TechnoToys: Clam AntiVirus software

Joseph E. Sacco, Ph.D. joseph_sacco at comcast.net
Tue May 3 08:24:18 MDT 2005 

I have built and installed the Clam AntiVirus software

	http://www.clamav.net

[Taken from the clamav web site]
Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multi-threaded
daemon, a command line scanner, and a tool for automatic updating via
Internet. The programs are based on a shared library distributed with
the Clam AntiVirus package, which you can use with your own software.
Most importantly, the virus database is kept up to date . 

Features:
________________________________________________________________________
      * command-line scanner 
      * fast, multi-threaded daemon 
      * milter interface for sendmail 
      * database updater with support for digital signatures 
      * virus scanner C library 
      * on-access scanning (Linux and FreeBSD) 
      * detection of over 34000 viruses, worms and trojans 
      * built-in support for RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2,
        MS Cabinet files, MS CHM (Compressed HTML), MS SZDD 
      * built-in support for mbox, Maildir and raw mail files 
      * built-in support for Portable Executable files compressed with
        UPX, FSG, and Petite 

The simplest way to build and install this package under YDL is to use
the SRC RPM from Dag Wieers:

        http://dag.wieers.com/packages/clamav/clamav-0.84-1.rf.src.rpm

which includes "reasonable" configuration files, a cron.daily file, and
RedHat style init files for the daemons.

So what can you do with ClamAV?
* Integrate ClamAV into a mail server to provide server-side virus
detection and mail filtering for both incoming and outgoing mail
* Scan all or part of a system for infected files
* Scan incoming mail at the user desktop

The first usage of ClamAV is well known to sysadmins who have instituted
server-side mail filtering. Typically,  MimeDefang, SpamAssassin, and
ClamAV are used in tandem to implement server-side mail filtering.

The second usage of ClamAV is well known to users who have run
anti-virus scans on other platforms. ClamAV provides a simple command
line anti-virus scanner, "clamscan", to scan files and directories for
viruses.

The third usage of ClamAV is useful to individuals who receive email
directly from an ISP or local server that does not provide server-side
mail filtering. Email virus detection is implemented by incorporating
the command line anti-virus scanner, "clamscan" into a filter. [For
individual usage there is no need to run the clam daemon.]

For example, the Evolution mailer can apply filters to incoming and
outgoing mail. One available type of filter pipes mail through a shell
script and then takes an action [e.g. move infected email to a
particular folder] based upon the return value of the shell script. Here
is a simple shell script that can be used to implement an anti-virus
filter:

        % cat /usr/local/bin/clam-filter
        
        #!/bin/sh
        /usr/bin/clamscan --quiet --stdout --recursive -


The ClamAV web site references virus filtering for a number of other
Mail User Agents like procmail and Kmail.

Enjoy...

-Joseph

-- 
joseph_sacco [at] comcast [dot] net

More information about the yellowdog-general mailing list