全部博文(408)
分类: LINUX
2006-07-19 17:47:45
Mandrake 10.0
Copyright Aerospace Software Ltd., GPL, 2004
This guide describes how to install Clam Anti Virus on a Linux machine. The idea is to get a working install of Clam AV going, then to use a script to hook it into Apache and SquidGuard. The result will be a complex system consisting of the Apache Web Server, Squid Proxy, SquidGuard Filter and ClamAV all working in close harmony, to provide a safe Web experience for a gaggle of MS Windows machines.
It is true that a virus checker such as this one is a reactive tool and therefore not 100% safe, but it is more convenient than simply blocking all executables, since it is nice to be able to download executables via HTTP.
If you are interested in a proactive tool, then have a look on Google for the web site of John D. Hardin. He has a tool called HTML-Trap which does a remarkable job of removing any executables, viruses past present and future - virtually no updates required, maybe once a year. This tool is ideal for a mail system.
Clam is on your CDROMs, but getting it elsewhere is more fun. Also, I'm sitting at home now and my machine is 10 kilometers away in the office, I'm not going to drive over there just to search for and change CDROMs. This is much better done via SSH and the internet.
Now here is how NOT to do it! Hop to INRIA in France at and get the following RPM files for Mandrake i586:
clamav-0.61-0.20030829.1mdk.i586.rpm
libclamav1-0.61-0.20030829.1mdk.i586.rpm
clamav-db-0.61-0.20030829.1mdk.i586.rpm
libgmp3-4.1.2-4mdk.i586.rpm
A quick check revealed that libgmp is already installed (rpm -q libgmp); one less for me to worry about. Lib files should be installed before other files, but when I try to install clamav-db, it says that it requires clamav and when I try to install clamav, it says it requires clamav-db, blech...
# rpm -i libclam[tab]
# rpm -i --nodeps clamav-db[tab]
# rpm -i clamav[tab]
The --nodeps option fixes the circular dependency and off we go.
It seemed OK up to this point, but when I tried to run the clamd daemon, it was nowhere to be found, so what exactly was in those schtoopidttt RPMS???
...and here is the better way to do it: Get the source tarball from and compile it:
# tar -zxvf clamav.0.7[tab]
# cd clamav.0.7[tab]
# ./configure --sysconfdir=/etc
configure: WARNING: ****** GNU MP 2 or newer NOT FOUND - digital signature support will be disabled !
Bah, humbug! - this is getting annoying. Off to find GNU MP2 or newer at and compile it:
# tar -zxvf gmp[tar]
# cd gmp[tab]
# ./configure
# make
# make install
Well, hot damn, that was a looong wait. Let's get back to Clam AV and see how it goes this time around:
# cd ../clamav0.7[tab]
# ./configure --sysconfdir=/etc
# make
# make install
# clamd
ERROR: Please edit the example config file /etc/clamav.conf.
ERROR: Can't open/parse the config file /etc/clamav.conf
Cool, now we know clamd exists and where the configuration file should go. We shall Never surrender!
We need a user and group clamav. This may already exist. Do the following, if it already exists, then nothing much will happen:
# groupadd clamav
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
Edit file /etc/clamav.conf. Comment out Example and increase the number of threads to 10 or more. Try to scan the source directory recursively:
# cd ..
# clamscan -r -l scan.txt clamav-0.75.1
It should find the virus examples in the source distribution - worked for me. If it doesn't, then you are SOL and need to try another version, an older one maybe.
A virus tool goes stale faster than a hotdog bun in Arizona. We need to automate the database update, else it won't be effective for more than a few days:
# touch /var/log/clam-update.log
# chmod 600 /var/log/clam-update.log
# chown clamav /var/log/clam-update.log
# freshclam -d -c 2 -l /var/log/clam-update.log
Also add that last line to the bottom of /etc/rc.d/rc.local to start the daemon after a reboot.
Now we have ClamAV installed and it should stay up to date all by itself, thanks to the good folks of the ClamAV project.
