Topic: Clam Antivirus question(s)

[jan]

Hi all,

I have just installed clam anitvirus using the howto on http://www.pagefault.org/e-smith/howto/amavis_clam.html . All works ok ... just a few questions remain and maybe someone can help.

1. Does Clam update its virus definitions db automatically or not? If not, how can I make it do the auto update.

2. Can I also have it scan the I-bays during the night?

3. Is someone planning on making a server manager integrated panel? Or maybe already has done so? (I know that http://www.vexins.com  has one for their virus scanner though development seems to have stopped for now and point number 2 isn't supported either so I put it in the proverbial freezer)

4. For some reason clam does not send an e-mail to the recipient adres when it is on the same local domain as the sender (e.g. my local domain). I tried sending the test virus and do get the mailservers reply about the virus and so does my admin account. The recipient gets nothing. Using an external mailer it works perfectly though.

5. What happens to the quarentined mail messages, do I need to do something could this be automated as well or managed throug a panel.

6. Can someone explain what the exact syntax should be in the amavis.conf when one has some virtual domains present as well. Say test1.com and test2.net are my domain and virtual domain and I want to add them both.

Thanks to all for answering one or more of these questions!

regards,

Jan

[brian read]

hi Jan

In answer to your 1 and , here is the contents of

/etc/e-smith/templates-custom/etc/crontab

#Scan all files in /home 01:00 every night
00 01 * * * root (cd /;/usr/bin/clamscan -r /home --quarantine /var/clamav/quarantine --infected --stdout --log /var/log/clamscan.log --tar --tgz --unzip| mail "admin" -s "[hostname] Clam Antivirus Scan Results - date")

#Update anti virus db at 12:00 every day
00 12 * * * root (cd /;/usr/bin/freshclam -l /var/log/freshclam.log --stdout | mail "admin" -s "[hostname] Anti virus db update - date")

no idea about 3-6!

Cheers

Brian

[brian read]

Jan

Sorry, that should be:

/etc/e-smith/templates-custom/etc/crontab/40ClamScan

Cheers

Brian

[jan]

Hi Brian,

Just trying to figure out what you mean...

I didn't find the template so I assume it needs to be made. Unfortunately I know little to none about how to do that. Do I just make the file with pico and put it in the directory you mentioned?

Do I have to edit anything in the lines you mentioned ... like hostname?

I believe I need to expand the template before it works. Ehhmm sorry don't know how

Anyway thanks for the respons hope you might help a bit more.

regards,

Jan

[Bob Todd]

jan - loads of stuff on here about the template structure used for customising all kinds of options within e-smith. Do a search for it and make sure you search more than last 30 days. Theres a link in the documents options on here as well I am sure that explains custom templates.

[brian read]

Jan

Expand the template as follows:

/sbin/e-smith/expand-template /etc/crontab

Read up about templates from the web site.

cheers

Brian

[Abe Loveless]

Instead of using "crontab", I just put my files in /etc/cron.daily.

I wrote up a little script to automate the installation process from Damien Curtain's site (http://www.pagefault.org/e-smith/howto/amavis_clam.html).

It can be found here:
http://www.tech-geeks.org/contrib/loveless/clamav/

Since, you've already got it installed, just open the install.sh from the website above.  And look for the section in the page titled "Creating CRON files and LOG Directory".

You'll want to execute these lines from your command line:

mkdir /var/log/clamav
echo "/usr/bin/clamscan -r -l /var/log/clamav/clam-scan.txt / -i" > /etc/cron.daily/clamscan.cron
echo "/usr/bin/freshclam" > /etc/cron.daily/clamupdate.cron
chmod 755 /etc/cron.daily/clam*.cron

Follow the directions in my Readme or at the PageFault site above for editing /etc/avamis/amavis.conf.  That's where you will be able to define when and where warning messages get sent.

Hope that helps

[steve lewis]

Oh man I just installed ClamAV from the directions at Pagefault.org, sure would like to have used the install.sh script from Abe,

Abe,

is the difference between your script and the manual install from Pagefault, the creation of the log directories and the cron entries?

I would like to bring my Pagefault install up to an automated scanning type install that you install.sh script appears to do.

Also, can one use you script as a guide for creating the differences between the manual Pagefault install and your "install.sh" type install.

Does that make since?

Steve Lewis

[Abe Loveless]

Saves a little time, doesn't it?  

That's pretty much why I did it.... typing "wget" statements gets old after awhile.

[Damien Curtain]

steve lewis wrote:
>
> Oh man I just installed ClamAV from the directions at
> Pagefault.org, sure would like to have used the install.sh
> script from Abe,

If you find it too hard I suggest you purchase a virus scanning solution from Mitel. They have a service-link virus scanning product that is by far easier and more robust.

> Abe,
>
> is the difference between your script and the manual install
> from Pagefault, the creation of the log directories and the
> cron entries?

The rpm creates the log dirs and the quarantine dirs.

I hope people know basic rpm commands like rpm -ql , because if you did you'd notice theres 2 sample crontab entries, one for freshclam that updates the virus patterns, and one for clamscan that will do a recursive scan of the entrie filesystem.

The simple thing to do is copy freshclam.cron into cron.hourly and clamscan.cron into cron.daily. If you want any other scheduled tasks man 5 crontab.

clamscan wasn't packaged for sme, just for redhat based systems, which is why there's no templated cron entries.

The actual logdir is infact /var/clamav/log

> I would like to bring my Pagefault install up to an automated
> scanning type install that you install.sh script appears to do.
>
> Also, can one use you script as a guide for creating the
> differences between the manual Pagefault install and your
> "install.sh" type install.
>

--
 Damien

[Abe Loveless]

>
> If you find it too hard I suggest you purchase a virus
> scanning solution from Mitel. They have a service-link virus
> scanning product that is by far easier and more robust.

True.

>
> The rpm creates the log dirs and the quarantine dirs.
>

So, it would be better to use the default log dirs, and create a link from /var/log/x so it will display in the server-manager.


>
> I hope people know basic rpm commands like rpm -ql , because
> if you did you'd notice theres 2 sample crontab entries, one
> for freshclam that updates the virus patterns, and one for
> clamscan that will do a recursive scan of the entrie filesystem.
>

Ahhh..., I now see a whole lot of info in /usr/share/doc/clamav-0.54.
That would have saved a little confusion on my part.


> > Also, can one use you script as a guide for creating the
> > differences between the manual Pagefault install and your
> > "install.sh" type install.

My script should be very similar.  I wrote it from my notes after
following Damien's directions.  Only adding the log file/dir under
/var/log/clamav so they could be viewed from the server-manager.  And my
.cron files, since I didn't look for the sample .cron files.


I'll update the script to use the defaults/samples a little better.  As
I said at the beginning of my install script, it's only intended as a
convenience.

Thanks for the feedback.

[steve lewis]

Damien,

Please, I meant no disrespect with my statement.  

I was very pleased with the accurate nature of your How-to for ClamAV. Each step worked exactly as it stated in the how-to.

I am also very grateful that you have spent your time creating an RPM, a How-to, and a website to host it all.

Thank you for the RPM command also.

Steve Lewis

[Abe Loveless]

I've just updated my script.  It now creates a symlink from /var/log/clamav to the default log location, allowing you to view the log from the server-manager.

It also copies the sample cron scripts to cron.daily.

Recently, there was a post on the clamav users listserv that indicated the virus definitions are updated around 3 times a week. IMO, checking for updates daily is probably sufficient.  If you'd rather have it check more often, just move the freshclam.cron script from /etc/cron.daily to /etc/cron.hourly.

Feedback Welcome.

[jan]

Thanks all for the advise and all. I am getting an email from root that something is wrong.
The message header:
Cron (cd /;/usr/bin/freshclam -l /var/log/freshclam.log

The message body:
/bin/bash: -c: line 2: syntax error: unexpected end of file

Does anyone know what this is about?

regards,

Jan

[brian read]

In my original posting, each of the two commands needed to be all on the same line, the word wrapping caused them to be split across 3 lines.

Is that your problem?

I could email you the 40ClamScan file if you wanted...

Cheers

Brian