RHEL7.1

1.  
2. Clean Install of ClamAV on RHEL7.1
3. Posted on June 14, 2015 by Ian Posted in Amazon Web Services, Guides, Linux
4.  
5. Hi, I recently found I needed to install ClamAV on a new RHEL 7.1 instance on AWS. I tried to work through the installation using the EPEL packages available here:
6.  
7. https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
8.  
9. I unfortunately had a lot of issues getting the EPEL packages installed and could find no documentation on getting them set-up properly so I fell back to doing an install from source. This introduced a few more challenges but I got there in the end so I thought I’d document the process.
10.  
11. The documentation being followed during this is here https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf
12.  
13. Note, this works with SELinux enabled so if you get errors during the set-up don’t be tempted to disable SELinux as it’s most likely not your issue,
14.  
15.  
16. Installing Dependencies
17.  
18. The following dependencies are needed to install from source:
19.  
20.  
21. sudo yum install gcc gcc+ zlib zlib-devel bzip2 bzip2-devel check openssl openssl-devel mlocate wget
22.  
23. mlocate isn’t strictly necessary to install ClamAV but it’s going to make your life easier in a little while
24.  
25.  
26. Create ClamAV groups and user
27.  
28. As per the docs you need to create the group and user to run clamd and freshclam
29.  
30.  
31. sudo groupadd clamav
32. sudo useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
33.  
34. While you’re creating the users for this please create a “clamav” directory in the following locations:
35.  
36. /var/log
37. /var/lib
38. /var/run
39.  
40. Ensure these are chowned to clamav:clamav to allow the clamd/freshclam process to write what it needs too
41.  
42.  
43. Installing ClamAV
44.  
45. You can get the latest download link from The ClamAV website, at time of writing I pulled the following:
46.  
47. wget http://downloads.sourceforge.net/project/clamav/clamav/0.98.7/clamav-0.98.7.tar.gz
48.  
49. Once you have the file downloaded you can extract, “configure” and install it.
50.  
51.  
52. gzip -d clamav-0.98.7.tar.gz
53. tar xvf clamav-0.98.7.tar
54. cd clamav-0.98.7
55. ./configure --sysconfdir=/etc
56. make
57. sudo make install
58.  
59.  
60. Making clamd work
61.  
62. One of the main issues I hit with this is the slight complexity of the sysvinit – systemd change in RHEL 7.x. I’ve copied the sysvinit file I used to get it working to a gist to make life easier:
63.  
64. This file needs to be called “clamd” and reside in /etc/init.d - https://gist.github.com/ianxharris/dd3874d8b844a91f488b, be sure to make it executable once you’ve created the file
65.  
66.  
67. sudo chmod 744 clamd
68.  
69. We also need to make the sure the two config files: clamd.conf and freshclam.conf exist in /etc
70.  
71. A working copy of /etc/clamd.conf can be found here: https://gist.github.com/ianxharris/de6c866e8dba8825bd35 (check this fits your needs before using it)
72.  
73. A working copy of /etc/freshclam.conf can be found here: https://gist.github.com/ianxharris/1086ae53b7501a8c76b4 (this is pretty much an OOTB config file)
74.  
75. Once your config files are in place you need to start clamd to test the service
76.  
77. NB. It’s best to run “freshclam” once before starting the service
78.  
79.  
80. sudo service clamd start
81.  
82. If all is well the output should look a lot like this:
83.  
84.  
85. [ec2-user@ip-172-31-31-88 etc]$ sudo service clamd status
86. clamd.service - SYSV: Clam AntiVirus Daemon is a TCP/IP or socket protocol server.
87. Loaded: loaded (/etc/rc.d/init.d/clamd)
88. Active: active (running) since Sat 2015-06-13 08:37:12 EDT; 33min ago
89. Process: 24350 ExecStop=/etc/rc.d/init.d/clamd stop (code=exited, status=0/SUCCESS)
90. Process: 24364 ExecStart=/etc/rc.d/init.d/clamd start (code=exited, status=0/SUCCESS)
91. Main PID: 24367 (clamd)
92. CGroup: /system.slice/clamd.service
93. ââ24367 /usr/local/sbin/clamd
94.  
95. Make sure you then set the service to star ton reboot:
96.  
97.  
98. sudo chkconfig clamd on
99. sudo chkconfig
100.  
101. ......
102. clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
103. .......
104.  
105. Testing clamd
106.  
107. In order to make sure it’s working we need to test that the clamdscan interface spots an “infected file”. Rather than taking the rather brave decision to infect your system you should use a virus signature file such as the eicar test file available here: http://www.eicar.org/download/eicar.com.txt
108.  
109. Once you have downloaded this to your local machine:
110.  
111.  
112. wget http://www.eicar.org/download/eicar.com.txt -O /tmp/eicar.txt
113.  
114. To scan the file do the following which should give the associated response:
115.  
116.  
117. clamdscan eicar.com.txt
118. /tmp/eicar.com.txt: Eicar-Test-Signature FOUND
119.  
120. ----------- SCAN SUMMARY -----------
121. Infected files: 1
122. Time: 0.001 sec (0 m 0 s)
123.  
124. Success!
125.  
126.  
127. Keeping current with Freshclam
128.  
129. Freshclam can either run in a daemon mode or you can run it on cron. Ultimately I think I’ll probably start it as part of the same service as ClamAV.
130.  
131. To run as a daemon use:
132.  
133.  
134. freshclam -d -c 6
135.  
136. The above would start freshclam as a daemon and check for updates 6 times a day. Remember though this will not survive a reboot so either put it in a service start or a boot script.