What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-11-19

Install ClamAV in Backtrack 5 R3


Introduction:

ClamAV has two modes of operation; a program that loads into memory only when you want to scan a file, or for more regular use (such as scanning all incoming e-mail), a program that connects to a daemon that is always running. Database updates can also be downloaded automatically .

  • For manual use: install the package clamav.
  • For automated use: install the package clamav-daemon.


Installation:
  1. [Comment] Download the tarball and extract it.
  2. root@sp:~# cd /usr/local/src/
  3. root@sp:/usr/local/src# wget http://nchc.dl.sourceforge.net/project/clamav/clamav/0.97.6/clamav-0.97.6.tar.gz
  4. root@sp:/usr/local/src# tar -zxvf clamav-0.97.6.tar.gz
  5. root@sp:/usr/local/src# cd clamav-0.97.6
  6. root@sp:/usr/local/src/clamav-0.97.6# chown -R root:root .
  7. [Comment] Add group and user for ClamAV
  8. root@sp:/usr/local/src/clamav-0.97.6# groupadd clamav
  9. root@sp:/usr/local/src/clamav-0.97.6# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
  10. [Comment] Install ClamAV
  11. root@sp:/usr/local/src/clamav-0.97.6mkdir -p /usr/local/clamav
  12. root@sp:/usr/local/src/clamav-0.97.6./configure --prefix=/usr/local/clamav
  13. root@sp:/usr/local/src/clamav-0.97.6# make
  14. root@sp:/usr/local/src/clamav-0.97.6# make install
  15. root@sp:/usr/local/src/clamav-0.97.6ldconfig

Linking Relationship:
  1. [Comment] Add man path 
  2. root@sp:~# vim /etc/manpath.config
    ...
    19 #
    20 MANDATORY_MANPATH                       /usr/man
    21 MANDATORY_MANPATH                       /usr/share/man
    22 MANDATORY_MANPATH                       /usr/local/share/man
    23 MANDATORY_MANPATH                       /usr/local/clamav/share/man
    24 #---------------------------------------------------------
    ...
  3. [Comment] Create symbolic links
  4. root@sp:~# ln -s /usr/local/clamav/sbin/clamd /usr/local/sbin/clamd
  5. root@sp:~# ln -s /usr/local/clamav/bin/clamav-config /usr/local/bin/clamav-config
  6. root@sp:~# ln -s /usr/local/clamav/bin/clambc /usr/local/bin/clambc
  7. root@sp:~# ln -s /usr/local/clamav/bin/clamconf /usr/local/bin/clamconf
  8. root@sp:~# ln -s /usr/local/clamav/bin/clamdscan /usr/local/bin/clamdscan
  9. root@sp:~# ln -s /usr/local/clamav/bin/clamdtop /usr/local/bin/clamdtop
  10. root@sp:~# ln -s /usr/local/clamav/bin/clamscan /usr/local/bin/clamscan
  11. root@sp:~# ln -s /usr/local/clamav/bin/freshclam /usr/local/bin/freshclam
  12. root@sp:~# ln -s /usr/local/clamav/bin/sigtool /usr/local/bin/sigtool
  13. root@sp:~mkdir -p /usr/local/clamav/var/lib/clamav
  14. [Comment] Create log directory and link it
  15. root@sp:~mkdir -p /usr/local/clamav/var/log/clamd
  16. root@sp:~ln -s /usr/local/clamav/var/log/clamd /var/log/
  17. root@sp:~chmod -R o-rx /usr/local/clamav/var/log/clamd/
  18. root@sp:~# touch /usr/local/clamav/var/log/clamd/clamd.log
  19. root@sp:~# touch /usr/local/clamav/var/log/clamd/freshclam.log
  20. root@sp:~# chown -R clamav:clamav /usr/local/clamav/var/log/clamd
  21. root@sp:~# chown -R clamav:clamav /usr/local/clamav/var/lib/clamav

Configuration:
  1. [Comment] Modify configuration
  2. root@sp:~# vim /usr/local/clamav/etc/clamd.conf
    ...
    7 # Comment or remove the line below.
    8 # Example
    ...
    14 LogFile /usr/local/clamav/var/log/clamd/clamd.log
    ...
    34 LogTime yes
    ...
    69 DatabaseDirectory /usr/local/clamav/var/lib/clamav
    ...
    96 TCPSocket 3310
    ...
    103 TCPAddr 127.0.0.1
    ...
    189 User clamav
    ...
  3. root@sp:~vim /usr/local/clamav/etc/freshclam.conf
    ...
    7 # Comment or remove the line below.
    # Example
    ...
    13 DatabaseDirectory /usr/local/clamav/var/lib/clamav
    ...
    17 UpdateLogFile /usr/local/clamav/var/log/clamd/freshclam.log
    ...
    51 DatabaseOwner clamav
    ...
    68 DatabaseMirror db.us.clamav.net
    ...
    121 NotifyClamd /usr/local/clamav/etc/clamd.conf
    ...
  4. [Comment] Update signatures and start the daemon
  5. root@sp:~freshclam -v
  6. root@sp:~clamd
  7. root@sp:~freshclam -v

Testing ClamAV:
  1. [Comment] Test scanning
  2. root@sp:~# cd /usr/local/src/clamav-0.97.6/test/
  3. root@sp:/usr/local/src/clamav-0.97.6/test# clamscan -r -l scan.txt
    ...
    ----------- SCAN SUMMARY -----------
    Known viruses: 1324182
    Engine version: 0.97.6
    Scanned directories: 2
    Scanned files: 143
    Infected files: 46
    Data scanned: 19.51 MB
    Data read: 12.41 MB (ratio 1.57:1)
    Time: 5.745 sec (0 m 5 s)

Service Control:
  1. [Comment] Add startup script for ClamAV
  2. root@sp:~# vim /usr/local/clamav/sbin/clamdctl



  3. root@sp:~chmod 755 /usr/local/clamav/sbin/clamdctl
  4. root@sp:~ln -s /usr/local/clamav/sbin/clamdctl /usr/local/sbin/clamdctl
  5. [Comment] Test startup script
  6. root@sp:~# clamdctl start; clamdctl restart; clamdctl stop

Uninstall ClamAV:
  1. [Comment] Remove directory of ClamAV
  2. root@sp:~# rm -rf /usr/local/clamav/
  3. [Comment] Remove links of ClamAV
  4. root@sp:~# rm /usr/local/bin/clam*
  5. root@sp:~# rm /usr/local/sbin/clam*
  6. root@sp:~# rm /usr/local/bin/freshclam; rm /usr/local/bin/sigtool
  7. root@sp:~# rm /var/log/clamd
◎Since this is tarball installation, you can follow the steps to install clamav in any Linux OS.