basicNETS.co.uk

...family, life, work

  • Increase font size
  • Default font size
  • Decrease font size

HowTo Install Clam Antivirus-0.85.1

Friday, 05 August 2005 13:33 John Sullivan
E-mail Print PDF
This article describes how to install ClamAV 0.85.1 for use by Exim 4.51 on FreeBSD 5.4.
  • Type ‘cd /usr/ports/security/clamav’
  • Type ‘make install clean WITH_MILTER=YES WITH_CURL=YES’
    • [OK] – Options for clamav 0.85.1 (select Milter and Curl)
  • Type ‘vi /usr/local/etc/clamd.conf’
    • Uncomment LogTime
    • Comment out LocalSocket
    • Uncomment TCPSocket 3310
    • Uncomment TCPAddr 127.0.0.1
    • Uncomment SelfCheck 600
    • Uncomment ScanPE
    • Uncomment DetectBrokenExecutables
    • Uncomment ScanOLE2
    • Uncomment MailFollowURLs
    • Uncomment ScanHTML
    • Uncomment ScanArchive
    • Uncomment ScanRAR
    • Uncomment ArchiveMaxFileSize and change its value to 200M
  • Type ‘vi /usr/local/etc/freshclam.conf
    • Uncomment MaxAttemps and set its value to 10
    • Uncomment Checks 24
  • Type ‘vi /etc/rc.conf’
    clamav_clamd_enable="YES"
    clamav_freshclam_enable="YES"
    #clamav_milter_enable="YES"
  • Type ‘/usr/local/etc/rd.d/clam-clamd.sh start’
  • Type ‘/usr/local/etc/rd.d/clam-freshclam.sh start’
  • Configure Exim
    • Type ‘vi /usr/local/etc/exim/configure’
    • Modify the av_scanner line to read av_scanner = clamd:127.0.0.1 3310
    • Uncomment deny malwar = *
    • Uncommnet message = This message contains a virus ($malware_name).
    • After that entry add the following:
      deny   message   = This message contains a MIME error ($demime_reason)
      demime    = *
      condition = ${if >{$demime_errorlevel}{2}{1}{0}}
       
      # Reject typically wormish file extensions. There is almost no
      # sense in sending such files by email.
      deny  message   = This message contains an unwanted file extension ($found_extension)
              demime    = scr:vbs:bat:lnk:pif
    • Restart Exim by typing ‘/usr/local/etc/rc.d/exin.sh restart
  • Create daily scan
    • Type ‘vi /usr/local/etc/periodic/daily/950.virusscan’
    • Type the following:
      #!/bin/sh
      #
      #2004/10/22 13:30:00 by John Sullivan
      #
      #Virus Scan
      #
       
      echo
      echo "Updating Virus Definitions"
      echo
      /usr/local/bin/freshclam
       
      echo
      echo "Scanning for Viruses"
      echo
      /usr/local/bin/clamscan -d /var/db/clamav --detect-broken -r -i /
      echo
      exit $rc
  • Type ‘chmod +x /usr/local/etc/periodic/daily/950.virusscan’
< Prev