Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Clean Install of ClamAV on RHEL7.1
- Posted on June 14, 2015 by Ian Posted in Amazon Web Services, Guides, Linux
- Hi, I recently found I needed to install ClamAV on a new RHEL 7.1 instance on AWS. I tried to work through the installation using the EPEL packages available here:
- https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- I unfortunately had a lot of issues getting the EPEL packages installed and could find no documentation on getting them set-up properly so I fell back to doing an install from source. This introduced a few more challenges but I got there in the end so I thought I’d document the process.
- The documentation being followed during this is here https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf
- Note, this works with SELinux enabled so if you get errors during the set-up don’t be tempted to disable SELinux as it’s most likely not your issue,
- Installing Dependencies
- The following dependencies are needed to install from source:
- sudo yum install gcc gcc+ zlib zlib-devel bzip2 bzip2-devel check openssl openssl-devel mlocate wget
- mlocate isn’t strictly necessary to install ClamAV but it’s going to make your life easier in a little while
- Create ClamAV groups and user
- As per the docs you need to create the group and user to run clamd and freshclam
- sudo groupadd clamav
- sudo useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
- While you’re creating the users for this please create a “clamav” directory in the following locations:
- /var/log
- /var/lib
- /var/run
- Ensure these are chowned to clamav:clamav to allow the clamd/freshclam process to write what it needs too
- Installing ClamAV
- You can get the latest download link from The ClamAV website, at time of writing I pulled the following:
- wget http://downloads.sourceforge.net/project/clamav/clamav/0.98.7/clamav-0.98.7.tar.gz
- Once you have the file downloaded you can extract, “configure” and install it.
- gzip -d clamav-0.98.7.tar.gz
- tar xvf clamav-0.98.7.tar
- cd clamav-0.98.7
- ./configure --sysconfdir=/etc
- make
- sudo make install
- Making clamd work
- One of the main issues I hit with this is the slight complexity of the sysvinit – systemd change in RHEL 7.x. I’ve copied the sysvinit file I used to get it working to a gist to make life easier:
- This file needs to be called “clamd” and reside in /etc/init.d - https://gist.github.com/ianxharris/dd3874d8b844a91f488b, be sure to make it executable once you’ve created the file
- sudo chmod 744 clamd
- We also need to make the sure the two config files: clamd.conf and freshclam.conf exist in /etc
- A working copy of /etc/clamd.conf can be found here: https://gist.github.com/ianxharris/de6c866e8dba8825bd35 (check this fits your needs before using it)
- A working copy of /etc/freshclam.conf can be found here: https://gist.github.com/ianxharris/1086ae53b7501a8c76b4 (this is pretty much an OOTB config file)
- Once your config files are in place you need to start clamd to test the service
- NB. It’s best to run “freshclam” once before starting the service
- sudo service clamd start
- If all is well the output should look a lot like this:
- [ec2-user@ip-172-31-31-88 etc]$ sudo service clamd status
- clamd.service - SYSV: Clam AntiVirus Daemon is a TCP/IP or socket protocol server.
- Loaded: loaded (/etc/rc.d/init.d/clamd)
- Active: active (running) since Sat 2015-06-13 08:37:12 EDT; 33min ago
- Process: 24350 ExecStop=/etc/rc.d/init.d/clamd stop (code=exited, status=0/SUCCESS)
- Process: 24364 ExecStart=/etc/rc.d/init.d/clamd start (code=exited, status=0/SUCCESS)
- Main PID: 24367 (clamd)
- CGroup: /system.slice/clamd.service
- ââ24367 /usr/local/sbin/clamd
- Make sure you then set the service to star ton reboot:
- sudo chkconfig clamd on
- sudo chkconfig
- ......
- clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- .......
- Testing clamd
- In order to make sure it’s working we need to test that the clamdscan interface spots an “infected file”. Rather than taking the rather brave decision to infect your system you should use a virus signature file such as the eicar test file available here: http://www.eicar.org/download/eicar.com.txt
- Once you have downloaded this to your local machine:
- wget http://www.eicar.org/download/eicar.com.txt -O /tmp/eicar.txt
- To scan the file do the following which should give the associated response:
- clamdscan eicar.com.txt
- /tmp/eicar.com.txt: Eicar-Test-Signature FOUND
- ----------- SCAN SUMMARY -----------
- Infected files: 1
- Time: 0.001 sec (0 m 0 s)
- Success!
- Keeping current with Freshclam
- Freshclam can either run in a daemon mode or you can run it on cron. Ultimately I think I’ll probably start it as part of the same service as ClamAV.
- To run as a daemon use:
- freshclam -d -c 6
- The above would start freshclam as a daemon and check for updates 6 times a day. Remember though this will not survive a reboot so either put it in a service start or a boot script.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement