Comment mettre à jour liste de virus ClamAV
Fermé
Arno59
Messages postés
4600
Date d'inscription
jeudi 23 octobre 2003
Statut
Contributeur
Dernière intervention
18 avril 2023
-
8 janv. 2006 à 22:07
Arno59 Messages postés 4600 Date d'inscription jeudi 23 octobre 2003 Statut Contributeur Dernière intervention 18 avril 2023 - 2 mai 2007 à 11:13
Arno59 Messages postés 4600 Date d'inscription jeudi 23 octobre 2003 Statut Contributeur Dernière intervention 18 avril 2023 - 2 mai 2007 à 11:13
A voir également:
- Comment mettre à jour liste de virus ClamAV
- Liste déroulante excel - Guide
- Mettre à jour ses pilotes - Guide
- Mettre a jour airpods - Guide
- Mettre a jour chrome - Guide
- Mise a jour windows 10 - Guide
9 réponses
jisisv
Messages postés
3645
Date d'inscription
dimanche 18 mars 2001
Statut
Modérateur
Dernière intervention
15 janvier 2017
934
9 janv. 2006 à 05:39
9 janv. 2006 à 05:39
Sous Debian, la réponse est immédiate
johand@horus:~$ apropos freshclam
freshclam (1) - update virus databases
freshclam.conf (5) - Configuration file for Clam AntiVirus Database Updater
johand@horus:~$ man 1 freshclam
Remise en forme de freshclam(1), attendez SVP...
johand@horus:~$ dpkg -S /usr/bin/freshclam
clamav-freshclam: /usr/bin/freshclam
Donc
man 1 freshclam
man 5 freshclam.conf
Je suppose que ces outils sont intégrés dans ton archive source.
Johan
johand@horus:~$ apropos freshclam
freshclam (1) - update virus databases
freshclam.conf (5) - Configuration file for Clam AntiVirus Database Updater
johand@horus:~$ man 1 freshclam
Remise en forme de freshclam(1), attendez SVP...
johand@horus:~$ dpkg -S /usr/bin/freshclam
clamav-freshclam: /usr/bin/freshclam
Donc
man 1 freshclam
man 5 freshclam.conf
Je suppose que ces outils sont intégrés dans ton archive source.
Johan
Arno59
Messages postés
4600
Date d'inscription
jeudi 23 octobre 2003
Statut
Contributeur
Dernière intervention
18 avril 2023
484
9 janv. 2006 à 17:56
9 janv. 2006 à 17:56
Merci,
Je sais que pour le moment il n'existe pas de virus critique tout comme sous Mac, mais comme Linux commence a se répendre plus dans le monde, il vaut mieux peut-être prendre des précautions, non ?
- pare-feu : comment obtenr les infos enregistrer et voir les site visités ?
- anti-virus pour filtrer les virus et spams habituels sous windows pour Mozilla ?
Je veux utiliser convenablement Linux pas comme sous Windows avec ses nombreuses failles.
Je sais que pour le moment il n'existe pas de virus critique tout comme sous Mac, mais comme Linux commence a se répendre plus dans le monde, il vaut mieux peut-être prendre des précautions, non ?
- pare-feu : comment obtenr les infos enregistrer et voir les site visités ?
- anti-virus pour filtrer les virus et spams habituels sous windows pour Mozilla ?
Je veux utiliser convenablement Linux pas comme sous Windows avec ses nombreuses failles.
tufs
Messages postés
1272
Date d'inscription
mercredi 1 décembre 2004
Statut
Contributeur
Dernière intervention
16 mars 2008
192
9 janv. 2006 à 19:08
9 janv. 2006 à 19:08
salut tout le monde ....
Je veux utiliser convenablement Linux pas comme sous Windows avec ses nombreuses failles.
moi je dis qu il y à tout simplement le facteur conscience de l utilisateur .
pas mal de problem visent plutot à exploiter la meconnaissance des utilisateur que de casser un system c est bien plus facile ............
Je veux utiliser convenablement Linux pas comme sous Windows avec ses nombreuses failles.
moi je dis qu il y à tout simplement le facteur conscience de l utilisateur .
pas mal de problem visent plutot à exploiter la meconnaissance des utilisateur que de casser un system c est bien plus facile ............
kilian
Messages postés
8731
Date d'inscription
vendredi 19 septembre 2003
Statut
Modérateur
Dernière intervention
20 août 2016
1 527
9 janv. 2006 à 18:04
9 janv. 2006 à 18:04
Je veux utiliser convenablement Linux pas comme sous Windows avec ses nombreuses failles.
Sous Debian j'ai également souvent des failles annoncées.
Pour le moment, je dirais: pare-feu vivement conseillé!! Surtout qu'il ya souvent beaucoup de services qui tournent sous Linux...
Et avec ça, faire une mise à jour régulière des paquetages.
L'antivirus pour Linux, pour l'instant je dis Bof....
Sous Debian j'ai également souvent des failles annoncées.
Pour le moment, je dirais: pare-feu vivement conseillé!! Surtout qu'il ya souvent beaucoup de services qui tournent sous Linux...
Et avec ça, faire une mise à jour régulière des paquetages.
L'antivirus pour Linux, pour l'instant je dis Bof....
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Arno59
Messages postés
4600
Date d'inscription
jeudi 23 octobre 2003
Statut
Contributeur
Dernière intervention
18 avril 2023
484
18 janv. 2006 à 12:35
18 janv. 2006 à 12:35
Merci,
Comment visualiser le journal du pare-feu de Mandriva 2006 ?
j'ai lancé le scan de ClamAV
/usr/bin/clamscan
clamdscan
Ou se trouve la liste des virus répertoriés ?
Comment visualiser le journal du pare-feu de Mandriva 2006 ?
j'ai lancé le scan de ClamAV
/usr/bin/clamscan
clamdscan
Ou se trouve la liste des virus répertoriés ?
Bonjour,
Installe l'interface Klamav (avec un K) pour kde et tu sélectionne l'onglet de mise a jours de la base de virus. En plus tu pourra configurer clamav en quelques clics !
Installe l'interface Klamav (avec un K) pour kde et tu sélectionne l'onglet de mise a jours de la base de virus. En plus tu pourra configurer clamav en quelques clics !
Arno59
Messages postés
4600
Date d'inscription
jeudi 23 octobre 2003
Statut
Contributeur
Dernière intervention
18 avril 2023
484
18 janv. 2006 à 14:08
18 janv. 2006 à 14:08
Bonjour,
J'ai trouvé la doc mais en anglais dans le répertoire:
/usr/share/doc/clamav-0.87
clamdoc.pdf
J'ai trouvé la doc mais en anglais dans le répertoire:
/usr/share/doc/clamav-0.87
clamdoc.pdf
Clam AntiVirus 0.87.1
User Manual
1
Contents
C onte nts
1 Introduction 6
1.1 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2 Mailing lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3 Virus submitting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Base package 7
2.1 Supported platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Binary packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Daily built snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Installation 11
3.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Installing on a shell account . . . . . . . . . . . . . . . . . . . . . . . 11
3.3 Adding new system user and group . . . . . . . . . . . . . . . . . . . . 12
3.4 Compilation of base package . . . . . . . . . . . . . . . . . . . . . . . 12
3.5 Compilation with clamav-milter enabled . . . . . . . . . . . . . . . . . 12
4 Configuration 13
4.1 clamd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1.1 On-access scanning . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2 clamav-milter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.3 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.4 Setting up auto-updating . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.5 Closest mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5 Usage 16
5.1 Clam daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.2 Clamdscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.3 Clamuko . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.4 Output format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.4.1 clamscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.4.2 clamd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
6 LibClamAV 20
6.1 Licence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.2.1 Archives and compressed files . . . . . . . . . . . . . . . . . . 20
6.2.2 Mail files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2
Contents
6 .3 API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.3.1 Header file . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.3.2 Database loading . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.3.3 Error handling . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.3.4 Database structure . . . . . . . . . . . . . . . . . . . . . . . . 22
6 .4 Database reloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.4.1 Data scan functions . . . . . . . . . . . . . . . . . . . . . . . . 23
6.4.2 Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.4.3 clamav-config . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.4.4 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6 .5 CVD format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7 Frequently Asked Questions 27
8 Third party software 31
8.1 MTA + ClamAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.1.1 amavisd-new . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.1.2 AMaViS - ”Next Generation” . . . . . . . . . . . . . . . . . . 31
8.1.3 ClamdMail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
8.1.4 Clement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
8.1.5 cgpav . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
8.1.6 ClamCour . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
8.1.7 clamfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.8 ClamSMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.9 clapf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.10 DSpamPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.11 exiscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.12 Gadoyanvirus . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.13 hMailServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.1.14 IVS Milter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.1.15 j-chkmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.1.16 Mail Avenger . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.1.17 Mailnees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1.18 MailScanner . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1.19 Maverix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1.20 MIMEDefang . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1.21 mxGuard for IMail . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1.22 OdeiaVir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1.23 OpenProtect . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.1.24 Protea AntiVirus Tools . . . . . . . . . . . . . . . . . . . . . . 36
8.1.25 PSCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3
Contents
8.1.26 PTSMail Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.1.27 pymavis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.1.28 Qmail-Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8 .1 .2 9 q p s m t p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8.1.30 qscanq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8.1.31 qSheff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8.1.32 RevolSys SMTP kit for Postfix . . . . . . . . . . . . . . . . . . 37
8.1.33 Sagator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8.1.34 Scrubber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
8.1.35 Secure Mail Intelligence! . . . . . . . . . . . . . . . . . . . . . 38
8.1.36 simscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
8.1.37 SmarterMail Filter . . . . . . . . . . . . . . . . . . . . . . . . 39
8.1.38 smf-clamd . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
8.1.39 smtpfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
8.1.40 smtp-gated . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
8.1.41 smtp-vilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
8.1.42 Zabit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
8.1.43 zmscanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
8 .2 MTA + POP3 Proxy + ClamAV . . . . . . . . . . . . . . . . . . . . . . 40
8.2.1 ClamMail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
8.2.2 POP3 Virus Scanner Daemon . . . . . . . . . . . . . . . . . . 40
8.2.3 pop3.proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
8 .3 Web/FTP Proxy + ClamAV . . . . . . . . . . . . . . . . . . . . . . . . 41
8.3.1 DansGuardian Anti-Virus Patch . . . . . . . . . . . . . . . . . 41
8.3.2 Frox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8.3.3 HTTP Anti Virus Proxy . . . . . . . . . . . . . . . . . . . . . 41
8.3.4 mod clamav . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8.3.5 ClamAV module for ProFTPD . . . . . . . . . . . . . . . . . . 41
8.3.6 SafeSquid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
8.3.7 SquidClamAV Redirector . . . . . . . . . . . . . . . . . . . . 42
8.3.8 Squidclam . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
8.3.9 Viralator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
8 .4 Filesystem + ClamAV . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.4.1 Dazuko . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.4.2 Famuko . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.4.3 OpenAntiVirus samba-vscan . . . . . . . . . . . . . . . . . . . 43
8 .5 Mail User Agent + ClamAV . . . . . . . . . . . . . . . . . . . . . . . . 43
8.5.1 clamailfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.5.2 ClamAssassin . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.5.3 clamscan-procfilter . . . . . . . . . . . . . . . . . . . . . . . . 44
8.5.4 KMail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4
Contents
8.5.5 MyClamMailFilter . . . . . . . . . . . . . . . . . . . . . . . . 44
8.5.6 OpenWebMail . . . . . . . . . . . . . . . . . . . . . . . . . . 44
8.5.7 QClam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
8.5.8 QMVC - Qmail Mail and Virus Control . . . . . . . . . . . . . 45
8.5.9 Sylpheed-Claws . . . . . . . . . . . . . . . . . . . . . . . . . 45
8.5.10 SoftlabsAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
8 .6 Graphical User Interface + ClamAV . . . . . . . . . . . . . . . . . . . 45
8.6.1 AVScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
8.6.2 BeClam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.6.3 Clamaktion . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.6.4 ClamShell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.6.5 ClamTk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.6.6 clamXav . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.6.7 ClamWin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.6.8 FETCAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.6.9 KlamAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.6.10 QtClamAVclient . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.6.11 wbmclamav . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8 .7 Library + ClamAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.7.1 ClamAV-Sharp . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.7.2 ClamAVPlugin . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.7.3 clamavr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.7.4 D bindings for ClamAV . . . . . . . . . . . . . . . . . . . . . 48
8.7.5 File::Scan::ClamAV . . . . . . . . . . . . . . . . . . . . . . . 48
8.7.6 Mail::ClamAV . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.7.7 PHP ClamAV Lib . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.7.8 pyclamav . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.7.9 WRAVLib . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8 .8 Miscellaneous + ClamAV . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.8.1 INSERT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.8.2 Local Area Security . . . . . . . . . . . . . . . . . . . . . . . 49
8.8.3 mailgraph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.8.4 mailman-clamav . . . . . . . . . . . . . . . . . . . . . . . . . 50
8 .8 .5 M o o d l e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.8.6 nclamd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.8.7 qmailmrtg7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.8.8 redWall Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.8.9 Scan Log Analyzer . . . . . . . . . . . . . . . . . . . . . . . . 51
8.8.10 snort-inline . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
8.8.11 Snort-ClamAV . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5
Contents
9 Credits 51
9.1 Database mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
9.2 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
9.3 Donors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
9.4 Graphics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
9.5 OpenAntiVirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
71
10 Authors
ClamAV User Manual, c 2002 - 2005 Tomasz Kojm
This document is distributed under the terms of the GNU General Public License v2.
Clam AntiVirus is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FIT-NESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
--------------------------------------------------
1 Introduction
Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and an advanced tool for automatic database updating via Internet. The package also includes a virus scanner shared library.
1.1 Features
• Licensed under the GNU General Public License, Version 2
• POSIX compliant, portable
• Fast scanning
• Supports on-access scanning (Linux and FreeBSD only)
• Detects over 35000 viruses, worms, and trojans, including Microsoft Office and MacOffice macro viruses
• Scans within archives and compressed files (also protects against archive bombs),
built-in support includes:
– Zi p
– RAR (2.0)
– Tar
– Gzip
– Bzip2
– M S OL E 2
– MS Cabinet Files
– MS CHM (Compiled HTML)
– MS SZDD compression format
• Supports Portable Executable files compressed with:
– UPX
– FSG
– Petite
• Powerful mail scanner
• Advanced database updater with support for digital signatures and DNS based database version queries
1.2 Mailing lists
If you have a trouble installing or using ClamAV try to ask on our mailing lists. There are four lists available:
• clamav-announce*lists.clamav.net - info about new versions, moderated1 .
• clamav-users*lists.clamav.net - user questions
• clamav-devel*lists.clamav.net - technical discussions
• clamav-virusdb*lists.clamav.net - database update announcements, moderated
You can subscribe and search the mailing list archives at: http://www.clamav.net/ml.html
1.3 Virus submitting
If you have got a virus which is not detected by your ClamAV with the latest databases, please check it with the ClamAV Online Specimen Scanner:
http://test- clamav.power- netz.de/
and then submit it on our website:
http://www.clamav.net/sendvirus.html
2.1 Supported platforms
All popular operating systems are supported. Clam AntiVirus was tested on:
• GNU/ L i n u x
• Solaris
• FreeBSD
• OpenBSD 2
• AIX 4.1/4.2/4.3/5.1
1 Subscribers are not allowed to post to the mailing list
2 Installation from a port is recommended.
8
2 Base package
• HPUX 11.0
• SCO UNIX
• IRIX 6.5.20f
• Mac OS X
• BeOS
• Cobalt MIPS boxes
• Cygwin
• Windows Services for Unix 3.5 (Interix)
Some features may not be available on your operating system. If you are successfully running Clam AntiVirus on a system not listed above please let us know.
2.2 Binary packages
• Debian
The package is maintained by Stephen Gran and Thomas Lamy. ClamAV has been officially included in the Debian distribution starting from the Sarge release. Run apt-cache search clamav to find the names of the packages available for installation. Unofficial packages for Woody and Sarge are available and they are usually more recent than official ones. Add the following lines to your /etc/apt/sources.list:
for stable/woody (i386):
deb http://people.debian.org/˜sgran/debian woody main
deb-src http://people.debian.org/˜sgran/debian woody main
for testing/sarge (i386):
deb http://people.debian.org/˜sgran/debian sarge main
deb-src http://people.debian.org/˜sgran/debian sarge main
Feel free to search for clamav on http://www.apt- get.org/ too.
• RedHat - Fedora
The packages are maintained by Petr Kristof.
Fedora1: http://crash.fce.vutbr.cz/crash- hat/1/clamav/
Fedora2: http://crash.fce.vutbr.cz/crash- hat/2/clamav/
Devel snapshots: http://crash.fce.vutbr.cz/crash- hat/testing/2/
Please follow the instructions at http://crash.fce.vutbr.cz/yumrepository.
html and then run:
yum update clamav or up2date -u clamav
Another very good repository is maintained by Dag Wieers: http://dag.wieers.
com/packages/clamav/
• PLD Linux Distribution
The RPM packages for the Polish(ed) Linux Distribution are maintained by Arkadiusz Miskiewicz (visit http://www.pld- linux.org/).
• Mandrake - Maintenant Mandriva
A RPM package for Mandrake is available on Mandrake’s mirrors and is maintained by Oden Eriksson. Another set of RPM packages (maintained by Bill Randle) is available at ftp://ftp.neocat.org/pub/.
• Slackware
Slackware packages without milter support are maintained by Jay Scott Raymond.
You can find them at http://webpages.charter.net/jay_scott_raymond/
linux/slackages/ If you need milter enabled ClamAV, try Peter Kaagman’s
packages available at http://bilbos- stekkie.com/clamav/
Both of them are also available at http://www.linuxpackages.net/
• SuSE SuSE 8.2 and 9.1 RPMs are maintained by Joe Benden. You can download them at http://www.ispservices.com/clamav.html. Official ClamAV
packages for SuSE are maintained by Reinhard Max.
• FreeBSD
The official FreeBSD port is maintained by Masahiro Teramoto. There are two version available: clamav and clamav-devel. You can find both of them under /usr/ports/security/
• OpenBSD
ClamAV will become part of the official ports tree in the upcoming 3.7 release of OpenBSD. The new port is maintained by Marc Balmer. The old unofficial port for OpenBSD (maintained by Jerome Loyet) is available at: http://www.fatbsd.com/openbsd/clamav/
• NetBSD
The official port is available.
• Solaris
Stable packages and daily snapshots for Solaris 8 SPARC are available at http://clamav.or.id/snapshot/. Latest stable packages for Solaris 9 SPARC 64bit
are available at http://clamav.citrus- it.net
• AI X
The binary packages for AIX are available in AIX PDSLIB, UCLA
http://aixpdslib.seas.ucla.edu/packages/clamav.html
• Mac OS X
There’s a binary package available at http://clamav.darwinports.com/
clamXav (see 8.6.6), a GUI for ClamAV running on MacOS X, is available at
http://www.markallan.co.uk/clamXav
• BeOS
BeClam is a port of ClamAV for the BeOS operating system. It includes a very
simple GUI. Get it at http://www.bebits.com/app/3930/
• MS Windows - Cygwin
ClamAV is a part of the official Cygwin port repository.
• MS Windows - cygwin.dll based
All major features of ClamAV are implemented under Win32 using the Cygwin
compatibility layer. You can download a self-installing package at
http://www.sosdg.org/clamav- win32/index.php
• MS Windows - Interix
A binary package of ClamAV for Interix is maintained at
http://www.interopsystems.com/tools/warehouse.htm
• MS Windows - graphical version
A standalone GUI version is also available. See ClamWin in the Third Party
Software section (8.6.7).
2.3 Daily built snapshots
Thanks to Fajar A. Nugraha you can download daily builds (from daily snapshots) for
the following operating systems:
• SPARC Solaris 8/9
• DEC OSF (built on Tru64 UNIX V5.0A)
• AIX (built on AIX Version 5.1)
• Linux i386 with glibc 2.3 (compiled on Fedora Core 1, works on RH ≥ 8)
11
3 Installation
• Win32/Cygwin (compiled on XP)
They’re available at http://clamav.or.id/
3.1 Requirements
The following elements are required to compile ClamAV:
• zlib and zlib-devel packages
• gcc compiler suite (both 2.9x and 3.x are supported)
The following packages are optional but highly recommended:
• bzip2 and bzip2-devel library
• GNU M P 3
It’s very important to install the GMP package because it allows freshclam to
verify the digital signatures of the virus databases. If freshclam was compiled
without GMP support it will display ”SECURITY WARNING: NO SUPPORT
FOR DIGITAL SIGNATURES” on every update. You can download GNU MP at
http://www.swox.com/gmp/
A note for Solaris/SPARC users: you must set the ABI system variable to 32 (e.g.
setenv ABI 32) before running the configuration script of GMP.
3.2 Installing on a shell account
To install ClamAV on a shell account (e.g. on some shared host) you need not create any additional users or groups. Assuming your home directory is /home/gary you should build it as follows:
$ ./configure --prefix=/home/gary/clamav --disable-clamav
$ make; make install
To test your installation execute:
$ ˜/clamav/bin/freshclam
$ ˜/clamav/bin/clamscan ˜
The --disable-clamav switch disables testing for the existence of the clamav user and group but clamscan would still require an unprivileged account to work in a superuser mode.
12
3.3 Adding new system user and group
If you are installing ClamAV for the first time, you have to add a new user and group to
your system: 3
# groupadd clamav
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
Consult a system manual if your OS has not groupadd and useradd utilities. The account should be locked in /etc/passwd or /etc/shadow.
3.4 Compilation of base package
Once you have created the clamav user and group, please extract the archive:
$ zcat clamav-x.yz.tar.gz | tar xvf -
$ cd clamav-x.yz
Assuming you want to install the configuration files in /etc, configure the package as follows:
$ ./configure --sysconfdir=/etc
Currently gcc is required to compile ClamAV.
$ make
$ su -c "make install"
In the last step the software is installed in the /usr/local directory and the config file goes to /etc. WARNING: Never enable the SUID or SGID bits in Clam AntiVirus binaries.
3.5 Compilation with clamav-milter enabled libmilter and its development files are required. To enable clamav-milter, configure ClamAV with
$ ./configure --enable-milter
3 Cygwin note: If you have not /etc/passwd you can skip this procedure
13
4 Configuration
4.1 clamd
If you are going to use the daemon, you have to edit the configuration file (in other case clamd won’t run):
$ clamd
ERROR: Please edit the example config file /etc/clamd.conf.
This shows the location of the default configuration file. The format and options of this file are fully described in the clamd.conf(5) manual. The config file is well commented and configuration should be straightforward.
4.1.1 On-access scanning
An interesting feature of clamd is on-access scanning based on the Dazuko module, available from http://dazuko.org/. It is not required to run clamd - furthermore, you shouldn’t run Dazuko on production systems. The special thread in clamd responsible for the communication with Dazuko is called ”Clamuko” (due to the funny name of Dazuko) and it’s only supported on Linux and FreeBSD. To compile dazuko execute:
$ tar zxpvf dazuko-a.b.c.tar.gz
$ cd dazuko-a.b.c
$ make dazuko
or
$ make dazuko-smp (for smp kernels)
$ su
# insmod dazuko.o
# cp dazuko.o /lib/modules/‘uname -r‘/misc
# depmod -a
Depending on your Linux distribution you have to add a ”dazuko” entry to /etc/modules or run the module during system’s startup by adding
modprobe dazuko to some startup file. You must also create a new device:
$ cat /proc/devices | grep dazuko
254 dazuko
$ su -c "mknod -m 600 /dev/dazuko c 254 0"
Now configure Clamuko in clamd.conf and read the 5.3 section.
4.2 clamav-milter
Nigel Horne’s clamav-milter is a very fast email scanner designed for Sendmail. It’s written entirely in C and only depends on libclamav or clamd. You can find detailed installation instructions in the INSTALL file that comes with the clamav-milter sources.
Basically, to connect it with Sendmail add the following lines to /etc/mail/sendmail.mc:
INPUT_MAIL_FILTER(‘clmilter’,‘S=local:/var/run/clamav/clmilter.sock,
F=, T=S:4m;R:4m’)dnl
define(‘confINPUT_MAIL_FILTERS’, ‘clmilter’)
If you’re running it in --external mode, check entry in clamd.conf of the form:
LocalSocket /var/run/clamav/clamd.sock
Start clamav-milter
/usr/local/sbin/clamav-milter -lo /var/run/clamav/clmilter.sock
and restart sendmail.
4.3 Testing
Try to scan recursively the source directory:
$ clamscan -r -l scan.txt clamav-x.yz
It should find some test files in the clamav-x.yz/test directory. The scan result will be saved in the scan.txt log file 4 . To test clamd, start it and use clamdscan (or connect directly to its socket and run the SCAN command instead):
$ clamdscan -l scan.txt clamav-x.yz
Please note that the scanned files must be accessible by the user running clamd or you get an error.
4 To get more info on clamscan options execute ’man clamscan’
4.4 Setting up auto-updating
freshclam is the default database updater for Clam AntiVirus. It can work in two modes:
• interactive - from command line, verbosely
• daemon - alone, silently
When started by a superuser it drops privileges and switches to the clamav user. freshclam uses the database.clamav.net round-robin DNS which automatically selects a database mirror9.1. freshclam is an advanced tool: it supports database version verification through DNS, proxy servers (with authentication), digital signatures and various error scenarios. Quick test: run freshclam (as superuser) with no parameters and check the output. If everything is OK you may create the log file in /var/log (owned by clamav
or another user freshclam will be running as (--user):
# touch /var/log/freshclam.log
# chmod 600 /var/log/freshclam.log
# chown clamav /var/log/freshclam.log
Now you should edit the configuration file (freshclam.conf or clamd.conf if they’re merged) and configure the UpdateLogFile directive to point to the created log filee. Finally, to run freshclam in the daemon mode, execute:
# freshclam -d
The other method is to use the cron daemon. You have to add the following line to the crontab of the root or clamav users:
N * * * * /usr/local/bin/freshclam --quiet
to check for a new database every hour. N should be a number between 3 and 57 of your choice. Please don’t choose any multiple of 10, because there are already too many clients using those time slots. Proxy settings are only configurable via the configuration file and freshclam will require strict permissions on the config file when
HTTPProxyPassword is enabled.
HTTPProxyServer myproxyserver.com
HTTPProxyPort 1234
HTTPProxyUsername myusername
HTTPProxyPassword mypass
16
5 Usage
4.5 Closest mirrors
The DatabaseMirror directive in the config file specifies the database server freshclam will attempt (up to MaxAttempts times) to download the database from. The default database mirror is database.clamav.net but multiple directives are allowed. In order to download the database from the closest mirror you should configure freshclam to use db.xx.clamav.net where xx represents your country code. For example, if your
server is in ”Ascension Island” you should add the following lines to freshclam.conf:
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.ac.clamav.net
DatabaseMirror database.clamav.net
The second entry acts as a fallback in case a connection to the first mirror fails for some reason. The full list of two-letters country codes is available at http://www.iana.org/cctld/cctld- whois.htm
5.1 Clam daemon
clamd is a multi-threaded daemon that uses libclamav to scan files against viruses. It may work in one of the two network modes, listening on a:
• Unix (local) socket
• TCP socket
The daemon is fully configurable via the clamd.conf file 5 . clamd recognizes the following commands:
• P I NG
Check daemon state (should reply with ”PONG”).
• VERSION
Print program and database versions.
• RELOAD
Reload databases.
• SHUTDOWN
Perform a clean exit.
5 m an 5 clamd.conf
17
• SCAN file/directory Scan file or directory (recursively) with archive support enabled (a full path is required).
• RAWSCAN file/directory Scan file or directory (recursively) with archive support disabled (a full path is required).
• CONTSCAN file/directory Scan file or directory (recursively) with archive support enabled and do not stop scanning if virus is found.
• STREAM Scan stream: clamd will return a new port number you should connect to and send data to scan.
• SESSION, END Start/end a clamd session - you can do multiple commands per
TCP session (WARNING: due to the clamd implementation the RELOAD command will break the session) and reacts to the special signals:
• SIGTERM - perform a clean exit
• SIGHUP - reopen a log file
• SIGUSR2 - reload the database
5.2 Clamdscan
clamdscan is a simple clamd client. In many cases you can use it as a clamscan replacement but you must remember that:
• it only depends on clamd
• although it accepts the same command line options as clamscan most of them are ignored because they must be enabled directly in clamd, i.e.clamd.conf
• scanned files must be accessible for clamd
• it can’t use external unpackers
5.3 Clamuko
Clamuko is a special thread in clamd that performs on-access scanning under Linux and FreeBSD and shares internal virus database with the daemon. You must follow some important rules when using it:
• Always stop the daemon cleanly - using the SHUTDOWN command or the SIGTERM signal. In other case you can lose an access to protected files until the system is restarted.
• Never protect a directory your mail-scanner software uses for attachment unpacking. Access to all infected files will be automatically blocked and the scanner (even clamd) won’t be able to detect any virus. In the result all infected mails will be delivered.
For example, to protect a whole system add the following lines to clamd.conf:
ClamukoScanOnAccess
ClamukoIncludePath /
ClamukoExcludePath /proc
ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software
You can also use clamuko to protect files on Samba/Netatalk but far more better and safe idea is to use the samba-vscan module 8.4.3. NFS is not supported because Dazuko doesn’t intercept NFS access calls.
5.4 Output format
5.4.1 clamscan
clamscan by default writes all messages to stderr. Run it with --stdout enabled to redirect them to the standard output. An example of the clamscan output is:
/tmp/test/removal-tool.exe: Worm.Sober FOUND
/tmp/test/md5.o: OK
/tmp/test/blob.c: OK
/tmp/test/message.c: OK
/tmp/test/error.hta: VBS.Inor.D FOUND
When a virus is found its name is printed between the filename: and FOUND strings. Incase of archives the scanner depends on libclamav and only prints the first virus found within an archive:
zolw@localhost:/tmp$ clamscan malware.zip
malware.zip: Worm.Mydoom.U FOUND
TIP: You can force clamscan to list all infected files in an archive using –no-archive
(that disables transparent decompressors built into libclamav) and external decompressors: –unzip –unrar....
zolw@localhost:/tmp$ clamscan --no-archive --unzip malware.zip
Archive: /tmp/malware.zip
inflating: test1.exe
inflating: test2.exe
inflating: test3.exe
/tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
/tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND
/tmp/malware.zip: Infected.Archive FOUND
5.4.2 clamd
clamd uses a clamscan compatible output format:
zolw@localhost:˜$ telnet localhost 3310
Trying 127.0.0.1...
Connected to localhost.
Escape character is ’ˆ]’.
SCAN /home/zolw/test
/home/zolw/test/clam.exe: ClamAV-Test-File FOUND
Connection closed by foreign host.
In the SCAN mode it closes the connection when the first virus is found.
SCAN /home/zolw/test/clam.zip
/home/zolw/test/clam.zip: ClamAV-Test-File FOUND
CONTSCAN continues scanning even if virus was already found.
Error messages are printed in the following format:
SCAN /no/such/file
/no/such/file: Can’t stat() the file. ERROR
6 LibClamAV
libclamav is a simple and easy way to add a virus protection to your software. The library is thread-safe and transparently recognizes and scans within archives, mail files, MS Office document files, executables and other file formats.
6.1 Licence
libclamav is licensed under the GNU GPL licence. That means you are not allowed
to link commercial, close-source applications against it6 . All software using libclamav
must be GPL compliant.
6.2 Features
6.2.1 Archives and compressed files
The library has a built-in support for the following formats:
• Zip
• RAR (2.0)
• Tar
• Gzip
• Bzip2
• M S OL E 2
• MS Cabinet Files
• MS CHM (Compiled HTML)
• MS SZDD compression format
• UPX (all versions)
• FSG (1.3, 1.31, 1.33, 2.0)
• Petite (2.x)
6 You can still use clamd or clamscan instead
21
6 LibClamAV
Due to license issues, support for RAR 3.0 archives is currently not available in libclamav (such archives will trigger the RAR module failure. error message). You can scan them with the help of external unpackers in clamscan, though.
$ clamscan --unrar clam-error.rar
/home/zolw/test/clam-error.rar: RAR module failure.
UNRAR 3.00 freeware Copyright (c) 1993-2002 Eugene Roshal
Extracting from /home/zolw/test/clam-error.rar
Extracting clam.exe OK
All OK
/tmp/44694f5b2665d2f4/clam.exe: ClamAV-Test-File FOUND
/home/zolw/test/clam-error.rar: Infected.Archive FOUND
6.2.2 Mail files
Advanced mail scanner built into libclamav transparently scans e-mails for infected
attachments. All popular UNIX mail formats are supported. TNEF attachments are
supported as well.
6.3 API
6.3.1 Header file
Every program using libclamav must include the clamav.h header file:
#include <clamav.h>
6.3.2 Database loading
The following set of functions provides an interface to database initialisation mecha-
ni s m s :
int cl_loaddb(const char *filename, struct cl_node **root,
unsigned int *signo);
int cl_loaddbdir(const char *dirname, struct cl_node **root,
unsigned int *signo);
22
6 LibClamAV
const char *cl_retdbdir(void);
cl_loaddb loads selected database while cl_loaddbdir loads all databases from a
dirname directory. cl_retdbdir returns a default (hardcoded) database directory path.
After an initialisation an internal database representation will be saved under root (which must initially point to NULL) and a number of loaded signatures will be added 7 to virnum. You can eventually pass NULL if you don’t care about a signature counter.
Both cl_loaddb and cl_loaddbdir functions return 0 on success and a non-negative
value on failure.
...
struct cl_node *root = NULL;
int ret, signo = 0;
ret = cl_loaddbdir(cl_retdbdir(), &root, &signo);
6.3.3 Error handling
Use cl_strerror to convert error codes into human readable messages. The function
returns a statically allocated string:
if(ret) {
printf("cl_loaddbdir() error: %s\n", cl_strerror(ret));
exit(1);
}
6.3.4 Database structure
Now initialise internal transitions with cl_build.
int cl_build(struct cl_node *root);
In our example:
if((ret = cl_build(root)))
printf("cl_build() error: %s\n", cl_strerror(ret));
7 Remember to initialize the virus counter variable with 0.
23
6 LibClamAV
6.4 Database reloading
The most important thing is to keep the internal instance of the database up to date. You
can watch database changes with the cl_stat functions family.
int cl_statinidir(const char *dirname, struct cl_stat *dbstat);
int cl_statchkdir(const struct cl_stat *dbstat);
int cl_statfree(struct cl_stat *dbstat);
Initialization:
...
struct cl_stat dbstat;
memset(&dbstat, 0, sizeof(struct cl_stat));
cl_statinidir(dbdir, &dbstat);
To check for a change you only need to call cl_statchkdir:
if(cl_statchkdir(&dbstat) == 1) {
reload_database...;
cl_statfree(&dbstat);
cl_statinidir(cl_retdbdir(), &dbstat);
}
Remember to reinitialize the structure after reload.
6.4.1 Data scan functions
It’s possible to scan a buffer, a descriptor, or a file with:
int cl_scanbuff(const char *buffer, unsigned int length,
const char **virname, const struct cl_node *root);
int cl_scandesc(int desc, const char **virname, unsigned
long int *scanned, const struct cl_node *root, const
struct cl_limits *limits, unsigned int options);
int cl_scanfile(const char *filename, const char **virname,
unsigned long int *scanned, const struct cl_node *root,
const struct cl_limits *limits, unsigned int options);
24
6 LibClamAV
All the functions save a virus name under virname pointer. It points to a field in the
internal database structure and must not be released directly. If the scanned pointer
is not NULL the functions will increase a value represented by this pointer by a size
of scanned data in CL_COUNT_PRECISION units. The last two functions also support
archive limits required to protect against Denial of Service attacks.
struct cl_limits {
int maxreclevel; /* maximal recursion level */
int maxfiles; /* maximal number of files to be
* scanned within archive
*/
int maxratio; /* maximal compression ratio */
short archivememlim; /* limit memory usage for bzip2 (0/1) */
long int maxfilesize; /* archived files larger than this
* value will not be scanned
*/
};
The options argument configures the scan engine and supports the following flags (that
can be combined using bit operators):
• CL SCAN STDOPT
This is an alias for a recommended set of scan options. You should use it to make
your software ready for new features in future versions of libclamav.
• CL SCAN RAW
It does nothing. Please use it (alone) if you don’t want to scan any special files.
• CL SCAN ARCHIVE
This flag enables transparent scanning of various archive formats.
• CL SCAN BLOCKENCRYPTED
With this flag the library marks encrypted archives as viruses (Encrypted.Zip,
Encrypted.RAR).
• CL SCAN BLOCKMAX
Mark archives as viruses if maxfiles, maxfilesize, or maxreclevel limit is
reached.
• CL SCAN MAIL
It enables support for mail files.
25
6 LibClamAV
• CL SCAN MAILURL
The mail scanner will download and scan URLs listed in a mail body. This flag
should not be used on loaded servers. Due to potential problems please do not
enable it by default but make it optional.
• CL SCAN OLE2
Enables support for Microsoft Office document files.
• CL SCAN PE
This flag enables scanning withing Portable Executable files and allows libclamav
to unpack UPX, Petite, and FSG compressed executables.
• CL SCAN BLOCKBROKEN
libclamav will try to detect broken executables and mark them as Broken.Executable.
• CL SCAN HTML
This flag enables HTML normalisation (including JScript decryption).
All functions return 0 (CL_CLEAN) if the file is clean, CL_VIRUS when virus is detected
and an another value on failure.
...
struct cl_limits limits;
const char *virname;
memset(&limits, 0, sizeof(struct cl_limits));
/* maximal number of files in archive */;
limits.maxfiles = 1000
/* maximal archived file size */
limits.maxfilesize = 10 * 1048576; /* 10 MB */
/* maximal recursion level */
limits.maxreclevel = 5;
/* maximal compression ratio */
limits.maxratio = 200;
/* disable memory limit for bzip2 scanner */
limits.archivememlim = 0;
if((ret = cl_scanfile("/home/zolw/test", &virname, NULL, root,
&limits, CL_STDOPT)) == CL_VIRUS) {
printf("Detected %s virus.\n", virname);
} else {
printf("No virus detected.\n");
if(ret != CL_CLEAN)
26
6 LibClamAV
printf("Error: %s\n", cl_strerror(ret));
}
6.4.2 Memory
Because the internal database uses a few megabytes of memory, you should release it if
you no longer need to scan files.
void cl_free(struct cl_node *root);
6.4.3 clamav-config
Use clamav-config to check libclamav compilation information.
zolw@localhost:˜$ clamav-config --libs
-L/usr/local/lib -lz -lbz2 -lgmp -lpthread
zolw@localhost:˜$ clamav-config --cflags
-I/usr/local/include -g -O2
6.4.4 Example
You will find an example scanner application in the clamav sources (/example). Re-
member that all programs based on libclamav must be linked against it:
gcc -Wall ex1.c -o ex1 -lclamav
6.5 CVD format
CVD (ClamAV Virus Database) is a digitally signed tarball file that contains one or
more databases. The header is a 512 bytes long string with colon separated fields:
ClamAV-VDB:build time:version:number of signatures:functionality
level required:MD5 checksum:digital signature:builder name:build time (sec)
sigtool --info displays detailed information on CVD files:
27
7 Frequently Asked Questions
zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd
Build time: 11 Sep 2004 21-07 +0200
Version: 487
# of signatures: 1189
Functionality level: 2
Builder: ccordes
MD5: a3f4f98694229e461f17d2aa254e9a43
Digital signature: uwJS6d+y/9g5SXGE0Hh1rXyjZW/PGK/zqVtWWVL3/tfHEn
A17z6VB2IBR2I/OitKRYzmVo3ibU7bPCJNgi6fPcW1PQwvCunwAswvR0ehrvY/4ks
UjUOXo1VwQlW7l86HZmiMUSyAjnF/gciOSsOQa9Hli8D5uET1RDzVpoWu/id
Verification OK.
7 Frequently Asked Questions
The FAQ section is maintained by Luca Gibelli.
• What does WARNING: Current functionality level = 1, required = 2 mean?
The functionality level of the database determines which scanner engine version
is required to use all of its signatures. If you don’t upgrade immediately you will
be in big trouble.
• What does Your ClamAV installation is OUTDATED mean?
You’ll get this message whenever a new version of ClamAV is released. In order
to detect all the latest viruses, it’s not enough to keep your database up to date.
You also need to run the latest version of the scanner. You can find the latest
release at http://www.clamav.net under the stable link. Running the latest
stable release also improves stability.
• What does WARNING: DNS record is older than 3 hours mean?
freshclam attempts to detect potential problems with DNS caches and switches
to the old mode if something looks suspicious. If this message appears seldomly,
you can safely ignore it. If you get the error everytime you run freshclam, you
should check your dns settings.
• What does SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNA-
TURES mean?
The ClamAV package requires the GMP library to verify the digital signature of
the virus database. When building ClamAV you need the GMP library and its
headers: if you are using Debian just run apt-get install libgmp3-dev, if
you are using an RPM based distribution install the gmp-devel package.
28
7 Frequently Asked Questions
• How often is the virus database updated?
The virus database is usually updated many times per week. Check out http:
//news.gmane.org/gmane.comp.security.virus.clamav.virusdb/ to see
our response times to new threats. The virusdb team tries to keep up with the
latest worm in the wild. When a new worm spreads out, often it is less than one
hour before we release a database update. You can contribute to make the virusdb
updating process more efficient by submitting samples of viruses via our web
interface.
• I tried to submit a sample through the web interface, but it said the sample
is already recognized by ClamAV. My clamscan tells me it’s not. I already
updated my database, what’s wrong with my setup?
Please run clamscan with the –mbox option. Also check that freshclam and clam-
scan are using the same path for storing/reading the database.
• ClamAV crashes/hangs/doesn’t compile/doesn’t start. Did I find a bug?
Before reporting a bug, please download the latest CVS code and try to reproduce
the bug with it. Chances are the bug you encountered has already been fixed. If
you really feel like you found a bug, please send a message bugs*clamav.net.
• How do I automatically restart clamd when it dies?
Set up a cronjob which checks that clamd is up and running, every XX minutes.
You can find an example script in the contrib/clamdwatch/ directory.
• How do I keep my virus database up to date?
ClamAV comes with freshclam, a tool which periodically checks for new database
releases and keeps your database up to date.
• I’m running ClamAV on a lot of clients on my local network. Can I mirror
the database locally so that each client doesn’t have to download it from your
servers?
Sure, install a proxy server and then configure your freshclam clients to use it
(watch for the HTTPProxyServer parameter in man freshclam.conf). Alter-
natively, you can configure a local webserver on one of your machines (say ma-
chine1.mylan) and let freshclam download the *.cvd files from http://database.
clamav.net/ to the webserver’s DocumentRoot. Finally, change freshclam.conf
on your clients so that it reads: DatabaseMirror machine1.mylan First the
database will be downloaded to the local webserver and then the other clients on
the network will update their copy of the database from it.
• How can I list the virus signature names contained in the database?
If you are using a recent version of ClamAV just run: $sigtool --list-sigs
29
7 Frequently Asked Questions
• I found an infected file in my HD/floppy/mailbox, but ClamAV doesn’t rec-
ognize it yet. Can you help me?
Our virus database is kept up to date with the help of the community. Whenever
you find a new virus which is not detected by ClamAV you should submit it on
our website (go to www.clamav.net and click on submit sample). The virusdb
team will review your submission and update the database if necessary. Before
submitting a new sample:
– check that the value of DatabaseDirectory, in both clamd.conf and
freshclam.conf, is the same
– update your database by running freshclam
• Why is ClamAV calling the XXX virus with another name?
This usually happens when we add a signature before other AV vendors. No well-
known name is available at that moment so we have to invent one. Renaming
the virus after a few days would just confuse people more, so we usually keep
on using our name for that virus. The only exception is when a new name is
established soon after the signature addition. You can find more info about this in
the virus naming page at http://www.clamav.net/cvdinfo.html
• How do I know when database updates are released?
Subscribe to the clamav-virusdb mailing-list.
• How can I scan a file on my hard disk for viruses without installing ClamAV?
Use the online scanning tool available at http://test- clamav.power- netz.
de/
• I found a false positive in ClamAV virus database. What shall I do?
Fill the form at http://www.clamav.net/sendvirus.html Be sure to select
The file attached is... a false positive
• How do I verify the integrity of ClamAV sources?
Using GnuPG (http://www.gnupg.org/) you can easily verify the authenticity
of your stable release downloads by using the following method:
– Download Tomasz Kojm’s key from the clamav.net site:
$ wget http://www.clamav.net/gpg/tkojm.gpg
– Import the key into your local public keyring:
\$ gpg --import tkojm.gpg
– Download the stable release AND the corresponding .sig file to the same
directory.
30
7 Frequently Asked Questions
$ wget http://prdownloads.sourceforge.net/clamav/clamav-X.XX.tar.gz
$ wget http://prdownloads.sourceforge.net/clamav/clamav-X.XX.tar.gz.sig
– Verify that the stable release download is signed with the proper key:
$ gpg --verify clamav-X.XX.tar.gz.sig
– Make sure the resulting output contain the following information:
Good signature from Tomasz Kojm (tk*lodz.tpnet.pl)
• Can ClamAV disinfect files?
No, it can’t. We will add support for disinfecting OLE2 files in one of the next
stable releases. There are no plans for disinfecting other types of files. There are
many reasons for it: cleaning viruses from files is virtually pointless these days.
It is very seldom that there is anything useful left after cleaning, and even if there
is, would you trust it?
• When using clamscan, is there a way to know which message within an mbox
is infected?
No, clamscan stops at the first infected message. You can convert the mbox to
Maildir format, run clamscan on it and then convert it back to mbox format. There
are many tools available which can convert to and from Maildir format, e.g: for-
mail, mbox2maildir, and maildir2mbox.
• I’m running qmail+Qmail-Scanner+ClamAV and get the following error in
my mail logs: clamdscan: corrupt or unknown clamd scanner error or mem-
ory/resource/perms problem. What’s wrong with it?
Most likely clamd is not running at all, or you are running Qmail-Scanner and
clamd under a different uid. If you are running Qmail-Scanner as qscand (de-
fault setting) you could put User qscand inside your clamd.conf file and restart
clamd. Remember to check that qscand can create clamd.ctl (usually located at
/var/run/clamav/clamd.ctl). The same applies to the log file.
• How do I use ClamAV with p3scan?
Add the following lines to your pop3vscan configuration file:
virusregexp = .*: (.*) FOUND
scanner = /usr/bin/clamdscan --no-summary -i
scannertype = basic
• Where can I ask questions about using ClamAV?
Subscribe to our clamav-users mailing-list at http://www.clamav.net/ml.html
• Where can I get the latest CVS snapshot of ClamAV?
Basically, there are two ways:
31
8 Third party software
– Run
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/clamav co clamav-devel
– Visit http://www.clamav.net/snapshot/
• I’m a MS Windows user. Can I take advantage of ClamAV virus protection?
Yes, you can use ClamWin, a port of ClamAV for win32 systems with a very nice
graphic interface. Download it at http://www.clamwin.net
• Where can I find more information about ClamAV?
Please read this documentation. You can also try searching the mailing list archives.
If you can’t find the answer, you can ask for support on the clamav-users mailing-
list, but please before doing it, search the archives! Also, make sure that you
don’t send HTML-ized email messages and that you don’t top-post (these violate
the netiquette and lessen your chances of being answered).
• How can I contribute to the ClamAV project?
There are many ways to contribute to the ClamAV project. See the donations page
(http://www.clamav.net/donate.html for more info.
8 Third party software
The following software supports ClamAV. It’s specified which elements are supported,
please note that if a program doesn’t support clamd you can use clamdscan instead of
clamscan.
8.1 MTA + ClamAV
8.1.1 amavisd-new
Homepage: http://www.ijs.si/software/amavisd/
Supports: clamd, clamscan
amavisd-new is a rewritten version of amavis maintained by Mark Martinec.
Installation:
clamscan is enabled automatically if clamscan binary is found at amavisd-new startup
time. clamd is activated by uncommenting its entry in the @av scanners list, file /etc/amavisd.conf.
8.1.2 AMaViS - ”Next Generation”
Homepage: http://sourceforge.net/projects/amavis/
jisisv
Messages postés
3645
Date d'inscription
dimanche 18 mars 2001
Statut
Modérateur
Dernière intervention
15 janvier 2017
934
20 janv. 2006 à 15:59
20 janv. 2006 à 15:59
Bonjour,
Le bon usage sur Internet serait de
° donner un lien vers la documentation que tu as trouvée
° éventellement la placer sur un servzur distinct de CCM
Ceci permettra:
° une meilleure fluidité du trafic.
° n'encombrera pas inutilemen la base de donn"zs de CCM
100rancune
Le bon usage sur Internet serait de
° donner un lien vers la documentation que tu as trouvée
° éventellement la placer sur un servzur distinct de CCM
Ceci permettra:
° une meilleure fluidité du trafic.
° n'encombrera pas inutilemen la base de donn"zs de CCM
100rancune
Zempachi
Messages postés
7472
Date d'inscription
vendredi 14 octobre 2005
Statut
Contributeur
Dernière intervention
5 juin 2020
906
20 janv. 2006 à 16:59
20 janv. 2006 à 16:59
la mise à jour de clamav se fait automatiquement via le processus freshclam.
Donc un petit "ps aux | grep freshclam" pour verifier qu'il est bien lancé.
Donc un petit "ps aux | grep freshclam" pour verifier qu'il est bien lancé.
Arno59
Messages postés
4600
Date d'inscription
jeudi 23 octobre 2003
Statut
Contributeur
Dernière intervention
18 avril 2023
484
2 mai 2007 à 11:13
2 mai 2007 à 11:13
Bonjour,
En lisant les articles présents sur le site https://www.mag-securs.com/
Avril 2007: XMCO : Compromission d’une machine implémentant ClamAV via de nombreuses failles:
https://www.mag-securs.com/spip.php?article7939
Février 2007 : XMCO : Manipulation de fichiers via une attaque de "Directory Transversal" dans ClamAV
https://www.mag-securs.com/spip.php?article7383
octobre 2006: HSC : Possible débordement de tas dans ClamAV antivirus
https://www.mag-securs.com/spip.php?article6117
En lisant les articles présents sur le site https://www.mag-securs.com/
Avril 2007: XMCO : Compromission d’une machine implémentant ClamAV via de nombreuses failles:
https://www.mag-securs.com/spip.php?article7939
Février 2007 : XMCO : Manipulation de fichiers via une attaque de "Directory Transversal" dans ClamAV
https://www.mag-securs.com/spip.php?article7383
octobre 2006: HSC : Possible débordement de tas dans ClamAV antivirus
https://www.mag-securs.com/spip.php?article6117
9 janv. 2006 à 05:44
On peut très bien placer un antivirus sur une bécanne Linux de manière à filtrer le contenu des mails orienté PetitMou et à endiguer la vermine des .exe, et autres ...scripts win$. (intégration dans procmail paexample).
Ceci dit, je ne me proclame aucunement spécialiste de cette manipulation.
Quand le sage montre la lune , l'imbécile regarde son doigt.