Re: Clamav run from desktop PC

[Gabriel George POPA]

  I forgot to tell you: my system is set up in such a way that it 
downloads automatically new
virus definitions (see manual pages for freshclam). But I think you 
could figure this out anyway
by looking closely to the small portions of script I sent you.
                                                                                                        
Yours in BSDness,
                                                                                                                   
Gabriel George POPA

Gabriel George POPA wrote:

           Roger,

  First of all, I will send you my /etc/clamd.conf file (commented 
lines were deleted):

LogFile /var/log/clamd.log
LogFileMaxSize 1024M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clam/clamd.socket
FixStaleSocket
MaxConnectionQueueLength 1024
SelfCheck 300
User _clamav
ScanPE
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 500M
ArchiveMaxRecursion 23
ArchiveMaxFiles 50000
ArchiveMaxCompressionRatio 0

NOW, /etc/freshclam.conf:

DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
LogSyslog
PidFile /var/run/freshclam.pid
DatabaseOwner _clamav
DatabaseMirror db.ro.clamav.net   # I am in Romania, you could change 
this
DatabaseMirror database.clamav.net
NotifyClamd
Debug




  As you can easily see, I'm crazy about debug/verbose message and my 
system is always logging ALL
it can.




  Now, how to completely integrate clamd in your system:
1) Add the following lines to /etc/rc.conf.local:
clamd=YES
clamd_flags=""
freshclam=YES
freshclam_flags="--user root --daemon"

2) Add the following lines to /etc/rc:

(!reference_line!)if [ X"${lpd_flags}" != X"NO" ]; then
(!reference_line!)        echo -n ' printer';             lpd 
${lpd_flags}
(!reference_line!)fi

# Start the ClamAV Daemon Server
if [ X"${clamd}" != X"NO" ]; then
       echo -n ' clamd';
       # The /var/run directory was emptied at shutdown. Restore the 
location:
       /bin/mkdir /var/run/clam
       /sbin/chown _clamav:_clamav /var/run/clam
       /bin/chmod 0750 /var/run/clam
       /usr/local/sbin/clamd ${clamd_flags}
fi
# Start the ClamAV automatic virus database download application:
if [ X"${freshclam}" != X"NO" ]; then
       echo -n ' freshclam';
       /usr/local/bin/freshclam ${freshclam_flags}
fi
3) Permissions:
/var/run/clam (directory): rwxr-x---  _clamav  _clamav
/var/run/freshclam.pid (file): -rw-rw--- root wheel
-rw-r-----   _clamav  _clamav  /var/log/clamd.log (file)
-rw-r-----   _clamav  wheel    /var/log/freshclam.log (file)
rwx------ _clamav      _clamav   /var/clamav (directory)
rwx------ _clamav  _clamav  /var/clamav/quarantine/ (directory)



Now, after doing all this stuff, reboot your PC and tell me what 
happens. If there are any problems you can
count on me. Don't hesitate to contact me personally.
  As you can see, this is my particular setup, but I think it should 
work for you without any problem. If you intend
to integrate clamav with a mail server contact me, I might be of some 
help.
  Please e-mail me and tell me if it works. I hope the information I 
provided you was useful.

                                                                                                                               
Yours in BSDness,
                                                                                                                                         
Gabriel George POPA

Roger Neth Jr wrote:

Hello List,

I installed ClamAV from ports on 4.0-beta on a desktop machine. I am 
able to manually update freshclam and run manually clamscan. But when 
I run clamdscan I get this message.

$ clamdscan
ERROR: Can't parse the configuration file.

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
$


From my Googling my guess is that the clamd only works with mail 
servers. I 


am only running Thunderbird with pop.

I cannot get it to run as a daemon, also freshclam does not check 
updates when I reboot the computer.

I tried uncommenting listening on LocalSocket and then tried 
TCPSocket without any success.

Also read the man (5) clamd.conf without any success figuring this out.

Any assistance is appreciated.

Thank you,

rogern

John 3:16

## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
# Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
# LogFile /var/log/clamd.log

# By default the log file is locked for writing - the lock protects 
against
# running clamd multiple times (if you want to run another clamd 
instance,
# please # copy the configuration file, change the LogFile variable, 
and run
# the daemon with the --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock
# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the 
size
# in bytes just don't use modifiers.
# Default: 1M
# LogFileMaxSize 2M

# Log time with each message.
# Default: disabled
#LogTime

# Also log clean files. Useful in debugging but drastically increases 
the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
#LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: disabled
#LogVerbose

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
# PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
# TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
# DatabaseDirectory /var/db/clamav

# The daemon works in a local OR a network mode. Due to security 
reasons we
# recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled
# LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.
# Default: disabled
#  FixStaleSocket

# TCP port address.
# Default: disabled
# TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
# TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
# MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd 
daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximal attachment size.
# Default: 10M
# StreamMaxLength 20M

# Limit port range.
# Default: 1024
# StreamMinPort 30000
# Default: 2048
# StreamMaxPort 32000

# Maximal number of threads running at the same time.
# Default: 10
# MaxThreads 20

# Waiting for data from a client socket will timeout after this time 
(seconds).
# Value of 0 disables the timeout.
# Default: 120
# ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
# IdleTimeout 60

# Maximal depth directories are scanned at.
# Default: 15
# MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
# SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
:# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as a selected user (clamd must be started by root).
# Default: disabled
#User clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
# AllowSupplementaryGroups

# Stop daemon when libclamav reports out of memory condition.
# ExitOnOOM

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug
:# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles


# By default clamd uses scan options recommended by libclamav. This 
option
# disables recommended options and allows you to enable selected ones 
below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format 
used
# in all 32-bit versions of Windows operating systems. This option 
allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as 
UPX, FSG,
# and Petite.
# Default: enabled
# ScanPE
# With this option clamav will try to detect broken executables and mark
# them as Broken.Executable
# Default: disabled
# DetectBrokenExecutables


##
## Documents
##

# This option enables scanning of Microsoft Office document macros.
# Default: enabled
# ScanOLE2

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: enabled
# ScanMail

# If an email contains URLs ClamAV can download and scan them.
# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#          Never use it on loaded servers.
# Default: disabled
# MailFollowURLs


##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: enabled
# ScanHTML


##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: enabled
# ScanArchive
# Due to license issues libclamav does not support RAR 3.0 archives 
(only the
# old 2.0 format is supported). Because some users report stability 
problems
# with unrarlib it's disabled by default and you must uncomment the 
directive
# below to enable RAR 2.0 support.
# Default: disabled
# ScanRAR

# The options below protect your system against Denial of Service 
attacks
# using archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
# ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive 
contains a RAR
# file, all files within it will also be scanned. This options 
specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
# ArchiveMaxRecursion 9

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
# ArchiveMaxFiles 1500

# If a file in an archive is compressed more than 
ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. 
Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
# ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: disabled
# ArchiveLimitMemoryUsage

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: disabled
# ArchiveBlockEncrypted

# Mark archives as viruses (e.g. RAR.ExceededFileSize, 
Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion 
limit is
# reached.
# Default: disabled
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will 
hang
##          up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: disabled
# ClamukoScanOnAccess

# Set access mask for Clamuko.
# Default: disabled
# ClamukoScanOnOpen
# ClamukoScanOnClose
# ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can 
have
# multiple ClamukoIncludePath directives but each directory must be 
added
# in a seperate line.
# Default: disabled
# ClamukoIncludePath /home
# ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
# ClamukoExcludePath /home/guru

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
# ClamukoMaxFileSize 10M
(END)

_________________________________________________________________
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/