CLAMAV:

ClamAV is the free, Open-Source AntiVirus. I will install ClamAV, which will later be integrated with Qmail-Scanner.

You may want to install the following Perl module. ClamAV RPM will install it too.

perl -MCPAN -e "install ClamAV::Client"

Download ClamAV:

ClamAV official site http://clamav.net has the latest version of 0.95.2 , when this howto was initially written. I found that http://rpm.pbone.net has the latest rpm. Lets download and install that:

cd /downloads/

wget ftp://ftp.pbone.net/mirror/atrpms.net/el5-x86_64/atrpms/stable/clamav-0.95.2-45.el5.x86_64.rpm

rpm -ivh clamav-0.95.2-45.el5.x86_64.rpm

[root@www downloads]# service clamav start

Starting clamd: LibClamAV Warning: **************************************************

LibClamAV Warning: *** The virus database is older than 7 days! ***

LibClamAV Warning: *** Please update it as soon as possible. ***

LibClamAV Warning: **************************************************

[ OK ]

Starting freshclam: [ OK ]

[root@www qmailnew]# service clamav status

clamd (pid 31443) is running...

As you can see above, ClamAV showed a warning about the virus database. But as soon as freshclam is run, it updates the virus database. You can manually run the virus database update process by running freshclam manually:

[root@www qmailnew]# freshclam

ClamAV update process started at Fri Jun 26 20:39:38 2009

main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)

daily.cvd is up to date (version: 9510, sigs: 36982, f-level: 43, builder: neo)

I am going to use ClamAV teamed up with SpamAssassin, which will be called from Qmail-Scanner, later. So I need to run all these three pieces of software as a common user qscand. This is not a very wise idea and I am working on running each piece of software as it's own user in my upcoming howto. At the moment, I will just use the user qscand:

groupadd -g 710 qscand

useradd -u 710 -g 710 -c "Qmail-Scanner Account" -s /bin/false qscand

Stop ClamAV service before you change the configuration files:

service clamav stop

Edit the configuration files and make the necessary changes:

vi /etc/clamd.conf

# Lines shown below are default settings, unless specified otherwise.

LogFile /var/log/clamav/clamd.log

LogFileMaxSize 0

LogTime yes

LogSyslog yes # ---------------------> default is NO. Change to YES.

PidFile /var/run/clamav/clamd.pid

TemporaryDirectory /tmp

DatabaseDirectory /var/lib/clamav

LocalSocket /var/run/clamav/clamd.sock # --------> Disabled. Change to enabled/socket file name.

FixStaleSocket yes

MaxConnectionQueueLength 30

MaxThreads 50

ReadTimeout 300

User qscand # ----------------------> Most important. Default clamav. Change to qscand.

AllowSupplementaryGroups yes

DetectBrokenExecutables yes

ScanMail yes

ArchiveMaxCompressionRatio 300

ArchiveBlockEncrypted yes

ArchiveBlockMax yes

vi /etc/freshclam.conf

DatabaseDirectory /var/lib/clamav

UpdateLogFile /var/log/clamav/freshclam.log

PidFile /var/run/clamav/freshclam.pid

LogSyslog yes # -----------------------------------> change to yes

DatabaseOwner qscand # -------------------------> Most important. Default clamav. Change to qscand.

AllowSupplementaryGroups yes

DNSDatabaseInfo current.cvd.clamav.net

DatabaseMirror db.us.clamav.net

DatabaseMirror database.clamav.net

Checks 24

NotifyClamd /etc/clamd.conf

Create the following logrotate config files if not present already:

vi /etc/logrotate.d/clamd

#

# Rotate Clam AV daemon log file

#

/var/log/clamav/clamd.log {

missingok

nocompress

create 640 qscand qscand

postrotate

/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2> /dev/null || true

endscript

}

vi /etc/logrotate.d/freshclam

#

# Rotate FreshClam daemon log file

#

/var/log/clamav/freshclam.log {

missingok

nocompress

create 640 qscand qscand

postrotate

/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2> /dev/null || true

endscript

}

Update ownership:

Setup log directory and change ownership of the ClamAV related files and directories to user qscand:

mkdir /var/log/clamav

chown qscand:qscand /var/log/clamav -R

chown qscand:qscand /var/lib/clamav -R

chown qscand:qscand /var/run/clamav -R

service clamd restart

chkconfig --level 35 clamd on

service freshclam restart

chkconfig --level 35 freshclam on

Please note that the newer versions of freshclam doesn't need a freshclam update entry in cron. The newer versions have freshclam running as service which pulls virus database updates at regular intervals.

That is all. ClamAV is installed .