Mail Applications
ClamAV
We use ClamAV because it's very good (and free). We don't actually use it directly but AMaViS uses it if it finds it, which is what we want.
Building and Installing
Preparation
The ClamAV user/group must be created before you run configure:
su groupadd clamav useradd -g clamav clamav passwd -l clamav
Make
cd .../clamav-0.87.1
./configure --prefix=/usr/local/${PWD##*/}
make
make install
GMP Update
If you've added GMP to the mix then you might need something like:
G=/usr/local/gmp-4.2.1
CFLAGS=-I$G/include LDFLAGS="-L$G/lib -R$G/lib" ./configure --prefix=/usr/local/${PWD##*/}
ClamAV-0.90.2 Update
ClamAV wants to use libcurl which it picks up from /opt/sfw/lib. In my case, that libcurl is compiled against a no-longer existent libssl which, in turn, means ClamAV's libclamav.so requires it to run. Not so clever. You could obviously compile an up to date Curl or alternatively:
./configure ... --without-libcurl
Post-Install
For reasons that escape me immediately, life is an awful lot easier if the ClamAV code can be found in /usr/local directly (rather than in an arbitrary subdirectory):
cd /usr/local/${PWD##*/}
find bin -depth | cpio -pdumV /usr/local
find lib -depth | cpio -pdumV /usr/local
We also need to patch the configurator else Mail::ClamAV will fail:
sed -e 's/-L\([^ ]*\)/-L\1 -R\1/' bin/clamav-config > /usr/local/bin/clamav-config
Configuration
Note
Most of this configuration assumes you're in /usr/local/clamav-x.y.z.
clamd.conf
We need to change the default config file to not declare itself as an example and change the logfile and socket around a bit.
Note
This sed script has embedded newlines in it (so be careful).
cp etc/clamd.conf etc/clamd.conf.0 sed -e 's/^Example/#Example/' -e '/#LogFile /a\ LogFile /var/adm/clamd.log' -e 's!^LocalSocket /tmp/clamd.log!#&' -e '/LocalSocket /a\ LocalSocket /var/amavis/clamd ' -e '/#User /a\ User amavis ' etc/clamd.conf.0 > etc/clamd.conf
freshclam.conf
Ditto for freshclam:
cp etc/freshclam.conf etc/freshclam.conf.0 sed -e 's/^Example/#Example' -e '/#UpdateLogFile /a\ UpdateLogFile /var/adm/freshclam.log ' etc/freshclam.conf.0 > etc/freshclam.conf
Logging
ClamAV logs to the files noted above and/or it can log to syslog. If you log to files take note that clamd/freshclam keep those files open so trying to logrotate them is a waste of time. Syslog would be a lot better (as the logs files grow quite large!).
su touch /var/adm/clamd.log touch /var/adm/freshclam.log chown clamav:clamav /var/adm/clamd.log chown clamav:clamav /var/adm/freshclam.log
For syslog, re-edit the config files, comment out the file log and add in syslog and set the facility to LOG_LOCAL5 then:
touch /var/adm/local5.log print "local5.debug\t\t\t\t/var/adm/local5.log" >> /etc/syslog.conf pkill -HUP syslogd logadm -C 8 -a 'kill -HUP `cat /var/run/syslog.pid`' -w /var/adm/local5.log
AV Updates
ClamAV, thankfully, keeps itself up to date (via freshclam) and stuffs its knowledge somewhere. Obviously, it needs to be able to write there:
chown clamav:clamav share/clamav
Startup
ClamAV might well be designed to run independently but we are going to be running under the guide of AMaViS. As such the two need to be able to talk to each other via their socket which ultimately means that clamd needs to run as the AMaViS user. It's not art, by any means.
Note
SMF!
cat <<EOF > /etc/init.d/clamav
#! /sbin/sh
CLAMAV_USER=amavis
FRESHCLAM_USER=clamav
CLAMAV_TOP=$PWD
AMAVIS_SOCKET=/var/amavis/clamd
case "\$1" in
start)
if [ -r \${AMAVIS_SOCKET} ] ; then
echo "Existing amavis-clamd socket!"
mv \${AMAVIS_SOCKET} \${AMAVIS_SOCKET}.`date +%Y%m%d%H%M%S`
fi
\${CLAMAV_TOP}/sbin/clamd
\${CLAMAV_TOP}/bin/freshclam -d
;;
stop)
/usr/bin/pkill -x -u \${CLAMAV_USER} clamd
/usr/bin/pkill -x -u \${FRESHCLAM_USER} freshclam
;;
esac
EOF
chmod a+x /etc/init.d/clamav
Document Actions