Script for configuring ClamAV server on Fedora

In short, I’ve written a bash script (available from github) for configuring and removing instances of clamav-server on Fedora. It lets you create and remove individual instances with a specific user and port (if you specify them) and will install the required packages if not already present on the system.

In long, we use Clam AntiVirus as our antivirus protection for Digital Preservation Recorder and talk to it over the default port, 3310.

Installing the clamav-server package under Fedora however, doesn’t actually set up an instance. In fact, it doesn’t copy any system configuration files into place at all. This means that the system is left without any working ClamAV server out of the box.

Under Fedora, ClamAV server is configured on a per user basis. This is actually quite important (unless you run as root) because the daemon needs at minimum read access (and we’ve found also write) on the files/directory being passed for scanning.

The instructions on how to configure it are located under /usr/share/doc/clamav-server-[version]/ but I have taken these instructions and written a bash script to configure all of this for you.

The script is available from github. It can create or remove an individual instance of clamav-server using a specific username and port (if you want to specify them, else it defaults to clamav on port 3310). The script will also install any required packages, if you don’t already have them on the system.

Hopefully this is useful to someone else out there and not just us :-) If you find any bugs feel free to let me know.

10 Responses to “Script for configuring ClamAV server on Fedora”


  • Thanks for this, much appreciated.
    Hope you will update fro new Fedora releases, as and when

  • No worries, good to know that it’s useful to someone else at least :-) I got your email about setting up a quarantine directory. I’ll have a look at that tomorrow and work out how to do it and update the script.

    Cheers,
    -c

  • Can you please show example of how you use the script to remove individual instances with a specific user and port? Also please show an example of usin the script to setup an instance as a user other than clamav?

  • Hi Frank,
    The script should have build in help, so grab the latest copy of the script and pass –help to see examples.

    -c

  • Found the corrct blog.

    Getting this on some real\virt F16 boxes.
    User is clamav,
    update user is clamupdate

    snipped from logwatch:
    Database updated (2333889 signatures) from database.clamav.net (IP: 194.47.250.218)
    connect(): Connection refused
    ERROR: NotifyClamd: Can’t connect to clamd on 127.0.0.1:3310

    lrwxrwxrwx. 1 root root 6 Nov 3 02:29 /var/run -> ../run
    there is no clamav\clamd\freshclam in /var/run (/run)
    Do I need to specificall uncomment relevant *.pid lines, and if yes, what permissions. chmod 660 ?

  • Is it running:
    ps ax |grep clam

  • ps ax | grep clam
    1701 pts/0 S+ 0:00 grep –color=auto clam

    [root@test07 ~]# systemctl status clamd.clamav.service
    clamd.clamav.service – SYSV: The clamd server running for clamav
    Loaded: loaded (/etc/rc.d/init.d/clamd.clamav)
    Active: active (exited) since Fri, 13 Apr 2012 10:08:07 +0100; 1min 36s ago
    Process: 1023 ExecStart=/etc/rc.d/init.d/clamd.clamav start (code=exited, status=0/SUCCESS)
    CGroup: name=systemd:/system/clamd.clamav.service

  • Found the problem
    clamd-wrapper is commented out in
    /etc/rc.d/init.d/clamd.clamav
    CLAMD_SERVICE=clamav
    #. /usr/share/clamav/clamd-wrapper

  • Hi Chris,

    I posted this in Fedora Forum, before I found a link to this entry in your blog. Sorry to keep bugging you about this, but my main question relates to systemd – I am really unsure as to how to get clamd working with systemd.

    I am looking for a simple way to get clamd working and, more importantly, to get it working properly. Each time I install it I slog through all the steps that I think are required and still manage to get something wrong or leave something out.

    This script seems like the answer to my dreams and indeed I used it quite successfully on F14 and F15.

    I have recently installed F17 however and I am a little nervous about using the current (VERSION=0.4 ?) version of the script.

    Two things worry me:

    1) In the /usr/share/doc/clamav-server-0.97.5/README doc it says: “NEVER use ‘clamav’ as the user since he can modify the database.” yet the script uses clamav as the user; and

    2) Since F16 systemd has been the default system and service manager and there is a systemd service file (which I don’t understand!) provided with the F17 yum clamav-server package. How hard would it be to modify the script to make it systemd compliant?

    Answers to this, or any other suggestions – or simple walk-through guides (relevant for F17) would be much appreciated…

    Thanks

    Mark

    p.s.

    I realise now that the question about the username is irrelevant because your script allows for a username to be passed to it. Sorry…

  • Hi Arthur,

    Sorry for the delay. I haven’t had time to look at it recently, however as for the user, you can specify the user yourself when you run the script. You could make it root, or your own user or anything else.

    I think recent Fedora releases can still run non systemd init script (systemd being the replacement for sysv). Does it not work at all on recent Fedora systems?

    -c

Leave a Reply