ClamAV

#1
groupadd clamav
useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav

tar zxvf clamav-##.tar.gz

cd clamav-##
./configure \
–prefix=/usr \
–with-user=amavis \
–with-group=amavis \
–sysconfdir=/etc/clamav

make && make install

#2
Now we have to edit /etc/clamav/clamd.conf

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 3M
LogTime No
LogSyslog No
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamav.sock
FixStaleSocket No
MaxDirectoryRecursion 20
User amavis
AllowSupplementaryGroups Yes
DetectPUA yes
AlgorithmicDetection yes
ScanPE yes
ScanELF yes
ScanPDF yes
ScanMail yes
MaxFileSize 15M
MaxRecursion 10
MaxFiles 1500
AllowSupplementaryGroups Yes

#3
…and now /etc/clamav/freshclam.conf

DatabaseDirectory /var/lib/clamav
PidFile /var/run/freshclam.pid
DatabaseOwner amavis
DatabaseMirror clamav.iasi.roedu.net
DatabaseMirror clamav.mirror.myebs.de
MaxAttempts 5

#4
Create directories structure

mkdir -p /var/lib/clamav
chown -R amavis:amavis /var/lib/clamav
mkdir -p /var/run/clamav
chown -R amavis:amavis /var/run/clamav
mkdir -p /var/log/clamav
chown -R amavis:amavis /var/log/clamav

#5
!!!!!!!!!! IMPORTANT – edit content of /etc/amavisd.conf !!!!!!
[‘ClamAV-clamd’,
\&ask_daemon, [“CONTSCAN {}\n”, “/var/run/clamav/clamav.sock”],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ]
,

#6
Now we have to put this to crontab 0 2 * * * /usr/bin/freshclam –quiet -l /var/log/clamav/clamd-update.log

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s