ClamAV is a free software antivirus particularly suited to scan e-mails during their SMTP server processing. This howto helps you install the latest version of ClamAV on Debian.
This howto is tested on:
- Debian 10.0 Buster
Requirements
This howto recommends:
- the Debian-Update repository, as described by Setup the Debian-Updates repository (ex volatile).
Installation
Detect if sudo is available (“command” is used if not):
cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'
Install the antivirus software :
${cmdProxy} apt-get install 'clamav' 'clamav-freshclam'
The package ‘clamav-unofficial-sigs’ provide additional but unsure virus signatures for ClamAV. It can cause errors during the download of fresh signatures.
Install the unofficial signatures if available :
test -n "$(command apt-cache pkgnames 'clamav-unofficial-sigs')" \
&& ${cmdProxy} apt-get install 'clamav-unofficial-sigs'
Update the signatures database. This process can take several minutes :
${cmdProxy} freshclam
Installation as a daemon
Install the ClamAV daemon and recommended tools:
${cmdProxy} apt-get install clamav-daemon \
daemon unrar arj debconf-utils unzip unace \
cpio zoo nomarch lzop cabextract pax
Setup the daemon to automatically restart on crash:
${cmdProxy} tee '/etc/systemd/system/clamav-daemon.service.d/restart.conf' \
<<< '[Service]
Restart=on-failure
RestartSec=5s'
Reload systemctl configuration:
${cmdProxy} systemctl daemon-reload
Start the daemon at boot:
${cmdProxy} systemctl enable "clamav-daemon"
In order to allow ClamAV access to third party software files (for example: Exim 4), add the “clamav” system user to the corresponding system group and restart the ClamAV daemon.
For example:
${cmdProxy} adduser 'clamav' 'Debian-exim'
${cmdProxy} systemctl restart 'clamav-daemon'
Setup of a weekly antivirus scan
If needed, setup a weekly check of the system.
Install ionice:
${cmdProxy} apt-get install 'ionice'
Configure the cron task:
${cmdProxy} tee '/etc/cron.d/clamscan-weekly' \
<<< "# Weekly antivirus scan.
# m h dom mon dow user command
34 1 * * 7 root test -x /usr/bin/clamscan -a -x /usr/bin/ionice && /usr/bin/ionice -c 3 /usr/bin/clamscan --infected --recursive / 2>'/dev/null'"
Reload the cron daemon configuration:
${cmdProxy} systemctl restart 'cron'
The result of this check is sent to root e-mail account.
Bibliography
Thanks
- Thanks to ClamAV (en) developers.
0 Comments