Installing ClamAV

• Info: http://www.clamav.net
• Latest version: 1.0.1

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Upgrading to v. 1.0.x

Version 1.0.0 of ClamAV requires the Rust environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust package and then install a new version in this way:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH. If something went wrong, add it by yourself to your profile:

export PATH:$PATH:/root/.cargo/bin

If one day you want to uninstall this Rust installation, because the package is available in your distro, you can do like this:

rustup self uninstall

Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.

cd /usr/local/etc
mv clamd.conf clamd.conf.105
mv clamd.conf.sample clamd.conf
mv freshclam.conf freshclam.conf.105
mv freshclam.conf.sample freshclam.conf

You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have 

LogRotate yes

in your config files.

Prerequisites

Starting from v. 0.104.0 the installation of clamav is based only on CMake, which superseds the autotools installation. Therefore we have to change the way the program is configured at compile time.

Since the installation we are going to do is very basic, I suggest to install a package from your distro and come back here to read the post-install notes.

What follows concerns the installation from source. As already said, CMake is needed and if your distro doesn't provide a recent version you should update it via python pip3; refer to this page if you need to update your CMake.

If you have a recent CMake version (v. 3.21.3 works here) this is how you can install clamav from source.

clamav and freshclam requires these library dependencies:

• libbz2 / bzip2
• libz / zlib
• libxml2
• libpcre2
• openssl
• json-c
• libjson-c / json-c
• libmspack (built-in by default, enable with `ENABLE_EXTERNAL_MSPACK=ON`)
• libiconv (built-in to `libc` 99% of the time)
• pthreads (provided by Linux/Unix)
• llvm (optional)
• libcheck (default, disable with `ENABLE_TESTS=OFF`)
• libcurl
• libmilter (Unix/Linux-only, disable with `ENABLE_MILTER=OFF`)
• ncurses or pdcurses, in you need ClamDTop.
• rust toolchain (>= 1.61 as of clamav-1.0.0)

Optionally, if on a Linux distro with SystemD:

• systemd, so ClamD, FreshClam, ClamOnAcc SystemD service.
• libsystemd, so ClamD will support the `clamd.ctl` socket.

Goofy reported here the set of packages needed by ClamAV on Ubuntu 22.04.

Install

Create clamav user and group

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav

Download

CLAMAV_VER=1.0.1
cd /usr/local/src
wget http://www.clamav.net/downloads/production/clamav-${CLAMAV_VER}.tar.gz
tar -xzf clamav-${CLAMAV_VER}.tar.gz
cd clamav-${CLAMAV_VER}
chown -R root:root .

Build and install

First, make a "build" subdirectory. This will enable you to easily delete your build files if something goes wrong and you need to re-configure and try again.

The following configuration uses /usr/local as the default install prefix as the the previous v. 0.103 installation. If you have a 32b system change the libdir to /usr/local/lib. If you have a systemd based system use ENABLE_SYSTEMD=ON.

mkdir build 
cd build

cmake \
       -D CMAKE_INSTALL_PREFIX=/usr/local \
       -D CMAKE_INSTALL_FULL_LIBDIR=/usr/local/lib64 \
       -D APP_CONFIG_DIRECTORY=/usr/local/etc \
       -D ENABLE_MILTER=ON \
       -D ENABLE_SYSTEMD=OFF \
       -D ENABLE_TESTS=ON \
       -D CMAKE_BUILD_TYPE=Release ..

cmake --build .
ctest
cmake --build . --target install

Configuring

Create the log and the database directories:

mkdir -p /var/log/clamd
chown -R clamav:clamav /var/log/clamd/
chmod -R o-rx /var/log/clamd/

mkdir -p /usr/local/share/clamav
chown clamav:clamav /usr/local/share/clamav

/usr/local/etc/clamd.conf

Pay attention at these lines, in particular the one which sets the user who runs the daemon:

# This must be commented
# Example
LogFile /var/log/clamd/clamd.log
LogTime yes
LogRotate yes
DatabaseDirectory /usr/local/share/clamav/
User clamav
TCPSocket 3310
TCPAddr 127.0.0.1

/usr/local/etc/freshclam.conf

# Comment or remove the line below.
#Example
DatabaseDirectory /usr/local/share/clamav/
UpdateLogFile /var/log/clamd/freshclam.log
LogTime yes
LogRotate yes
DatabaseOwner clamav
DatabaseMirror database.clamav.net
NotifyClamd /usr/local/etc/clamd.conf
# this is for updating versions on simscan headers. Comment out if simscan is not already installed
OnUpdateExecute /usr/local/sbin/update-simscan

Running clamd and freshclam

Before running clamd you have to run freshclam to download the database. Create a startup script like this for freshclam (download):

#!/bin/sh 
# 
# Start/stop/restart freshclam. 
# 

DAEMON=/usr/local/bin/freshclam 

# Start clamav: 
start() { 
 if [ -x $DAEMON ]; then 
   echo -n "Starting freshclam daemon ... " 
   $DAEMON -d 
   echo " done." 
 fi 
} 

# Stop clamav: 
stop() { 
   echo -n "Stopping freshclam daemon ... " 
   killall -TERM freshclam 
   echo " done." 
} 

# Restart clamav: 
restart() { 
 stop 
 sleep 1 
 start 
} 

case "$1" in 
'start') 
 start 
 ;; 
'stop') 
 stop 
 ;; 
'restart') 
 restart 
 ;; 
*) 
 echo "usage $0 start|stop|restart" 
esac

Start the daemon:

cd /usr/local/bin
wget https://notes.sagredo.eu/files/qmail/freshclamctl
chmod +x /usr/local/bin/freshclamctl
freshclamctl start

Check that the database has been updated

# more /var/log/clamd/freshclam.log

--------------------------------------
freshclam daemon 0.96.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Fri Oct 22 13:15:43 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 195.22.205.162)
WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net
WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 213.92.8.5)
WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net
WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 193.206.139.37)
WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 12167, sigs: 142570, f-level: 53, builder: guitar)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 86, sigs: 10, f-level: 53, builder: edwin)
Database updated (847307 signatures) from db.it.clamav.net (IP: 193.206.139.37)
Clamd successfully notified about the update.
--------------------------------------

Now create a script clamdctl (download) like this into the /usr/local/bin folder:

#!/bin/sh 
# 
# Start/stop/restart clamav. 
# 

DAEMON=/usr/local/sbin/clamd 

# Start clamav: 
start() { 
 if [ -x $DAEMON ]; then 
   echo -n "Starting clamd daemon:  /usr/sbin/clamd " 
   $DAEMON 
   echo " done." 
 fi 
} 

# Stop clamav: 
stop() { 
  echo -n "Stopping clamd daemon ... " 
  killall -TERM clamd 
  echo " done." 
} 

# Restart clamav: 
restart() { 
  stop 
  sleep 1 
  start 
} 

# Help 
help() { 
  $DAEMON --help 
  exit 
} 

case "$1" in 
'start') 
 start 
 ;; 
'stop') 
 stop 
 ;; 
'restart') 
 restart
  ;; 
'help') 
 help 
 ;; 
*) 
 echo "usage $0 start|stop|restart|help" 
esac

Start the daemon

cd /usr/local/bin
wget https://notes.sagredo.eu/files/qmail/clamdctl 
chmod +x /usr/local/bin/clamdctl 
clamdctl help

                      Clam AntiVirus Daemon 0.96.3
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                   -h             Show this help.
    --version                -V             Show version number.
    --debug                                 Enable debug mode.
    --config-file=FILE       -c FILE        Read configuration from FILE.

clamdctl start

Don't forget to enable clamd and freshclam startup at boot time in your rc.local.

 /var/qmail/simscan/1601953823.829459.89457/image007.png: Can't parse data ERROR

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb