January 1, 2023 Roberto Puzzanghera 10 comments
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Version 1.0.0 of ClamAV
requires the Rust
environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust
package and then install a new version in this way:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH
. If something went wrong, add it by yourself to your profile:
export PATH:$PATH:/root/.cargo/bin
If one day you want to uninstall this Rust
installation, because the package is available in your distro, you can do like this:
rustup self uninstall
Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.
cd /usr/local/etc mv clamd.conf clamd.conf.105 mv clamd.conf.sample clamd.conf mv freshclam.conf freshclam.conf.105 mv freshclam.conf.sample freshclam.conf
You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have
LogRotate yes
in your config files.
Starting from v. 0.104.0 the installation of clamav
is based only on CMake
, which superseds the autotools
installation. Therefore we have to change the way the program is configured at compile time.
Since the installation we are going to do is very basic, I suggest to install a package from your distro and come back here to read the post-install notes.
What follows concerns the installation from source. As already said, CMake
is needed and if your distro doesn't provide a recent version you should update it via python pip3
; refer to this page if you need to update your CMake
.
If you have a recent CMake version (v. 3.21.3 works here) this is how you can install clamav
from source.
clamav
and freshclam
requires these library dependencies:
Optionally, if on a Linux distro with SystemD:
Goofy reported here the set of packages needed by ClamAV
on Ubuntu 22.04.
Create clamav
user and group
groupadd clamav useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
CLAMAV_VER=1.0.1 cd /usr/local/src wget http://www.clamav.net/downloads/production/clamav-${CLAMAV_VER}.tar.gz tar -xzf clamav-${CLAMAV_VER}.tar.gz cd clamav-${CLAMAV_VER} chown -R root:root .
First, make a "build" subdirectory. This will enable you to easily delete your build files if something goes wrong and you need to re-configure and try again.
The following configuration uses /usr/local
as the default install prefix as the the previous v. 0.103 installation. If you have a 32b system change the libdir
to /usr/local/lib
. If you have a systemd
based system use ENABLE_SYSTEMD=ON
.
mkdir build cd build cmake \ -D CMAKE_INSTALL_PREFIX=/usr/local \ -D CMAKE_INSTALL_FULL_LIBDIR=/usr/local/lib64 \ -D APP_CONFIG_DIRECTORY=/usr/local/etc \ -D ENABLE_MILTER=ON \ -D ENABLE_SYSTEMD=OFF \ -D ENABLE_TESTS=ON \ -D CMAKE_BUILD_TYPE=Release .. cmake --build . ctest cmake --build . --target install
Create the log and the database directories:
mkdir -p /var/log/clamd chown -R clamav:clamav /var/log/clamd/ chmod -R o-rx /var/log/clamd/ mkdir -p /usr/local/share/clamav chown clamav:clamav /usr/local/share/clamav
Pay attention at these lines, in particular the one which sets the user who runs the daemon:
# This must be commented # Example LogFile /var/log/clamd/clamd.log LogTime yes LogRotate yes DatabaseDirectory /usr/local/share/clamav/ User clamav TCPSocket 3310 TCPAddr 127.0.0.1
# Comment or remove the line below. #Example DatabaseDirectory /usr/local/share/clamav/ UpdateLogFile /var/log/clamd/freshclam.log LogTime yes LogRotate yes DatabaseOwner clamav DatabaseMirror database.clamav.net NotifyClamd /usr/local/etc/clamd.conf # this is for updating versions on simscan headers. Comment out if simscan is not already installed OnUpdateExecute /usr/local/sbin/update-simscan
clamd
and freshclam
Before running clamd
you have to run freshclam
to download the database. Create a startup script like this for freshclam
(download):
#!/bin/sh # # Start/stop/restart freshclam. # DAEMON=/usr/local/bin/freshclam # Start clamav: start() { if [ -x $DAEMON ]; then echo -n "Starting freshclam daemon ... " $DAEMON -d echo " done." fi } # Stop clamav: stop() { echo -n "Stopping freshclam daemon ... " killall -TERM freshclam echo " done." } # Restart clamav: restart() { stop sleep 1 start } case "$1" in 'start') start ;; 'stop') stop ;; 'restart') restart ;; *) echo "usage $0 start|stop|restart" esac
Start the daemon:
cd /usr/local/bin wget https://notes.sagredo.eu/files/qmail/freshclamctl chmod +x /usr/local/bin/freshclamctl freshclamctl start
Check that the database has been updated
# more /var/log/clamd/freshclam.log -------------------------------------- freshclam daemon 0.96.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) ClamAV update process started at Fri Oct 22 13:15:43 2010 main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven) WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 195.22.205.162) WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 213.92.8.5) WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net WARNING: getfile: daily-11979.cdiff not found on remote server (IP: 193.206.139.37) WARNING: getpatch: Can''t download daily-11979.cdiff from db.it.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 12167, sigs: 142570, f-level: 53, builder: guitar) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 86, sigs: 10, f-level: 53, builder: edwin) Database updated (847307 signatures) from db.it.clamav.net (IP: 193.206.139.37) Clamd successfully notified about the update. --------------------------------------
Now create a script clamdctl
(download) like this into the /usr/local/bin
folder:
#!/bin/sh # # Start/stop/restart clamav. # DAEMON=/usr/local/sbin/clamd # Start clamav: start() { if [ -x $DAEMON ]; then echo -n "Starting clamd daemon: /usr/sbin/clamd " $DAEMON echo " done." fi } # Stop clamav: stop() { echo -n "Stopping clamd daemon ... " killall -TERM clamd echo " done." } # Restart clamav: restart() { stop sleep 1 start } # Help help() { $DAEMON --help exit } case "$1" in 'start') start ;; 'stop') stop ;; 'restart') restart ;; 'help') help ;; *) echo "usage $0 start|stop|restart|help" esac
Start the daemon
cd /usr/local/bin wget https://notes.sagredo.eu/files/qmail/clamdctl chmod +x /usr/local/bin/clamdctl clamdctl help Clam AntiVirus Daemon 0.96.3 By The ClamAV Team: http://www.clamav.net/team (C) 2007-2009 Sourcefire, Inc. --help -h Show this help. --version -V Show version number. --debug Enable debug mode. --config-file=FILE -c FILE Read configuration from FILE. clamdctl start
Don't forget to enable clamd
and freshclam
startup at boot time in your rc.local
.
qq_temporary_problem_(#4.3.0)
June 2, 2023 06:32
qq_temporary_problem_(#4.3.0)
June 1, 2023 21:18
qq_temporary_problem_(#4.3.0)
May 31, 2023 18:22
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:42
qq_temporary_problem_(#4.3.0)
May 31, 2023 14:33
Thank you! for all the documentation, patches and support
May 26, 2023 08:42
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 15:25
free(): double free detected in tcache 2: /var/www/qmail/cgi-bin/qmailadmin
May 17, 2023 07:46
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail to postfix qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin
Comments
Extra packages to install when using Ubuntu 22.04
GoofY April 11, 2023 05:55
Howdy,
some additional packages needed for installing clam-av:
python3-pip
rustc
cargo
libcheck-isa-perl
check
libbz2-dev libbz2-1.0
libxml2-dev libxml2
libpcre2-dev
libjson-c-dev
libcurl4
libcurl4-openssl-dev
libcurl4-nss-dev
ncurses-base ncurses-bin
libncurses5-dev
libmilter-dev
Just informational.
Reply | Permalink
Extra packages to install when using Ubuntu 22.04
Roberto Puzzanghera GoofY April 11, 2023 13:37
Thank you. I added a link to your comment
Reply | Permalink
clamav 0.104.0+ install procedure is completely different
Gabriel Torres September 27, 2021 02:54
Hi Roberto,
Just dropping a line to let you know that the newest version of ClamAV, 0.104.0, has a completely different installation procedure and the tutorial should be updated.
Cheers
Reply | Permalink
eXtremeSHOK/clamav-unofficial-sigs
Tony Fung October 7, 2020 03:53
Hi Roberto,
I would like to advise to include the build with "eXtremeSHOK/clamav-unofficial-sigs" for ClamAV from https://github.com/extremeshok/clamav-unofficial-sigs. It can replace the part of FOXHOLE in your guide with additional third party signatures/databases for ClamAV. I am running this with ClamAV on CentOS 8.2 for months without any problem. It is simple to setup and maintain. See if this is benefit to you and others.
Reply | Permalink
eXtremeSHOK/clamav-unofficial-sigs
Roberto Puzzanghera Tony Fung October 7, 2020 06:09
Thank you Tony. I'll check It out
Reply | Permalink
Error parsing PNG files ?
Pablo Murillo October 6, 2020 14:32
Hi
Checking another thing I found this errors on clamd.log
Someone see this error ?
Something I missed to configure ?
Reply | Permalink
Foxhole database
Pablo Murillo September 23, 2020 21:46
Hi
This database is not working with freshclam 0.102.4 , now use CLD files not CDB or I'm missing something ?
Reply | Permalink
Foxhole database
Roberto Puzzanghera Pablo Murillo September 24, 2020 09:09
Hi, it's working here with 0.103.0
I have a line like this in my config file and I see regular updates
Reply | Permalink
Blog platform
live casino November 20, 2019 02:17
I am curious to find out what blog platform you have been working with? I'm having some minor security problems with my latest blog and I would like to find something more risk-free. Do you have any recommendations?
Reply | Permalink
Blog platform
Roberto Puzzanghera live casino November 20, 2019 14:55
This is a CMS written by myself. Of course it embeds classes and plugins of other people, but it's not wordpress, nor drupal etc.
I'm not an expert of the security concerns of the popular cms...
Reply | Permalink