ClamAV is a free software antivirus particularly suited to scan e-mails during their SMTP server processing. This howto helps you install the latest version of ClamAV on Debian.

This howto is tested on:

  • Debian 10.0 Buster

Requirements

This howto recommends:

Installation

Detect if sudo is available (“command” is used if not):

cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'

Install the antivirus software :

${cmdProxy} apt-get install 'clamav' 'clamav-freshclam'

The package ‘clamav-unofficial-sigs’ provide additional but unsure virus signatures for ClamAV. It can cause errors during the download of fresh signatures.

Install the unofficial signatures if available :

test -n "$(command apt-cache pkgnames 'clamav-unofficial-sigs')" \
    && ${cmdProxy} apt-get install 'clamav-unofficial-sigs'

Update the signatures database. This process can take several minutes :

${cmdProxy} freshclam

Installation as a daemon

Install the ClamAV daemon and recommended tools:

${cmdProxy} apt-get install clamav-daemon \
    daemon unrar arj debconf-utils unzip unace \
    cpio zoo nomarch lzop cabextract pax

Setup the daemon to automatically restart on crash:

${cmdProxy} tee '/etc/systemd/system/clamav-daemon.service.d/restart.conf' \
  <<< '[Service]
Restart=on-failure
RestartSec=5s'

Reload systemctl configuration:

${cmdProxy} systemctl daemon-reload

Start the daemon at boot:

${cmdProxy} systemctl enable "clamav-daemon"

In order to allow ClamAV access to third party software files (for example: Exim 4), add the “clamav” system user to the corresponding system group and restart the ClamAV daemon.

For example:

${cmdProxy} adduser 'clamav' 'Debian-exim'
${cmdProxy} systemctl restart 'clamav-daemon'

Setup of a weekly antivirus scan

If needed, setup a weekly check of the system.

Install ionice:

${cmdProxy} apt-get install 'ionice'

Configure the cron task:

${cmdProxy} tee '/etc/cron.d/clamscan-weekly' \
  <<< "# Weekly antivirus scan.
# m h dom mon dow user command
34 1 * * 7   root   test -x /usr/bin/clamscan -a -x /usr/bin/ionice && /usr/bin/ionice -c 3 /usr/bin/clamscan --infected --recursive / 2>'/dev/null'"

Reload the cron daemon configuration:

${cmdProxy} systemctl restart 'cron'

The result of this check is sent to root e-mail account.

Bibliography

Thanks

Categories: Security

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.