Get the source from http://www.konarski.edu.pl/~zolw. Read the documentation, which is very good, for the impatient:
groupadd clamav useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav
To build the software do:
./configure --prefix=/usr/local make make install
The biggest challenge for an open source virus scanner is the virus signature database. The Clamav writer, Tomasz Kojm, has written een great tool called sigtool. It is able to create a signature from a virus file with the help of another anti-virus program that detects the virus.
If you find a virus that is not detected by clamscan, but is detected by another virus scanner, do the following:
sigtool -s <unique string of virus-scanner that finds the virus, when it detects it> -f <file that contains the virus> -c <how the other virus-scanner should be executed>
This creates a signature file. Which should be added to the clamav database. And the next time a virus passes by it will be detected by clamscan.
And ofcourse if you really want to help out. You send the signature and name of the virus to: signatures@openantivirus.org
groupadd vscan useradd -g vscan -s /bin/false -c "Amavis" vscan
Compile this from source http://www.amavis.org/. Use amavis-perl-11.tar.gz
Before you can use AMAVIS you first need a couple of perl modules:
apt-get install libmime-perl libunix-syslog-perl \ libemail-valid-perl libconvert-uulib-perl \ libconvert-tnef-perl libarchive-tar-perl \ libarchive-zip-perl libcompress-zlib-perl
And some tools:
apt-get install file bzip2 lha unarj unrar zoo
Then there is arc, which is not GNU/Linux ready yet. So download the source and do the following:
mkdir temp cd temp tar zxvf ../arc521.tar.Z
Edit arcdos.c and comment the struct timeval:
/*struct timeval { /* man page said <sys/types.h>, but it */
/* long tv_sec; /* really seems to be in <sys/time.h>, */
/* long tv_usec; /* but why bother... */
/*};*/
Edit tmclock.c to look like this:
#if BSD #include <sys/time.h> #include <time.h> int daylight; #else #include <time.h> #endif
I have send these changes to the maintainer of arc, so the next release might show better GNU/Linux support.
make cp arc /usr/local/bin
Compile AMAVIS:
path -p1 < ../clam-<em><version>/support/amavis/clamavis.patch
find . -exec touch 01010000 {} \;
./configure
make
make install
Add to /etc/postfix/main.cf:
content_filter = vscan:
Adjust /etc/postfix/master.cf:
vscan unix - n n - 10 pipe user=vscan
argv=/usr/sbin/amavis ${sender} ${recipient}
localhost:10025 inet n - n - - smtpd -o content_filter=
Send an e-mail with the Eicar string to test the anti-virus functionality.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*