We Bring In Tomorrows Technology

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

ClamAV, for Qmail

E-mail Print PDF
User Rating: / 6



ClamAV is the free, Open-Source AntiVirus. I will install ClamAV, which will later be integrated with Qmail-Scanner.


You may want to install the following Perl module. ClamAV RPM will install it too.


perl -MCPAN -e "install ClamAV::Client"



Download ClamAV:

ClamAV official site http://clamav.net has the latest version of 0.95.2 , when this howto was initially written. I found that http://rpm.pbone.net has the latest rpm. Lets download and install that:


cd /downloads/

wget ftp://ftp.pbone.net/mirror/atrpms.net/el5-x86_64/atrpms/stable/clamav-0.95.2-45.el5.x86_64.rpm

rpm -ivh clamav-0.95.2-45.el5.x86_64.rpm



[root@www downloads]# service clamav start

Starting clamd: LibClamAV Warning: **************************************************

LibClamAV Warning: *** The virus database is older than 7 days! ***

LibClamAV Warning: *** Please update it as soon as possible. ***

LibClamAV Warning: **************************************************

[ OK ]

Starting freshclam: [ OK ]



[root@www qmailnew]# service clamav status

clamd (pid 31443) is running...



As you can see above, ClamAV showed a warning about the virus database. But as soon as freshclam is run, it updates the virus database. You can manually run the virus database update process by running freshclam manually:



[root@www qmailnew]# freshclam

ClamAV update process started at Fri Jun 26 20:39:38 2009

main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)

daily.cvd is up to date (version: 9510, sigs: 36982, f-level: 43, builder: neo)



I am going to use ClamAV teamed up with SpamAssassin, which will be called from Qmail-Scanner, later. So I need to run all these three pieces of software as a common user qscand. This is not a very wise idea and I am working on running each piece of software as it's own user in my upcoming howto. At the moment, I will just use the user qscand:


Create user qscand:


groupadd -g 710 qscand

useradd -u 710 -g 710 -c "Qmail-Scanner Account" -s /bin/false qscand



Stop ClamAV service before you change the configuration files:


service clamav stop



Edit the configuration files and make the necessary changes:


vi /etc/clamd.conf

# Lines shown below are default settings, unless specified otherwise.

LogFile /var/log/clamav/clamd.log

LogFileMaxSize 0

LogTime yes

LogSyslog yes # ---------------------> default is NO. Change to YES.

PidFile /var/run/clamav/clamd.pid

TemporaryDirectory /tmp

DatabaseDirectory /var/lib/clamav

LocalSocket /var/run/clamav/clamd.sock # --------> Disabled. Change to enabled/socket file name.

FixStaleSocket yes

MaxConnectionQueueLength 30

MaxThreads 50

ReadTimeout 300

User qscand # ----------------------> Most important. Default clamav. Change to qscand.

AllowSupplementaryGroups yes

DetectBrokenExecutables yes

ScanMail yes

ArchiveMaxCompressionRatio 300

ArchiveBlockEncrypted yes

ArchiveBlockMax yes



vi /etc/freshclam.conf

DatabaseDirectory /var/lib/clamav

UpdateLogFile /var/log/clamav/freshclam.log

PidFile /var/run/clamav/freshclam.pid

LogSyslog yes # -----------------------------------> change to yes

DatabaseOwner qscand # -------------------------> Most important. Default clamav. Change to qscand.

AllowSupplementaryGroups yes

DNSDatabaseInfo current.cvd.clamav.net

DatabaseMirror db.us.clamav.net

DatabaseMirror database.clamav.net

Checks 24

NotifyClamd /etc/clamd.conf



Create the following logrotate config files if not present already:


vi /etc/logrotate.d/clamd


# Rotate Clam AV daemon log file


/var/log/clamav/clamd.log {



create 640 qscand qscand


/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2> /dev/null || true





vi /etc/logrotate.d/freshclam


# Rotate FreshClam daemon log file


/var/log/clamav/freshclam.log {



create 640 qscand qscand


/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2> /dev/null || true





Update ownership:

Setup log directory and change ownership of the ClamAV related files and directories to user qscand:


mkdir /var/log/clamav

chown qscand:qscand /var/log/clamav -R

chown qscand:qscand /var/lib/clamav -R

chown qscand:qscand /var/run/clamav -R


service clamd restart

chkconfig --level 35 clamd on

service freshclam restart

chkconfig --level 35 freshclam on


Please note that the newer versions of freshclam doesn't need a freshclam update entry in cron. The newer versions have freshclam running as service which pulls virus database updates at regular intervals.


That is all. ClamAV is installed .

You are here How To / Tutorials ClamAV, for Qmail