ClamAV

Primary tabs

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

Prerequisites
In order to verifty the digital signature of the virus database, install gmp-devel

yum -y install gmp-devel

Installation
Create a user and group for ClamAV to run as:

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

Download the latest version (0.97.3 at time of writing):

cd /extra/src
wget http://downloads.sourceforge.net/clamav/clamav-0.97.3.tar.gz
tar zxf clamav-0.97.3.tar.gz
cd clamav-0.97.3
./configure
make
make install

Configuration
Before starting up clamd, we'll need to edit /usr/local/etc/clamd.conf with a few options:

#Example
#LogFile
LogSyslog no
FixStaleSocket yes
Foreground yes
LocalSocket /tmp/clamd.socket

We also need to edit /usr/local/etc/freshclam.conf before it will run under daemontools:

#Example
#UpdateLogFile
LogSyslog no
Foreground yes

daemontools startup
Rather than using init.d scripts, we'll use daemontools to manage running clamd. Create the directories to hold the services:

mkdir -m 1755 /var/service/clamav
mkdir -m 755 /var/service/clamav/log

Then set up the service and log scripts:

cd /var/service/clamav
wget --no-check-certificate -c http://www.antagonism.org/scripts/clamav-run
mv clamav-run run
chmod 755 run
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Repeat the procedure for freshclam:

mkdir -m 1755 /var/service/freshclam
mkdir -m 755 /var/service/freshclam/log
cd /var/service/freshclam
wget --no-check-certificate -c http://www.antagonism.org/scripts/freshclam-run
mv freshclam-run run
chmod 755 run
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Create the symbolic links in /service to start clamd and freshclam:

ln -s /var/service/clamav /service/
ln -s /var/service/freshclam /service/

After about 10 seconds, confirm they are running:

svstat /service/clamav /service/freshclam

Uninstalling ClamAV
Remove the symbolic link in /service and then stop the clamav daemontools service:

cd /service/clamav
rm /service/clamav
svc -dx . log

Then stop the freshclam daemontools service:

cd /service/freshclam
rm /service/freshclam
svc -dx . log

Go into the source, assuming you still have it, and uninstall it:

cd /extra/src/clamav-0.93
./configure
make uninstall

Make sure that you haven’t got old libraries (libclamav.so) lying around your filesystem. You can verify it using:

ldd `which freshclam`

Also make sure there is really only one version of ClamAV installed on your system:

whereis freshclam
whereis clamscan

Recent Updates