The Lone Sysadmin

Want to install ClamAV on your Red Hat Enterprise Linux, CentOS, or Fedora Core box? Their documentation is pretty darn easy to follow, but this fills in some of the missing pieces for RHEL.

clamd is the scanning daemon, clamav-milter is the milter, and freshclam is the process that updates the virus definitions.

All the commands, in Courier font, should be on one line if they happen to wrap.

1. Install gmp, gmp-devel, sendmail, sendmail-cf, sendmail-devel, zlib, zlib-devel, bzip2, bzip2-devel.
2. Get the sendmail source from sendmail.org. Extract it, go into the libmilter subdirectory. Run "make" and "make install". That will install libmilter into /usr, where sendmail can find it. No need to build the whole sendmail.
3. groupadd clamav
4. useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
5. Get the ClamAV source, extract it, build it, install it (three lines, two are make):

   ./configure --prefix=/usr/local/clamav --disable-zlib-vcheck --enable-milter
make
make install

6. Configure /usr/local/clamav/etc/clamd.conf. I changed the following:

   # Example
LogTime: yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /var/run/clamav/clamd.socket
FixStaleSocket yes
User clamav

   I chose to have it log via syslog to the mail facility. Why? Because I’m lazy and that log gets rotated already. One less thing to have to change & worry about. If you are high-traffic you might want to have logrotate rotate /var/log/maillog daily.

7. Configure /usr/local/clamav/etc/freshclam.conf. I changed the following:

   # Example
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/clamav/freshclam.pid
DatabaseMirror db.us.clamav.net
NotifyClamd /usr/local/clamav/etc/clamd.conf


8. mkdir /var/run/clamav
9. chown clamav.clamav /var/run/clamav/
10. chmod 700 /var/run/clamav
11. Start the base services to make sure they work. You may want to "tail -f /var/log/maillog" while you’re doing this:

    /usr/local/clamav/sbin/clamd
/usr/local/clamav/bin/freshclam -d

12. Configure the milter. Add the following to /etc/mail/sendmail.mc right before the MAILER(smtp)dnl line. It’s two lines, the second beginning with “define”:

    INPUT_MAIL_FILTER(`clamav’, `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m;C:30s;E:10m’)dnl
    define(`confINPUT_MAIL_FILTERS’, `clamav’)
    

13. Make the new sendmail.cf by issuing a "make -C /etc/mail" command.
14. Start the milter process to test it:

    /usr/local/clamav/sbin/clamav-milter -lo /var/run/clamav/clmilter.sock

15. Restart sendmail to make it pick up the configuration changes (service sendmail restart).
16. Send a test email. If everything works make sure you set the services to start at boot, either with the init script that is in the ClamAV contrib directory or just by adding lines to /etc/rc.local.

• Drug Test | Outside Online
• www.ob81.com » 6 Things You Must Do Before You Die: Geek Edition
  Akihabara and being first in line for a product launch are the only ones I need to do.
• The no-corn-syrup diet | overstated

Oops, I just realized I’d “parked” a number of quote posts on 7/30/2007. I do that sometimes when I find a lot of quotes I think might be fun to post, but want to wait until they are more relevant to recent topics.

Apparently today is 7/30. Oops. Heh.

I’m always looking for good non-sysadmin-but-relevant-to-sysadmin quotes. Know any? Leave them in the comments!

Four people now have sent me the link to Seth Godin’s “Bobcasting” post.[0]

“I call it that because instead of reaching the masses, it’s just about reaching Bob.”

As a guy named Bob I couldn’t agree more. :-)

In all seriousness, though, his idea is dead on. The key is control. End-user control. Most information doesn’t need to be a popup, an email, or an instant message. It just needs to be out there so that when I’m ready for it I can get it.

As a sysadmin I see this a lot with folks building email alerts into everything. Some of my coworkers get hundreds of status email messages a week, saying everything is good and reporting statistics like number of new user accounts, queries per second, etc. Why can’t that be an RSS feed which can be read at their leisure? Why can’t the instant messages and email be reserved for the things that do really need attention?

——————–

[0] I was doing a lot of traveling last year and was looking for a book to read while flying home from San Francisco. I picked up Small Is the New Big and have been reading his blog ever since.

“The surest way to corrupt a young man is to teach him to esteem more highly those who think alike than those who think differently.”

– Friedrich Wilhelm Nietzsche

“The most effective way to cope with change is to help create it.”

– L.W. Lynett

“The mere apprehension of a coming evil has put many into a situation of utmost danger.”

– Lucan

“A passive-aggressive person is like a large Great Dane that’s got you pinned to the wall with his front paws and is licking your face, while he pees on your leg.”

– John Bradshaw