...
|
...
|
@@ -71,7 +71,7 @@
|
71
|
71
|
\vspace{3cm}
|
72
|
72
|
\begin{flushright}
|
73
|
73
|
\rule[-1ex]{8cm}{3pt}\\
|
74
|
|
- \huge Clam AntiVirus 0.98\\
|
|
74
|
+ \huge Clam AntiVirus 0.98.1\\
|
75
|
75
|
\huge \emph{User Manual}\\
|
76
|
76
|
\end{flushright}
|
77
|
77
|
|
...
|
...
|
@@ -126,7 +126,7 @@
|
126
|
126
|
\item{Licensed under the GNU General Public License, Version 2}
|
127
|
127
|
\item{POSIX compliant, portable}
|
128
|
128
|
\item{Fast scanning}
|
129
|
|
- \item{Supports on-access scanning (Linux and FreeBSD only)}
|
|
129
|
+ \item{Supports on-access scanning (Linux only)}
|
130
|
130
|
\item{Detects over 1 million viruses, worms and trojans, including
|
131
|
131
|
Microsoft Office macro viruses, mobile malware, and other threats}
|
132
|
132
|
\item{Built-in bytecode interpreter allows the ClamAV signature writers
|
...
|
...
|
@@ -443,35 +443,12 @@ $ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check-clamav
|
443
|
443
|
|
444
|
444
|
\subsubsection{On-access scanning}
|
445
|
445
|
One of the interesting features of \verb+clamd+ is on-access scanning
|
446
|
|
- based on the Dazuko module, available from \url{http://dazuko.org/}.
|
447
|
|
- \textbf{This module is not required to run clamd - furthermore, you
|
448
|
|
- shouldn't run Dazuko on production systems}. At the moment Dazuko is
|
449
|
|
- avaliable for Linux and FreeBSD, but the following information only covers
|
450
|
|
- Linux.
|
451
|
|
- \begin{verbatim}
|
452
|
|
- $ tar zxpvf dazuko-a.b.c.tar.gz
|
453
|
|
- $ cd dazuko-a.b.c
|
454
|
|
- $ make dazuko
|
455
|
|
- or
|
456
|
|
- $ make dazuko-smp (for smp kernels)
|
457
|
|
- $ su
|
458
|
|
- # insmod dazuko.o
|
459
|
|
- # cp dazuko.o /lib/modules/`uname -r`/misc
|
460
|
|
- # depmod -a
|
461
|
|
- \end{verbatim}
|
462
|
|
- Depending on your Linux distribution you may need to add a "dazuko" entry to
|
463
|
|
- \emph{/etc/modules} or run the module during system's startup by adding
|
464
|
|
- \begin{verbatim}
|
465
|
|
- /sbin/modprobe dazuko
|
466
|
|
- \end{verbatim}
|
467
|
|
- to some startup file. You must also create a new device:
|
468
|
|
- \begin{verbatim}
|
469
|
|
- $ cat /proc/devices | grep dazuko
|
470
|
|
- 254 dazuko
|
471
|
|
- $ su -c "mknod -m 600 /dev/dazuko c 254 0"
|
472
|
|
- \end{verbatim}
|
473
|
|
- Now configure Clamuko in \verb+clamd.conf+ and read the \ref{clamuko}
|
474
|
|
- section.
|
|
446
|
+ based on fanotify, included in Linux since kernel 2.6.36.
|
|
447
|
+ \textbf{This is not required to run clamd}. At the moment the fanotify header is
|
|
448
|
+ only avaliable for Linux.
|
|
449
|
+ \\\\
|
|
450
|
+ Configure on-access scanning in \verb+clamd.conf+ and read the
|
|
451
|
+ \ref{On-access} section for on-access scanning usage.
|
475
|
452
|
|
476
|
453
|
\subsection{clamav-milter}\label{sec:clamavmilter}
|
477
|
454
|
ClamAV $\ge0.95$ includes a new, redesigned clamav-milter. The most notable
|
...
|
...
|
@@ -730,9 +707,9 @@ N * * * * /usr/local/bin/freshclam --quiet
|
730
|
730
|
try to workaround this limitation by using FILDES
|
731
|
731
|
\end{itemize}
|
732
|
732
|
|
733
|
|
- \subsection{Clamuko}\label{clamuko}
|
734
|
|
- Clamuko is a special thread in \verb+clamd+ that performs on-access
|
735
|
|
- scanning under Linux and FreeBSD and shares internal virus database
|
|
733
|
+ \subsection{On-access Scanning}\label{On-access}
|
|
734
|
+ There is a special thread in \verb+clamd+ that performs on-access
|
|
735
|
+ scanning under Linux and shares internal virus database
|
736
|
736
|
with the daemon. \textbf{You must follow some important rules when
|
737
|
737
|
using it:}
|
738
|
738
|
\begin{itemize}
|
...
|
...
|
@@ -748,14 +725,13 @@ N * * * * /usr/local/bin/freshclam --quiet
|
748
|
748
|
For example, to protect the whole system add the following lines to
|
749
|
749
|
\verb+clamd.conf+:
|
750
|
750
|
\begin{verbatim}
|
751
|
|
- ClamukoScanOnAccess
|
752
|
|
- ClamukoIncludePath /
|
753
|
|
- ClamukoExcludePath /proc
|
754
|
|
- ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software
|
|
751
|
+ ScanOnAccess yes
|
|
752
|
+ OnAccessIncludePath /
|
|
753
|
+ OnAccessExcludePath /proc
|
|
754
|
+ OnAccessExcludePath /temporary/dir/of/your/mail/scanning/software
|
755
|
755
|
\end{verbatim}
|
756
|
|
- You can also use clamuko to protect files on Samba/Netatalk but a far
|
757
|
|
- more better and safe idea is to use the \textbf{samba-vscan} module.
|
758
|
|
- NFS is not supported because Dazuko doesn't intercept NFS access calls.
|
|
756
|
+ For more configuration options, type 'man clamd.conf' or reference the
|
|
757
|
+ example clamd.conf.
|
759
|
758
|
|
760
|
759
|
\subsection{Clamdtop}
|
761
|
760
|
\verb+clamdtop+ is a tool to monitor one or multiple instances of clamd. It
|
...
|
...
|
@@ -834,36 +810,36 @@ clamav-milter.conf not found
|
834
|
834
|
|
835
|
835
|
Software settings
|
836
|
836
|
-----------------
|
837
|
|
-Version: 0.97.6
|
838
|
|
-Optional features supported: MEMPOOL IPv6 CLAMUKO AUTOIT_EA06 BZIP2 RAR JIT
|
|
837
|
+Version: 0.98.1
|
|
838
|
+Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 RAR JIT
|
839
|
839
|
|
840
|
840
|
Database information
|
841
|
841
|
--------------------
|
842
|
|
-Database directory: /usr/local/share/clamav
|
|
842
|
+Database directory: /xclam/gcc/release/share/clamav
|
843
|
843
|
WARNING: freshclam.conf and clamd.conf point to different database directories
|
844
|
|
-print_dbs: Can't open directory /usr/local/share/clamav
|
|
844
|
+print_dbs: Can't open directory /xclam/gcc/release/share/clamav
|
845
|
845
|
|
846
|
846
|
Platform information
|
847
|
847
|
--------------------
|
848
|
|
-uname: Linux 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64
|
849
|
|
-OS: linux-gnu, ARCH: x86_64, CPU: x86_64
|
850
|
|
-Full OS version: ``CentOS release 6.3 (Final)''
|
851
|
|
-zlib version: 1.2.3 (1.2.3), compile flags: a9
|
852
|
|
-Triple: x86_64-unknown-linux-gnu
|
853
|
|
-CPU: amdfam10, Little-endian
|
854
|
|
-platform id: 0x0a2143430804040607040406
|
|
848
|
+uname: Linux 3.5.0-44-generic #67~precise1-Ubuntu SMP Wed Nov 13 16:20:03 UTC 2013 i686
|
|
849
|
+OS: linux-gnu, ARCH: i386, CPU: i686
|
|
850
|
+Full OS version: Ubuntu 12.04.3 LTS
|
|
851
|
+zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55
|
|
852
|
+Triple: i386-pc-linux-gnu
|
|
853
|
+CPU: i686, Little-endian
|
|
854
|
+platform id: 0x0a114d4d0404060401040604
|
855
|
855
|
|
856
|
856
|
Build information
|
857
|
857
|
-----------------
|
858
|
|
-GNU C: 4.4.6 20120305 (Red Hat 4.4.6-4) (4.4.6)
|
859
|
|
-GNU C++: 4.4.6 20120305 (Red Hat 4.4.6-4) (4.4.6)
|
860
|
|
-CPPFLAGS:
|
861
|
|
-CFLAGS: -g -O2 -fno-strict-aliasing
|
862
|
|
-CXXFLAGS:
|
863
|
|
-LDFLAGS:
|
864
|
|
-Configure: '--enable-check' '--sysconfdir=/etc/clamav'
|
865
|
|
-sizeof(void*) = 8
|
|
858
|
+GNU C: 4.6.4 (4.6.4)
|
|
859
|
+GNU C++: 4.6.4 (4.6.4)
|
|
860
|
+CPPFLAGS:
|
|
861
|
+CFLAGS: -g -O0 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
|
|
862
|
+CXXFLAGS:
|
|
863
|
+LDFLAGS:
|
|
864
|
+Configure: '--prefix=/xclam/gcc/release/' '--disable-clamav' '--enable-debug' 'CFLAGS=-g -O0'
|
|
865
|
+sizeof(void*) = 4
|
|
866
|
+Engine flevel: 77, dconf: 77
|
866
|
867
|
\end{verbatim}
|
867
|
868
|
}
|
868
|
869
|
For more detailed help, type 'man clamconf' or 'clamconf --help'.
|
...
|
...
|
@@ -1760,7 +1736,7 @@ Verification OK.
|
1760
|
1760
|
Role: virus database maintainer
|
1761
|
1761
|
|
1762
|
1762
|
\item Joel Esler \email{<jesler*sourcefire.com>}, USA\\
|
1763
|
|
- Role: open source community manager
|
|
1763
|
+ Role: community manager
|
1764
|
1764
|
|
1765
|
1765
|
\item Tom Judge \email{<tjudge*sourcefire.com>}, USA\\
|
1766
|
1766
|
Role: infrastucture developer
|
...
|
...
|
@@ -1777,11 +1753,14 @@ Verification OK.
|
1777
|
1777
|
\item Shawn Webb \email{<swebb*sourcefire.com>}, USA\\
|
1778
|
1778
|
Role: ClamAV developer
|
1779
|
1779
|
|
1780
|
|
- \item Kevin Lin \email{<klin*sourcefire.com>}, USA\\
|
1781
|
|
- Role: ClamAV developer
|
|
1780
|
+ \item Kevin Lin \email{<klin*sourcefire.com>}, USA\\
|
|
1781
|
+ Role: ClamAV developer
|
|
1782
|
+
|
|
1783
|
+ \item Dave Suffling \email{<dsuffling*sourcefire.com>}, Canada\\
|
|
1784
|
+ Role: ClamAV developer
|
1782
|
1785
|
|
1783
|
|
- \item Dave Suffling \email{<dsuffling*sourcefire.com>}, USA\\
|
1784
|
|
- Role: ClamAV developer
|
|
1786
|
+ \item Samir Sapra \email{<ssapra*sourcefire.com>}, USA\\
|
|
1787
|
+ Role: ClamAV developer
|
1785
|
1788
|
|
1786
|
1789
|
\item Alain Zidouemba \email{<azidouemba*sourcefire.com>}, USA\\
|
1787
|
1790
|
Role: virus database maintainer
|