clamav.net
NotifyClamd /usr/local/etc/clamd.conf
# this is for updating versions on simscan headers. Comment out if simscan is not already installed
OnUpdateExecute /usr/local/sbin/update-simscan

Running clamd and freshclam

Before running clamd you have to run freshclam to download the database. Create a startup script like this for freshclam (download):

#!/bin/sh 
# 
# Start/stop/restart freshclam. 
# 

DAEMON=/usr/local/bin/freshclam 

# Start clamav: 
start() { 
 if [ -x $DAEMON ]; then 
   echo -n "Starting freshclam daemon ... " 
   $DAEMON -d 
   echo " done." 
 fi 
} 

# Stop clamav: 
stop() { 
   echo -n "Stopping freshclam daemon ... " 
   killall -TERM freshclam 
   echo " done." 
} 

# Restart clamav: 
restart() { 
 stop 
 sleep 1 
 start 
} 

case "$1" in 
'start') 
 start 
 ;; 
'stop') 
 stop 
 ;; 
'restart') 
 restart 
 ;; 
*) 
 echo "usage $0 start|stop|restart" 
esac

Start the daemon:

cd /usr/local/bin
wget https://notes.sagredo.eu/files/qmail/freshclamctl
chmod +x /usr/local/bin/freshclamctl
freshclamctl start

Check that the database has been updated

# more /var/log/clamd/freshclam.log

--------------------------------------
freshclam daemon 0.96.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Fri Oct 22 13:15:43 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 195.22.205.162)
WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net
WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 213.92.8.5)
WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net
WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 193.206.139.37)
WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 12167, sigs: 142570, f-level: 53, builder: guitar)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 86, sigs: 10, f-level: 53, builder: edwin)
Database updated (847307 signatures) from db.it.clamav.net (IP: 193.206.139.37)
Clamd successfully notified about the update.
--------------------------------------

Now create a script clamdctl (download) like this into the /usr/local/bin folder:

#!/bin/sh 
# 
# Start/stop/restart clamav. 
# 

DAEMON=/usr/local/sbin/clamd 

# Start clamav: 
start() { 
 if [ -x $DAEMON ]; then 
   echo -n "Starting clamd daemon:  /usr/sbin/clamd " 
   $DAEMON 
   echo " done." 
 fi 
} 

# Stop clamav: 
stop() { 
  echo -n "Stopping clamd daemon ... " 
  killall -TERM clamd 
  echo " done." 
} 

# Restart clamav: 
restart() { 
  stop 
  sleep 1 
  start 
} 

# Help 
help() { 
  $DAEMON --help 
  exit 
} 

case "$1" in 
'start') 
 start 
 ;; 
'stop') 
 stop 
 ;; 
'restart') 
 restart
  ;; 
'help') 
 help 
 ;; 
*) 
 echo "usage $0 start|stop|restart|help" 
esac

Start the daemon

cd /usr/local/bin
wget https://notes.sagredo.eu/files/qmail/clamdctl 
chmod +x /usr/local/bin/clamdctl 
clamdctl help

                      Clam AntiVirus Daemon 0.96.3
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                   -h             Show this help.
    --version                -V             Show version number.
    --debug                                 Enable debug mode.
    --config-file=FILE       -c FILE        Read configuration from FILE.

clamdctl start

Don't forget to enable clamd and freshclam startup at boot time in your rc.local.

Comments

libicudata.so.72: failed to map segment from shared object

Hello Roberto,

installed fresh copy of Clamav, run it. All went smoothly, but looks like messages is not scanning by Antivirus program.

Qmail Log has:

clamdscan: error while loading shared libraries: libicudata.so.72: failed to map segment from shared object

Version:

Clam AntiVirus: Daemon 1.2.1

list of lib files:

ldd /usr/local/sbin/clamd
linux-vdso.so.1 (0x00007ffff357a000)
libclamav.so.12 => /usr/local/lib/libclamav.so.12 (0x00007f77cba00000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f77cb81f000)
libclammspack.so.0 => /usr/local/lib/libclammspack.so.0 (0x00007f77cc263000)
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f77cb200000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f77cc244000)
libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f77cc22f000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f77cb785000)
libxml2.so.2 => /lib/x86_64-linux-gnu/libxml2.so.2 (0x00007f77cb054000)
libjson-c.so.5 => /lib/x86_64-linux-gnu/libjson-c.so.5 (0x00007f77cc21c000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f77cb6a6000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f77cc1fc000)
/lib64/ld-linux-x86-64.so.2 (0x00007f77cc2be000)
libicuuc.so.72 => /lib/x86_64-linux-gnu/libicuuc.so.72 (0x00007f77cae56000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f77cae27000)
libicudata.so.72 => /lib/x86_64-linux-gnu/libicudata.so.72 (0x00007f77c9000000)
libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f77c8c00000)

As u see libicudata.so.72 is installed and CLamav can find it.

Reply |

libicudata.so.72: failed to map segment from shared object

Did you compiled clamav or installed a package of your distro?

Reply |

libicudata.so.72: failed to map segment from shared object

compiled from sources.

All was done +- in accordance with your manual.

Reply |

libicudata.so.72: failed to map segment from shared object

Maybe a privilege error? I would also try to increase the softlimit 

Reply |

libicudata.so.72: failed to map segment from shared object

What folders should I check?

Softlimit will increase later and give you a note.

Reply |

libicudata.so.72: failed to map segment from shared object

I don't have clamd linked to libicudata.so... how are you using cmake to build the program?

Reply |

libicudata.so.72: failed to map segment from shared object

Hi,

increasing softlimit - no result

clamav access to lib folder - all ok

cmake was used from your tuotorial.

recompiling  - no result

From CMD clamscan working, problem only with clamdscan after trigging it by simscan.

Reply |

libicudata.so.72: failed to map segment from shared object

And simscan is running as the clamav user, right?

Reply |

libicudata.so.72: failed to map segment from shared object

Yes, compiled with --enable-user=clamav

made downgrade clamav to 1.2.0, but same result.

simscan:[11274]: runned_scanners is spam: 4.0.0 attach: 1.4.1
simscan:[11274]: found 1.4.1
simscan:[11274]: calling clamdscan
simscan:[11274]: cdb looking up version clamav
simscan:[11274]: runned_scanners is spam: 4.0.0 attach: 1.4.1 clamav: 1.2.0/m:62/d:27107
simscan:[11274]: found 1.2.0/m:62/d:27107
simscan:[11274]: normal clamdscan return code: 0
simscan:[11274]: done, execing qmail-queue
simscan:[11274]: qmail-queue exited 0

Reply |

libicudata.so.72: failed to map segment from shared object

Can you enable the simscan debug in your qmail-smtpd and see if something interesting appears in the log?

I would try to reinstall ICU.

As an ultimate thing I would try to do an strace against qmail-smtpd (send me the output via mail, do not post here as it is very long)

Reply |

libicudata.so.72: failed to map segment from shared object

Sent an email.

here is the small part from tracing log:

12656 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libicudata.so.72", O_RDONLY|O_CLOEXEC) = 5
12656 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
12656 newfstatat(5, "", {st_mode=S_IFREG|0755, st_size=31262256, ...}, AT_EMPTY_PATH) = 0
12656 mmap(NULL, 31264784, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = -1 ENOMEM (Cannot allocate memory)

looks like problem with memory.

Reply |

libicudata.so.72: failed to map segment from shared object

Did you restart qmail after increasing the softlimit? If yes increase one more time and retry

Reply |

libicudata.so.72: failed to map segment from shared object

After increasing of SOFTLIMIT up to 64000000 problem with libicudata was solved.

Thx for support.

Reply |

libicudata.so.72: failed to map segment from shared object

I would check that the clamav user can access the library location

Reply |

Extra packages to install when using Ubuntu 22.04

Howdy,

some additional packages needed for installing clam-av:

python3-pip
rustc
cargo
libcheck-isa-perl
check
libbz2-dev libbz2-1.0
libxml2-dev libxml2
libpcre2-dev
libjson-c-dev
libcurl4
libcurl4-openssl-dev
libcurl4-nss-dev
ncurses-base ncurses-bin
libncurses5-dev
libmilter-dev

Just informational.

Reply |

Extra packages to install when using Ubuntu 22.04

Thank you. I added a link to your comment

Reply |

clamav 0.104.0+ install procedure is completely different

Hi Roberto,

Just dropping a line to let you know that the newest version of ClamAV, 0.104.0, has a completely different installation procedure and the tutorial should be updated.

Cheers

Reply |

eXtremeSHOK/clamav-unofficial-sigs

Hi Roberto,

I would like to advise to include the build with "eXtremeSHOK/clamav-unofficial-sigs" for ClamAV from https://github.com/extremeshok/clamav-unofficial-sigs.  It can replace the part of FOXHOLE in your guide with additional third party signatures/databases for ClamAV.  I am running this with ClamAV on CentOS 8.2 for months without any problem.  It is simple to setup and maintain.  See if this is benefit to you and others.

Reply |

eXtremeSHOK/clamav-unofficial-sigs

Thank you Tony. I'll check It out

Reply |

Error parsing PNG files ?

Hi

Checking another thing I found this errors on clamd.log
Someone see this error ?

 /var/qmail/simscan/1601953823.829459.89457/image007.png: Can't parse data ERROR

Something I missed to configure ?

Reply |

Foxhole database

Hi

This database is not working with freshclam  0.102.4 , now use CLD files not CDB or I'm missing something ?

Reply |

Foxhole database

Hi, it's working here with 0.103.0

I have a line like this in my config file and I see regular updates

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb

Reply |

Blog platform

I am curious to find out what blog platform you have been working with? I'm having some minor security problems with my latest blog and I would like to find something more risk-free. Do you have any recommendations?

Reply |

Blog platform

This is a CMS written by myself. Of course it embeds classes and plugins of other people, but it's not wordpress, nor drupal etc.

I'm not an expert of the security concerns of the popular cms...

Reply |