MT6 ClamAV

From The Network People, Inc. - Wiki
Jump to navigation Jump to search
Mail Toaster 6
Start Installation
FreeBSD Upgrade
DNS Upgrade
MySQL Upgrade
ClamAV Upgrade
AVG Upgrade
SpamAssassin Upgrade
Rspamd Upgrade
dspam Upgrade
Vpopmail Upgrade
Haraka Upgrade
Haproxy Upgrade
webmail Upgrade
Monitor Upgrade
testing

Install ClamAV

jailmanage clamav
pkg install -y clamav

Configure Startup

echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf
freshclam
service clamav-freshclam start

Expect to wait a bit for freshclam to download 65+MB of databases.

configure clamd.conf

Peruse through the options in /usr/local/etc/clamd.conf. At the least, you'll need to update TCPAddr and bind it to the correct IP. These commands also switch the logging method to syslog. The default logs to a file until it gets too big and then stop logging. Syslog will automatically rotate, compress, and then delete old log files. See the settings in /etc/newsylog.conf for extensive options. 

cd /usr/local/etc
sed -i .bak -e 's/#TCPAddr 127.0.0.1/TCPAddr 127.0.0.5/' clamd.conf
sed -i .bak -e 's/#TCPSocket 3310/TCPSocket 3310/' clamd.conf
sed -i .bak -e 's/#LogFacility LOG_MAIL/LogFacility LOG_MAIL/' clamd.conf
sed -i .bak -e 's/#LogSyslog yes/LogSyslog yes/' clamd.conf
sed -i .bak -e 's/^LogFile /#LogFile /' clamd.conf
service clamav-clamd start

install ClamAV unofficial

Optionally, install the ClamAV unofficial sigs. 

cd
export CLAMAV_UV=4.8
pkg install -y gnupg1 rsync bind-tools
fetch https://github.com/extremeshok/clamav-unofficial-sigs/archive/$CLAMAV_UV.tar.gz
tar -xzf $CLAMAV_UV.tar.gz
cd clamav-unofficial-sigs-$CLAMAV_UV
sed -i .bak -e 's/\/var\/lib/\/var\/db/' clamav-unofficial-sigs.conf
sed -i .bak -e 's/^clam_user="clam"/clam_user="clamav"/' clamav-unofficial-sigs.conf
sed -i .bak -e 's/^clam_group="clam"/clam_group="clamav"/' clamav-unofficial-sigs.conf
sed -i .bak -e 's/^#!\/bin\/bash/#!\/usr\/local\/bin\/bash/' clamav-unofficial-sigs.sh
chmod 755 clamav-unofficial-sigs.sh
cp clamav-unofficial-sigs.sh  /usr/local/bin
cp clamav-unofficial-sigs.conf /usr/local/etc/
cp clamav-unofficial-sigs.8 /usr/local/man/man8
mkdir -p /var/log/clamav-unofficial-sigs
mkdir -p /usr/local/etc/periodic/daily
tee <<EOSIG > /usr/local/etc/periodic/daily/clamav-unofficial-sigs
#!/bin/sh
/usr/local/bin/clamav-unofficial-sigs.sh -c /usr/local/etc/clamav-unofficial-sigs.conf
EOSIG
chmod 755 /usr/local/etc/periodic/daily/clamav-unofficial-sigs
mkdir -p /usr/local/etc/newsyslog.conf.d
echo '/var/log/clamav-unofficial-sigs.log root:wheel 640  3 1000 * J' > /usr/local/etc/newsyslog.conf.d/clamav-unofficial-sigs
/usr/local/etc/periodic/daily/clamav-unofficial-sigs

vim clamav-unofficial-sigs.conf

other ClamAV settings

Consider each of these changes carefully. Read the comments in the config files, and enable them if you are willing to trade extra security for some occasional inconvenience. 

cd /usr/local/etc
sed -i .bak -e 's/#DetectPUA/DetectPUA/' clamd.conf
sed -i .bak -e 's/#DetectBrokenExecutables/DetectBrokenExecutables/' clamd.conf
sed -i .bak -e 's/#StructuredDataDetection/StructuredDataDetection/' clamd.conf
sed -i .bak -e 's/#ArchiveBlockEncrypted no/ArchiveBlockEncrypted yes/' clamd.conf

Restart clamd: 

service clamav-clamd restart && exit
Retrieved from "https://www.tnpi.net/w/index.php?title=MT6_ClamAV&oldid=4143"