Mar
27

Crib notes on updating Clamav

Lawrence Sheed // 27 Mar 2009 // No Comments

The notes below are more for my benefit, but others may get some use out of it.
We use debian for our system, and are loosely based on the qmail setup over at http://qmail.jms1.net / http://qmailrocks.org

#ClamAV has some new features, so needs libcurses for stuff like clamdtop

apt-get install libncurses5-dev

cd /downloads

#get latest version

axel http://jaist.dl.sourceforge.net/sourceforge/clamav/clamav-0.95.tar.gz

tar -zxvf clamav-0.95.tar.gz

#We use /usr for db /etc for conf files

./configure –prefix=/usr –sysconfdir=/etc

make

#need to remove clam scanning from simcontrol or there will be bounces while we install due to lack of clamd

pico /var/qmail/control/simcontrol

clamav=no

#update qmail settings again

/var/qmail/bin/update-qmail #our own script…

#can now run make install, as its now safe…

make install

#stop the clamd service

cd /service

svc -d clamd clamd/log

#run clamd manually to check for errors

clamd

#if warning about /var/run/clamd.pid can’t be created, make a /var/run/clamd folder

mkdir /var/run/clamav

chown clamav.clamav /var/run/clamav

pico /etc/clamd

#change pid file location

PidFile /var/run/clamav/clamd.pid

#save & try again

clamd

#check logs if ok / not, troubleshoot yourself…

#restart service

cd /service

svc -u clamd clamd/log

#check everything is running ok – should see runtimes of > 2 seconds…

svstat * */log

#Re-enable virus scanning.

pico /var/qmail/control/simcontrol

clam=yes

/var/qmail/bin/update-qmail

#check mail is working ok – wait for a non spam / virus message to process and give clamd status 0 (may take a while!)

tail /var/log/qmail/qmail-smtpd/current

#install SCAMP – See http://www.sanesecurity.com (Additional phishing / trojan protection db’s for clamav)

cd /downloads

wget ftp://seibercom.net/pub/scamp.tar.gz

tar -xzvf scamp.tar.gz

cd  scamp-5.1/

cp scamp.sh /usr/local/bin

#run once to configure

scamp.sh

#run again to do gpg key generation

scamp.sh

#add to crontab

crontab -e

#add scamp

#Update Clam Alternate Scanner DB – Phishing / Trojan etc
0     */4   *   *     *     /usr/local/bin/scamp.sh -L -q -R

#done. Suggest watch logs for a while, and make sure things are running smoothly.

tail /var/log/qmail/qmail-smtpd/current -F

March 27, 2009   //   Technical Mumbo Jumbo   //   No Comments   //   Tags: ,

Post comment

Archives

Categories

Most Popular Posts

Tags

adsl Apache Apple arm7 bmw china china telecom Chinese Spyware Removal Howto coffee cool debian disassembly dns firmware foscam Google government hacking hardware how to howto icp ipcam iPhone Kitto krups licence Mac miibeian mini3i nc745 nespresso nuvoton ophone outage problem Replace shanghai spam taobao Thoughts Time Machine Tuning uclinux video

Recent Comments

  • tryphon: It helped me to fix mine. I used a pair of pliers like you did and it worked fine. I drink a coffee typing...
  • mark: I have a ms10105 v4.1 moshisoft board and here is the pinout: 1 y stepper a (yellow) 2 y stepper a (white) 3...
  • Lawrence Sheed: Haven’t taken a deep look yet, probably next month can check it out. There are people who are...
  • mark: Yes…that moshi software is crap. I used the corel draw plugin for awhile but it only works about 20% of...
  • Kunlun: I tried to get my motorbike lesson after my car driving lesson, they answered me that I needed to wait 1...

Recent Trackbacks

PHOTOSTREAM

CNC on the desk at the factory