Installing ClamAV antivirus and integrating with Exim and pure-ftpd

Posted: 3p in cPanel

Installing ClamAV antivirus and integrating with Exim and pure-ftpd
Every good server must have a good antivirus installed. Let’s install ClamAV to our machine. Paths to distributions are provided to the latest versions at the time of writting. If new version releases all you need to do is to change numbers in shell command.

SSH to your server

Step 1. Installing prerequisites.
Clam uses several system libraries in it’s work. We need to install them.

Upgrading gcc compiler
You may skip this step, but in order to compile safe GMP it is better to have the latest GCC version. You may check current gcc version with gcc -v command

cd /usr/local
mkdir gcc
cd gcc
wget ftp://mirrors.kernel.org/gnu/gcc/gcc…-4.2.2.tar.bz2
tar -jxvf gcc-core-4.2.2.tar.bz2
mkdir obj
cd obj
At this point we need to check with what options gcc was compiled at your system before. This can be done using gcc -v. You need to copy all parameters to configure command. Note how we run configure – from obj directory only. Here is an example from my PC
../gcc-4.2.2/configure –prefix=/usr –mandir=/usr/share/man –infodir=/usr/share/info –enable-shared –enable-threads=posix –disable-checking –with-system-zlib –enable-__cxa_atexit –disable-libunwind-exceptions –enable-java-awt=gtk –host=i386-redhat-linux
make
make install

Installing/upgrading zlib
cd /usr/local
mkdir zlib
cd zlib
wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar -zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install

Installing/upgrading bzip2
cd /usr/local
mkdir bzip2
cd bzip2
wget http://www.bzip.org/1.0.4/bzip2-1.0.4.tar.gz
tar -zxvf bzip2-1.0.4.tar.gz
cd bzip2-1.0.4
make
make install

Installing/upgrading GMP
cd /usr/local
mkdir gmp
cd gmp
wget ftp://ftp.gnu.org/gnu/gmp/gmp-4.2.2.tar.gz
tar -zxvf gmp-4.2.2.tar.gz
cd gmp-4.2.2
./configure
make
make install

Step 2. Installing ClamAV.
groupadd clamav
useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav
cd /usr/local
mkdir clamav
cd clamav
Now wget clamav sources from this page: http://clamav.org/download/sources. Latest ClamAV version at the time of writting is 0.92
wget http://freshmeat.net/redir/clamav/29…av-0.92.tar.gz
tar -zxvf clamav-0.92.tar.gz
cd clamav-0.92
./configure
make
make install
Next two lines will make your clam configuration files fall to default settings. You can edit both of them anytime to change settings.
sed -i ‘s/Example/#Example/g’ /usr/local/etc/freshclam.conf
sed -i ‘s/Example/#Example/g’ /usr/local/etc/clamd.conf
freshclam -d
clamd
At this point clam is successfully installed

Step 3. Sheduling everyday updates
touch /var/log/freshclam.log
chmod 600 /var/log/freshclam.log
chown clamav /var/log/freshclam.log
Let’s now make clamd and freshclam starting at machine startup
Locate file rc.local on your server. On CentOS it should be at /etc/rc.d/rc.local. Execute the following commands
echo /usr/local/bin/freshclam -d >> /etc/rc.d/rc.local
Additionally let’s make clamd starting on system startup
echo /usr/local/bin/clamd >> /etc/rc.d/rc.local

Step 4. Exim mail daemon integration
To complete this step you need to have exim at least 4.50 installed on your server. Issue the following command:
exim -bV
Check if there is a minimum 4.50 version and a string Content_Scanning in output (around forth line)
If all ok – open WHM and go to Service Configuration -> Exim Configuration Editor -> Advanced editor
Add the following like at the very first text field:
Code:
av_scanner = clamd:/tmp/clamd.socket
And to the second (after begin acl line):
Code:
acl_check_virus:
deny message = Message rejected: virus found!
hosts = *
malware = *
accept
Save configuration. WHM will restart Exim and apply your settings.

Step 4. Integrating with pure-ftpd
Creating post-upload checking script
echo \#\!/bin/sh > /etc/pure-ftpd/upload-av-check.sh
echo /usr/local/bin/clamdscan –remove –quiet –no-summary “\$1” >> /etc/pure-ftpd/upload-av-check.sh
Instructing pure-ftpd to use it at every server startup
echo /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh >> /etc/rc.d/rc.local
Enabling check-on-upload in pure-ftd config file. You can grep “CallUpload” /etc/pure-ftpd.conf to ensure all changed correctly.
sed -i ‘s/#CallUploadScript/CallUploadSсript/’ /etc/pure-ftpd.conf
Using it now
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh
Restarting pure-ftpd (this can also be done from WHM of course
service pure-ftpd restart
============================================

Advertisements
Comments
  1. HCG diet says:

    I’ve found myself here many times before while trying to find various things. I appreciate the detailed articles you write, and in some cases this is the ONLY place I can even find them. Cheers

  2. This is very interesting indeed. I’m stunned this info isn’t more broadly available, but many thanks for your attention to it! This is likely the most complete source I have found thus far, and it truly is quite helpful. Cheers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s