ClamAV is the free, Open-Source AntiVirus. I will install ClamAV, which will later be integrated with Qmail-Scanner.

You may want to install the following Perl module. ClamAV RPM will install it too.

perl -MCPAN -e "install ClamAV::Client"

Download ClamAV:

ClamAV official site has the latest version of 0.95.2 , when this howto was initially written. I found that has the latest rpm. Lets download and install that:

cd /downloads/
rpm -ivh clamav-0.95.2-45.el5.x86\_64.rpm
[root@www downloads]# service clamav start
Starting clamd: LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
[ OK ]
Starting freshclam: [ OK ]

[root@www qmailnew]# service clamav status
clamd (pid 31443) is running...

As you can see above, ClamAV showed a warning about the virus database. But as soon as freshclam is run, it updates the virus database. You can manually run the virus database update process by running freshclam manually:

[root@www qmailnew]# freshclam
ClamAV update process started at Fri Jun 26 20:39:38 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cvd is up to date (version: 9510, sigs: 36982, f-level: 43, builder: neo)

I am going to use ClamAV teamed up with SpamAssassin, which will be called from Qmail-Scanner, later. So I need to run all these three pieces of software as a common user qscand. This is not a very wise idea and I am working on running each piece of software as it’s own user in my upcoming howto. At the moment, I will just use the user qscand:

Create user qscand:

groupadd -g 710 qscand
useradd -u 710 -g 710 -c "Qmail-Scanner Account" -s /bin/false qscand

Stop ClamAV service before you change the configuration files:
service clamav stop

Edit the configuration files and make the necessary changes:

vi /etc/clamd.conf
# Lines shown below are default settings, unless specified otherwise.
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes  # ---------------------> default is NO. Change to YES.
PidFile /var/run/clamav/
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock # --------> Disabled. Change to enabled/socket file name.
FixStaleSocket yes
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
User qscand # ----------------------> Most important. Default clamav. Change to qscand.
AllowSupplementaryGroups yes
DetectBrokenExecutables yes
ScanMail yes
ArchiveMaxCompressionRatio 300
ArchiveBlockEncrypted yes
ArchiveBlockMax yes
vi /etc/freshclam.conf
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/run/clamav/
LogSyslog yes # -----------------------------------> change to yes
DatabaseOwner qscand # -------------------------> Most important. Default clamav. Change to qscand.
AllowSupplementaryGroups yes
Checks 24
NotifyClamd /etc/clamd.conf

Create the following logrotate config files if not present already:

vi /etc/logrotate.d/clamd

# Rotate Clam AV daemon log file

var/log/clamav/clamd.log {
create 640 qscand qscand
/bin/kill -HUP \`cat /var/run/clamav/ 2> /dev/null\` 2> /dev/null || true
vi /etc/logrotate.d/freshclam

# Rotate FreshClam daemon log file

/var/log/clamav/freshclam.log {
create 640 qscand qscand
/bin/kill -HUP \`cat /var/run/clamav/ 2> /dev/null\` 2> /dev/null || true

Update ownership:

Setup log directory and change ownership of the ClamAV related files and directories to user qscand:

mkdir /var/log/clamav
chown qscand:qscand /var/log/clamav -R
chown qscand:qscand /var/lib/clamav -R
chown qscand:qscand /var/run/clamav -R
service clamd restart
chkconfig --level 35 clamd on
service freshclam restart
chkconfig --level 35 freshclam on

Please note that the newer versions of freshclam doesn’t need a freshclam update entry in cron. The newer versions have freshclam running as service which pulls virus database updates at regular intervals. That is all. ClamAV is installed.🙂