Virus, worms, and trojan has became a daily threat to everybody. Everyday, new variants of viruses, worms, and trojans comes up and the growth is increasing. We must take actions to fight againts it. The easiest way is by installing an anti virus application that could detect and eliminate them as soon as they spotted on our system. Even though Linux is relatively more secure than Windows and most Windows' viruses won't work on Linux, often Linux can be used to clean the disk or flash disk that was contaminated by a virus/worms.
This article will try to guide you through installation of Clamav, an open source (GPL) anti-virus toolkit. It was designed especially for e-mail scanning on mail gateways, but it can also be used for personal use like desktop-based computer. In this article, i assume that Clamav will be used as a personal anti virus, so no integration with mail server is needed. As usual, i will use Slackware Linux as the distro, but since we use the source version, it can be used for any other distro.
The first thing you should do is download the latest version of Clamav. The latest version up to the time i write this article is 0.92. You can grab it from the official web site of Clamav. You also need to install some package to meet it's requirements:
You might want to install this packages, but it's optional:
The last thing before you can end up the preparation phase is adding a new user and group for Clamav. Clamav will be running with it's own user and group, so you will have to make it first. Just do this steps will do: (as root of course)
groupadd clamavuseradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
You can check /etc/passwd and /etc/groups if you want to make it sure it exists. When you are done with this, you can start the installation process.
The installation process is very straightforward and easy. first thing is to extract the archive by using this command:
tar -xzvf clamav-0.92.tar.gz
It will create a new directory on your system where you extracted this archive called clamav-0.92. Go to that directory and start the configuration, compilation, and the installation:
cd clamav-0.92./configure (you can add more parameters if you like)makemake install (make sure you are running root here)
That's it. The installation phase is completed. Now, let's go through the configuration process.
Before you can start using Clamav for scanning or to update it's virus database, you should edit the configuration files first. In default installation, the configuration files will be placed under /usr/local/etc/. There are two files that you should edit, which are clamd.conf and freshclam.conf. Edit those files and remove or add a hash character in front of word "Example". If you forgot to edit this files, the process can't continue and you will have this kind of error messages: ERROR: Please edit the example config file /usr/local/etc/clamd.conf.
When you are done, try to update the anti virus database first. This is the first thing to do when you have finished the installation process in order to keep your database up-to-date with the latest virus signatures. Try to run freshclam using root:
freshclam
You will get this kind of messages: (it might be a little bit different, since mine is already the latest update)
ClamAV update process started at Mon Dec 31 08:31:25 2007 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): OK main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) Reading CVD header (daily.cvd): OK daily.inc is up to date (version: 5305, sigs: 14626, f-level: 21, builder: ccordes)
When you see those messages, it's working correctly as we expected. The next thing is to make it automatically update the database without typing it manually. We can use cron to make our life easier. Execute the crontab as root user and give it a 60 minutes interval. It will run every hour at minute 15 (this is just an example, but i use this number also).
crontab -e15 * * * * /usr/local/bin/freshclam --quiet
The --quiet parameter is used to make sure that no messages are displayed in our console. Basically it's safe to put the --quiet if the manual way is working perfectly (that's why it's good to test the process manually first before you attempt to make it automatically).
That's it. You have successfully set up Clamav on your system. You can scan for viruses using clamscan command line.
Securing your system is a never ending story. New threats keeps coming everyday. We must also update our system protection in order to minimize the impact and risk of getting those viruses out of our system. Clamav does it's job perfectly.
Last Update : 31 December 2007 :: 09:06:52
Comments