Hylton Conacher (ZR1HPC) wrote:
Hi Sandy,
Sri for the delay I had more pressing issues to take care of.
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour. Sandy, please, please, please walk me through getting a system like
Sandy Drobic wrote: this! Please So, where's the problem?
The problem is, that I do not know what and how to do the system config to give me a system like you describe.
I am however a fast learner, although most of the time I need examples. You need to teach a man to fish before before asking him to catch something. :) Sorry for the plagiarism :)
I am also an ex Windows user, although I have been using the KDE desktop for over a year. I try and use the KDE frontend as much as possible, even using Kate to edit system files on both root and my main user.
I am sure there are a number of files to be edited however I have to ask which file/s do I need to open and edit, and what do I need to make the files look like?
I think I already posted the relevant parts of the config files a few days ago. Okay, I just saw, that I posted EVERYTHING necessary to do the job. Now, before you start to mangle your system, a few words of caution: - as a beginner you should ensure you can retrace your steps if something breaks horribly. For that reason: I suggest you make copies of the configuration files BEFORE you change them! Another possibility is to document the changes within the configuration files like: --------------------------------------------- /etc/clamd.conf: LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid ### changed on 2008/02/07: # Same localSocket as in /etc/amavisd.conf! # LocalSocket /var/run/clamav.clam.ctl LocalSocket /var/run/clamav/clamd ### end of change --------------------------------------------- Most of the time it is easier to simply copy the entire file: cp /etc/clamd.conf /etc/backup/clamd.conf_2008-02-07_22-30 I like to add date and time so I can compare when I introduced what change if later I discover something has broken. Also I believe in redundancy. (^-^) The necessary parts that HAVE to be present in /etc/clamd.conf are: LogTime yes LogSyslog yes LogFacility LOG_MAIL LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Change these parameters in /etc/clamd.conf as shown here, ignore all other settings for the moment. Verify that the directory /var/run/clamav/ exists and belongs to user vscan. If necessary, create the directory and assign it to user vscan: mkdir /var/run/clamav chown -R vscan /var/run/clamav Then restart clamd: "rcclamd restart". I consider logging parameters relevant since I like to know what the service is doing. (^-^) Within /var/run/clamav there should now be a file clamd: ls -l clamav total 0 srwxrwxrwx 1 vscan vscan 0 Feb 7 21:32 clamd If no error are logged you can set up the cron job: Simply put a file, maybe with name "clam-signature-update.sh" with this content in /etc/cron.hourly: ------------------- #!/bin/sh # update of clam-av signatures EMAIL=postmaster@example.com tempfile=`mktemp` freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0 case "$statusclam" in 0 ) echo "Clamav has gotten new sigatures!" ;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could'nt update: $statusclam" $EMAIL ;; esac rm $tempfile ------------------- make the script executable: chmod 700 /etc/cron.hourly/clam-signature-update.sh As a test, run the script manually: /etc/cron.hourly/clam-signature-update.sh You should get a status message, also the update should be logged by clamd in /var/log/mail. If that works you have set up a working clamd and can start to use it in amavisd. You activate the scanner by UNCOMMENTING the lines in /etc/amavisd.conf. Search for the line starting with: @av_scanners = ( # # here a lot of comments with possible virus scanners are shown # ignore them. # #[...delete additional comments...] # # ### http://www.clamav.net/ ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd; match the s # # name (LocalSocket) in clamav.conf to the socket name in this entry # # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], ) The syntax for this parameter is: @av_scanners = ( ['scanner1',para1,para2...], ['scanner2',para1,para2...], ['scanner3',para1,para2...], ) Same for @backup_scanners: @av_scanners_backup = ( ### http://www.clamav.net/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ) Ignore the comments, just make sure that these lines are present and NOT commented out. If you restart amavisd-new, you should see the following lines in /var/log/mail: Feb 7 22:57:09 katgar amavis[5587]: Using primary internal av scanner code for Clam Antivirus-clamd Feb 7 22:57:09 katgar amavis[5587]: Found primary av scanner H+BEDV AntiVir or CentralCommand Vexira Antivirus at /usr/bin/antivir Feb 7 22:57:09 katgar amavis[5587]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan You can activate antivir the same way as I showed for clamd. This grep should show the actual configuration without the comments: These are the lines for the virusscanner output: @av_scanners = ( ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], ); @av_scanners_backup = ( ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); egrep -v '^#|^$|^[[:space:]]+#' /etc/amavisd.conf
Once the config is almost complete how do I set-up a cron job to add periodic updates?
There are many questions from this 'newbie'.
Tnx again if you decide to help.
This is your one freebie for the year, I expect you to learn how to do basic task on the commandline for yourself. Consider it an investment into your career, it is absolutely basic and essential knowledge for a unix administrator. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org