The battle for Virusses are almost on par with the battle for spam. ClamAV can help you here. There’s not much to say really even though I wanted to make a fancy “tag line”. That’s not going to happen apparently. Ah well maybe another day.
So we will install this baby from ports. And just so you know ClamAV updates it’s database every 2 hours unless otherwise defined. This should be enough for everyone. There is really no need to overload your system by check for new definitions every 5 minutes.
First Things First
I strongly recommend installing the following archivers in order for ClamAV to be able to scan mails with attachments in these formats.
cd /usr/ports/archivers/arc && make install clean BATCH=yes cd /usr/ports/archivers/arj && make install clean BATCH=yes cd /usr/ports/archivers/lha && make install clean cd /usr/ports/archivers/rar && make install clean BATCH=yes cd /usr/ports/archivers/unrar && make install clean BATCH=yes cd /usr/ports/archivers/unzoo && make install clean cd /usr/ports/archivers/xar && make install clean BATCH=yes
Installing ClamAV
cd /usr/ports/security/clamav make WITH="LLVM" install clean
When the options screen pops up hit “Ok”. As for the rest of the popups just accept the default values.
We need to remove the original startup scripts generated by the installation as ClamAV will be supervised by Daemontools.
rm /usr/local/etc/rc.d/clamav-clamd rm /usr/local/etc/rc.d/clamav-freshclam
Running ClamAV with Daemontools
mkdir -m 1755 /var/qmail/supervise/clamav mkdir -m 1755 /var/qmail/supervise/freshclam mkdir -m 755 /var/qmail/supervise/clamav/log mkdir -m 755 /var/qmail/supervise/freshclam/log mkdir -m 1755 /var/log/qmail/clamav mkdir -m 1755 /var/log/qmail/freshclam cd /var/qmail/supervise/clamav fetch http://www.xfiles.dk/content/files/freebsd-qmail/clamav-run mv clamav-run run chmod 755 run cd log fetch http://www.xfiles.dk/content/files/freebsd-qmail/clamav-log-run mv clamav-log-run run chmod 755 run
Running Freshclam with Daemontools
cd /var/qmail/supervise/freshclam fetch http://www.xfiles.dk/content/files/freebsd-qmail/freshclam-run mv freshclam-run run chmod 755 run cd log fetch http://www.xfiles.dk/content/files/freebsd-qmail/freshclam-log-run mv freshclam-log-run run chmod 755 run
Adjustning the ClamAV config file
We need to edit the clamav config file otherwise it won’t run probably with daemontools. The file we need to edit is this one /usr/local/etc/clamd.conf
Find the following line.
LogFile /var/log/clamav/clamd.log
And put a # mark in front of it.
# LogFile /var/log/clamav/clamd.log
Now find this line.
User clamav
And change the user to qscand like this.
User qscand
And finally find this line.
# Foreground yes
And remove the # mark like this.
Foreground yes
Adjustning the Freshclam config file
We also need to edit the freshclam config accordingly otherwise it won’t run probably with daemontools. The file we need to edit is this one /usr/local/etc/freshclam.conf
Find the following line.
UpdateLogFile /var/log/clamav/freshclam.log
And put a # mark in front of it.
# UpdateLogFile /var/log/clamav/freshclam.log
Now find this line.
DatabaseOwner clamav
And change the user to qscand like this.
DatabaseOwner qscand
And finally find this line.
# Foreground yes
And change it to.
Foreground yes
Check Permissions
chown -R qscand:qscand /var/log/clamav chown -R qscand:qscand /var/run/clamav/ chown qscand:qscand /var/db/clamav/
Now if you try to start up ClamAV it may fail. There has been some changes meaning that ClamAV is not longer shipped with a Virus Definition DB. You will have to grab the first DB manually and only after this is done ClamAV will be able to run without errors, as well as being able to automatically update it’s Virus Definition DB.
Manually updating the Virus Definition DB is easy, but be warned this can take some time to complete. So let’s do this now before we continue. Enter the following command.
freshclam
Enable The Service
ln -s /var/qmail/supervise/clamav /service/ ln -s /var/qmail/supervise/freshclam /service/
Check if ClamAV is working as intended.
svstat /service/clamav/ /service/clamav/log
If everything is ok you should get and output like below.
/service/clamav/: up (pid 86635) 19 seconds /service/clamav/log: up (pid 86636) 19 seconds
Now check if everything FreshClam is working as intended.
svstat /service/freshclam/ /service/freshclam/log
If everything is ok you should get and output like below.
/service/freshclam/: up (pid 55698) 20 seconds /service/freshclam/log: up (pid 55699) 20 second
Adjust update frequency
Optional start.
If you want to change the how often ClamAV is updating its database then you have to modify the /usr/local/etc/freshclam.conf the lines you are looking for are these.
# Number of database checks per day. # Default: 12 (every two hours) # Checks 24
Optional stop.
Adding ClamAV to qmailctl
In order to control dovecut from qmailctl we need to edit this file /usr/bin/qmailctl find the following lines and remove the # mark
# if svok /service/clamav ; then # svc -u /service/clamav /service/clamav/log # echo "Starting clamav" # else # echo "clamav supervise not running" # fi # if svok /service/freshclam ; then # svc -u /service/freshclam /service/freshclam/log # echo "Starting freshclam" # else # echo "freshclam supervise not running" # fi # echo " clamav" # svc -d /service/clamav /service/clamav/log # echo " freshclam" # svc -d /service/freshclam /service/freshclam/log # svstat /service/clamav # svstat /service/clamav/log # svstat /service/freshclam # svstat /service/freshclam/log # echo "Pausing clamav" # svc -p /service/clamav # echo "Pausing freshclam" # svc -p /service/freshclam # echo "Pausing clamav" # svc -c /service/clamav # eco "Pausing freshclam" # svc -c /service/freshclam # echo "* Restarting clamav" # svc -t /service/clamav /service/clamav/log # echo "* Restarting freshclam" # svc -t /service/freshclam /service/freshclam/log
All of the lines above should now look like this.
if svok /service/clamav ; then svc -u /service/clamav /service/clamav/log echo "Starting clamav" else echo "clamav supervise not running" fi if svok /service/freshclam ; then svc -u /service/freshclam /service/freshclam/log echo "Starting freshclam" else echo "freshclam supervise not running" fi echo " clamav" svc -d /service/clamav /service/clamav/log echo " freshclam" svc -d /service/freshclam /service/freshclam/log svstat /service/clamav svstat /service/clamav/log svstat /service/freshclam svstat /service/freshclam/log echo "Pausing clamav" svc -p /service/clamav echo "Pausing freshclam" svc -p /service/freshclam echo "Pausing clamav" svc -c /service/clamav eco "Pausing freshclam" svc -c /service/freshclam echo "* Restarting clamav" svc -t /service/clamav /service/clamav/log echo "* Restarting freshclam" svc -t /service/freshclam /service/freshclam/log
Now restart qmail in order for the changes to take effect.
qmailctl restart
And we are done here.