http:// qmail.jms1.net / clamav / rpm.shtml

I no longer use these directions on my own server.

I now build ClamAV from the source code and run it under daemontools. This page explains how I set this up on my own server.

In addition, the "crash" repositories for clamav RPM files seems to no longer be working- either that, or he just hasn't had time to update them for the newer versions.

The rest of the page is no longer being actively maintained, however I am leaving it here as a reference for anybody who wants it.


Building or updating clamav RPMs

One of the most common questions I see on the qmailrocks mailing list has to do with how to update your clamav packages. The version of clamav which is installed by the "current" version of qmailrocks (the 2.2.0 version) installs a really old version of clamav, a version which has serious enough security holes that a maliciously crafted email message could trick clamav into running arbitrary commands on your machine, as the clamav user.

My own expertise with Linux revolves around "RedHat and friends"- a set of distributions which are based on RedHat's source code, such as Fedora, WhiteBox Enterprise Linux and CentOS (which is currently my "distro of choice".) The directions on this page were developed using CentOS and tested with WhiteBox, RHEL 4, and Fedora Core 2, although they should work with any RPM-based Linux distribution.

Note: The following instructions should be completed by a non-root user, except for a few specific commands as noted in the text.

  1. Download the source RPM file from the "crash" repositories linked from the clamav Binary packages page. If you are using Fedora, use the download link for your specific version of Fedora... for WhiteBox, CentOS, and RHEL, use the Fedora4 link.

    Note that there are other packages listed on the page. Each package has its own instructions, as well as its own set of scripts to start and stop the services. The directions on this page are written specifically for the "crash" packages (I call them this because the hostname of the server has the word "crash" in it.) If you choose to download one of the other packages, be aware that their scripting will probably be different, and the directions on this page will have to be changed to match your system.

  2. If you have not already done so, configure your home directory so that you can build RPM files without needing root privileges. This involves two steps:

    1. Create an RPM build directory structure in your home directory. I call mine "rpm", you may want to call yours "rpmbuild" or whatever... but choose a name which doesn't already exist. The example assumes you are using "rpm" as the name:

      % cd
      % mkdir -m 755 rpm
      % cd rpm
      % mkdir -m 755 BUILD RPMS SOURCES SPECS SRPMS

    2. Create a .rpmmacros file in your home directory which contains a pointer to the directory structure you just created. I use a second line which marks any RPM packages I build with my own name and email address- while not strictly required, it is a good idea. My file looks like this:

      %_topdir /home/jms1/rpm
      %packager John Simpson <jms1@spamcop.net>

      Obviously you need to substitute the full path to the "rpm" directory within your home directory, as well as your own name and email address.

  3. Use the source RPM to build a set of binary RPM files. This example shows the Fedora5 link- I've never had any problem using the FC5 source RPM on CentOS or RHEL 4. Unless there is a direct match for your distro, I recommend going with the most recent Fedora version.

    % cd
    % wget http://crash.fce.vutbr.cz/crash-hat/5/clamav/clamav-0.88-7.src.rpm
    % rpm -i clamav-0.88-7.src.rpm
    % cd ~/rpm/SPECS

    In some cases you may want to edit the spec file for some reason, to change the options it compiles with for example. For clamav we don't really need to, except that I usually change the "Release:" line from "1" to something like "1.centos4" or "1.fc2" so that I can tell which distro a given binary RPM was built for. In some cases you may need to make larger changes to the spec file- If you are making any changes to the spec file, this is the place in the procedure where those changes would be made.

    % rpmbuild -ba --without milter clamav.spec

    This should go through the process of configuring and compiling the clamav software. It will then "install" the software to a temporary working directory, and then scan that directory to build a list of the files which were installed. It then compares that list to a checklist in the spec file to make sure you aren't missing anything, and you aren't forgetting to include any files which are installed from the source, and then builds the binary RPM files (and a new source RPM file, which is useful if you made any changes to the spec file.)

    If it complains about missing dependencies, read the error message carefully. In many cases the message will tell you the name of the package or library it needs, and a simple "yum install" command as root will be all you need in order to install what it needs (and then try the "rpmbuild" command again.)

  4. Upgrade the clamav software.

    If your current clamav was installed using an earlier "crash" RPM package...
    % su -
    Password:
    # cd ~userid/rpm/RPMS/i386
    # rpm -Fvh clamav-*
    # exit

    Yes, that's the whole process.

    If your current clamav was installed using some other method...
    • Shut down any SMTP or other services which use clamav.

    • Shut down any "clamd" process which may already be running. This may involve a command like "service clamd stop", or "/etc/init.d/clamd stop", or "killall clamd".

    • Un-install the existing clamav software. If it was installed from an RPM package you should be able to do "rpm -e clamav". If it was installed from source, you should be able to go to the original source directory and run "make uninstall".

    • Install the new clamav software.

      % su -
      Password:
      # cd ~userid/rpm/RPMS/i386
      # rpm -ivh clamav-*
      # exit
  5. The new clamav package will have created its config files so that the clamd process will run as a userid called clamav. If your system is currently set up in some other manner, you may need to edit the config files which control how clamd and freshclam operate. This web page explains the problem and two different solutions to it.

  6. Run "freshclam" to upgrade the virus definition files.

  7. Make sure the clamd and freshclam services are running, and that they will start automatically when the system boots up.

    % su -
    Password:
    # freshclam
    # /etc/init.d/clamd start
    # /etc/init.d/freshclam start
    # chkconfig --level 345 clamd on
    # chkconfig --level 345 freshclam on
    # exit
  8. Start your SMTP and other services back up.