Aug 11 2008

[Linux] Installing ClamAV antivirus and integrating with Exim and pure-ftpd

Category: Articles,Linux administrationFractalizeR @ 1:41 am

Every good server must have a good antivirus installed. Let’s install ClamAV to our machine. Paths to distributions are provided to the latest versions at the time of writting. If new version releases all you need to do is to change numbers in shell command.


SSH to your server.

Step 1. Installing prerequisites.

Clam uses several system libraries in it’s work. We need to install them.

Upgrading gcc compiler
You may skip this step, but in order to compile safe GMP it is better to have the latest GCC version. You may check current gcc version with gcc -v command

cd /usr/local
mkdir gcc
cd gcc
wget ftp://mirrors.kernel.org/gnu/gcc/gcc…-4.2.2.tar.bz2
tar -jxvf gcc-core-4.2.2.tar.bz2
mkdir obj
cd obj

At this point we need to check with what options gcc was compiled at your system before. This can be done using gcc -v. You need to copy all parameters to configure command. Note how we run configure – from obj directory only. Here is an example from my PC
../gcc-4.2.2/configure –prefix=/usr –mandir=/usr/share/man –infodir=/usr/share/info –enable-shared –enable-threads=posix –disable-checking –with-system-zlib –enable-__cxa_atexit –disable-libunwind-exceptions –enable-java-awt=gtk –host=i386-redhat-linux
make
make install

Installing/upgrading zlib
cd /usr/local
mkdir zlib
cd zlib
wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar -zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install

Installing/upgrading bzip2
cd /usr/local
mkdir bzip2
cd bzip2
wget http://www.bzip.org/1.0.4/bzip2-1.0.4.tar.gz
tar -zxvf bzip2-1.0.4.tar.gz
cd bzip2-1.0.4
make
make install

Installing/upgrading GMP
cd /usr/local
mkdir gmp
cd gmp
wget ftp://ftp.gnu.org/gnu/gmp/gmp-4.2.2.tar.gz
tar -zxvf gmp-4.2.2.tar.gz
cd gmp-4.2.2
./configure
make
make install

Step 2. Installing ClamAV.

groupadd clamav
useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav
cd /usr/local
mkdir clamav
cd clamav

Now wget clamav sources from this page: http://clamav.org/download/sources. Latest ClamAV version at the time of writting is 0.92
wget http://freshmeat.net/redir/clamav/29…av-0.92.tar.gz
tar -zxvf clamav-0.92.tar.gz
cd clamav-0.92
./configure
make
make install

Next two lines will make your clam configuration files fall to default settings. You can edit both of them anytime to change settings.
sed -i ‘s/Example/#Example/g’ /usr/local/etc/freshclam.conf
sed -i ‘s/Example/#Example/g’ /usr/local/etc/clamd.conf
freshclam -d
clamd
At this point clam is successfully installed

Step 3. Sheduling everyday updates

touch /var/log/freshclam.log
chmod 600 /var/log/freshclam.log
chown clamav /var/log/freshclam.log
Let’s now make clamd and freshclam starting at machine startup

Locate file rc.local on your server. On CentOS it should be at /etc/rc.d/rc.local. Execute the following commands
echo /usr/local/bin/freshclam -d >> /etc/rc.d/rc.local

Additionally let’s make clamd starting on system startup
echo /usr/local/bin/clamd >> /etc/rc.d/rc.local

Step 4. Exim mail daemon integration

To complete this step you need to have exim at least 4.50 installed on your server. Issue the following command:

exim -bV
Check if there is a minimum 4.50 version and a string Content_Scanning in output (around forth line)
If all ok – open WHM and go to Service Configuration -> Exim Configuration Editor -> Advanced editor
Add the following like at the very first text field:

Code:
av_scanner = clamd:/tmp/clamd.socket

And to the second (after begin acl line):

Code:
acl_check_virus:
        deny message   = Message rejected: virus found!
            hosts       = *
            malware     = *
        accept

Save configuration. WHM will restart Exim and apply your settings.

Step 5. Integrating with pure-ftpd

Creating post-upload checking script
echo \#\!/bin/sh > /etc/pure-ftpd/upload-av-check.sh
echo /usr/local/bin/clamdscan –remove –quiet –no-summary “\$1” >> /etc/pure-ftpd/upload-av-check.sh
Instructing pure-ftpd to use it at every server startup
echo /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh >> /etc/rc.d/rc.local
Enabling check-on-upload in pure-ftd config file. You can grep “CallUpload” /etc/pure-ftpd.conf to ensure all changed correctly.
sed -i ‘s/#CallUploadScript/CallUploadSсript/’ /etc/pure-ftpd.conf
Using it now
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh
Restarting pure-ftpd (this can also be done from WHM of course
service pure-ftpd restart

This article is also published on official WHM/CPanel forum: http://forums.cpanel.net/showthread.php?t=75422

Tags: , ,

Leave a Reply

You must be logged in to post a comment. Login now.