Friday, September 7, 2007

Installing Clamav

Even though Linux is resistance to virus and worms, sometimes, people still use Windows on their computer and virus is spreading wild in Windows via USB Flash Disk or emails. We can use anti virus application in Linux computer to remove the virus before it reached Windows client. This is mostly done by scanning the incoming emails in the mail server gateways. For that purpose, you will need an anti virus application which can do that and Clamav is the answer.

I don't have my own mail server (i use GMail for my email) and i have been using F-Prot as my anti virus application for some time. It is working just fine, but the problem lies on the update process. They always download everything from the start, not by the difference. This behavior is the same as some anti virus in Windows operating system. For people who doesn't have fast and dedicated Internet connection, this will be a problem. So i decided to try Clamav to replace F-Prot.

First thing you have to do is grab the latest source code (0.91.2) from their official site. Next, make a group and user for Clamav using:

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

After that, you can start compiling the Clamav source code by doing:

tar -xzvf clamav-0.91.2.tar.gz
cd clamav-0.91.2
./configure --sysconfdir=/etc
make install

This point, you will have Clamav installed, but you will not be able to use for now, since you will have to edit the configuration files first. Edit /etc/clamd.conf and /etc/freshclam.conf and remove the Example line (or add a comment sign ("#") in front of the line so it will be ignored. Ok, start the Clamav daemon by using:


Good, you can start testing it now by using:

clamscan <options> <filesToScan>

If you want to update the database, just run freshclam as root user and it will update the database by getting the diff between the version you have and the latest database on the Clamav's server. It will be faster and more efficient. If you have always-on Internet connection, you can start the freshclam as daemon mode by using:

freshclam -d

Other solution is to use Cron to periodically check for updates.

Please note that this application does not provide real time protection like in most anti virus in Windows, but if you want to have capabilities like that, you can try to install Dazuko and compile it as kernel module and configure the Clamav and you will have on-access scanning.

Good bye virus wave