Clam AntiVirus 0.88.2 User Manual
Contents
1. groupadd clamav useradd g clamav s bin false c Clam AntiVirus clamav Consult a system manual if your OS has not groupadd and useradd utilities The account should be locked in etc passwd or etc shadow 3 4 Compilation of base package Once you have created the clamav user and group please extract the archive S zcat clamav x yz tar gz tar xvf cd clamav x yz Assuming you want to install the configuration files in etc configure the package as follows configure sysconfdir etc Currently gcc is required to compile ClamAV make su c make install In the last step the software is installed in the usr local directory and the config file goes to etc WARNING Never enable the SUID or SGID bits in Clam AntiVirus binaries 3 5 Compilation with clamav milter enabled libmilter and its development files are required To enable clamav milter configure ClamAV with configure enable milter 3Cygwin note If you have not etc passwd you can skip this procedure 4 Configuration a 4 Configuration 4 1 clamd If you are going to use the daemon you have to edit the configuration file in other case clamd won t run clamd ERROR Please edit the example config file etc clamd conf This shows the location of the default configuration file The format and options of this file are fully described in the clamd conf 5 manual The config file is well commented and configuration should be2. 1budney pobox com e Matt Butt mattb cre8tiv com e Christopher X Candreva chris westnet com e Eric I Lopez Carreon elopezc technitrade com e Ales Casar lt casar uni mb si gt e Andrey Cherezov lt andrey cherezov koenig su gt e Alex Cherney lt alex cher id au gt e Tom G Christensen lt tgc statsbiblioteket dk gt e Nicholas Chua nicholas ncmbox net e Chris Conn cconn abacom com e Christoph Cordes ib precompiled de e Ole Craig lt olc cs umass edu gt Credits e Eugene Crosser lt crosser rol ru gt e Calin A Culianu lt calin ajvar org gt e Damien Curtain damien pagefault org e Krisztian Czako lt slapic linux co hu gt e Diego d Ambra da softcom dk e Michael Dankov misha btrc ru e Yuri Dario mc6530 mclink it e David lt djgardner users sourceforge net gt e Maxim Dounin mdounin rambler co ru e Alejandro Dubrovsky lt s328940 student uq edu au gt e James P Dugal lt jpd Louisiana edu e Magnus Ekdahl lt magnus debian org gt e Mehmet Ekiz lt ekizm tbmm gov tr gt e Jens Elkner lt elkner linofee org gt e Fred van Engen lt fred wooha org gt e Jason Englander lt jason englanders cc gt e Oden Eriksson oeriksson mandrakesoft com e Daniel Fahlgren lt fahlgren ardendo se gt e Andy Fiddaman af jeamland org gt e Edison Figueira Junior lt edison brc com br gt e David Ford lt david cert blue labs org gt e Martin Forssen lt maf appg
3. Clam AntiVirus 0 88 2 User Manual Contents Contents 1 Introduction D Features so amp ove x9 x GA PG GAB PE RAE OH SR Se re x 12 Mailing US sra 9 489 ARA a a 1 3 Virus submitting s errar 2 Base package 2 1 Supported platforms ova v daa e Se re do S x AC RR CR 2 2 Bing PACKACCS e lt cce ci ace g acn d KAG A OS eR 23 Daily built snapshots ok eo ed ORAS 9 SEDO ESSE Soe 3 Installation 31 Req irements 224425422489 24 845 48664 x 9 9 9 9 LA 3 2 Installing on a shell account 222 9 4 ar ed 3 3 Adding new system user and group 4 3 4 Compilation of base package a aaa 28 244 pr 3px 3 5 Compilation with clamav milter enabled 4 Configuration Al CAO se X Xx DDK KBE CRGROS BEE BOE SRE SKE RR 4 1 1 On access scanning 2 5 2o x 9 9 844044 KA 044 42 el mav milter e vos ERA ERASE Se Reh de 9 Ree a VE rd Pe ee ae 44 Setting up auto updating Gee RERO 43 Cl s t Mirrors uu ko asis 3 33 3 3 3 X 3 33 xd 5 Usage 3 1 Ela EE vaina Gy ae A AA CORTE eod perunt ow 33 LUKO Paa 4 408 GANG ABG A KANA ere AM ITA ere 3A DAET 5 24 ii A RS de RS ng Dhel Claiistal poo 442 TATE E X E dE m m X EE II Ae WA AP WG AG e ii 6 LibClamAV GC LICENCE 2 ads AE AE AA AA Re KG O T o Pr 6 2 1 Archives and compressed files css ce ANA Wan 6 2 2 Mailfiles ccs Contents Oo HN tae ee eee eee ee Eee ee eo eee A GI HedderBl sinsa geag 4544584 ed 4044
4. The following elements are required to compile ClamAV e zlib and zlib devel packages e gcc compiler suite both 2 9x and 3 x are supported The following packages are optional but highly recommended e bzip2 and bzip2 devel library e GNUMP3 It s very important to install the GMP package because it allows freshclam to verify the digital signatures of the virus databases If freshclam was compiled without GMP support it will display SECURITY WARNING NO SUPPORT FOR DIGITAL SIGNATURES on every update You can download GNU MP at http www swox com gmp A note for Solaris SPARC users you must set the ABI system variable to 32 e g setenv ABI 32 before running the configuration script of GMP 3 2 Installing on a shell account To install ClamAV on a shell account e g on some shared host you need not create any additional users or groups Assuming your home directory is home gary you should build it as follows configure prefix home gary clamav disable clamav make make install To test your installation execute clamav bin freshclam clamav bin clamscan The disable clamav switch disables testing for the existence of the clamav user and group but clamscan would still require an unprivileged account to work in a superuser mode 3 Installation 12 3 3 Adding new system user and group If you are installing ClamAV for the first time you have to add a new user and group to your system 3
5. port enabled and do not stop scanning if virus is found e STREAM Scan stream clamd will return a new port number you should connect to and send data to scan e SESSION END Start end a clamd session you can do multiple commands per TCP session WARNING due to the clamd implementation the RELOAD com mand will break the session and reacts to the special signals e SIGTERM perform a clean exit e SIGHUP reopen a log file e SIGUSR reload the database 5 2 Clamdscan clamdscan is a simple clamd client In many cases you can use it as a clamscan replacement but you must remember that e it only depends on clamd e although it accepts the same command line options as clamscan most of them are ignored because they must be enabled directly in clamd i e clamd conf e scanned files must be accessible for clamd e it can t use external unpackers 5 3 Clamuko Clamuko is a special thread in clamd that performs on access scanning under Linux and FreeBSD and shares internal virus database with the daemon You must follow some important rules when using it 5 Usage 18 e Always stop the daemon cleanly using the SHUTDOWN command or the SIGTERM signal In other case you can lose an access to protected files until the system is restarted e Never protect a directory your mail scanner software uses for attachment unpack ing Access to all infected files will be automatically blocked and the scanner even clamd won t b
6. Homepage http quietsche entchen de cgi bin wiki cgi proxies Pop3Proxy Supports clamd pop3 proxy is a proxy server for the POP3 protocol Usually it s used on a firewall between a client and a POP3 server taking care that both sides talk POP3 protocol as described in RFC 1939 There are some additional features beside normal proxying pop3 proxy can grant or deny access based on an external access control program which receives some POP3 session information pop3 proxy can also feed e mails into a local ClamAV daemon checking the e mails for viruses before passing them to the client 8 Third party software EN 8 3 Web FTP Proxy ClamAV 8 3 1 DansGuardian Anti Virus Patch Homepage http www harvest com br asp afn dg nsf Supports clamscan DG AntiVirus Patch is a GPL addon that takes the virus scanning capabilities of Cla mAV and integrates them into the content filtering web proxy DansGuardian 8 3 2 Frox Homepage http www hollo org frox Supports clamscan Frox is a transparent FTP proxy which is released under the GPL It optionally supports caching either through an external http cache eg squid or by maintaining a cache locally and or running a virus scanner on downloaded files It is written with security in mind and in the default setup it runs as a non root user in a chroot jail 8 3 3 HTTP Anti Virus Proxy Homepage http www server side de Supports libclamav HAVP is a proxy with an antivirus
7. cookie filtering SafeSquid has an Advanced Bandwidth Management System to create very granular enterprise and network wide bandwidth usage policies SafeSquid Free Edition is not time or user limited 8 3 7 SquidClamAV Redirector Homepage http www jackal net at tiki read_article php articleId 1 Supports libclamav SquidClamAV Redirector is a Squid helper script which adds virus scanning for defined filename extensions It has been tested with Python pyclamav ClamAV and Squid SCAVR handles the request as given from Squid downloads the URL and scans it for known viruses It rewrites the URL from Squid to a blocked URL or an information page with information about the scanning results 8 3 8 Squidclam Homepage http squidclam sourceforge net Supports libclamav Squidclam is a replacement for SquidClamAV Redirector py written in C using libcla mav and libcurl 8 3 9 Viralator Homepage http viralator sourceforge net Supports clamscan Viralator is a perl script that virus scans http downloads on a linux server after passing through the squid proxy server 8 Third party software KI 8 4 Filesystem ClamAV 8 4 1 Dazuko Homepage http www dazuko org Supports clamuko This project provides a kernel module which provides 3d party applications an interface for file access control It was originally developed by H BEDV Datentechnik GmbH to be used for on access virus scanning Other uses include a file access m
8. 3 clamav config Use clamav config to check libclamav compilation information zolw localhost clamav config libs L usr local lib lz lbz2 lgmp lpthread zolw localhost clamav config cflags I usr local include g 02 6 4 4 Example You will find an example scanner application in the clamav sources example Re member that all programs based on libclamav must be linked against it gcc Wall exl c o exl Iclamav 6 5 CVD format CVD ClamAV Virus Database is a digitally signed tarball file that contains one or more databases The header is a 512 bytes long string with colon separated fields ClamAV VDB build time version number of signatures functionality level required MD5 checksum digital signature builder name build time sec sigtool info displays detailed information on CVD files 7 Frequently Asked Questions zolw localhost usr local share clamav sigtool i daily cvd Build time 11 Sep 2004 21 07 0200 Version 487 of signatures 1189 Functionality level 2 Builder ccordes MD5 a3f4f98694229e461f17d2aa254e9a43 Digital signature uwJS6d y 9g5SXGEOHhlrXyjZW PGK zqVtWWVL3 tfHEn Al7z6VB21BR2I OitKRYzmVo3ibU7bPCJNgi6fPcWlPQwvCunwAswvR ehrvY 4ks UjUOXo1VwQ1W7186HZmiMUSyAjnF gciOSsOQa9Hli8D5uETIRDzVpoWu id Verification OK 7 Frequently Asked Questions The FAQ section is maintained by Luca Gibelli e What does WARNING Current functionality l
9. 42 8 25 QUAN s sog ace xax ew Boa a e eGo aer eee f 42 Bo Viralator acia 42 Filesystem F ClamAV zas ste os eie GA A Oe ea a Aa 43 SAL DOO A 43 SAL PAULO PEE a AA A 43 8 4 3 OpenAntiVirus samba vscan 43 Mail User Agent ClamAV 2203 0 4 30 Ae A a Ox 43 Bo III 43 8 3 2 CIAMASSASIN AE AAA 43 5 2 9 Clamsca procfiltet 20 ei IR n On 44 8 5 4 KM pa nG 3 oes Hore SES SSH Oe Bae Red m Rene 2 44 Contents 8 6 8 7 8 8 550 MyClamMailFilter 2232363394 thee AA 44 8 5 6 OpenWebMall 2 99x39 644 644 44 S3 e OCA o at 1099 16 85 0 PS Pe EE EEGEN 44 8 5 8 QMVC Qmail Mail and Virus Control 45 8 5 9 Sylpheed L laws aay Gg riera AAA 45 8 5 10 SoftlabsAV aa a AAA 45 Graphical User Interface ClamAV o ooo 45 8 6 1 EE L zoe aca e E a 45 8 6 2 BOCM iia a a a de dr Ow AA de 46 8 6 3 Clamaktion e ig us a Ai ag ear o 46 8 6 4 ClamShell cada a aida rd 46 S603 Eu EE OI 46 8 6 6 clamXav es 46 560 7 Clam With s x 055 TER aa KAN NAA ELRUF RENS 46 SiGe FETCAV 55 566 wii wd Up ond UE old oki go Nor oes os 47 559 KANAN 24 5 44554 4 50 AG ANG 4 9 9 tex Oe A 47 8 6 10 QtClamAVclient 47 Bill WHMCMNAys ds AAA eR ARR RA ARA 47 Library ClamAV i Bde Sec he he o E he es ode PBA de BA BAKAL 47 5 7 l ClamAV Sharp e s ses Ge Se GSR DSR ESR ne niee 47 S012 ClamAV PWG s c e 684 4 844 844 8444 Paw SoH Spe 48 8 7 3 SClAMAVE EENHEETEN 4
10. BeClam Homepage http www bebits com app 3930 Supports ClanAV BeClam is a port of ClamAV for the BeOS operating system 8 6 5 Clamaktion Homepage http web tiscali it rospolosco clamaktion Supports clamscan clamaktion is a little utility which allows KDE 3 users to scan files and directories with clamscan from the right click Konqueror menu 8 6 4 ClamShell Homepage http home comcast net schwalbrichard Supports clamscan ClamShell is a GUI frontend written in Java for the Linux version of ClamAV 8 6 5 ClamTk Homepage http www rootshell be phen0m clamtk Supports ClamAV ClamTk is a perl tk GUI for ClamAV 8 6 6 clamXav Homepage http www markallan co uk clamXav Supports ClanAV clamXav is a virus scanner with GUI for Mac OS X 8 6 7 ClamWin Homepage http clamwin sourceforge net Supports clamscan freshclam ClamWin provides Graphical User Interface to Clam AntiVirus scanning engine It allows to select and scan a folder or file configure settings and update virus databases It also includes a Windows Taskbar tray icon ClamWin also features a context menu handler for Windows Explorer which installs Scan into the right click explorer menu for files and folders The package comes with an installer built with InnoSetup Cygwin dlls are included 8 Third party software 8 6 8 FETCAV Homepage http www thymox uklinux net Supports clamscan FETCAV stands for Front End To Clam AntiV
11. Role sysadmin mirror coordinator e Nigel Horne lt njh clamav net gt United Kingdom Role coder e Arnaud Jacques lt arnaud clamav net gt France Role virus database maintainer e Tomasz Kojm lt tkojm clamav net gt Poland Role project leader coder virus database maintainer 10 Authors Thomas Lamy lt tlamy clamav net gt Germany Role random hacker Thomas Madsen lt tmadsen clamav net gt Denmark Role virus submission management Denis De Messemacker lt ddm clamav net gt Belgium Role inactive Tomasz Papszun lt tomek clamav net gt Poland Role virus database maintainer Sven Strickroth lt sven clamav net gt Germany Role virus database maintainer Trog lt trog clamav net gt United Kingdom Role coder virus database maintainer
12. The binary packages for AIX are available in AIX PDSLIB UCLA http aixpdslib seas ucla edu packages clamav html e Mac OS X There s a binary package available at http clamav darwinports com clamXav see 8 6 6 a GUI for ClamAV running on MacOS X is available at http www markallan co uk clamXav e BeOS BeClam is a port of ClamAV for the BeOS operating system It includes a very simple GUI Get it at http www bebits com app 3930 e MS Windows Cygwin ClamAV is a part of the official Cygwin port repository e MS Windows cygwin dll based All major features of ClamAV are implemented under Win32 using the Cygwin compatibility layer You can download a self installing package at http www sosdg org clamav win32 index php e MS Windows Interix A binary package of ClamAV for Interix is maintained at http www interopsystems com tools warehouse htm e MS Windows graphical version A standalone GUI version is also available See ClamWin in the Third Party Software section 8 6 7 2 3 Daily built snapshots Thanks to Fajar A Nugraha you can download daily builds from daily snapshots for the following operating systems e SPARC Solaris 8 9 e DEC OSF built on Tru64 UNIX V5 0A e AIX built on AIX Version 5 1 e Linux i386 with glibc 2 3 compiled on Fedora Core 1 works on RH gt 8 3 Installation EH e Win32 Cygwin compiled on XP They re available at http clamav or id 3 Installation 3 1 Requirements
13. and it just gets removed QC lam also writes results of scanning into log file qclam 8 5 8 QMVC Qmail Mail and Virus Control Homepage http www fehcom de qmai1 qmvc html Supports clamdscan clamscan QMVC is an unidirectional mail filter for qmail It works in conjunction with the dot qmail mechanism for qmail local and is entirely designed for qmail no additional patches required 8 5 9 Sylpheed Claws Homepage http claws sylpheed org Supports libclamav Sylpheed Claws is the extended branch of Sylpheed a lightweight mail user agent for UNIX It can scan attachments in mail received from POP IMAP local accounts using the Clam AntiVirus plugin Preferences can be set under Configuration Preferences Plugins Clam AntiVirus 8 5 10 SoftlabsAV Homepage http antivirus softlabs info Supports clamscan Softlabs AntiVirus is a generic anti virus filter for incoming mail servers on Unix run ning as plugin for procmail In addition it plugs to the Clam AntiVirus scanner clam scan if available 8 6 Graphical User Interface ClamAV 8 6 1 AVScan Homepage http wolfpack twu net Endeavour2 contrib index html avscan Supports libclamav AVScan is an anti virus scanner for Endeavour Mark II that uses the ClamAV library It allows you to create a list of scan items for frequently scanned locations and features easy virus database updating all in a simple GUI environment 8 Third party software KI 8 6
14. bad 2038 x 632 Database logdine vu cosac osad ooh a es 6 3 3 Error handling 2 22222 92 x 4442544 6 3 4 Database structule easy eue S44 Gx dS ea Se ae ea 6 4 Database reloading sie A ig de o we Bw e qe e Re eH ee 6 4 1 Data scan functions ido wa Sh daw hw bw a ee do 6042 MEMO acos sa aoe doe ee g du e ae ee a d GAS la uuo AE dece dE a a 644 Example owe baw Edi entra Go CVD format s 2 23 rd dah aliada 7 Frequently Asked Questions 8 Third party software MTA ClamAV uiu vos BAR a AAA 8 1 8 1 1 8 1 2 8 1 3 8 1 4 8 1 5 8 1 6 8 1 7 8 1 8 8 1 9 8 1 10 8 1 11 8 1 12 8 1 13 8 1 14 8 1 15 8 1 16 8 1 17 8 1 18 8 1 19 8 1 20 8 1 21 8 1 22 8 1 23 8 1 24 8 1 25 anmidvisd neW e p agoe ara ee Se OS X lo ee a AMaViS Next Generation ClamdMall 2208200240000 4 St So a 8093 Clement 29 moo omo o be a a uir oe Be ATAR ee A ClamCours lt a esp ae e ee ret Clamifilter cue Ads Bee Boe Ree SMES ES d DSpamPD ice gasgas adaa sea 3 3 3 MY RR BA Er e Ee es A AA Gadoyanvirus 25 A 23x 4 3 4 9 33 9 93999 4 RR 9 4 hMallSetVet sus o un Oe be ende E A ee EAE ues IVS Miltef 45 hao baa ban PE 4642665584255 x Jenna MP mn Mall ANGDESE s s c ace sacr Rc RE ace d NB ee dede P he dc rd Mailnees AA UU MailScanner een Maverix x MIMEDef nt gt D ace x sub a aoa a ee KN E PB ES mxGuard for IMail oaa Odeld VIE ou ou e EE E en en d O
15. ferschmann cz e Andries Filmer http www netexpo nl e The Free Shopping Cart people http www precisionweb net e Paul Freeman e Jack Fung e Stephen Gageby e Paolo Galeazzi e GANDI http www gandi net e Jeremy Garcia http www linuxquestions org e GBC Internet Service Center GmbH http www gbc net e GCS Tech http www gcstech net e GHRS http www ghrshotels com e Todd Goodman e Bill Gradwohl http www ycc com e Grain of Salt Consulting e Terje Gravvold e Hart Computer http www hart co jp e Hosting Metro LLC http www hostingmetro com e IDEAL Software GmbH http www IdealSoftware com Credits e Industry Standard Computers http www ISCnetwork com e Interact2Day http www interact2day com e Invisik Corporation http www invisik com e itXcel Internet Domain Registration http www itxcel com e Craig Jackson e Stuart Jones e Jason Judge e Keith http www textpad com e Ewald Kicker http www very clever com e Brad Koehn e Christina Kuratli http www virusprotect ch e Logic Partners Inc http www logicpartners com e Mark Lotspaih http www lotcom org e Michel Machado http oss digirati com br e Olivier Marechal e Matthew McKenzie e Micro Logic Systems http www mls nc e Midcoast Internet Solutions e Mimecast http www mimecast com e Kazuhiro Miyaji e Bozidar Mladenovic e Paul Morgan e T
16. filter It does not cache or filter content At the moment the complete traffic is scanned A reason for that is the chance of malicious code in nearly every filetypes e g HTML JavaScript or JPEG files 8 3 4 mod_clamav Homepage http software othello ch mod_clamav Supports libclamav clamd mod_clamav is an Apache virus scanning filter It was written and is currently main tained by Andreas Muller 8 3 5 ClamAV module for ProFTPD Homepage http www uglyboxindustries com open source php Supports libclamav This is an add on module for ProFTPD that enables the FTP server to scan newly up loaded files for viruses before allowing the file upload to complete This is very valu able as you the administrator can ensure that your FTP sites do not contain viruses uploaded by your users 8 Third party software 42 8 3 6 SafeSquid Homepage http www safesquid com Supports clamd SafeSquid is one of the most feature rich Content Filtering Internet Proxies It is an ideal content filter for other proxies like Squid because it chains with them via request forwarding ICAP CARP ICP It has a browser based GUI for remote management a powerful profiles feature to implement user IP network based multiple and unique policies SafeSquid supports PAM and NTLM Authentication besides using any form of external databases the use of URL Blacklists to deliver category based content fil tering besides keyword mime header
17. in alphabetical order e Activelntra net Inc http www activeintra net e Advance Healthcare Group http www ahgl com au American Computer amp Electronic Services Corp http www acesnw com Anonymous donor from Colorado US Peter Ashman Atlas College http www atlascollege nl Credits KI e AWD Online http www awdonline com e BackupAssist Backup Software http www backupassist com e Dave Baker e Bear and Bear Consulting Inc http www bear consulting com e Aaron Begley e Craig H Block e Norman E Brake Jr e By Design http www by design net e Canadian Web Hosting http www canadianwebhosting com e cedarcreeksoftware com http www cedarcreeksoftware com e Thanos Chatziathanassiou e Cheahch from Singapore e Conexim Australia business web hosting http www conexim com au e Alan Cook e Joe Cooper e CustomLogic LLC http www customlogic com e Ron DeFulio e Digirati http oss digirati com br e Steve Donegan http www donegan org e Dynamic Network Services Inc http www dyndns org e EAS Enterprises LLC e eCoupons com http www ecoupons com e Electric Embers http electricembers net e John T Ellis e Epublica Credits e Bernhard Erdmann e David Eriksson http www 2good nu e Philip Ershler e Explido Software USA Inc http www explido us e David Farrick e Jim Feldman e Petr Ferschmann http petr
18. is available on Mandrake s mirrors and is main tained by Oden Eriksson Another set of RPM packages maintained by Bill Ran dle is available at ftp ftp neocat org pub e Slackware Slackware packages without milter support are maintained by Jay Scott Raymond You can find them at http webpages charter net jay scott raymond linux slackages If you need milter enabled ClamAV try Peter Kaagman s packages available at http bilbos stekkie com clamav Both of them are also available at http www linuxpackages net e SuSE SuSE 8 2 and 9 1 RPMs are maintained by Joe Benden You can down load them at http www ispservices com clamav html Official ClamAV packages for SuSE are maintained by Reinhard Max e FreeBSD The official FreeBSD port is maintained by Masahiro Teramoto There are two version available clamav and clamav devel You can find both of them under usr ports security e OpenBSD ClamAV will become part of the official ports tree in the upcoming 3 7 release of OpenBSD The new port is maintained by Marc Balmer The old unofficial port for OpenBSD maintained by Jerome Loyet is available at http www fatbsd com openbsd clamav e NetBSD The official port is available e Solaris Stable packages and daily snapshots for Solaris 8 SPARC are available at http 2 Base package 10 clamav or id snapshot Latest stable packages for Solaris 9 SPARC 64bit are available at http clamav citrus it net e AIX
19. lt ai vsu ru Michal Jaegermann lt michal harddata com gt Jay sysop clamav coronastreet net Stephane Jeannenot lt stephane jeannenot wanadoo fr Per Jessen per computer org Dave Jones lt dave kalkbay co za gt Jesper Juhl juhl dif dk Kamil Kaczkowski lt kamil kamil eisp pl gt Alex Kah lt alex narfonix com gt Stefan Kaltenbrunner lt stefan kaltenbrunner cc gt Lloyd Kamara lt 1 kamara imperial ac uk gt Stefan Kanthak lt stefan kanthak fujitsu siemens com gt Kazuhiko lt kazuhiko fdiary net gt Jeremy Kitchen lt kitchen scriptkitchen com gt Tomasz Klim lt tomek euroneto pl gt Robbert Kouprie robbert exx nl Martin Kraft lt martin kraft fal de gt Petr Kristof lt Kristof P fce vutbr cz gt Henk Kuipers henk opensourcesolutions nl Nigel Kukard nkukard lbsd net Eugene Kurmanin lt smfs users sourceforge net gt Credits e Dr Andrzej Kurpiel lt akurpiel mat uni torun pl gt e Mark Kushinsky lt mark mdspc com gt e Mike Lambert lt lambert jeol com gt e Thomas Lamy Thomas Lamy in online net e Stephane Leclerc sleclerc aliastec net e Marty Lee lt marty maui co uk gt e Dennis Leeuw dleeuw made it com e Martin Lesser admin debian bettercom de e Peter N Lewis peter stairways com au e Matt Leyda lt mfleyda e one com gt e James Lick lt jlick drivel com gt e Jerome Limozin lt jerome limozin net gt e Mike Loewen mloewen sturgeon cac p
20. s lines net 61 205 61 201 Japan lt tatsuya staff s lines net gt clamav mcs de 194 77 146 139 Germany Christian Kuehn lt christian kuehn mcs de gt lt thomas schwanhaeuser aps web de gt Tatsuya Ueda iP Location Administrator Thilo Bangert clamav mirror fizzelpark com 217 115 136 170 Germany clamav talika eii us es 150 214 142 249 Spain Javier Miguel Rodriguez clamav nara wide ad jp 203 178 137 175 Japan Yoshiaki Saita clamavdb ml club jp 219 117 246 122 Japan Takahiro Morizono clamav packetstorm nu 213 222 11 220 The Netherlands Niek Baakman cese m niek asbak coding slaves com clamav mirror garr it 193 206 139 37 Italy Enrico Cavalli clamav uoc gr 147 52 3 21 Greece Kissandrakis S George Fabian Caspers lt fabian lug norderstedt de gt clamav dc hu 195 228 75 149 Hungary Bencsath Boldizsar lt boldi mail2004 crysys hit bme hu gt clamav df lth se 194 47 250 218 Sweden Rune Anderson rpa df lth se Volker Gueth lt volker gueth net gt 9 Credits Location Administrator b clamav mirror fizzelpark com 217 115 136 170 Germany Thilo Bangert lt bangert fizzelpark com gt clamav dg net ua 213 186 196 225 Ukraine Oleksandr V Typlynskyi La aa clamav i24horas com br 200 242 49 19 Brazil Renato Lins A AA A kaarte aton com clamav industrium ru 83 222 15 190 Russia Igor Shergin clamav myriadnetwork com 209 9 235 98 USA Thomas Petersen Ka lt tomp myriadnetwork com gt clamav kazar o
21. straightforward 4 1 1 On access scanning An interesting feature of clamd is on access scanning based on the Dazuko module available from http dazuko org It is not required to run clamd furthermore you shouldn t run Dazuko on production systems The special thread in clamd re sponsible for the communication with Dazuko is called Clamuko due to the funny name of Dazuko and it s only supported on Linux and FreeBSD To compile dazuko execute tar zxpvf dazuko a b c tar gz cd dazuko a b c make dazuko or make dazuko smp for smp kernels su insmod dazuko o cp dazuko o lib modules uname r misc depmod a Depending on your Linux distribution you have to add a dazuko entry to etc modules or run the module during system s startup by adding modprobe dazuko to some startup file You must also create a new device 4 Configuration 14 cat proc devices grep dazuko 254 dazuko su c mknod m 600 dev dazuko c 254 0 Now configure Clamuko in clamd conf and read the 5 3 section 4 2 clamav milter Nigel Horne s clamav milter is a very fast email scanner designed for Sendmail It s written entirely in C and only depends on 1ibclamav or clamd You can find detailed installation instructions in the INSTALL file that comes with the clamav milter sources Basically to connect it with Sendmail add the following lines to etc mail sendmail mc INPUT MAIL FILTER clmilter S local va
22. supports almost all SMTP software including Lotus Domino and Microsoft Exchange The daemon part based on libclamav is licensed under the GPL 8 1 36 simscan Homepage http www inter7 com page simscan Supports clamscan Simscan is a mail filter for qmail designed to block attachments during the SMTP conversation It is open source and only uses open components Very efficent written in C 8 Third party software EJ 8 1 37 SmarterMail Filter Homepage http www efextra com smfilter htm Supports clamscan clamd SMFilter is a free plugin for SmarterMail Mail Server that provides antivirus scanning using ClamAV 8 1 38 smf clamd Homepage http smfs sourceforge net smf clamd html Supports clamd SmartSendmailFilter clamd is a lightweight filter for Sendmail It s a small less than 550 lines of C code fast and very stable filter production quality 8 1 39 smtpfilter Homepage http www gtoal com spam smtpfilter c html Supports clamscan smtpfilter is a filter for an SMTP session which passes the session through transparently in real time except for the DATA command which is intercepted in order to scan the data for spam and or viruses 8 1 40 smtp gated Homepage http smtp proxy klolik org Supports clamd smtp gated is a transparent SMTP proxy supporting NAT on Linux netfilter NAT on FreeBSD ipfw and others getsockopt compatible or dedicated mode separate external machine DATA traffic
23. tim sentinelchicken org gt e Dirk Mueller lt mueller kde org gt e Flinn Mueller lt flinn activeintra net gt e Hendrik Muhs lt Hendrik Muhs student uni magdeburg de gt e Simon Munton lt simon munton demon co uk gt Credits e Farit Nabiullin http program farit ru e Nemosoft Unv nemosoft smcc demon nl e Wojciech Noworyta lt wnow konarski edu pl gt e Jorgen Norgaard lt jnp anneli dk gt e Fajar A Nugraha lt fajar telkom co id gt e Joe Oaks lt joe oaks hp com gt e Washington Odhiambo lt wash wananchi com gt e Masaki Ogawa proc mac com e John Ogness lt jogness antivir de gt e Phil Oleson lt oz nixil net gt e Jan Ondrej lt ondrejj salstar sk gt e Martijn van Oosterhout lt kleptog svana org gt e OpenAntiVirus Team http www OpenAntiVirus org e Tomasz Papszun lt tomek lodz tpsa pl gt e Eric Parsonage lt eric eparsonage com gt e Oliver Paukstadt pstadt stud fh heilbronn de e Christian Pelissier lt Christian Pelissier onera fr gt e Rudolph Pereira rudolph usyd edu au e Ed Phillips ed UDel Edu e Andreas Piesk Andreas Piesk heise de e Mark Pizzolato lt clamav devel subscriptions pizzolato net gt e Dean Plant lt dean plant roke co uk gt e Alex Pleiner lt pleiner zeitform de gt e Ant La Porte lt ant dvere net gt e Jef Poskanzer jef acme com Credits Christophe Poujol lt Christophe Poujol atosorigin com gt Sergei Pronin lt sp finnde
24. 8 8 74 D bindings for ClamAV 48 8 13 Miles Scan ClamAV gt 64 eed eh ACE KAY s 48 8 7 6 Mail ClamAV sgoe sos agaa a a a ee 48 Br PHP ClamAV ET uas ae AA RN KA 48 5 7 5 PUGAY ec a o aw dos de de oido qe de eie Ade He 49 8 7 9 Eeler Gee bond de d od de 49 Miscellaneous ClamAV ooo 49 So INSERT uua a ese ward quu ia a d c 40 8 8 2 Local Area Security uix Waa bok Riera Hae ex x 49 Bo WAU ST ADM aida dar dad 49 8 8 4 mailman clamay e 50 Boo Moodle 2 244024 02 badd ew A 50 900 MGA 4 90 4 ayes aa a tas 50 Bo gmailmrtg7 s Lm 50 8 9 8 Ted Wall Firewall ea e Soe KANG a x 9 733998 50 8 8 9 Scan Log Analyzer 45 4759 9 3 9 3 39 9 8 a 21 5 5 10 NOTANG a e Ha xum SSS SS UE ERE eke ek eso Al 8 8 11 Snort ClamAV 0 AU 51 Contents 5 9 Credits 51 91 Database mirrors 24 446 582484444446 DIMO Wo 51 972 COMUMDULOLS d sama hr E Sees pap Sear a S gan tak IE GP E a e Es 57 9 3 DONOS E E E E EE LA 67 Q4 tco s sece Giang a Geel Sea oa Pere tx 73 93 OpenAntiVirus x Par RUE He RR RR 73 10 Authors 73 ClamAV User Manual 2002 2006 Tomasz Kojm This document is distributed under the terms of the GNU General Public License v2 Clam AntiVirus is free software you can redistribute it and or modify it under the terms of the GNU General Public License as published by the Free Software Founda tion either version 2 of the License or at your option any later version This program is
25. Denial of Service attacks struct cl_limits int maxreclevel maximal recursion level int maxfiles maximal number of files to be scanned within archive Si int maxratio maximal compression ratio short archivememlim limit memory usage for bzip2 0 1 long int maxfilesize archived files larger than this value will not be scanned a bi The options argument configures the scan engine and supports the following flags that can be combined using bit operators e CL SCAN STDOPT This is an alias for a recommended set of scan options You should use it to make your software ready for new features in future versions of libclamav e CLSCAN RAW It does nothing Please use it alone if you don t want to scan any special files e CL SCAN ARCHIVE This flag enables transparent scanning of various archive formats e CL SCAN BLOCKENCRYPTED With this flag the library marks encrypted archives as viruses Encrypted Zip Encrypted RAR e CL SCAN BLOCKMAX Mark archives as viruses if maxfiles maxfilesize or maxreclevel limit is reached e CL SCAN MAIL It enables support for mail files All LibClamAV KI e CL SCAN MAILURL The mail scanner will download and scan URLs listed in a mail body This flag should not be used on loaded servers Due to potential problems please do not enable it by default but make it optional e CL SCAN OLE2 Enables support for Microsoft Office document files e CL SCAN PE
26. This flag enables scanning withing Portable Executable files and allows libclamav to unpack UPX Petite and FSG compressed executables e CL SCAN BLOCKBROKEN libclamav will try to detect broken executables and mark them as Broken Executable e CL SCAN HTML This flag enables HTML normalisation including JScript decryption functions return O CL CLEAN if the file is clean CL VIRUS when virus is detected and an another value on failure lin mem Lim im im m i m il m nits m m ji d i lim struct cl_limits limits const char virname set amp limits 0 sizeof struct cl limits aximal number of files in archive ts maxfiles 1000 axim a al archived file size axfilesize 10 1048576 10 MB 21 a a H ts m aximal recursion level xreclevel 5 aximal compression ratio ts maxratio 200 isable memory limit for bzip2 scanner ts archivememlim 0 if ret cl_scanfile home zolw test amp virname NULL root amp limits CL STDOPT CL VIRUS printf Detected s virus 1n virname else printf No virus detected Wn if ret CL CLEAN 6 LibClamAV EJ printf Error s n cl strerror ret 6 4 Memory Because the internal database uses a few megabytes of memory you should release it if you no longer need to scan files void cl free struct cl node root 6 4
27. alter transip nl gt clamavdb osj net 218 44 253 75 Japan Masaki Ikeda lt masaki orange co jp 9 Credits KI 129 64 99 170 clamav unet brandeis edu USA Elliot Kendall pen ee clamav iml net 65 77 42 207 Florida US Dmitri Pavlenkov em aaa clamav acnova com 203 81 40 167 Singapore Lennard Seah pee Le EEUU clamdb prolocation net 213 73 255 243 The Netherlands Raymond Dijkxhoorn clamav xyxx com 72 21 63 182 San Francisco Palo Alto Myron Davis clamav walkertek com 38 136 139 7 USA Stephen Walker clamav mirror rafal ca 24 215 0 24 Burlington Rafal Rzeczkowski clamav securityminded net 209 8 40 140 Ashburn USA Thomas Petersen clamav island net au 203 28 142 36 Sydney Hugh Blandford clamav iol cz 194 228 2 38 Czech Republic Lenka Sevcikova ee Ler PRE clamav securitywonks net 66 197 159 213 USA D Raghu Veer WOHNEN UE clamav pcn de 213 203 254 4 Hamburg Karsten Gessner po mee a paa clamav enderunix org 193 140 143 23 Turkey Omer Faruk Sen La E nanana clamav ovh net 213 186 33 38 France Germain Masse Ba Lesser clamav spod org 195 92 99 99 United Kingdom lan Kirk MO TTT TE Tiet se clamav intercom net ua 83 218 226 76 Ukraine Artie Missirov database clamav ps pl 212 14 28 36 Poland Adam Popik adam popik pl clamav univ nantes fr 193 52 101 131 France Yann Dupont clamav blackroute net 64 246 44 108 Texas USA Maarten Van Horenbeeck clamavdb mithril linux org 211 10 155 48 Japan Hideki Yamane clamavdb planetmi
28. an lt matt sullivan gen nz gt e Dr Zbigniew Szewczak zssz mat uni torun pl e Joe Talbott lt josepht cstone net gt e Gernot Tenchio lt g tenchio telco tech de gt e Masahiro Teramoto lt markun onohara to gt e Daniel Theodoro lt dtheodoro ig com br gt e Ryan Thompson lt clamav sasknow com gt e Gianluigi Tiesi sherpya netfarm it e Yar Tikhiy lt yar comp chem msu su gt e Andrew Toller lt atoller connectfree co uk gt e Michael L Torrie torriem chem byu edu e Trashware lt trashware gmx net gt e Matthew Trent lt mtrent localaccess com gt e Reini Urban lt rurban x ray at gt e Daniel Mario Vega lt dv5a dc uba ar gt e Denis Vlasenko lt vda ilport com ua gt 9 Credits e Laurent Wacrenier lt lwa teaser fr gt e Charlie Watts lt cewatts brainstorminternet net gt e Florian Weimer lt fw deneb enyo de gt e Paul Welsh lt paul welshfamily com gt e Nicklaus Wicker n wicker cnk networks de e David Woakes lt david mitredata co uk gt e Troy Wollenslegel troy intranet org e ST Wong lt st wong cuhk edu hk gt e Dale Woolridge dwoolridge drh net e David Wu dyw iohk com e Takumi Yamane lt yamtak b session com gt e Youza Youzovic lt youza post cz gt e Anton Yuzhaninov lt citrin rambler co ru gt e Leonid Zeitlin 1z europe com e ZMan Z x86zman go a way dyndns org e Andoni Zubimendi lt andoni lpsat net gt 9 3 Donors We ve received financial support from
29. ary has a built in support for the following formats e Zip e RAR 2 0 e Tar e Gzip e Bzip2 e MS OLE2 e MS Cabinet Files e MS CHM Compiled HTML e MS SZDD compression format e UPX all versions e FSG 1 3 1 31 1 33 2 0 e Petite 2 x 6You can still use clamd or clamscan instead 6 LibClamAV EN Due to license issues support for RAR 3 0 archives is currently not available in libcla mav such archives will trigger the RAR module failure error message You can scan them with the help of external unpackers in clamscan though S clamscan unrar clam error rar home zolw test clam error rar RAR module failure UNRAR 3 00 freeware Copyright c 1993 2002 Eugene Roshal Extracting from home zolw test clam error rar Extracting clam exe OK All OK tmp 44694f5b2665d2f4 clam exe ClamAV Test File FOUND home zolw test clam error rar Infected Archive FOUND 6 2 2 Mail files Advanced mail scanner built into libclamav transparently scans e mails for infected attachments All popular UNIX mail formats are supported TNEF attachments are supported as well 6 3 API 6 3 1 Header file Every program using libclamav must include the clamav h header file include lt clamav h gt 6 3 2 Database loading The following set of functions provides an interface to database initialisation mecha nisms int cl _loaddb const char filename struct cl node root unsigned int signo int cl loaddbdir const char
30. ate com gt e Brian J France list firehawksystems com e Free Oscar lt freeoscar wp pl gt e Martin Fuxa lt yeti email cz gt Credits Piotr Gackiewicz lt gacek intertele pl gt Jeremy Garcia lt jeremy linuxquestions org gt Dean Gaudet lt dean clamav arctic org gt Michel Gaudet lt Michel Gaudet ehess fr gt Philippe Gay lt ph gay free fr gt Nick Gazaloff lt nick sbin org gt Geoff Gibbs lt ggibbs hgmp mrc ac uk gt Luca NERvOus Gibelli lt nervous nervous it gt Scott Gifford lt sgifford suspectclass com gt Wieslaw Glod lt wkg x2 p1 gt Stephen Gran lt steve lobefin net gt Koryn Grant lt koryn endace com gt Matthew A Grant lt grantma anathoth gen nz gt Christophe Grenier lt grenier cgsecurity org gt Marek Gutkowski lt hobbit core segfault pl gt Jason Haar lt Jason Haar trimble co nz gt Hrvoje Habjanic lt hrvoje habjanic zg hinet hr gt Michal Hajduczenia lt michalis mat uni torun pl gt Jean Christophe Heger jcheger acytec com Martin Heinz lt Martin hemag ch gt Kevin Heneveld lt kevin northstar k12 ak us gt Anders Herbjornsen lt andersh gar no gt Paul Hoadley lt paulh logixsquad net gt Robert Hogan lt robert roberthogan net gt Przemyslaw Holowczyc doozer skc com pl Credits Thomas W Holt Jr lt twh cohesive net gt James F Hranicky lt jfh cise ufl edu gt Douglas J Hunley lt doug hunley homeip net gt Kurt Huwig lt kurt iku netz de gt Andy Igoshin
31. base clamav net but multiple directives are allowed In order to download the database from the closest mirror you should configure freshclam to use db xx clamav net where xx represents your country code For example if your server is in Ascension Island you should add the following lines to freshclam conf DNSDatabaselInfo current cvd clamav net DatabaseMirror db ac clamav net DatabaseMirror database clamav net The second entry acts as a fallback in case a connection to the first mirror fails for some reason The full list of two letters country codes is available at http www iana org cctld cctld whois htm 5 Usage 5 1 Clam daemon clamd is a multi threaded daemon that uses libclamav to scan files against viruses It may work in one of the two network modes listening on a e Unix local socket e TCP socket The daemon is fully configurable via the clamd conf file clamd recognizes the following commands e PING Check daemon state should reply with PONG e VERSION Print program and database versions e RELOAD Reload databases e SHUTDOWN Perform a clean exit 5man 5 clamd conf 5 Usage e SCAN file directory Scan file or directory recursively with archive support en abled a full path is required e RAWSCAN file directory Scan file or directory recursively with archive sup port disabled a full path is required e CONTSCAN file directory Scan file or directory recursively with archive sup
32. bian The package is maintained by Stephen Gran and Thomas Lamy ClamAV has been officially included in the Debian distribution starting from the Sarge re lease Run apt cache search clamav to find the names of the packages avail able for installation Unofficial packages for Woody and Sarge are available and they are usually more recent than official ones Add the following lines to your etc apt sources list for stable woody 1386 deb http people debian org sgran debian woody main deb src http people debian org sgran debian woody main for testing sarge i386 deb http people debian org sgran debian sarge main deb src http people debian org sgran debian sarge main Feel free to search for clamav on http www apt get org too e RedHat Fedora The packages are maintained by Petr Kristof Fedoral http crash fce vutbr cz crash hat 1 clamav Fedora2 http crash fce vutbr cz crash hat 2 clamav Devel snapshots http crash fce vutbr cz crash hat testing 2 Please follow the instructions at http crash fce vutbr cz yum repository html and then run 2 Base package 9 yum update clamav or up2date u clamav Another very good repository is maintained by Dag Wieers http dag wieers com packages clamav e PLD Linux Distribution The RPM packages for the Polish ed Linux Distribution are maintained by Arka diusz Miskiewicz visit http www pld linux org e Mandrake A RPM package for Mandrake
33. d e How can I contribute to the ClamAV project There are many ways to contribute to the ClamAV project See the donations page http www clamav net donate html for more info 8 Third party software The following software supports ClamAV It s specified which elements are supported please note that if a program doesn t support clamd you can use clamdscan instead of clamscan 8 1 MTA ClamAV 8 1 1 amavisd new Homepage http www ijs si software amavisd Supports clamd clamscan amavisd new is a rewritten version of amavis maintained by Mark Martinec Installation clamscan is enabled automatically if clamscan binary is found at amavisd new startup time clamd is activated by uncommenting its entry in the av_scanners list file etc amavisd conf 8 1 2 AMaViS Next Generation Homepage http sourceforge net projects amavis Supports clamscan 8 Third party software 32 AMAaViS ng is a rewritten more modular version of amavis perl amavisd developed by Hilko Bengen Installation Please download the newest version at least 0 1 4 After installation which is quite easy please uncomment the following line in amavis conf virus scanner CLAM and if it s needed change the path to clamscan in the CLAM section CLAM clamscan usr local bin clamscan 8 1 3 ClamdMail Homepage http clamdmail sf net Supports clamd A mail processing client for ClamAV Small fast and easy to insta
34. dirname struct cl node root unsigned int signo 6 LibClamAV 22 const char cl_retdbdir void cl loaddb loads selected database while cl_loaddbdir loads all databases from a dirname directory cl_retdbdir returns a default hardcoded database directory path After an initialisation an internal database representation will be saved under root which must initially point to NULL and a number of loaded signatures will be added 7 to virnum You can eventually pass NULL if you don t care about a signature counter Both cl_loaddb and cl_loaddbdir functions return 0 on success and a non negative value on failure struct cl_node root NULL int ret signo 0 ret cl loaddbdir cl retdbdir amp root amp signo 6 3 3 Error handling Use c1 strerror to convert error codes into human readable messages The function returns a statically allocated string if ret printf cl loaddbdir error s n cl strerror ret exit 1 6 3 4 Database structure Now initialise internal transitions with cl_build int cl_build struct cl_node root In our example if ret cl_build root printf cl_build error s n cl strerror ret 7Remember to initialize the virus counter variable with 0 6 LibClamAV EJ 6 4 Database reloading The most important thing is to keep the internal instance of the database up to date You can watch database changes with the cl stat functions family int cl statinidi
35. distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FIT NESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program if not write to the Free Software Foundation Inc 51 Franklin Street Fifth Floor Boston MA 02110 1301 USA 1 Introduction 6 1 Introduction Clam AntiVirus is an anti virus toolkit for UNIX designed for e mail scanning on mail gateways It provides a flexible and scalable multi threaded daemon a command line scanner and an advanced tool for automatic database updating via Internet The package also includes a virus scanner shared library 1 1 Features e Licensed under the GNU General Public License Version 2 e POSIX compliant portable e Fast scanning Supports on access scanning Linux and FreeBSD only Detects over 35000 viruses worms and trojans including Microsoft Office and MacOffice macro viruses Scans within archives and compressed files also protects against archive bombs built in support includes Zip RAR 2 0 Tar Gzip Bzip2 MS OLE2 MS Cabinet Files MS CHM Compiled HTML MS SZDD compression format e Supports Portable Executable files compressed with UPX FSG Petite e Powerful mail scanner e Advanced database updater with support for digital signatures a
36. e able to detect any virus In the result all infected mails will be delivered For example to protect a whole system add the following lines to clamd conf lamukoScanOnAccess lamukoIncludePath lamukoExcludePath proc lamukoExcludePath temporary dir of your mail scanning software a CY CH a You can also use clamuko to protect files on Samba Netatalk but far more better and safe idea is to use the samba vscan module 8 4 3 NFS is not supported because Dazuko doesn t intercept NFS access calls 5 4 Output format 5 4 1 clamscan clamscan by default writes all messages to stderr Run it with stdout enabled to redirect them to the standard output An example of the clamscan output is tmp test removal tool exe Worm Sober FOUND tmp test md5 o OK tmp test blob c OK tmp test message c OK tmp test error hta VBS Inor D FOUND When a virus is found its name is printed between the filename and FOUND strings In case of archives the scanner depends on libclamav and only prints the first virus found within an archive zolw localhost tmp clamscan malware zip malware zip Worm Mydoom U FOUND 5 Usage 19 TIP You can force clamscan to list all infected files in an archive using no archive that disables transparent decompressors built into libclamav and external decompres sors unzip unrar zolw localhost tmp clamscan no archive unzip malware zip Archive tmp malware zip inf
37. elooper com Supports clamscan qpsmtpd is a flexible smtpd daemon written in Perl Apart from the core SMTP features all functionality is implemented in small extension plugins using the easy to use object oriented plugin API 8 1 30 qscanq Homepage http budney homeunix net 8080 users budney software qscanq index html Supports clamscan qscanq replaces qmail queue It initiates a scan using clamscan or clamdscan on an incoming email and returns the exit status of the scanner or of qmail queue to the caller 8 1 31 qSheff Homepage http www enderunix org qsheff Supports clamdscan clamd The tool allows running anti virus body subject attachment filtering user defined white black lists and alternative qmail logging Supports ClamAV for virus checking 8 1 32 RevolSys SMTP kit for Postfix Homepage http smtp revolsys org Supports ClamAV via amavisd new The RevolSyS SMTP kit for Postfix provides an antispam and antivirus tools installa tion It uses amavisd new Spamassassin ClamAV and Razor It aims to enhance an already installed mail server running Postfix 8 1 33 Sagator Homepage http www salstar sk sagator Supports clamscan clamd libclamav 8 Third party software EJ This program is an email antivirus antispam gateway It is an interface to the postfix or any other smtpd which runs antivirus and or spamchecker Its modular architecture can use any combination of antivirus spamchecker acc
38. evel 1 required 2 mean The functionality level of the database determines which scanner engine version is required to use all of its signatures If you don t upgrade immediately you will be in big trouble e What does Your ClamAV installation is OUTDATED mean You ll get this message whenever a new version of ClamAV is released In order to detect all the latest viruses it s not enough to keep your database up to date You also need to run the latest version of the scanner You can find the latest release at http www clamav net under the stable link Running the latest stable release also improves stability e What does WARNING DNS record is older than 3 hours mean freshclam attempts to detect potential problems with DNS caches and switches to the old mode if something looks suspicious If this message appears seldomly you can safely ignore it If you get the error everytime you run freshclam you should check your dns settings e What does SECURITY WARNING NO SUPPORT FOR DIGITAL SIGNA TURES mean The ClamAV package requires the GMP library to verify the digital signature of the virus database When building ClamAV you need the GMP library and its headers if you are using Debian just run apt get install libgmp3 dev if you are using an RPM based distribution install the gmp devel package 7 Frequently Asked Questions EJ e How often is the virus database updated The virus database is usually updated many times per week Check o
39. irus It s a GUI interface to ClamAV and requires Xdialog 8 6 9 KlamAV Homepage http sourceforge net projects klamav Supports ClamAV ClamAV Anti Virus protection for the KDE desktop The features include on access scanning manual scanning quarantine management downloading updates mail scan ning KMail Evolution automated installation ClamAV and Dazuko pre packaged 8 6 10 QtClamAV client Homepage http www xystumnet com qtclamavclient html Supports clamd A small client for ClamAV that uses the STREAM socket connection to a clamd server machine where the daemon is listening to locally scan files It is based on the Qt Toolkit from Trolltech 8 6 11 wbmclamav Homepage http wbomclamav labs libre entreprise org Supports ClamAV wbmclamav is a Webmin module to manage Clam AntiVirus written by Emmanuel Saracco 8 7 Library ClamAV 8 7 1 ClamAV Sharp Homepage http clamav sharp pcode nl Supports libclamav Mono binding for ClamAV 8 Third party software EJ 8 7 2 ClamAVPlugin Homepage http wiki apache org spamassassin ClamAVPlugin Supports libclamav via File Scan ClamAV A ClamAV plugin for SpamAssassin 3 x 8 7 3 clamavr Homepage http raa ruby lang org list rhtml name clamavr Supports libclamav Ruby binding for ClamAV 8 7 4 D bindings for ClamAV Homepage http dmd kuehne cn diverse html clamav_d Supports ClamAV ClamAV bindings for the D programming la
40. is spooled in write thru mode and then scanned for viruses or spam The program is transparent for TLS connections 8 1 41 smtp vilter Homepage http www etc msys ch software smtp vilter Supports clamd smtp vilter is a high performance content filter for sendmail using the milter API The software scans e mail messages for viruses and drops or marks infected messages Cla mAV is the default scanner backend 8 Third party software EU 8 1 42 Zabit Homepage http www enderunix org zabit Supports clamscan Zabit is a content and attachment filter for Qmail 8 1 43 zmscanner Homepage http www average org zmscanner Supports libclamav Zmscanner is an extensible modular content filter for Zmailer and Sendmail It is de signed to be fast and efficient and thus suitable for high traffic mail systems 8 2 MTA POP3 Proxy ClamAV 8 2 1 ClamMail Homepage http www bransoft com Supports libclamav ClamMail is an anti virus POP3 proxy for Windows 8 2 2 POP3 Virus Scanner Daemon Homepage http p3scan sourceforge net Supports clamscan This is a fully transparent proxy server for POP3 clients It runs on a Linux box with iptables for port redirection It can be used to provide POP3 email scanning from the Internet to any internal network and is ideal for helping to protect your Other OS LAN from harm especially when used in conjunction with a firewall and other Internet Proxy servers 8 2 3 pop3 proxy
41. lScanner scans all e mail for viruses spam and attacks against security vulnerabili ties It is not tied to any particular virus scanner but can be used with any combination of 14 different virus scanners allowing sites to choose the best of breed virus scanner 8 1 19 Maverix Homepage http www crystalballinc com vlad software maverix Supports clamscan Maverix is AOLserver module that implements SMTP protocol and acts as a SMTP proxy with anti spam and anti virus capabilities 8 1 20 MIMEDefang Homepage http www roaringpenguin com mimedefang Supports clamscan clamd This is an efficient mail scanner for Sendmail milter 8 1 21 mxGuard for Mail Homepage http www mxguard com postmaster Supports clamscan mxGuard is a spam filter for Ipswitch Mail mail server running on Windows platforms It also includes free hooks to major anti virus engines including ClamAV 8 1 22 OdeiaVir Homepage http odeiavir sourceforge net Supports clamdscan OdeiaVir is an e mail filter for qmail or Exim 8 Third party software ES 8 1 23 OpenProtect Homepage http opencompt com Supports ClamAV via MailScanner OpenProtect is a server side e mail protection solution consisting of MailScanner Spa massassin ClamAV with support for Sendmail Postfix Exim and qmail It also consists of a fully automatic installer and uninstaller which configures everything automatically including setting up perl modules and virus
42. lating testl exe inflating test2 exe inflating test3 exe tmp clamav 77e7bfdbb2d3872b testl exe Worm Mydoom U FOUND tmp clamav 77e7bfdbb2d3872b test2 exe Trojan Taskkill A FOUND tmp clamav 77e7bfdbb2d3872b test3 exe Worm Nyxem D FOUND tmp malware zip Infected Archive FOUND 5 4 2 clamd clamd uses a clamscan compatible output format zolw localhost telnet localhost 3310 Trying 127 0 0 1 Connected to localhost Escape character is SCAN home zolw test home zolw test clam exe ClamAV Test File FOUND Connection closed by foreign host In the SCAN mode it closes the connection when the first virus is found SCAN home zolw test clam zip home zolw test clam zip ClamAV Test File FOUND CONTSCAN continues scanning even if virus was already found Error messages are printed in the following format SCAN no such file no such file Can t stat the file ERROR 6 LibClamAV EJ 6 LibClamAV libclamav is a simple and easy way to add a virus protection to your software The library is thread safe and transparently recognizes and scans within archives mail files MS Office document files executables and other file formats 6 1 Licence libclamav is licensed under the GNU GPL licence That means you are not allowed to link commercial close source applications against itf All software using libclamav must be GPL compliant 6 2 Features 6 2 1 Archives and compressed files The libr
43. ll 8 1 4 Clement Homepage http www clement safe ca Supports libclamav Clement is an application working as an mail server firewall Its only purpose is to trap most of the unwanted mail at the earliest possible stage Clement uses ClamAV to detect viruses and SpamAssassin to check for spam content 8 1 5 cgpav Homepage http program farit ru Supports clamd This is a fast written in C CommuniGate Pro anti virus plugin with support for clamd 8 1 6 ClamCour Homepage http sourceforge net projects clamcour Supports clamd ClamCour is a Courier MTA multithread filter that allows Courier to scan mail for viruses using Clam AntiVirus package 8 Third party software EN 8 1 7 clamfilter Homepage http www ensita net products clamfilter Supports clamd Clamfilter is a small secure and efficient content filter for Postfix designed for filtering messages efficiently through the clamd daemon 8 1 8 ClamSMTP Homepage http memberwebs com nielsen software clamsmtp Supports clamd ClamSMTP is an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti virus software It aims to be lightweight reliable and simple rather than have a myriad of options Written in C without major dependencies 8 1 9 clapf Homepage http dev acts hu clapf Supports libclamav Clapf is a clamav based virus scanning and anti spam content filter for Postfix 8 1 10 DSpamPD Homepage ht
44. n A Mikhailov clamav oltrelinux com 194 242 226 43 Italy Luca Gibelli lt 1 gibelli oltrelinux com gt clamav linux it 213 92 8 5 Italy Marco d Itri md linux it clamav kgt org 62 112 154 203 Germany Thomas Koeppe lt thomas kgt org gt mirror etf bg ac yu 147 91 8 58 Belgrade Serbia Ljubisa Radivojevic and Montenegro lt ljubisa etf bg ac yu gt clamav mirror waycom net 195 214 240 53 France Frederic Deletang lt fd waycom net gt clamav eastweb ru 213 219 245 4 Russia Leonid Novikov lt lenni eastweb ru gt clamav bridgeband net 63 166 28 8 Montana Mikel Bauer USA lt mikel bridgeband net gt 9 Credits KI Administrator clamav mirror pacific net au 61 8 0 16 Australia Martin Foster clamavdb mirrors net ru 212 16 26 185 Russia Andrew V Kovalev clamav cbn net id 202 158 56 242 Indonesia Riv Octovahriz DO me Mee aa clamav forthnet gr 193 92 150 194 Greece Nick Katsamas fuxhausen tiscali de 62 26 160 3 Germany Elke Hahnen clamav theshell com 209 200 146 2 USA Peter Avalos clamav inode at 81 223 20 171 Austria Michael Renner clamav cpss edu hk 218 189 210 14 Hong Kong Wan Pui Wa D TE Teen clamav irontec com 66 111 55 10 Tampa Iker Sagasti Markina ee Ed tse O clamav mpsnet com mx 200 4 48 8 Mexico Omar Armas idea sec dico unimi it 159 149 155 69 Italy Lorenzo Martignoni BREMEN Po mg clamav cs pu edu tw 140 128 9 18 Taiwan Hsun Chang Chang clamav ubak gov tr 212 174 131 5 Turkey Ali Erdinc Koroglu aa aa clamav ec
45. n conjunction with procmail A new email field X CLAMAV with all the viruses found is generated in the email header 8 5 4 KMail Homepage http kmail kde org Supports clamscan KMail is a fully featured email client that fits nicely into the K Desktop Environment KDE It supports attachment scanning with clamscan 8 5 5 MyClamMailFilter Homepage http muncul0 w interia pl projects html myclammailfilter Supports clamscan MyClamMailFilter is an e mail filter for procmail or maildrop When a virus is found it renames attachments and modifies the subject It can also rename potentially danger ous attachments looking at their extensions The software is simple fast and easy to customize 8 5 6 OpenWebMail Homepage http openwebmail com openwebmail Supports clamscan Open WebMail by default can use ClamAV as the external viruscheck module to scan messages fetched from pop3 servers or all incoming messages If a message or its attachments is found to have virus Open WebMail will move the message from INBOX to the VIRUS folder automatically 8 5 7 QClam Homepage http sageshome net oss qclam php Supports clamscan QClam is a simple program to plug ClamAV antivirus to your QMail mailbox It runs 8 Third party software KI from your qmail file receives incoming messages from QMail and scans them using clamscan if a virus found it returns 99 to QMail telling it that the message should not be processed
46. nd DNS based database version queries 2 Base package 1 2 Mailing lists If you have a trouble installing or using ClamAV try to ask on our mailing lists There are four lists available e clamav announce lists clamav net info about new versions moderated e clamav users lists clamav net user questions e clamav devel lists clamav net technical discussions e clamav virusdb lists clamav net database update announcements moderated You can subscribe and search the mailing list archives at http www clamav net ml html 1 3 Virus submitting If you have got a virus which is not detected by your ClamAV with the latest databases please check it with the ClamAV Online Specimen Scanner http test clamav power netz de and then submit it on our website http www clamav net sendvirus html 2 Base package 2 1 Supported platforms All popular operating systems are supported Clam AntiVirus was tested on e GNU Linux e Solaris e FreeBSD OpenBSD e AIX 4 1 4 2 4 3 5 1 I Subscribers are not allowed to post to the mailing list Installation from a port is recommended 2 Base package I e HPUX 11 0 e SCO UNIX e IRIX 6 5 20f e Mac OS X e BeOS e Cobalt MIPS boxes e Cygwin e Windows Services for Unix 3 5 Interix Some features may not be available on your operating system If you are successfully running Clam AntiVirus on a system not listed above please let us know 2 20 Binary packages e De
47. nd much more E mail data is stored in a database server MySQL or MS SQL depending on your choice 8 1 14 IVS Milter Homepage http ivs milter lbsd net Supports clamd IVS Milter is a virus and spam scanning milter The name stands for Industrial Virus Spam milter It s designed to be used by anything from home users to large ISPs 8 1 15 j chkmail Homepage http j chkmail ensmp fr Supports libclamav clamd j chkmail is a fast written in C filter for sendmail It does spam and dangerous content virus filtering with help of ClamAV The program supports many modes of monitoring and run time controlling and was designed to work on highly loaded servers It s an open source software available for free to registered users for non commercial usage 8 1 16 Mail Avenger Homepage http www mailavenger org Supports clamscan Mail avenger is a highly configurable SMTP server It allows you to reject spam during mail transactions before spooling messages in your local mail queue You can specify site wide default policies for filtering mail but individual users can also craft their own policies by creating avenger scripts in their home directories 8 Third party software EJ 8 1 17 Mailnees Homepage http mailnees kicks ass org Supports clamdscan Mailnees is an open source mail content filter for Sendmail and Postfix 8 1 18 MailScanner Homepage http www mailscanner info Supports clamscan Mai
48. nguage http digitalmars com d 8 7 5 File Scan ClamAV Homepage http search cpan org cfaber File Scan ClamAV 1 06 lib File Scan ClamAV pm Supports clamd Scan files and control clamd directly from Perl 8 7 6 Mail ClamAV Homepage http cpan gossamer threads com modules by authors id S SA SABECK Supports libclamav Perl binding for ClamAV 8 7 7 PHP ClamAV Lib Homepage http phpclamavlib org Supports libclamav PHP ClamAV Lib is a PHP extension that allows to incorporate virus scanning features in PHP scripts 8 Third party software KI 8 7 8 pyclamav Homepage http xael org norman python pyclamav index html Supports libclamav Python binding for ClamAV 8 7 9 WRAVLib Homepage http www wolfereiter com wravlib Supports clamscan clamd WRAVLIib is an extensible integration library to provide a virus security counter mea sure for MONO NET applications WRAVLIib is written in pure C and has been tested with Microsoft NET 1 1 and Novell Mono 1 0 1 8 8 Miscellaneous ClamAV 8 8 1 INSERT Homepage http www inside security de INSERT en html Supports ClamAV INSERT the Inside Security Rescue Toolkit aims to be a multi functional multi purpose disaster recovery and network analysis system It boots from a credit card sized CD ROM and is basically a stripped down version of Knoppix It features good hardware detection fluxbox emelfm links hacked ssh tcpdump nmap ch
49. ntpwd and much more It provides full read write support for NTFS partitions using captive and the ClamAV virus scanner including the signature database 8 8 2 Local Area Security Homepage http www localareasecurity com Supports ClamAV Local Area Security Linux is a Live CD distribution with a strong emphasis on security tools and small footprint It can be used to run ClamAV from a CDROM 8 8 3 mailgraph Homepage http people ee ethz ch dws software mailgraph Supports clamd mailgraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily weekly monthly and yearly graphs of received sent and bounced rejected mail SMTP traffic 8 Third party software EN 8 8 4 mailman clamav Homepage http www tummy com Software mailman clamav Supports clamd This module includes a Mailman handler for scanning incoming messages through Cla mAV The handler allows Mailman to be configured to hold or discard messages which contain viruses Particularly useful is the discard option which prevents list administra tors from having to manually deal with viruses 8 8 5 Moodle Homepage http moodle org Supports clamscan Moodle is a course management system a software package designed to help educators create quality online courses It can use ClamAV to scan files submitted by students 8 8 6 nclamd Homepage http www kyzo com nclamd Supports libclamav nclamd nclamav milter and nclamd
50. omas Morkus e The Names Database http static namesdatabase com e Michael Nolan http www michaelnolan co uk Credits e Jorgen Norgaard e Numedeon Inc creators of Whyville http www whyville net e Oneworkspace com http www oneworkspace com e Origin Solutions http www originsolutions com au e outermedia GmbH http www outermedia de e Kevin Pang http www freebsdblog org e Alexander Panzhin e Passageway Communications http www passageway com e Dan Pelleg http www libagent org e Thodoris Pitikaris e Paul Rantin e Thomas J Raef http www ebasedsecurity com e Luke Reeves http www neuro tech net e RHX http www rhx it e Stefano Rizzetto e Roaring Penguin Software Inc http www roaringpenguin com e Luke Rosenthal e School of Engineering University of Pennsylvania http www seas upenn edu e Tim Scoff e Seattle Server http www seattleserver com e Software Workshop Inc http www softwareworkshop com e Solutions In A Box http www siab com au e Stephane Rault e SearchMain http www searchmain com Credits Olivier Silber Fernando Augusto Medeiros Silva http www linuxplace com br Sollentuna Fria Gymnasium Sweden http www sfg se StarBand http www starband com Stroke of Color Inc Synchro Sistemas de Informacao http synchro com br Sahil Tandon The Spamex Disposable Email Address Service http w
51. on my local network Can I mirror the database locally so that each client doesn t have to download it from your servers Sure install a proxy server and then configure your freshclam clients to use it watch for the HTTPProxyServer parameter in man freshclam conf Alter natively you can configure a local webserver on one of your machines say ma chinel mylan and let freshclam download the cvd files from http database clamav net to the webserver s DocumentRoot Finally change freshclam conf on your clients so that it reads DatabaseMirror machinel mylan First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it e How can I list the virus signature names contained in the database If you are using a recent version of ClamAV just run Ssigtool list sigs 7 Frequently Asked Questions 29 e I found an infected file in my HD floppy mailbox but ClamAV doesn t rec ognize it yet Can you help me Our virus database is kept up to date with the help of the community Whenever you find a new virus which is not detected by ClamAV you should submit it on our website go to www clamav net and click on submit sample The virusdb team will review your submission and update the database if necessary Before submitting a new sample check that the value of DatabaseDirectory in both clamd conf and freshclam conf is the same update
52. onitor logger or external security implementations It operates by intercepting file access calls and passing the file information to a 3rd party application The 3rd party application then has the opportunity to tell the kernel module to allow or deny the file access The 3rd party application also receives information about the file type of access process id and user id 8 4 2 Famuko Homepage http www campana vi it ottavio Progetti Famuko Supports libclamav Famuko is an on access scanner based on libfam and working in a userspace 8 4 3 OpenAntiVirus samba vscan Homepage http www openantivirus org projects phptsamba vscan Supports clamd samba vscan provides on access scanning of Samba shares It supports Samba 2 2 x 3 0 with working virtual file system VES support 8 5 Mail User Agent ClamAV 8 5 1 clamailfilter Homepage http quiston tpsa com hacks clamailfilter xhtml Supports clamscan clamdscan clamailfilter is a Python script that provides anti virus scanning via procmailrc 8 5 2 ClamAssassin Homepage http drivel com clamassassin Supports clamscan 8 Third party software 44 clamassassin is a simple script for virus scanning with clamscan which works similarily to spamassassin It s designed for integration with procmail 8 5 3 clamscan procfilter Homepage http www virtualblueness net blueness clamscan procfilter Supports clamscan A procmail filter for clamscan to work i
53. ording to configuration 8 1 34 Scrubber Homepage http projects gasperino org scrubber Supports libclamav Scrubber is a server side daemon for filtering mail content It attempts to solve the is sues that plague many server side content filtering solutions such as extensibility speed SMTP specific dependencies and virtual hosting The core of the project a client server daemon that accepts raw content from SMTP side client applications breaking the mes sage into MIME parts and then sending the content through a series of loadable filter plugins to handle the message accordingly The final message is sent back to the client side programs for SMTP reinjection 8 1 35 Secure Mail Intelligence Homepage http www m2smi com Supports libclamav SMI is a server side e mail protection solution that combines firewall elements intru sion detection system anti virus and anti spam modules SMI can use up to 7 anti virus scanners including ClamAV at the same time and 3 different spam filtering engines A built in SMTP engine allows SMI to directly send mail alerts Other features include Routing amp Queuing Module Disclaimer amp Messages Module Updater Module Pol icy CheckModule Mail Storage Module Image Analysis Module Cryptography Series and Mail Analysis SMI runs on Microsoft Windows 98 NT 2k XP 2003 platforms both Professional and Server releases Linux 1586 OpenBSD FreeBSD and Solaris 9 x86 and SPARC and
54. penProtect SEENEN Protea AntiVirus Tools 21 21 21 22 22 23 23 26 26 26 26 27 Contents 8 2 8 3 8 4 8 5 E 81 26 PISMal UGES s ag sur wed e dee EE xu xe 36 8 1 27 PANIS amp 2s bee os a 3 GRABA Mex x eg bx 36 8 1 28 OimmailsScanner 2 4 eed Gee ee e XL Rs 37 8 1 29 gpsIDED 2 45 kd KG AG 939 93 9 33 9 93 3 5 3 9 8 3 x 37 ALSO ges ong cua Gee Gee Gai See Pe desea Pe dg ex 37 A Shele e 2 5 amp oe ae ee Ae Owe KG a o a ha na 37 8 1 32 RevolSys SMTP kit for Postfix eet eee eee 37 AR a se ak Goce a NAA BAK Ace GH GOR de ee eg 37 A Scrubber a soa aco ad oe re OR ded n Rw Eee Oe 38 8 1 35 Secure Mail Intelligence e ow Sow rt a 38 5 1 30 RIBISCAH Para oae Sede ee adus do dE 38 Baka Satis Ml EHE gt ae KATA ot 39 5135 smf clamd vaio suis xo oko eoe AAA 39 5 1 39 SEPIA a Roe Ia o ER A 39 8 1 40 smtp gated ec es koe aa o we Yo yox 5 39 SE NE lic EXT 39 ARS CA s ANM 40 BIS ZmBOSD B noe 5 4o 4 SR ee RRA 40 MTA POPS Proxy CIQWAY 5 sau AAA 40 Bl Cla zig ado oS DSS SSE A AA X 40 8 2 2 POPS Virus Scanner Daemon 2 3 393 4o 9 Kop ARCU Pode 40 8 2 3 POP PONY ces cer 4339 4 9G NAK dp RR xy eu 40 Web FTP Proxy ClamAV 2 2 o Ra 41 8 3 1 DansGuardian Anti Virus Patch 41 MON A 41 8 3 3 HTTP Anti Virus Proxy cx aaa corra 41 8 34 00 AA 41 8 3 5 ClamAV module for ProFTPD 41 BO BAD uu uu dee dese rare aa 42 8 3 7 SquidClamAV Redirector sisi e
55. r const char dirname struct cl stat dbstat int cl statchkdir const struct cl stat dbstat int cl statfree struct cl stat dbstat Initialization struct cl stat dbstat memset amp dbstat 0 sizeof struct cl stat cl statinidir dbdir amp dbstat To check for a change you only need to call c1 statchkdir if cl statchkdir amp dbstat 1 reload database cl statfree amp dbstat cl statinidir cl retdbdir amp dbstat Remember to reinitialize the structure after reload 6 4 1 Data scan functions It s possible to scan a buffer a descriptor or a file with int cl scanbuff const char buffer unsigned int length const char virname const struct cl node root int cl scandesc int desc const char virname unsigned long int scanned const struct cl node root const struct cl limits limits unsigned int options int cl scanfile const char filename const char virname unsigned long int scanned const struct cl node root const struct cl limits limits unsigned int options 6 LibClamAV 24 All the functions save a virus name under virname pointer It points to a field in the internal database structure and must not be released directly If the scanned pointer 1s not NULL the functions will increase a value represented by this pointer by a size of scanned data in CL_COUNT_PRECISION units The last two functions also support archive limits required to protect against
56. r run clamav clmilter sock F T S 4m R 4m dnl define confINPUT MAIL FILTERS clmilter If you re running it in external mode check entry in clamd conf of the form LocalSocket var run clamav clamd sock Start clamav milter usr local sbin clamav milter lo var run clamav clmilter sock and restart sendmail 4 3 Testing Try to scan recursively the source directory clamscan r 1 scan txt clamav x yz It should find some test files in the clamav x yz test directory The scan result will be saved in the scan txt log file 4 To test clamd start it and use clamdscan or connect directly to its socket and run the SCAN command instead clamdscan 1 scan txt clamav x yz Please note that the scanned files must be accessible by the user running clamd or you get an error To get more info on clamscan options execute man clamscan 4 Configuration 15 4 4 Setting up auto updating freshclam is the default database updater for Clam AntiVirus It can work in two modes e interactive from command line verbosely e daemon alone silently When started by a superuser it drops privileges and switches to the clamav user freshclam uses the database clamav net round robin DNS which automatically selects a database mirror9 1 freshclam is an advanced tool it supports database version verification through DNS proxy servers with authentication digital signatures and various error scenarios Quick te
57. rg 193 218 105 9 France Xavier Beaudouin 9 2 Contributors clamav gva es 82 159 137 16 Spain Jose Antonio Amador lt jamador gva es gt The following people contributed to our project in some way providing patches bug reports technical support documentation good ideas e Clint Adams lt schizo debian org gt e Sergey Y Afonin lt asy kraft s ru gt e Robert Allerstorfer lt roal anet at gt e Claudio Alonso lt cfalonso yahoo com gt e Kevin Amorin lt kamorin ccs neu edu gt e Kamil Andrusz lt wizz mniam net gt e Tayfun Asker lt tasker metu edu tr gt e Jean Edouard Babin lt Jeb jeb com fr5 e Marc Baudoin lt babafou babafou eu org gt e Scott Beck lt sbeck gossamer threads com gt e Rolf Eike Beer lt eike mail math uni mannheim de gt e Rene Bellora lt rbellora tecnoaccion com ar gt e Carlo Marcelo Arenas Belon carenas sajinet com pe Credits e Joseph Benden lt joe thrallingpenguin com gt e Hilko Bengen bengen vdst ka inka de e Hank Beatty lt hbeatty starband net gt e Alexandre Biancalana lt ale seudns net gt e Patrick Bihan Faou lt patrick mindstep com gt e Martin Blapp mb imp ch e Dale Blount lt dale velocity net gt e Serge van den Boom svdb stack nl e Oliver Brandmueller ob e Gitt NET e Boguslaw Brandys lt brandys o2 p1 gt e Igor Brezac lt igor ipass net gt e Mike Brudenell lt pmb1 york ac uk gt e Brian Bruns bruns 2mbit com e Len Budney
58. rror com 203 16 234 78 Australia Jason Andrade clamav pathlink com 129 250 169 81 USA Kachun Lee clamav mirror vutbr cz 147 229 3 16 Czech Republic Tomas Kreuzwieser mirror adm cis vutbr cz clamav fx services com 69 93 108 98 USA Robin Vley lt robin fx services com gt 9 Credits EZ clamav mirror camelnetwork com 213 230 200 242 UK Chris Burton aaa lt clamav mirror camelnetwork com gt clamav unnet nl 62 133 206 90 Netherlands Cliff Albert A A x S Edward Kujawski clamav inoc net 64 246 134 133 US Robert Blayzor WA bid clamav devolution com 206 58 251 131 California Scott Call clamavdb hostlink com hk 210 245 160 22 Hong Kong Alex Fong uo H S is Pi A Jean Francois Pirus lt jfp clearfield com gt clamav easynet fr 212 180 1 29 France Jean Louis Bergamo mailadmin easynet fr xarch clamav net 129 27 62 129 Austria Reini Urban lt rurban x ray at gt clamav mirrors webpartner dk 195 184 96 15 Denmark Nicolai Gylling lt nsg webpartner dk gt Lasse Brandt 1b webpartner dk IP Location Administrator clamav cryms info 194 29 5 19 Lugano Lorenzo Patocchi clamav mirror wiseknot co jp 59 87 0 36 Japan Michiaki Tada ue clamav host bg 87 120 40 28 Bulgaria Anton Titov clamav yukiguni net 219 127 68 136 Japan Takehisa Obata clamav begi net 219 106 242 51 Japan Hiromichi Itou clamav meiwing com 210 245 226 117 Hong Kong Thomas Koo eric thomas meiwing com clamav unix su 62 181 41 8 Russian Federation Konstanti
59. running Qmail Scanner as qscand de fault setting you could put User qscand inside your clamd conf file and restart clamd Remember to check that qscand can create clamd ctl usually located at var run clamav clamd ctl The same applies to the log file e How do I use ClamAV with p3scan Add the following lines to your pop3vscan configuration file virusregexp FOUND scanner usr bin clamdscan no summary i scannertype basic e Where can I ask questions about using ClamAV Subscribe to our clamav users mailing list at http www clamav net ml html e Where can I get the latest CVS snapshot of ClamAV Basically there are two ways 8 Third party software EN Run cvs d pserver anonymous cvs sourceforge net cvsroot clamav co clamav devel Visit http www clamav net snapshot e Pma MS Windows user Can I take advantage of ClamAV virus protection Yes you can use ClamWin a port of ClamAV for win32 systems with a very nice graphic interface Download it at http www clamwin net e Where can I find more information about ClamAV Please read this documentation You can also try searching the mailing list archives If you can t find the answer you can ask for support on the clamav users mailing list but please before doing it search the archives Also make sure that you don t send HTML ized email messages and that you don t top post these violate the netiquette and lessen your chances of being answere
60. s and organisations we have a few dozens of very fast and reliable mirrors Moreover our advanced push mirroring mechanism allows database maintainers to update all of them in less than one minute 9 Credits EJ clamav power netz de 212 162 12 159 Dusseldorf Andreas Gietl clamav essentkabel com 195 85 130 84 Netherlands Chris van Meerendonk clamav inet6 fr 62 210 153 201 France Lionel Bouton clamav netopia pt 193 126 14 29 Portugal Miguel Bettencourt Dias clamav sonic net 209 204 175 217 USA Kelsey Cummings A a ama clamav gossamer threads com 64 69 64 158 Canada Alex Krohn ee ad ee aT clamav catt com 64 18 100 4 USA Mike Cathey mas LL otw db clamav or id 202 134 0 71 Indonesia Fajar Nugraha clamav du viaverio com 199 239 233 95 USA Scott Wiersdorf clamav sj viaverio com 128 121 60 235 USA Scott Wiersdorf clamavdb heanet ie 193 1 193 64 Ireland Colm MacCarthaigh clamav crysys hu 152 66 249 132 Hungary Bencsath Boldizsar clamav infotex com 66 139 73 146 Texas USA Matthew Jonkman clamav ialfa net 210 22 201 152 People s Republic Alfa Shen clamavdb ikk sztaki hu 193 225 12 21 Hungary Gabor Kiss BuU clamav mirrors nks net 24 73 112 74 Florida USA James Neal as A PE clamav kratern se 212 31 160 239 Sweden Emil Ljungdahl clamav dif dk 193 138 115 108 Denmark Jesper Juhl clamav dbplc com 217 154 108 81 United Kingdom Simon Pither lt simon digitalbrain com gt clamav mirror transip nl 80 69 67 3 The Netherlands Walter Hop lt w
61. scan are rewritten versions of the original tools and use processes instead of threads and ripMIME instead of the clamav built in MIME decoder 8 8 7 qmailmrtg7 Homepage http www inter7 com qmailmrtg7 Supports ClanAV qmailmrtg7 utilizes qmail and tcpserver multilog s extensive logging capabilities to cre ate mrtg graphs It efficiently processes the log files and can graph viruses found by ClamAV 8 8 8 redWall Firewall Homepage http redwall sourceforge net Supports ClanAV redWall is a bootable CD ROM firewall which focuses on web based reporting of the firewall s status It supports virus filtering with amavisd new and ClamAV 9 Credits Ki 8 8 9 Scan Log Analyzer Homepage http pandaemail sourceforge net av tools Supports ClanAV Scan analyzer allows you to plot and view graphical representation of log data from virus logs of RAV ClamAV and Vexira 8 8 10 snort inline Homepage http snort inline sourceforge net Supports libclamav snort inline ships with a ClamAV preprocessor that will scan your network traffic for viruses You can choose which protocols must be monitored If a virus is detected snort inline can send a reset and drop the relative packets 8 8 11 Snort ClamAV Homepage http www bleedingsnort com staticpages index php page snort clamav Supports libclamav Snort ClamAV scans data in packets for viruses 9 Credits 9 1 Database mirrors Thanks to the help of many companie
62. scanner settings 8 1 24 Protea AntiVirus Tools Homepage http www proteatools com Supports clamd Protea AntiVirus Tools for Lotus Domino scans and cleans automatically attached files and other objects in Domino mail Clam AntiVirus scanner is used for virus detection Fully configurable scheduled database scanning offers an additional layer of protection 8 1 25 PSCM Homepage http www metawire org pscm Supports clamd PSCM is an RPM package that provides out of box easy installation for a secure smtp mailserver with spam filtering and virus scanning capabilities 8 1 26 PTSMail Utilities Homepage http www scanmail software com Supports clamscan PTSMail uses clamscan as part of the ptsfilter a sendmail milter 8 1 27 pymavis Homepage http mplayerhq hu arpi pymavis Supports clamscan pymavis is an email parser similar to the old amavis or amavis perl The primary goal is to retrieve all attachments from an email and then run various virus scanners over them The parser can deal with damaged and truncated messages non RFC compliant or broken MIME syntax headers inline non MIME attachments can decode base64 quoted printable uuencoded and binhex 4 0 hqx encodings 8 Third party software 8 1 28 Qmail Scanner Homepage http qmail scanner sf net Supports clamscan Please increase the softlimit value if you are going to use it with clamscan 8 1 29 qpsmtp Homepage http smtpd dev
63. sign fi gt Thomas Quinot lt thomas cuivre fr eu org gt Ed Ravin lt eravin panix com gt Robert Rebbun robert desertsurf com gt Brian A Reiter lt breiter wolfereiter com gt Didi Rieder lt adrieder sbox tugraz at gt Pavel V Rochnyack lt rpv fsf tsu ru gt Rupert Roesler Schmidt lt r roesler schmidt uplink at gt David Sanchez lt dsanchez veloxia com gt David Santinoli david santinoli com Vijay Sarvepalli lt vssarvep office uncg edu gt Martin Schitter Theo Schlossnagle lt jesus omniti com gt Enrico Scholz lt enrico scholz informatik tu chemnitz de gt Karina Schwarz lt k schwarz uplink at gt Scsi scsi softland ru Dr Matthew J Seaman m seaman infracaninophile co uk gt Hector M Rulot Segovia lt Hector Rulot uv es gt Omer Faruk Sen lt ofsen enderunix org gt Sergey lt a_s_y sama ru gt Tuomas Silen tuomas silen nodeta fi David F Skoll lt dfs roaringpenguin com gt Al Smith lt ajs clamav aeschi ch eu org gt Sergey Smitienko lt hunter comsys com ua gt Credits e Solar Designer solar openwall com e Joerg Sonnenberger lt joerg britannica bec de gt e Kevin Spicer lt kevin kevinspicer co uk gt e GertJan Spoelman lt cav gjs cc gt e Ole Stanstrup lt ole stanstrup dk gt e Adam Stein lt adam scan mc xerox com gt e Steve lt steveb webtribe net gt e Richard Stevenson lt richard endace com gt e Sven Strickroth lt sstrickroth gym oha de gt e Matt Sulliv
64. st run freshclam as superuser with no parameters and check the output Ifeverything is OK you may create the log file in var log owned by clamav or another user freshclam will be running as user touch var log freshclam log chmod 600 var log freshclam log chown clamav var log freshclam log Now you should edit the configuration file freshclam conf or clamd conf if they re merged and configure the UpdateLogFile directive to point to the created log file Fi nally to run freshclam in the daemon mode execute freshclam d The other method is to use the cron daemon You have to add the following line to the crontab of the root or clamav users N usr local bin freshclam quiet to check for a new database every hour N should be a number between 3 and 57 of your choice Please don t choose any multiple of 10 because there are already too many clients using those time slots Proxy settings are only configurable via the configuration file and freshclam will require strict permissions on the config file when HTTPProxyPassword is enabled TPProxyServer myproxyserver com TPProxyPort 1234 TPProxyUsername myusername TPProxyPassword mypass t t EG EG 5 Usage 16 4 5 Closest mirrors The DatabaseMirror directive in the config file specifies the database server freshclam will attempt up to MaxAttempts times to download the database from The default database mirror is data
65. stions EN wget http prdownloads sourceforge net clamav clamav X XX tar gz wget http prdownloads sourceforge net clamav clamav X XX tar gz sig Verify that the stable release download is signed with the proper key gpg verify clamav X XX tar gz sig Make sure the resulting output contain the following information Good signature from Tomasz Kojm tk lodz tpnet pl e Can ClamAV disinfect files No it can t We will add support for disinfecting OLE2 files in one of the next stable releases There are no plans for disinfecting other types of files There are many reasons for it cleaning viruses from files is virtually pointless these days It is very seldom that there is anything useful left after cleaning and even if there is would you trust it e When using clamscan is there a way to know which message within an mbox is infected No clamscan stops at the first infected message You can convert the mbox to Maildir format run clamscan on it and then convert it back to mbox format There are many tools available which can convert to and from Maildir format e g for mail mbox2maildir and maildir2mbox e Pm running qmail Qmail Scanner ClamAV and get the following error in my mail logs clamdscan corrupt or unknown clamd scanner error or mem ory resource perms problem What s wrong with it Most likely clamd is not running at all or you are running Qmail Scanner and clamd under a different uid If you are
66. su edu e Roger Lucas lt roger planbit co uk gt e David Luyer david luyer pacific net au e Richard Lyons lt frob clamav webcentral com au gt e David S Madole lt david madole net gt e Thomas Madsen tm softcom dk e Bill Maidment lt bi11 maidment com au e Joe Maimon lt jmaimon ttec com gt e David Majorel lt dm lagoon nc gt e Andrey V Malyshev lt amal krasn ru gt e Fukuda Manabu lt fukuda cri mw co jp gt e Stefan Martig lt sm officeco ch gt e Alexander Marx lt mad ml madness at gt Credits e Andreas Marx http www av test org e Chris Masters lt cmasters insl co uk gt e Fletcher Mattox lt fletcher cs utexas edu gt e Serhiy V Matveyev lt matveyev uatele com gt e Reinhard Max lt max suse de gt e Brian May lt bam debian org gt e Ken McKittrick k1mac usadatanet com e Chris van Meerendonk cvm castel nl e Andrey J Melnikoff temnota kmv ru e Damian Menscher menscher uiuc edu e Jasper Metselaar lt jasper formmailer net gt e Arkadiusz Miskiewicz lt misiek pld linux org gt e Ted Mittelstaedt lt tedm toybox placo com gt e Mark Mielke lt mark mark mielke cc gt e John Miller lt contact glideslopesoftware co uk gt e Jo Mills lt Jonathan Mills frequentis com gt e Dustin Mollo lt dustin mollo sonoma edu gt e Remi Mommsen lt remigius mommsen cern ch gt e Doug Monroe lt doug planetconnect com gt e Alex S Moore lt asmoore edge net gt e Tim Morgan lt
67. tp caspian dotconf net menu Software DspamPD Supports clamd DspamPD is a transparent SMTP proxy daemon that passes email through DSPAM It can also pass mail through ClamAV as well providing you with a one stop anti spam anti virus smtp proxy with no extra perl modules 8 1 11 exiscan Homepage http duncanthrax net exiscan acl Supports clamscan clamd exiscan is a patch against exim version 4 providing support for content scanning in email messages received by exim Four different scanning facilities are supported an tivirus antispam regular expressions and file extensions 8 1 12 Gadoyanvirus Homepage http oss mdamt net gadoyanvirus Supports libclamav 8 Third party software 34 gadoyanvirus is a yet another virus stopper for qmail It replaces the original qmail queue program It scans incoming messages using the ClamAV anti virus library Sus pect message will be quarantined and optionally a notification message will be sent to the recipients By default gadoyanvirus needs QMAILQUEUE patched qmail installa tion 8 1 13 hMailServer Homepage http www hmailserver com Supports ClamAV hMailServer is a free open source e mail server for Microsoft Windows It supports all the common mail protocols and comes with a easy to use COM library that can be used for integration with external software It also has supports for virtual domains distribution lists ClamAV aliases distributed domains a
68. ualinux com 66 111 57 40 Ecuador E Perez Estevez E E PP clamav ocl mirrors redwire net 64 186 250 53 USA Japheth Cleaver ee Ka Mee NP clamav edpnet net 212 71 0 71 Belgium Daan Kerkhofs Do ee e ee o caaeraetssdeetaee clamav edgescape com 67 19 5 178 SA Timothy Folks aaa an PUT ttg clamav hanbiro com 211 234 111 17 Korea Kwon Taek Sool clamav vtu lt 193 219 149 170 Lithuania Eugenijus J AA A clamav ftpproxy org 195 246 234 199 Germany Andreas Schoenberg clamav iasi roedu net 192 129 4 120 Romania Subredu Manuel aa sd o clamav infonet ee 212 7 0 1 Estonia Konstantin Barinov o mem BG a E clamav savework de 85 214 44 186 Germany Kai H Weutzing clamav skynet cz 193 165 254 12 Czech Republic Jaroslav Jurasek lt jaroslav jurasek skynet cz gt 9 Credits EJ clamav citrin ru 213 248 60 121 Russia Anton Yuzhaninov clamav paralax org 83 148 101 196 Bulgaria Svetoslav Vesselkoff Jose Celestino lt japc co sapo pt gt Tim Treaster lt tim westlinks com gt Steven Collins lt scollins liquidweb com gt Eric Veldhuyzen lt ericv xs4all net gt Nicola Pinna USA USA clamav pinna cx 69 57 154 46 Texas USA lt pinna pinna cx gt Thomas Lenggenhager lt lenggenhager switch ch gt clamav public internet co uk 195 85 245 20 London Tom Beard PARA eee United Kingdom lt tom beard public internet co uk gt clamav mainloop se 192 71 58 30 Sweden Thomas Althoff 193 239 17 68 Germany Thomas Schwanhaeuser clamav
69. ut http news gmane org gmane comp security virus clamav virusdb to see our response times to new threats The virusdb team tries to keep up with the latest worm in the wild When a new worm spreads out often it is less than one hour before we release a database update You can contribute to make the virusdb updating process more efficient by submitting samples of viruses via our web interface e I tried to submit a sample through the web interface but it said the sample is already recognized by ClamAV My clamscan tells me it s not I already updated my database what s wrong with my setup Please run clamscan with the mbox option Also check that freshclam and clam scan are using the same path for storing reading the database e ClamAV crashes hangs doesn t compile doesn t start Did I find a bug Before reporting a bug please download the latest CVS code and try to reproduce the bug with it Chances are the bug you encountered has already been fixed If you really feel like you found a bug please send a message bugs clamav net e How do I automatically restart clamd when it dies Set up a cronjob which checks that clamd is up and running every XX minutes You can find an example script in the cont rib clamdwatch directory e How do I keep my virus database up to date ClamAV comes with freshclam a tool which periodically checks for new database releases and keeps your database up to date e Pm running ClamAV on a lot of clients
70. ww spamex com Brad Tarver TGT Tampermeier amp Grill Steuerberatungs und Wirtschaftstreuhand OEG http www tgt at Per Reedtz Thomsen William Tisdale Up Time Technology http www uptimetech com Ulfi Jeremy Vanderburg http www jeremytech com Web arbyte Online Marketing http www webarbyte de Webzone Srl http www webzone it Markus Welsch http www linux corner net Julia White http www convert tools com Nicklaus Wicker David Williams http kayakero net Glenn R Williams Kelly Williams Zimbra open source collaboration suite http www zimbra com 10 Authors 9 4 Graphics The authors of the nice ClamAV logo look at the title page and other graphics are Mia Kalenius and Sergei Pronin lt sp finndesign fi gt from Finndesign http www finndesign fi 9 5 OpenAntiVirus Our database includes the virus database about 7000 signatures from http OpenAntiVirus org 10 Authors e aCaB lt acab clamav net gt Italy Role virus database maintainer coder e Boguslaw Brandys lt bbrandys clamav net gt Poland Role Win32 development e Mike Cathey lt mike clamav net gt USA Role co sysadmin e Christoph Cordes lt ccordes clamav net gt Germany Role virus database maintainer e Diego d Ambra lt diego clamav net gt Denmark Role virus database maintainer e Jason Englander lt jason clamav net gt USA Role inactive e Luca Gibelli 1uca clamav net Italy
71. your database by running freshclam e Why is ClamAV calling the XXX virus with another name This usually happens when we add a signature before other AV vendors No well known name is available at that moment so we have to invent one Renaming the virus after a few days would just confuse people more so we usually keep on using our name for that virus The only exception is when a new name is established soon after the signature addition You can find more info about this in the virus naming page at http www clamav net cvdinfo html e How do I know when database updates are released Subscribe to the clamav virusdb mailing list e How can I scan a file on my hard disk for viruses without installing ClamAV Use the online scanning tool available at http test clamav power netz de e I found a false positive in ClamAV virus database What shall I do Fill the form at http www clamav net sendvirus htm1 Be sure to select The file attached is a false positive e How do I verify the integrity of ClamAV sources Using GnuPG http www gnupg org you can easily verify the authenticity of your stable release downloads by using the following method Download Tomasz Kojm s key from the clamav net site wget http www clamav net gpg tkojm gpg Import the key into your local public keyring gpg import tkojm gpg Download the stable release AND the corresponding sig file to the same directory 7 Frequently Asked Que
Download Pdf Manuals
Related Search