Next Previous Contents

5. Virus checking

5.1 Clam Antivirus


Get the source from Read the documentation, which is very good, for the impatient:

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav

To build the software do:

./configure --prefix=/usr/local
make install

Help out!

The biggest challenge for an open source virus scanner is the virus signature database. The Clamav writer, Tomasz Kojm, has written een great tool called sigtool. It is able to create a signature from a virus file with the help of another anti-virus program that detects the virus.

If you find a virus that is not detected by clamscan, but is detected by another virus scanner, do the following:

sigtool -s <unique string of virus-scanner that finds the virus, when it detects it> -f <file that contains the virus> -c <how the other virus-scanner should be executed>

This creates a signature file. Which should be added to the clamav database. And the next time a virus passes by it will be detected by clamscan.

And ofcourse if you really want to help out. You send the signature and name of the virus to:



groupadd vscan
useradd -g vscan -s /bin/false -c "Amavis" vscan

Compile this from source Use amavis-perl-11.tar.gz

Before you can use AMAVIS you first need a couple of perl modules:

apt-get install libmime-perl libunix-syslog-perl \
libemail-valid-perl libconvert-uulib-perl \
libconvert-tnef-perl libarchive-tar-perl \
libarchive-zip-perl libcompress-zlib-perl

And some tools:

apt-get install file bzip2 lha unarj unrar zoo


Then there is arc, which is not GNU/Linux ready yet. So download the source and do the following:

mkdir temp
cd temp
tar zxvf ../arc521.tar.Z

Edit arcdos.c and comment the struct timeval:

/*struct timeval { /* man page said <sys/types.h>, but it */ 
/* long tv_sec; /* really seems to be in <sys/time.h>, */ 
/* long tv_usec; /* but why bother... */ 

Edit tmclock.c to look like this:

#if BSD
#include <sys/time.h>
#include <time.h>
int daylight;
#include <time.h>

I have send these changes to the maintainer of arc, so the next release might show better GNU/Linux support.

cp arc /usr/local/bin

Compile AMAVIS

Compile AMAVIS:

path -p1 < ../clam-<em><version>/support/amavis/clamavis.patch
find . -exec touch 01010000 {} \;
make install

5.3 AMAVIS and Postfix

Add to /etc/postfix/

content_filter = vscan:

Adjust /etc/postfix/

vscan unix - n n - 10 pipe user=vscan
argv=/usr/sbin/amavis ${sender} ${recipient}
localhost:10025 inet n - n - - smtpd -o content_filter=

5.4 Test

Send an e-mail with the Eicar string to test the anti-virus functionality.


Next Previous Contents