HowTo: ClamAV

Re: Re: HowTo: ClamAV

SupermanInNY said:
I'm having a bit of a problme with this prcoess:


Any pointers?

WBEL 3.0
clamav-0.87.1
Click to expand...

Open /etc/clamd.conf with an editor, search for LocalSocket and make sure it looks like:
Code: 
LocalSocket /var/run/clamav/clamd
Save and exit and complete the other steps.
 
HOWTO CLAMAV CENTOS 4.2 *64 BIT*

Thanks to original howto writer getUP and decafranky for extra information.
--------------

Tested on CentOS 4.2. *64 BIT*



1.
#cd /root
#mkdir clam
#cd clam

wget http://dag.wieers.com/packages/clamav-0.87-1.2.el4.rf.x86_64.rpm
wget http://dag.wieers.com/packages/clamav-db-0.87-1.2.el4.rf.x86_64.rpm
wget http://dag.wieers.com/packages/clamav-devel-0.87-1.2.el4.rf.x86_64.rpm
wget http://dag.wieers.com/packages/clamd-0.87-1.2.el4.rf.x86_64.rpm

#rpm -Uvh *


nano /etc/crontab

add below line to the end of the file:

53 * * * * root /usr/bin/freshclam

ctrl+x
y

#service clamd start

2. nano /etc/exim.conf

a) find : ctrl+w

# primary_hostname =
right below comments
add below line after this:

av_scanner = clamd:127.0.0.1 3310

b) find : ctrl+w

# ACL that is used after the DATA command
check_message:
accept

replace with:

Code: 
check_message:
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
  accept

3. nano /etc/group
find :

mail:x:12:mail

replace with :

mail:x:12:mail,clamav

4. nano /etc/clamd.conf

find :

#LocalSocket /var/run/clamav/clamd.sock

and make sure it looks like this:

# Path to a local socket file the daemon will listen on.
# Default: disabled
#LocalSocket /var/run/clamav/clamd.sock

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket

# TCP port address.
# Default: disabled
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
TCPAddr 127.0.0.1




5.

:: OPTIONAL IF NEEDED ::

my exim version is already 4.54-1 because of newly installed server.
If your exim version is below that version upgrade your exim like this:

wget http://files.directadmin.com/services/da_exim-4.54-1.src.rpm

rpm -ivh da_exim-4.54-1.src.rpm

cd /usr/src/redhat/SOURCES

vi ./da_exim-Makefile

bovenaan toevoegen: WITH_OLD_DEMIME = yes

cd /usr/src/redhat/SPECS

rpmbuild -bb exim.spec

cd /usr/src/redhat/RPMS/i386

rpm --force -i da_exim-4.51-1.i386.rpm

6.

#service exim restart

#service clamd restart

7. check your mail and clamav logs

#tail -f /var/log/exim/reject.log

#tail -f /var/log/clamav/clamd.log

8. OPTIONAL

You can verify and test your installation using the tests on:

http://www.gfi.com/emailsecuritytest/
 
Last edited:
Hello all,

I've got a question, I setup spamassassin, MailScanner and ClamAV and all are running I can see that on process id list.

I've got that for clamav:

clamav 4267 0.0 0.0 4640 1032 ? Ss 13:13 0:00 /usr/bin/freshcla
clamav 4281 0.0 0.0 4636 1028 ? Ss 13:13 0:00 /usr/bin/freshcla


I have then no idea why it doesn't work when I try to connect to localhost 3310.

If someone have an idea, I'll be happy to read an answer.

Thanks!

Maniak
 
It's the clamd process that opens the port... check if that process is running.

The port is configured in the clamd.conf file. For performance and security reasons, however, I'd recommend using the socket instead of the tcp port (which is the default).
 
Hello,

No in fact not running! I have troubles to make clamav works fine, I'm fusing FC3 on an AMD Opteron 64 bits.

I found a lotta rpms files but noone seems to work fine with my FC =( i'm a bit confused about which to choose.

MailScanner works fine, but noway to setup clamav :(
 
i get this error

05-12-28 12:57:08 1EriM8-0005Gf-4r malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (No such file or directory)




Centos 4.2
 
Hi,

I have followed the steps strictly but still encountering this error.

# /sbin/service exim restart
Shutting down exim:
Starting exim: 2005-11-09 21:15:35 Exim configuration error in line 569 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

How do I solve this? What does SMTP limiter plugin for? Anyway to disable it
 
memoriess said:
Hi,

I have followed the steps strictly but still encountering this error.

# /sbin/service exim restart
Shutting down exim:
Starting exim: 2005-11-09 21:15:35 Exim configuration error in line 569 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

How do I solve this? What does SMTP limiter plugin for? Anyway to disable it
Click to expand...

Which OS?
 
ClamAV 0.88

Easy update with this ;) to clamav-0.88
if you miss some in install will be fix to clamav-0.88
Code: 
wget [url]http://www.web4host.net/tools/ClamAV-update-tools.sh[/url]
chmod 755 ClamAV-update-tools.sh
./ClamAV-update-tools.sh



Wael
 
Last edited:
As for the demime errors, reinstalling Exim should be solving that.

Code: 
wget [url]http://files.directadmin.com/services/da_exim-4.60-1.src.rpm[/url]
rpm -ivh da_exim-4.60-1.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bb exim.spec
cd /usr/src/redhat/RPMS/i386
rpm -Uvh --force --nodeps da_exim-4-60-1.i386.rpm
 
Hi,

wanted to update my ClamAV and used the script from @how@ but he did not update......still got the message it is outdated in my freshclam.log. Any pointers?

Thanks!!

Dennis
 
anyone tested the guide at debian is working? cos I would like to install at debian box. Thank for all
 
Re: ClamAV 0.88

@how@ said:
Easy update with this ;) to clamav-0.88
if you miss some in install will be fix to clamav-0.88
Code: 
wget [url]http://www.web4host.net/tools/ClamAV-update-tools.sh[/url]
chmod 755 ClamAV-update-tools.sh
./ClamAV-update-tools.sh



Wael
Click to expand...

ClamAV 0.88.1

Wael
 
You must log in or register to reply here.
Back
Top