Building ClamAV Source on Linux
Introduction
Too many people out there think that Linux malwares aren't a thing and that they don't wait for you at every corner looking for a chance to open that reverse TCP connection on your host. Just like MacOS, GNU/Linux is prone to viruses on certain circumstances, hence antivirus software is recommended, even if not running any open IPs or services, but if that's the situation, you should check up the IDS/IPS software variants. Even if you've never encountered a virus in your experience with Linux before, I'd suggest checking out the Linux malware Wikipedia page.
Anyways, one of the solutions available, to being in danger of loss of private data, is, of course, antivirus software. My personal preference is ClamAV - an Open-Source cross-platform antivirus framework that is being constantly updated with almost daily database upgrades, that include the newest threats identified in the wild. In this article we'll be installing ClamAV on Linux - note, that the installation process is different on every OS, and that if you're running everything other than Linux, you might encounter problems following the tutorial. Good luck on reading and stay safe.
Installation process
We'll start with choosing the right version of the ClamAV. Basically, there are two options: release version, and the development version. Both development and release versions are available on ClamAV GitHub. I usually prefer Release versions, since they're less prone for bugs, but in this case, if you're not running the Development version, everytime you scan you'll see an annoying error, saying that you're not running the latest version, since Development is considered the newest version.
After you picked your variant (Release or Development), let's download your desired version of ClamAV:
user@host:~$ git clone --branch <branch> https://github.com/Cisco-Talos/clamav-devel.git
Instead of <branch>, enter your desired branch to download, in my case it's dev/0.100.1 at the time of writing. You can find the name of the branch on the left side selection drop-down list on the repository.
Once downloaded, enter the directory:
user@host:~$ cd clamav-devel
Configure before building your source (add -h option if you want to see settings you can customize, I personally find the default settings just fine:
user@host:~$ ./configure [-h]
When configured, execute these two commands to build and install from the source:
user@host:~$ make
After you picked your variant (Release or Development), let's download your desired version of ClamAV:
user@host:~$ git clone --branch <branch> https://github.com/Cisco-Talos/clamav-devel.git
Instead of <branch>, enter your desired branch to download, in my case it's dev/0.100.1 at the time of writing. You can find the name of the branch on the left side selection drop-down list on the repository.
Once downloaded, enter the directory:
user@host:~$ cd clamav-devel
Configure before building your source (add -h option if you want to see settings you can customize, I personally find the default settings just fine:
user@host:~$ ./configure [-h]
When configured, execute these two commands to build and install from the source:
user@host:~$ make
user@host:~$ make install
Now, you need to configure your ClamAV build with the command freshclam, but you'll most likely encounter an error when attempting to:user@host:~$ freshclam: error while loading shared libraries: libclamav.so.7: cannot open shared object file: No such file or directory
If so, download the missing library:
user@host:~$ apt install libclamav7
Now, after trying to configure again, another problem arises:
user@host:~$ freshclam
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf
The solution is as simple as it can be, just copy the config sample to an actual config:
user@host:~$ mv /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf
Though, some more steps are waiting for you. Open the config file and comment the line Example. I prefer vim for this task. Now, after you commented out the line, you'll have to add a clamav user for the program. Do it as in the following example:
user@host:~$ adduser clamav
Now, add the directory needed for freshclam and make clamav the owner of the directory:
user@host:~$ mkdir /usr/local/share/clamav
user@host:~$ chown -R clamav:clamav /usr/local/share/clamav
That's it! Run freshclam now!
user@host:~$ freshclam
Now, it might take a while for the databases to download, both main.cvd and daily.cvd. Take your time waiting and a look into ClamAV Documentation here.
By now, your installation process is finished! You can run the ClamAV scanner with the command clamscan, but every time you run the scanner it reloads all the databases, hence the scan takes a quite long amount if time. Running clamdscan daemon can fix this problem for you.
Stay safe!
No comments:
Post a Comment