... | ... |
@@ -5,27 +5,51 @@ ClamAV® is an open source antivirus engine for detecting trojans, viruses, |
5 | 5 |
|
6 | 6 |
## Documentation & FAQ |
7 | 7 |
|
8 |
-The ClamAV documentation can be found in locally in `docs/UserManual.md` with |
|
8 |
+The ClamAV documentation can be found in the [ClamAV User Manual](docs/UserManual.md) with |
|
9 | 9 |
additional information online in |
10 | 10 |
[our FAQ](https://www.clamav.net/documents). |
11 | 11 |
|
12 | 12 |
## ClamAV Signatures |
13 | 13 |
|
14 |
-Anyone can learn to read and write ClamAV signatures. Take a look |
|
15 |
- at `docs/signatures.pdf` and `docs/phishsigs_howto.pdf` to get started! |
|
14 |
+Anyone can learn to read and write ClamAV signatures. Take a look |
|
15 |
+ at the [signature writing documentation](docs/UserManual/Signatures.md) and [phishing signature writing documentation](docs/UserManual/PhishSigs.md) to get started! |
|
16 | 16 |
|
17 | 17 |
## Installation Instructions |
18 | 18 |
|
19 |
-### Build from Source |
|
19 |
+### UNIX |
|
20 | 20 |
|
21 |
-For basic compile and install instructions, check out `INSTALL.md`. For more |
|
22 |
- detail please investigate the docs in `docs/UserManual.md`. |
|
21 |
+#### Build from Source on Linux/Unix/Mac |
|
23 | 22 |
|
24 |
-### Install from a binary package |
|
23 |
+For basic compile and install instructions on Linux/Unix platforms, check out |
|
24 |
+the [install instructions](INSTALL.md). |
|
25 | 25 |
|
26 |
-For binary package distribution insallation instructions, head over to |
|
26 |
+For detailed instructions specific to building ClamAV please investigate |
|
27 |
+our the [Linux/Unix/Mac Install instructions in the User Manual](docs/UserManual/Installation-Unix.md). |
|
28 |
+ |
|
29 |
+#### Install from a binary package |
|
30 |
+ |
|
31 |
+For binary package distribution installation instructions, head over to |
|
27 | 32 |
[our website](https://www.clamav.net/documents/installing-clamav). |
28 | 33 |
|
34 |
+### Windows |
|
35 |
+ |
|
36 |
+#### Build from Source on Windows |
|
37 |
+ |
|
38 |
+The instructions for building ClamAV from source on Windows is located in the |
|
39 |
+[Win32 README](win32/README.md). |
|
40 |
+ |
|
41 |
+#### Using an Install Package |
|
42 |
+ |
|
43 |
+We provide an installer to install ClamAV on Windows to "C:\\Program Files". |
|
44 |
+This install method will require you to have Adminstrator priveleges. |
|
45 |
+ |
|
46 |
+We also provide a "Portable Install Package" (i.e. a zip of the required files) |
|
47 |
+for users that may wish to run ClamAV without installing it to a system-owned |
|
48 |
+directory. |
|
49 |
+ |
|
50 |
+For details on how to use either option, head over to the |
|
51 |
+[Windows Install instructions in the User Manual](docs/UserManual/Installation-Windows.md). |
|
52 |
+ |
|
29 | 53 |
### Upgrading from a previous version |
30 | 54 |
|
31 | 55 |
Some tips on [how to upgrade](https://www.clamav.net/documents/upgrading-clamav) |
... | ... |
@@ -33,7 +57,7 @@ Some tips on [how to upgrade](https://www.clamav.net/documents/upgrading-clamav) |
33 | 33 |
|
34 | 34 |
## ClamAV News |
35 | 35 |
|
36 |
-For information about the features in this and prior releases, see `NEWS.md`. |
|
36 |
+For information about the features in this and prior releases, read [the news](NEWS.md). |
|
37 | 37 |
|
38 | 38 |
Catch up on the latest about ClamAV by reading our |
39 | 39 |
[blog](http://blog.clamav.net) and follow us on Twitter @clamav. |
... | ... |
@@ -7,7 +7,9 @@ |
7 | 7 |
Table Of Contents |
8 | 8 |
|
9 | 9 |
1. [Introduction to ClamAV](UserManual/Introduction.md) |
10 |
-2. [Installing ClamAV](UserManual/Installation.md) |
|
10 |
+2. Installing ClamAV |
|
11 |
+ * [Unix/Linux/macOS](UserManual/Installation-Unix.md) |
|
12 |
+ * [Windows](UserManual/Installation-Windows.md) |
|
11 | 13 |
3. [Configuring ClamAV](UserManual/Configuration.md) |
12 | 14 |
4. [Using ClamAV](UserManual/Usage.md) |
13 | 15 |
5. [Build \[lib\]ClamAV Into Your Programs](UserManual/libclamav.md) |
14 | 16 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,261 @@ |
0 |
+# Installing ClamAV on Unix / Linux / macOS from Source |
|
1 |
+ |
|
2 |
+## The TL;DR Step-by-Step Instructions |
|
3 |
+ |
|
4 |
+- [Debian & Ubuntu](Installation-Unix/Steps-Debian-Ubuntu.md) |
|
5 |
+- [Redhat & CentOS](Installation-Unix/Steps-REdhat-CentOS.md) |
|
6 |
+- [macOS](Installation-Unix/Steps-macOS.md) |
|
7 |
+ |
|
8 |
+## Requirements |
|
9 |
+ |
|
10 |
+The following is an overview of the tools, libraries, and steps needed to build ClamAV. |
|
11 |
+ |
|
12 |
+Required tools: |
|
13 |
+ |
|
14 |
+- `gcc` or `clang` |
|
15 |
+- GNU Make (`gmake` on UNIX systems) |
|
16 |
+ |
|
17 |
+Recommended tools: |
|
18 |
+ |
|
19 |
+- `check` unit testing framework |
|
20 |
+ |
|
21 |
+***Required*** libraries (including development sources (i.e. `...-dev` or `...-devel`)): |
|
22 |
+ |
|
23 |
+- zlib |
|
24 |
+- openssl version 0.9.8 or higher |
|
25 |
+ |
|
26 |
+**Recommended** libraries (including development sources (i.e. `...-dev` or `...-devel`)): |
|
27 |
+ |
|
28 |
+- pcre2 |
|
29 |
+- bzip2 |
|
30 |
+- libxml2 |
|
31 |
+ |
|
32 |
+Optional libraries (including development sources (i.e. `...-dev` or `...-devel`)): |
|
33 |
+ |
|
34 |
+- curl library: _required for clamsubmit_ |
|
35 |
+- json-c library: _required for clamsubmit_ |
|
36 |
+- ncurses library: _required for clamdtop_ |
|
37 |
+ |
|
38 |
+ClamAV may execute Bytecode signatures using: |
|
39 |
+ |
|
40 |
+- ClamAV's built-in bytecode interpreter |
|
41 |
+- LLVM for Just-In-Time (JIT) compilation* |
|
42 |
+ - System-installed LLVM library (3.2-3.6) |
|
43 |
+ - ClamAV's built-in version of LLVM 2.8 |
|
44 |
+ |
|
45 |
+ *The performance difference between using LLVM and using the interpeter is negligible. If you prefer to use LLVM / JIT for bytecode signature execution, be advised that we presently only support up to LLVM version 3.6. |
|
46 |
+ |
|
47 |
+The following are thus optional, but *required* to use LLVM in place of the bytecode interpeter: |
|
48 |
+ |
|
49 |
+- LLVM 3.2 - 3.6 |
|
50 |
+- A supported CPU for LLVM JIT, either of: X86, X86-64, PowerPC, PowerPC64 |
|
51 |
+ |
|
52 |
+The following are optional, but needed for the LLVM JIT unit tests: |
|
53 |
+ |
|
54 |
+- GNU Make (version 3.79, recommended 3.81 or newer) |
|
55 |
+- Python (version 2.5.4) |
|
56 |
+ |
|
57 |
+## Installing ClamAV |
|
58 |
+ |
|
59 |
+### Private installation on local shell account |
|
60 |
+ |
|
61 |
+To install ClamAV locally on an unprivileged shell account you need not create any additional users or groups. Assuming your home directory is `/home/gary` you should build it as follows: |
|
62 |
+ |
|
63 |
+```bash |
|
64 |
+./configure --prefix=/home/gary/clamav --disable-clamav |
|
65 |
+make; make install |
|
66 |
+``` |
|
67 |
+ |
|
68 |
+The `--disable-clamav` switch disables the check for existence of the `clamav` user and group but `clamscan` would still require an unprivileged account to work in a superuser mode. |
|
69 |
+ |
|
70 |
+### Global installation in system-owned directories |
|
71 |
+ |
|
72 |
+#### Adding new system user and group |
|
73 |
+ |
|
74 |
+If installing to the system, it is recommended to set up at least one special user account to run `freshclam` and `clamd`. You may choose to set up two separate accounts, one for each. You only need to create these accounts the first time you install ClamAV. |
|
75 |
+ |
|
76 |
+These are instructions specific to some popular operating systems: |
|
77 |
+ |
|
78 |
+- [Debian, Ubuntu, etc](Installation-Unix/Steps-Debian-Ubuntu.md#Users-and-on-user-privileges) |
|
79 |
+- [Redhat, CentOS, etc](Installation-Unix/Steps-Redhat-CentOS.md#Users-and-on-user-privileges) |
|
80 |
+- [macOS](Installation-Unix/Steps-macOS.md#Users-and-on-user-privileges) |
|
81 |
+ |
|
82 |
+If your operating system isn't specified above, and your OS does not have the `groupadd` and `useradd` utilities, consult a system manual. **Don’t forget to lock access to the account!** |
|
83 |
+ |
|
84 |
+#### Compiling ClamAV for global installation |
|
85 |
+ |
|
86 |
+Once you have created the clamav user and group, please extract the archive: |
|
87 |
+ |
|
88 |
+```bash |
|
89 |
+tar xzf clamav-<ver>.tar.gz |
|
90 |
+cd clamav-<ver> |
|
91 |
+``` |
|
92 |
+ |
|
93 |
+Assuming you want to install the configuration files in `/etc`, configure and build the software as follows: |
|
94 |
+ |
|
95 |
+```bash |
|
96 |
+./configure --sysconfdir=/etc |
|
97 |
+make |
|
98 |
+su -c "make install" |
|
99 |
+``` |
|
100 |
+ |
|
101 |
+In the last step, the software is installed into the `/usr/local` directory and the config files into `/etc`. **WARNING: Never enable the SUID or SGID bits for Clam AntiVirus binaries.** |
|
102 |
+ |
|
103 |
+### First-time set-up |
|
104 |
+ |
|
105 |
+First, create a database directory. This would be located under the install path `share/clamav`. For example: |
|
106 |
+ |
|
107 |
+- `/usr/local/share/clamav` |
|
108 |
+- `~/clamav/share/clamav` |
|
109 |
+ |
|
110 |
+You will need to create `freshclam.conf` and `clamd.conf` files in the config directory. In the above example, we chose `/etc`, so run the following. |
|
111 |
+ |
|
112 |
+```bash |
|
113 |
+sudo cp /etc/freshclam.conf.sample /etc/freshclam.conf |
|
114 |
+sudo cp /etc/clamd.conf.sample /etc/clamd.conf |
|
115 |
+``` |
|
116 |
+ |
|
117 |
+At a minimum, you will need to edit each file and remove or comment-out the `Example` line. In addition, for `clamd.conf` you will need to enable either `LocalSocket` or `TCPSocket`. |
|
118 |
+ |
|
119 |
+For additional recommendations, please read: |
|
120 |
+ |
|
121 |
+- [Debian, Ubuntu, etc](Installation-Unix/Steps-Debian-Ubuntu.md#First-time-set-up) |
|
122 |
+- [Redhat, CentOS, etc](Installation-Unix/Steps-Redhat-CentOS.md#First-time-set-up) |
|
123 |
+- [macOS](Installation-Unix/Steps-macOS.md#First-time-set-up) |
|
124 |
+ |
|
125 |
+### Test your installation |
|
126 |
+ |
|
127 |
+To test your local installation execute: |
|
128 |
+ |
|
129 |
+```bash |
|
130 |
+~/clamav/bin/freshclam |
|
131 |
+~/clamav/bin/clamscan ~ |
|
132 |
+``` |
|
133 |
+ |
|
134 |
+To test your system installation execute: |
|
135 |
+ |
|
136 |
+```bash |
|
137 |
+sudo freshclam |
|
138 |
+sudo clamscan ~ |
|
139 |
+``` |
|
140 |
+ |
|
141 |
+## Compilation with clamav-milter enabled |
|
142 |
+ |
|
143 |
+The `libmilter` package and its development files are required. To enable clamav-milter, configure ClamAV with |
|
144 |
+ |
|
145 |
+```bash |
|
146 |
+./configure --enable-milter |
|
147 |
+``` |
|
148 |
+ |
|
149 |
+## Using a system-installed LLVM library |
|
150 |
+ |
|
151 |
+To configure ClamAV to use a system-installed LLVM library: |
|
152 |
+ |
|
153 |
+```bash |
|
154 |
+./configure --with-system-llvm=/myllvm/bin/llvm-config |
|
155 |
+make |
|
156 |
+sudo make install |
|
157 |
+``` |
|
158 |
+ |
|
159 |
+The argument to `--with-system-llvm` indicates the path name of the LLVM configuration utility (llvm-config). Alternatively, you may use `--enable-llvm` and `./configure` will search for LLVM in /usr/local/ and then /usr. |
|
160 |
+ |
|
161 |
+Recommended versions of LLVM are 3.2 - 3.6. Some installations have reported problems using earlier LLVM versions. Versions of LLVM beyond 3.6 are not currently supported in ClamAV. |
|
162 |
+ |
|
163 |
+## Running unit tests |
|
164 |
+ |
|
165 |
+ClamAV includes unit tests that allow you to test that the compiled binaries work correctly on your platform. |
|
166 |
+ |
|
167 |
+The first step is to use your OS’s package manager to install the `check` package. If your OS doesn’t have that package, you can download it from <http://check.sourceforge.net/>, build it and install it. |
|
168 |
+ |
|
169 |
+To help clamav’s configure script locate `check`, it is recommended that you install `pkg-config`, preferably using your OS’s package manager, or from <http://pkg-config.freedesktop.org>. |
|
170 |
+ |
|
171 |
+The recommended way to run unit-tests is the following, which ensures you will get an error if unit tests cannot be built: |
|
172 |
+ |
|
173 |
+```bash |
|
174 |
+./configure --enable-check |
|
175 |
+make |
|
176 |
+make check |
|
177 |
+``` |
|
178 |
+ |
|
179 |
+When `make check` is finished, you should get a message similar to this: |
|
180 |
+ |
|
181 |
+```bash |
|
182 |
+================== |
|
183 |
+All 8 tests passed |
|
184 |
+================== |
|
185 |
+``` |
|
186 |
+ |
|
187 |
+If a unit test fails, you get a message similar to the following. Note that in older versions of make check may report failures due to the absence of optional packages. Please make sure you have the latest versions of the components noted in section /refsec:components. See the next section on how to report a bug when a unit test fails. |
|
188 |
+ |
|
189 |
+```bash |
|
190 |
+======================================== |
|
191 |
+1 of 8 tests failed |
|
192 |
+Please report to https://bugzilla.clamav.net/ |
|
193 |
+======================================== |
|
194 |
+``` |
|
195 |
+ |
|
196 |
+If unit tests are disabled (and you didn’t use -–enable-check), you will get this message: |
|
197 |
+ |
|
198 |
+```bash |
|
199 |
+*** Unit tests disabled in this build |
|
200 |
+*** Use ./configure --enable-check to enable them |
|
201 |
+ |
|
202 |
+SKIP: check_clamav |
|
203 |
+PASS: check_clamd.sh |
|
204 |
+PASS: check_freshclam.sh |
|
205 |
+PASS: check_sigtool.sh |
|
206 |
+PASS: check_clamscan.sh |
|
207 |
+====================== |
|
208 |
+All 4 tests passed |
|
209 |
+(1 tests were not run) |
|
210 |
+====================== |
|
211 |
+``` |
|
212 |
+ |
|
213 |
+Running `./configure --enable-check` should tell you why. |
|
214 |
+ |
|
215 |
+## Reporting a unit test failure bug |
|
216 |
+ |
|
217 |
+If `make check` reports failed tests, we encourage you to report a bug on [bugzilla](https://bugzilla.clamav.net). |
|
218 |
+ |
|
219 |
+When writing a bug report regarding failed unit tests, please provide the following: |
|
220 |
+ |
|
221 |
+- The exact output from `make check` |
|
222 |
+- Output of `uname -mrsp` |
|
223 |
+- your `config.log` |
|
224 |
+- The following files from the `unit_tests/` directory: |
|
225 |
+ - `test.log` |
|
226 |
+ - `clamscan.log` |
|
227 |
+ - `clamdscan.log` |
|
228 |
+ |
|
229 |
+- `/tmp/clamd-test.log` if it exists |
|
230 |
+- where and how you installed the check package |
|
231 |
+- Output of `pkg-config check --cflags --libs` |
|
232 |
+- Optionally if `valgrind` is available on your platform, the output of the following: |
|
233 |
+ ```bash |
|
234 |
+ make check |
|
235 |
+ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check_clamav |
|
236 |
+ ``` |
|
237 |
+ |
|
238 |
+## Obtain Latest ClamAV anti-virus signature databases |
|
239 |
+ |
|
240 |
+Before you can run `clamd`, `clamdscan`, or `clamscan`, you must have ClamAV Virus Database (.cvd) file(s) installed in the appropriate location on your system. The default location for these database files are `/usr/local/share/clamav`. |
|
241 |
+ |
|
242 |
+Here is a listing of currently available ClamAV Virus Database Files: |
|
243 |
+ |
|
244 |
+- bytecode.cvd (signatures to detect bytecode in files) |
|
245 |
+- main.cvd (main ClamAV virus database file) |
|
246 |
+- daily.cvd (daily update file for ClamAV virus databases) |
|
247 |
+- safebrowsing.cvd (virus signatures for safe browsing) |
|
248 |
+ |
|
249 |
+These files should be downloaded using the `freshclam` utility on a periodic basis. While using HTTPS to directly download the CVDs is possible, using `freshclam` is the preferred method of keeping the ClamAV virus database files up to date. `freshclam` can download database difference files (`.cdiff`) to get the latest signature definitions without downloading whole CVD files. This saves a considerable amount of bandwidth. |
|
250 |
+ |
|
251 |
+For more information on how to configure `freshclam` to do automatic/scheduled updates, see the [freshclam configuration section](Configuration.md#Setting-up-auto\-updating) of our Configuration guide. |
|
252 |
+ |
|
253 |
+Please see the [freshclam usage section](Usage.md#freshclam) for additional details on freshclam). |
|
254 |
+ |
|
255 |
+## Binary packages |
|
256 |
+ |
|
257 |
+As an alternative to building and installing from source, most Linux package managers provide pre-compiled ClamAV packages. |
|
258 |
+ |
|
259 |
+For more information about installing ClamAV via a Package Manager, please visit |
|
260 |
+the ["other versions" section on the ClamAV.net Downloads page](https://www.clamav.net/download.html#otherversions). |
0 | 261 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,309 @@ |
0 |
+# Installation on Debian and Ubuntu Linux Distributions |
|
1 |
+ |
|
2 |
+Below are the steps for installing ClamAV from source on Debian and Ubuntu Linux. |
|
3 |
+ |
|
4 |
+## Install prerequisitesaa |
|
5 |
+ |
|
6 |
+1. Install ClamAV dependencies |
|
7 |
+ 1. Install the developer tools |
|
8 |
+ ```bash |
|
9 |
+ sudo apt-get install build-essential |
|
10 |
+ ``` |
|
11 |
+ 2. Install library dependencies |
|
12 |
+ ```bash |
|
13 |
+ sudo apt-get install openssl libssl-dev zlib1g-dev libpng-dev libxml2-dev libjson-c-dev libbz2-dev libpcre3-dev |
|
14 |
+ ``` |
|
15 |
+ |
|
16 |
+2. Install the unit testing dependencies |
|
17 |
+ ```bash |
|
18 |
+ sudo apt-get valgrind check |
|
19 |
+ ``` |
|
20 |
+ |
|
21 |
+_Note_: LLVM is also an optional dependency. LLVM will not provide any additional features, but is an alternative method for executing bytecode signatures versus using the built-in bytecode interpreter. Limited performance testing between LLVM and the bytecode interpreter did not yield conclusive evidence that one is "better" than the other. For the sake of simplicity, it is not recommended to install LLVM. |
|
22 |
+ |
|
23 |
+## Download the latest stable release |
|
24 |
+ |
|
25 |
+1. Open a browser and navigate to [the ClamAV downloads page](http://www.clamav.net/downloads) |
|
26 |
+2. Click `clamav-<version>.tar.gz` link to download the latest stable release. |
|
27 |
+ |
|
28 |
+## Extract the source archive |
|
29 |
+ |
|
30 |
+```bash |
|
31 |
+cd ~/Downloads |
|
32 |
+tar xzf clamav-<ver>.tar.gz |
|
33 |
+cd clamav-<ver>.tar.gz |
|
34 |
+``` |
|
35 |
+ |
|
36 |
+## Configure the build |
|
37 |
+ |
|
38 |
+ClamAV's configure script should detect each of the above dependencies automatically. |
|
39 |
+ |
|
40 |
+### Typical `./configure` usage |
|
41 |
+ |
|
42 |
+```bash |
|
43 |
+./configure --enable-check |
|
44 |
+``` |
|
45 |
+ |
|
46 |
+Once `./configure` completes, it will print a summary. Verify that the packages you installed are in fact being detected. |
|
47 |
+ |
|
48 |
+Example configure summary output: |
|
49 |
+ |
|
50 |
+```bash |
|
51 |
+configure: Summary of detected features follows |
|
52 |
+ OS : linux-gnu |
|
53 |
+ pthreads : yes (-lpthread) |
|
54 |
+configure: Summary of miscellaneous features |
|
55 |
+ check : -lcheck_pic -pthread -lrt -lm -lsubunit |
|
56 |
+ fanotify : yes |
|
57 |
+ fdpassing : 1 |
|
58 |
+ IPv6 : yes |
|
59 |
+configure: Summary of optional tools |
|
60 |
+ clamdtop : -lncurses (auto) |
|
61 |
+ milter : yes (disabled) |
|
62 |
+ clamsubmit : yes (libjson-c-dev found at /usr), libcurl-devel found at /usr) |
|
63 |
+configure: Summary of engine performance features |
|
64 |
+ release mode: yes |
|
65 |
+ llvm : no (disabled) |
|
66 |
+ mempool : yes |
|
67 |
+configure: Summary of engine detection features |
|
68 |
+ bzip2 : ok |
|
69 |
+ zlib : /usr |
|
70 |
+ unrar : yes |
|
71 |
+ preclass : yes (libjson-c-dev found at /usr) |
|
72 |
+ pcre : /usr |
|
73 |
+ libmspack : yes (Internal) |
|
74 |
+ libxml2 : yes, from /usr |
|
75 |
+ yara : yes |
|
76 |
+ fts : yes (libc) |
|
77 |
+ |
|
78 |
+``` |
|
79 |
+ |
|
80 |
+### Additional popular `./configure` options |
|
81 |
+ |
|
82 |
+* `--with-systemdsystemunitdir` - Do not install `systemd` socket files. This option disables systemd support, but will allow you to `make install` to a user-owned directory without requiring `sudo`/root privileges: |
|
83 |
+ ```bash |
|
84 |
+ ./configure --with-systemdsystemunitdir=no |
|
85 |
+ ``` |
|
86 |
+* `--sysconfdir` - Install the configuration files to `/etc` instead of `/usr/local/etc`: |
|
87 |
+ ```bash |
|
88 |
+ ./configure -–sysconfdir=/etc |
|
89 |
+ ``` |
|
90 |
+* `--prefix` - Install ClamAV to a directory other than `/usr/local/`: |
|
91 |
+ * Example 1: Install to a local `./install` directory. |
|
92 |
+ ```bash |
|
93 |
+ ./configure --prefix=`pwd`/install |
|
94 |
+ ``` |
|
95 |
+ * Example 2: Install ClamAV locally on an unprivileged shell account. |
|
96 |
+ ```bash |
|
97 |
+ ./configure --prefix=$HOME/clamav --disable-clamav --with-systemdsystemunitdir=no |
|
98 |
+ ``` |
|
99 |
+* `--disable-clamav` - _Don't_ drop super-user priveleges to run `freshclam` or `clamd` as the `clamav`* user. |
|
100 |
+ ```bash |
|
101 |
+ ./configure --disable-clamav |
|
102 |
+ ``` |
|
103 |
+ *_Tip_: Using this `--disable-clamav` means that `freshclam` and `clamd` will run with _root privleges_ if invoked using `sudo`. Running `clamd` or `clamscan` as root is **not recommended**. Instead of using this option, you can configure `freshclam` or `clamd` to drop to any other user by: |
|
104 |
+ * setting the `DatabaseOwner` option in `freshclam.conf` and |
|
105 |
+ * setting the `User` option in `clamd.conf`. |
|
106 |
+ |
|
107 |
+Please see the `./configure --help` for additional options. |
|
108 |
+ |
|
109 |
+### Compile ClamAV |
|
110 |
+ |
|
111 |
+Compile ClamAV with: |
|
112 |
+```bash |
|
113 |
+make -j2 |
|
114 |
+``` |
|
115 |
+ |
|
116 |
+### Run ClamAV Unit Tests (Optional) |
|
117 |
+ |
|
118 |
+For peace of mind, it can be helpful to run a small suite of unit and system tests. |
|
119 |
+ |
|
120 |
+Run: |
|
121 |
+```bash |
|
122 |
+make check |
|
123 |
+``` |
|
124 |
+ |
|
125 |
+All tests should pass.* Output will look something like this: |
|
126 |
+ |
|
127 |
+```bash. |
|
128 |
+ ... |
|
129 |
+PASS: check_clamav |
|
130 |
+PASS: check_freshclam.sh |
|
131 |
+PASS: check_sigtool.sh |
|
132 |
+PASS: check_unit_vg.sh |
|
133 |
+PASS: check1_clamscan.sh |
|
134 |
+PASS: check2_clamd.sh |
|
135 |
+PASS: check3_clamd.sh |
|
136 |
+PASS: check4_clamd.sh |
|
137 |
+PASS: check5_clamd_vg.sh |
|
138 |
+PASS: check6_clamd_vg.sh |
|
139 |
+SKIP: check7_clamd_hg.sh |
|
140 |
+PASS: check8_clamd_hg.sh |
|
141 |
+PASS: check9_clamscan_vg.sh |
|
142 |
+ ... |
|
143 |
+============================================================================ |
|
144 |
+Testsuite summary for ClamAV 0.100.2 |
|
145 |
+============================================================================ |
|
146 |
+# TOTAL: 13 |
|
147 |
+# PASS: 12 |
|
148 |
+# SKIP: 1 |
|
149 |
+# XFAIL: 0 |
|
150 |
+# FAIL: 0 |
|
151 |
+# XPASS: 0 |
|
152 |
+# ERROR: 0 |
|
153 |
+``` |
|
154 |
+ |
|
155 |
+_Notes_: |
|
156 |
+ |
|
157 |
+* The `*.vg.sh` tests will be skipped unless you run `make check VG=1`. |
|
158 |
+* The `check7_clamd.hg.sh` (helgrind) is presently disabled and will be skipped. |
|
159 |
+ * For details, see: [the Git commit](https://github.com/Cisco-Talos/clamav-devel/commit/2a5d51809a56be9a777ded02969a7427a3c26713) |
|
160 |
+ |
|
161 |
+If you have a failure or an error in the unit tests, it could be that you are missing one or more of the prerequisites. |
|
162 |
+ |
|
163 |
+If you are investigating a failure, please do the following: |
|
164 |
+ |
|
165 |
+`cd unit_tests` |
|
166 |
+ |
|
167 |
+Use `less` to read the log for the failed test. |
|
168 |
+Example: |
|
169 |
+ |
|
170 |
+```bash |
|
171 |
+less check4_clamd.sh.log` |
|
172 |
+``` |
|
173 |
+ |
|
174 |
+To submit a bug report regarding unit text failures, please follow these [bug reporting steps](../Installation-Unix.md#Reporting-a-unit-test-failure-bug). |
|
175 |
+ |
|
176 |
+### Install ClamAV |
|
177 |
+ |
|
178 |
+Install ClamAV with: |
|
179 |
+```bash |
|
180 |
+make install |
|
181 |
+``` |
|
182 |
+ |
|
183 |
+_Tip_: If installing to the default or other system-owned directory, you may need to use `sudo`. |
|
184 |
+ |
|
185 |
+### First time set-up |
|
186 |
+ |
|
187 |
+_Note_: The following instructions assume you used the default install paths (i.e. `/usr/local`). If you modified the install locations using `--prefix` or `--sysconfdir` options, replace `/usr/local` with your chosen install path. |
|
188 |
+ |
|
189 |
+#### `freshclam` config |
|
190 |
+ |
|
191 |
+Before you can use `freshclam` to download updates, you need to create a `freshclam` config. A sample config is provided for you. |
|
192 |
+ |
|
193 |
+1. Copy the sample config. You may need to use `sudo`: |
|
194 |
+ ```bash |
|
195 |
+ cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf |
|
196 |
+ ``` |
|
197 |
+2. Modify the config file using your favourite text editor. Again, you may need to use `sudo`. |
|
198 |
+ * At a minimum, remove the `Example` line so `freshclam` can use the config. |
|
199 |
+ |
|
200 |
+ Take the time to look through the options. You can enable the sample options by deleting the `#` comment characters. |
|
201 |
+ |
|
202 |
+ Some popular options to enable include: |
|
203 |
+ |
|
204 |
+ * `LogTime` |
|
205 |
+ * `LogRotate` |
|
206 |
+ * `NotifyClamd` |
|
207 |
+ * `DatabaseOwner` |
|
208 |
+ |
|
209 |
+3. Create the database directory. *Tip: _You may need to use `sudo`._ |
|
210 |
+ ```bash |
|
211 |
+ mkdir /usr/local/share/clamav |
|
212 |
+ ``` |
|
213 |
+ |
|
214 |
+#### `clamd` config (optional) |
|
215 |
+ |
|
216 |
+You can run `clamscan` without setting the config options for `clamd`. However, the `clamd` scanning daemon allows you to use `clamdscan` to perform faster a-la-carte scans, allows you to run multi-threaded scans, and allows you to use `clamav-milter` if you want to use ClamAV as a mail filter if you host an email server. |
|
217 |
+ |
|
218 |
+Additionally, if you are a running modern versions of Linux where the FANOTIFY kernel feature is enabled, `clamd` has a feature run with On-Access Scanning*. *When properly configured*, On-Access Scanning can scan files as they are accessed and optionally block access to the file in the event that a signature alerted. |
|
219 |
+ |
|
220 |
+ _Note_: At this time, for On-Access Scanning to work, `clamd` must run with `sudo`/root privileges. For more details, please see our documentation on On-Access Scanning. |
|
221 |
+ |
|
222 |
+1. Copy the sample config. You may need to use `sudo`: |
|
223 |
+ ```bash |
|
224 |
+ cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf |
|
225 |
+ ``` |
|
226 |
+2. Modify the config file using your favourite text editor. Again, you may need to use `sudo`. |
|
227 |
+ * At a minimum, remove the `Example` line so `freshclam` can use the config. |
|
228 |
+ * You also _need_ to select a Socket option for `clamd` so `clamdscan` and other utilities can communicate with `clamd`. You must enable _one_ of the following. |
|
229 |
+ * `LocalSocket` |
|
230 |
+ * `TCPSocket` |
|
231 |
+ |
|
232 |
+ Take the time to look through the options. You can enable the sample options by deleting the `#` comment characters. |
|
233 |
+ |
|
234 |
+ Some popular options to enable include: |
|
235 |
+ |
|
236 |
+ * `LogTime` |
|
237 |
+ * `LogClean` |
|
238 |
+ * `LogRotate` |
|
239 |
+ * `User` |
|
240 |
+ * `ScanOnAccess` |
|
241 |
+ * `OnAccessIncludePath` |
|
242 |
+ * `OnAccessExcludePath` |
|
243 |
+ * `OnAccessPrevention` |
|
244 |
+ |
|
245 |
+#### Configure SELinux for ClamAV |
|
246 |
+ |
|
247 |
+Certain distributions (notably RedHat variants) when operating with SELinux enabled use the non-standard `antivirus_can_scan_system` SELinux option instead of `clamd_can_scan_system`. |
|
248 |
+ |
|
249 |
+At this time, libclamav only sets the `clamd_can_scan_system` option, so you may need to manually enable `antivirus_can_scan_system`. If you don't perform this step, freshclam will log something like this when it tests the newly downloaded signature databases: |
|
250 |
+ |
|
251 |
+``` |
|
252 |
+During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied |
|
253 |
+``` |
|
254 |
+ |
|
255 |
+To allow ClamAV to operate under SELinux, run the following: |
|
256 |
+```bash |
|
257 |
+setsebool -P antivirus_can_scan_system 1 |
|
258 |
+``` |
|
259 |
+ |
|
260 |
+#### Download / Update the signature database |
|
261 |
+ |
|
262 |
+Before you can run a scan, you'll need to download the signature databases. Once again, you may need to run with `sudo`/root privileges. |
|
263 |
+ |
|
264 |
+If you installed to a location in your system PATH: |
|
265 |
+```bash |
|
266 |
+freshclam |
|
267 |
+``` |
|
268 |
+ |
|
269 |
+If you installed to another location: |
|
270 |
+```bash |
|
271 |
+/<path>/<to>/<clamav>/<bin>/freshclam |
|
272 |
+``` |
|
273 |
+ |
|
274 |
+ _Important_: It is common on Ubuntu after a fresh install to see the following error the first time you use ClamAV: |
|
275 |
+ ```bash |
|
276 |
+ $ freshclam |
|
277 |
+ freshclam: error while loading shared libraries: libclamav.so.7: cannot open shared object file: No such file or directory |
|
278 |
+ ``` |
|
279 |
+ |
|
280 |
+ You can fix this error by using ldconfig to rebuild the library search path. |
|
281 |
+ ```bash |
|
282 |
+ sudo ldconfig |
|
283 |
+ ``` |
|
284 |
+ |
|
285 |
+#### Users and on user privileges |
|
286 |
+ |
|
287 |
+If you are running `freshclam` and `clamd` as root or with `sudo`, and you did not explicitely configure with `--disable-clamav`, you will want to ensure that the `DatabaseOwner` user specified in `freshclam.conf` owns the database directory so it can download signature udpates. |
|
288 |
+ |
|
289 |
+The user that `clamd`, `clamdscan`, and `clamscan` run as may be the same user, but if it isn't -- it merely needs _read_ access to the database directory. |
|
290 |
+ |
|
291 |
+If you choose to use the default `clamav` user to run `freshclam` and `clamd`, you'll need to create the clamav group and the clamav user account the first time you install ClamAV. |
|
292 |
+ |
|
293 |
+```bash |
|
294 |
+groupadd clamav |
|
295 |
+useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav |
|
296 |
+``` |
|
297 |
+ |
|
298 |
+Finally, you will want to set user ownership of the database directory. |
|
299 |
+For example: |
|
300 |
+```bash |
|
301 |
+sudo chown -R clamav:clamav /usr/local/share/clamav |
|
302 |
+``` |
|
303 |
+ |
|
304 |
+### Usage |
|
305 |
+ |
|
306 |
+You should be all set up to run scans. |
|
307 |
+ |
|
308 |
+Take a look at our [usage documentation](../Usage.md) to learn about how to use ClamAV each of the utilities. |
0 | 309 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,309 @@ |
0 |
+# Installation on Debian and Ubuntu Linux Distributions |
|
1 |
+ |
|
2 |
+Below are the steps for installing ClamAV from source on Debian and Ubuntu Linux. |
|
3 |
+ |
|
4 |
+## Install prerequisitesaa |
|
5 |
+ |
|
6 |
+1. Install ClamAV dependencies |
|
7 |
+ 1. Install the developer tools |
|
8 |
+ ```bash |
|
9 |
+ sudo apt-get install build-essential |
|
10 |
+ ``` |
|
11 |
+ 2. Install library dependencies |
|
12 |
+ ```bash |
|
13 |
+ sudo apt-get install openssl libssl-dev zlib-devel libpng-devel libxml2-devel json-c-devel bzip2-devel pcre2-devel |
|
14 |
+ ``` |
|
15 |
+ |
|
16 |
+2. Install the unit testing dependencies |
|
17 |
+ ```bash |
|
18 |
+ sudo apt-get valgrind check |
|
19 |
+ ``` |
|
20 |
+ |
|
21 |
+_Note_: LLVM is also an optional dependency. LLVM will not provide any additional features, but is an alternative method for executing bytecode signatures versus using the built-in bytecode interpreter. Limited performance testing between LLVM and the bytecode interpreter did not yield conclusive evidence that one is "better" than the other. For the sake of simplicity, it is not recommended to install LLVM. |
|
22 |
+ |
|
23 |
+## Download the latest stable release |
|
24 |
+ |
|
25 |
+1. Open a browser and navigate to [the ClamAV downloads page](http://www.clamav.net/downloads) |
|
26 |
+2. Click `clamav-<version>.tar.gz` link to download the latest stable release. |
|
27 |
+ |
|
28 |
+## Extract the source archive |
|
29 |
+ |
|
30 |
+```bash |
|
31 |
+cd ~/Downloads |
|
32 |
+tar xzf clamav-<ver>.tar.gz |
|
33 |
+cd clamav-<ver>.tar.gz |
|
34 |
+``` |
|
35 |
+ |
|
36 |
+## Configure the build |
|
37 |
+ |
|
38 |
+ClamAV's configure script should detect each of the above dependencies automatically. |
|
39 |
+ |
|
40 |
+### Typical `./configure` usage |
|
41 |
+ |
|
42 |
+```bash |
|
43 |
+./configure --enable-check |
|
44 |
+``` |
|
45 |
+ |
|
46 |
+Once `./configure` completes, it will print a summary. Verify that the packages you installed are in fact being detected. |
|
47 |
+ |
|
48 |
+Example configure summary output: |
|
49 |
+ |
|
50 |
+```bash |
|
51 |
+configure: Summary of detected features follows |
|
52 |
+ OS : linux-gnu |
|
53 |
+ pthreads : yes (-lpthread) |
|
54 |
+configure: Summary of miscellaneous features |
|
55 |
+ check : -lcheck_pic -pthread -lrt -lm -lsubunit |
|
56 |
+ fanotify : yes |
|
57 |
+ fdpassing : 1 |
|
58 |
+ IPv6 : yes |
|
59 |
+configure: Summary of optional tools |
|
60 |
+ clamdtop : -lncurses (auto) |
|
61 |
+ milter : yes (disabled) |
|
62 |
+ clamsubmit : yes (libjson-c-dev found at /usr), libcurl-devel found at /usr) |
|
63 |
+configure: Summary of engine performance features |
|
64 |
+ release mode: yes |
|
65 |
+ llvm : no (disabled) |
|
66 |
+ mempool : yes |
|
67 |
+configure: Summary of engine detection features |
|
68 |
+ bzip2 : ok |
|
69 |
+ zlib : /usr |
|
70 |
+ unrar : yes |
|
71 |
+ preclass : yes (libjson-c-dev found at /usr) |
|
72 |
+ pcre : /usr |
|
73 |
+ libmspack : yes (Internal) |
|
74 |
+ libxml2 : yes, from /usr |
|
75 |
+ yara : yes |
|
76 |
+ fts : yes (libc) |
|
77 |
+ |
|
78 |
+``` |
|
79 |
+ |
|
80 |
+### Additional popular `./configure` options |
|
81 |
+ |
|
82 |
+* `--with-systemdsystemunitdir` - Do not install `systemd` socket files. This option disables systemd support, but will allow you to `make install` to a user-owned directory without requiring `sudo`/root privileges: |
|
83 |
+ ```bash |
|
84 |
+ ./configure --with-systemdsystemunitdir=no |
|
85 |
+ ``` |
|
86 |
+* `--sysconfdir` - Install the configuration files to `/etc` instead of `/usr/local/etc`: |
|
87 |
+ ```bash |
|
88 |
+ ./configure -–sysconfdir=/etc |
|
89 |
+ ``` |
|
90 |
+* `--prefix` - Install ClamAV to a directory other than `/usr/local/`: |
|
91 |
+ * Example 1: Install to a local `./install` directory. |
|
92 |
+ ```bash |
|
93 |
+ ./configure --prefix=`pwd`/install |
|
94 |
+ ``` |
|
95 |
+ * Example 2: Install ClamAV locally on an unprivileged shell account. |
|
96 |
+ ```bash |
|
97 |
+ ./configure --prefix=$HOME/clamav --disable-clamav --with-systemdsystemunitdir=no |
|
98 |
+ ``` |
|
99 |
+* `--disable-clamav` - _Don't_ drop super-user priveleges to run `freshclam` or `clamd` as the `clamav`* user. |
|
100 |
+ ```bash |
|
101 |
+ ./configure --disable-clamav |
|
102 |
+ ``` |
|
103 |
+ *_Tip_: Using this `--disable-clamav` means that `freshclam` and `clamd` will run with _root privleges_ if invoked using `sudo`. Running `clamd` or `clamscan` as root is **not recommended**. Instead of using this option, you can configure `freshclam` or `clamd` to drop to any other user by: |
|
104 |
+ * setting the `DatabaseOwner` option in `freshclam.conf` and |
|
105 |
+ * setting the `User` option in `clamd.conf`. |
|
106 |
+ |
|
107 |
+Please see the `./configure --help` for additional options. |
|
108 |
+ |
|
109 |
+### Compile ClamAV |
|
110 |
+ |
|
111 |
+Compile ClamAV with: |
|
112 |
+```bash |
|
113 |
+make -j2 |
|
114 |
+``` |
|
115 |
+ |
|
116 |
+### Run ClamAV Unit Tests (Optional) |
|
117 |
+ |
|
118 |
+For peace of mind, it can be helpful to run a small suite of unit and system tests. |
|
119 |
+ |
|
120 |
+Run: |
|
121 |
+```bash |
|
122 |
+make check |
|
123 |
+``` |
|
124 |
+ |
|
125 |
+All tests should pass.* Output will look something like this: |
|
126 |
+ |
|
127 |
+```bash. |
|
128 |
+ ... |
|
129 |
+PASS: check_clamav |
|
130 |
+PASS: check_freshclam.sh |
|
131 |
+PASS: check_sigtool.sh |
|
132 |
+PASS: check_unit_vg.sh |
|
133 |
+PASS: check1_clamscan.sh |
|
134 |
+PASS: check2_clamd.sh |
|
135 |
+PASS: check3_clamd.sh |
|
136 |
+PASS: check4_clamd.sh |
|
137 |
+PASS: check5_clamd_vg.sh |
|
138 |
+PASS: check6_clamd_vg.sh |
|
139 |
+SKIP: check7_clamd_hg.sh |
|
140 |
+PASS: check8_clamd_hg.sh |
|
141 |
+PASS: check9_clamscan_vg.sh |
|
142 |
+ ... |
|
143 |
+============================================================================ |
|
144 |
+Testsuite summary for ClamAV 0.100.2 |
|
145 |
+============================================================================ |
|
146 |
+# TOTAL: 13 |
|
147 |
+# PASS: 12 |
|
148 |
+# SKIP: 1 |
|
149 |
+# XFAIL: 0 |
|
150 |
+# FAIL: 0 |
|
151 |
+# XPASS: 0 |
|
152 |
+# ERROR: 0 |
|
153 |
+``` |
|
154 |
+ |
|
155 |
+_Notes_: |
|
156 |
+ |
|
157 |
+* The `*.vg.sh` tests will be skipped unless you run `make check VG=1`. |
|
158 |
+* The `check7_clamd.hg.sh` (helgrind) is presently disabled and will be skipped. |
|
159 |
+ * For details, see: [the Git commit](https://github.com/Cisco-Talos/clamav-devel/commit/2a5d51809a56be9a777ded02969a7427a3c26713) |
|
160 |
+ |
|
161 |
+If you have a failure or an error in the unit tests, it could be that you are missing one or more of the prerequisites. |
|
162 |
+ |
|
163 |
+If you are investigating a failure, please do the following: |
|
164 |
+ |
|
165 |
+`cd unit_tests` |
|
166 |
+ |
|
167 |
+Use `less` to read the log for the failed test. |
|
168 |
+Example: |
|
169 |
+ |
|
170 |
+```bash |
|
171 |
+less check4_clamd.sh.log` |
|
172 |
+``` |
|
173 |
+ |
|
174 |
+To submit a bug report regarding unit text failures, please follow these [bug reporting steps](../Installation-Unix.md#Reporting-a-unit-test-failure-bug). |
|
175 |
+ |
|
176 |
+### Install ClamAV |
|
177 |
+ |
|
178 |
+Install ClamAV with: |
|
179 |
+```bash |
|
180 |
+make install |
|
181 |
+``` |
|
182 |
+ |
|
183 |
+_Tip_: If installing to the default or other system-owned directory, you may need to use `sudo`. |
|
184 |
+ |
|
185 |
+### First time set-up |
|
186 |
+ |
|
187 |
+_Note_: The following instructions assume you used the default install paths (i.e. `/usr/local`). If you modified the install locations using `--prefix` or `--sysconfdir` options, replace `/usr/local` with your chosen install path. |
|
188 |
+ |
|
189 |
+#### `freshclam` config |
|
190 |
+ |
|
191 |
+Before you can use `freshclam` to download updates, you need to create a `freshclam` config. A sample config is provided for you. |
|
192 |
+ |
|
193 |
+1. Copy the sample config. You may need to use `sudo`: |
|
194 |
+ ```bash |
|
195 |
+ cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf |
|
196 |
+ ``` |
|
197 |
+2. Modify the config file using your favourite text editor. Again, you may need to use `sudo`. |
|
198 |
+ * At a minimum, remove the `Example` line so `freshclam` can use the config. |
|
199 |
+ |
|
200 |
+ Take the time to look through the options. You can enable the sample options by deleting the `#` comment characters. |
|
201 |
+ |
|
202 |
+ Some popular options to enable include: |
|
203 |
+ |
|
204 |
+ * `LogTime` |
|
205 |
+ * `LogRotate` |
|
206 |
+ * `NotifyClamd` |
|
207 |
+ * `DatabaseOwner` |
|
208 |
+ |
|
209 |
+3. Create the database directory. *Tip: _You may need to use `sudo`._ |
|
210 |
+ ```bash |
|
211 |
+ mkdir /usr/local/share/clamav |
|
212 |
+ ``` |
|
213 |
+ |
|
214 |
+#### `clamd` config (optional) |
|
215 |
+ |
|
216 |
+You can run `clamscan` without setting the config options for `clamd`. However, the `clamd` scanning daemon allows you to use `clamdscan` to perform faster a-la-carte scans, allows you to run multi-threaded scans, and allows you to use `clamav-milter` if you want to use ClamAV as a mail filter if you host an email server. |
|
217 |
+ |
|
218 |
+Additionally, if you are a running modern versions of Linux where the FANOTIFY kernel feature is enabled, `clamd` has a feature run with On-Access Scanning*. *When properly configured*, On-Access Scanning can scan files as they are accessed and optionally block access to the file in the event that a signature alerted. |
|
219 |
+ |
|
220 |
+ _Note_: At this time, for On-Access Scanning to work, `clamd` must run with `sudo`/root privileges. For more details, please see our documentation on On-Access Scanning. |
|
221 |
+ |
|
222 |
+1. Copy the sample config. You may need to use `sudo`: |
|
223 |
+ ```bash |
|
224 |
+ cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf |
|
225 |
+ ``` |
|
226 |
+2. Modify the config file using your favourite text editor. Again, you may need to use `sudo`. |
|
227 |
+ * At a minimum, remove the `Example` line so `freshclam` can use the config. |
|
228 |
+ * You also _need_ to select a Socket option for `clamd` so `clamdscan` and other utilities can communicate with `clamd`. You must enable _one_ of the following. |
|
229 |
+ * `LocalSocket` |
|
230 |
+ * `TCPSocket` |
|
231 |
+ |
|
232 |
+ Take the time to look through the options. You can enable the sample options by deleting the `#` comment characters. |
|
233 |
+ |
|
234 |
+ Some popular options to enable include: |
|
235 |
+ |
|
236 |
+ * `LogTime` |
|
237 |
+ * `LogClean` |
|
238 |
+ * `LogRotate` |
|
239 |
+ * `User` |
|
240 |
+ * `ScanOnAccess` |
|
241 |
+ * `OnAccessIncludePath` |
|
242 |
+ * `OnAccessExcludePath` |
|
243 |
+ * `OnAccessPrevention` |
|
244 |
+ |
|
245 |
+#### Configure SELinux for ClamAV |
|
246 |
+ |
|
247 |
+Certain distributions (notably RedHat variants) when operating with SELinux enabled use the non-standard `antivirus_can_scan_system` SELinux option instead of `clamd_can_scan_system`. |
|
248 |
+ |
|
249 |
+At this time, libclamav only sets the `clamd_can_scan_system` option, so you may need to manually enable `antivirus_can_scan_system`. If you don't perform this step, freshclam will log something like this when it tests the newly downloaded signature databases: |
|
250 |
+ |
|
251 |
+``` |
|
252 |
+During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied |
|
253 |
+``` |
|
254 |
+ |
|
255 |
+To allow ClamAV to operate under SELinux, run the following: |
|
256 |
+```bash |
|
257 |
+setsebool -P antivirus_can_scan_system 1 |
|
258 |
+``` |
|
259 |
+ |
|
260 |
+#### Download / Update the signature database |
|
261 |
+ |
|
262 |
+Before you can run a scan, you'll need to download the signature databases. Once again, you may need to run with `sudo`/root privileges. |
|
263 |
+ |
|
264 |
+If you installed to a location in your system PATH: |
|
265 |
+```bash |
|
266 |
+freshclam |
|
267 |
+``` |
|
268 |
+ |
|
269 |
+If you installed to another location: |
|
270 |
+```bash |
|
271 |
+/<path>/<to>/<clamav>/<bin>/freshclam |
|
272 |
+``` |
|
273 |
+ |
|
274 |
+ _Important_: It is common on Ubuntu after a fresh install to see the following error the first time you use ClamAV: |
|
275 |
+ ```bash |
|
276 |
+ $ freshclam |
|
277 |
+ freshclam: error while loading shared libraries: libclamav.so.7: cannot open shared object file: No such file or directory |
|
278 |
+ ``` |
|
279 |
+ |
|
280 |
+ You can fix this error by using ldconfig to rebuild the library search path. |
|
281 |
+ ```bash |
|
282 |
+ sudo ldconfig |
|
283 |
+ ``` |
|
284 |
+ |
|
285 |
+#### Users and on user privileges |
|
286 |
+ |
|
287 |
+If you are running `freshclam` and `clamd` as root or with `sudo`, and you did not explicitely configure with `--disable-clamav`, you will want to ensure that the `DatabaseOwner` user specified in `freshclam.conf` owns the database directory so it can download signature udpates. |
|
288 |
+ |
|
289 |
+The user that `clamd`, `clamdscan`, and `clamscan` run as may be the same user, but if it isn't -- it merely needs _read_ access to the database directory. |
|
290 |
+ |
|
291 |
+If you choose to use the default `clamav` user to run `freshclam` and `clamd`, you'll need to create the clamav group and the clamav user account the first time you install ClamAV. |
|
292 |
+ |
|
293 |
+``` |
|
294 |
+groupadd clamav |
|
295 |
+useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav |
|
296 |
+``` |
|
297 |
+ |
|
298 |
+Finally, you will want to set user ownership of the database directory. |
|
299 |
+For example: |
|
300 |
+```bash |
|
301 |
+sudo chown -R clamav:clamav /usr/local/share/clamav |
|
302 |
+``` |
|
303 |
+ |
|
304 |
+### Usage |
|
305 |
+ |
|
306 |
+You should be all set up to run scans. |
|
307 |
+ |
|
308 |
+Take a look at our [usage documentation](../Usage.md) to learn about how to use ClamAV each of the utilities. |
0 | 309 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,364 @@ |
0 |
+# Installation on macOS (Mac OS X) |
|
1 |
+ |
|
2 |
+Below are the steps for installing ClamAV from source on Apple macOS. |
|
3 |
+ |
|
4 |
+## Install prerequisites |
|
5 |
+ |
|
6 |
+The easiest way to install prerequisites on macOS is to use [Homebrew](https://brew.sh/) |
|
7 |
+ |
|
8 |
+1. Install Homebrew |
|
9 |
+ ```bash |
|
10 |
+ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" |
|
11 |
+ ``` |
|
12 |
+ |
|
13 |
+2. Install ClamAV dependencies |
|
14 |
+ 1. Install XCode's Command Line Tools |
|
15 |
+ ```bash |
|
16 |
+ xcode-select --install |
|
17 |
+ ``` |
|
18 |
+ 2. Install library dependencies |
|
19 |
+ ```bash |
|
20 |
+ brew install pcre2 openssl json-c |
|
21 |
+ ``` |
|
22 |
+ |
|
23 |
+3. Install the unit testing dependencies |
|
24 |
+ ```bash |
|
25 |
+ sudo apt-get valgrind check |
|
26 |
+ ``` |
|
27 |
+ |
|
28 |
+ _Tip_: Valgrind may not be available in Homebrew for the latest version of macOS. |
|
29 |
+ |
|
30 |
+_Note_: LLVM is also an optional dependency. LLVM will not provide any additional features, but is an alternative method for executing bytecode signatures versus using the built-in bytecode interpreter. Limited performance testing between LLVM and the bytecode interpreter did not yield conclusive evidence that one is "better" than the other. For the sake of simplicity, it is not recommended to install LLVM. |
|
31 |
+ |
|
32 |
+## Download the latest stable release |
|
33 |
+ |
|
34 |
+1. Open a browser and navigate to [the ClamAV downloads page](http://www.clamav.net/downloads) |
|
35 |
+2. Click `clamav-<version>.tar.gz` link to download the latest stable release. |
|
36 |
+ |
|
37 |
+## Extract the source archive |
|
38 |
+ |
|
39 |
+```bash |
|
40 |
+cd ~/Downloads |
|
41 |
+tar xzf clamav-<ver>.tar.gz |
|
42 |
+cd clamav-<ver>.tar.gz |
|
43 |
+``` |
|
44 |
+ |
|
45 |
+## Configure the build |
|
46 |
+ |
|
47 |
+Homebrew installs libraries and applications under `/usr/local/Cellar/<app>/<ver>/`. |
|
48 |
+ |
|
49 |
+To configure the ClamAV build using our homebrew-installed dependencies, you may need to reference some of them explicitly. Others may be detected automatically. |
|
50 |
+ |
|
51 |
+### Typical `./configure` usage |
|
52 |
+ |
|
53 |
+*_Note_: Your Homebrew-installed package version directories may differ slightly. |
|
54 |
+ |
|
55 |
+```bash |
|
56 |
+./configure --with-openssl=/usr/local/Cellar/openssl/1.0.2l --with-libjson=yes --enable-check |
|
57 |
+``` |
|
58 |
+ |
|
59 |
+Once `./configure` completes, it will print a summary. Verify that the packages you installed are in fact being detected. |
|
60 |
+ |
|
61 |
+Example configure summary output: |
|
62 |
+ |
|
63 |
+```bash |
|
64 |
+configure: Summary of detected features follows |
|
65 |
+ OS : darwin17.2.0 |
|
66 |
+ pthreads : yes () |
|
67 |
+configure: Summary of miscellaneous features |
|
68 |
+ check : -L/usr/local/lib -lcheck -R/usr/local/lib (auto) |
|
69 |
+ fanotify : no (disabled) |
|
70 |
+ fdpassing : 1 |
|
71 |
+ IPv6 : yes |
|
72 |
+configure: Summary of optional tools |
|
73 |
+ clamdtop : -lncurses (auto) |
|
74 |
+ milter : yes (disabled) |
|
75 |
+ clamsubmit : yes (libjson-c-dev found at /usr/local), libcurl-devel found at /usr) |
|
76 |
+configure: Summary of engine performance features |
|
77 |
+ release mode: yes |
|
78 |
+ llvm : no (disabled) |
|
79 |
+ mempool : yes |
|
80 |
+configure: Summary of engine detection features |
|
81 |
+ bzip2 : ok |
|
82 |
+ zlib : /usr |
|
83 |
+ unrar : yes |
|
84 |
+ preclass : yes (libjson-c-dev found at /usr/local) |
|
85 |
+ pcre : /usr/local/Cellar/pcre2/10.32 |
|
86 |
+ libmspack : yes (Internal) |
|
87 |
+ libxml2 : yes, from /usr |
|
88 |
+ yara : yes |
|
89 |
+ fts : yes (libc) |
|
90 |
+``` |
|
91 |
+ |
|
92 |
+If you experience an error wherein `configure` output claims that `gcc` is unable to build an executable -- please see the [Troubleshooting section at the bottom](#configure----gcc-failed-to-build-executable). |
|
93 |
+ |
|
94 |
+### Additional popular `./configure` options |
|
95 |
+ |
|
96 |
+* `--sysconfdir` - Install the configuration files to `/etc` instead of `/usr/local/etc`: |
|
97 |
+ ```bash |
|
98 |
+ ./configure -–sysconfdir=/etc |
|
99 |
+ ``` |
|
100 |
+* `--prefix` - Install ClamAV to a directory other than `/usr/local/`: |
|
101 |
+ * Example 1: Install to a local `./install` directory. |
|
102 |
+ ```bash |
|
103 |
+ ./configure --prefix=`pwd`/install |
|
104 |
+ ``` |
|
105 |
+ * Example 2: Install ClamAV locally on an unprivileged shell account. |
|
106 |
+ ```bash |
|
107 |
+ ./configure --prefix=$HOME/clamav --disable-clamav |
|
108 |
+ ``` |
|
109 |
+* `--disable-clamav` - _Don't_ drop super-user priveleges to run `freshclam` or `clamd` as the `clamav`* user. |
|
110 |
+ ```bash |
|
111 |
+ ./configure --disable-clamav |
|
112 |
+ ``` |
|
113 |
+ *_Tip_: Using this `--disable-clamav` means that `freshclam` and `clamd` will run with _root privleges_ if invoked using `sudo`. Running `clamd` or `clamscan` as root is **not recommended**. Instead of using this option, you can configure `freshclam` or `clamd` to drop to any other user by: |
|
114 |
+ * setting the `DatabaseOwner` option in `freshclam.conf` and |
|
115 |
+ * setting the `User` option in `clamd.conf`. |
|
116 |
+ |
|
117 |
+Please see the `./configure --help` for additional options. |
|
118 |
+ |
|
119 |
+### Compile ClamAV |
|
120 |
+ |
|
121 |
+Compile ClamAV with: |
|
122 |
+```bash |
|
123 |
+make -j2 |
|
124 |
+``` |
|
125 |
+ |
|
126 |
+If you experience error messages wherein the compiler is unable to find the correct openssl header or library files, you may need to reconfigure and provide explicit header and library paths. See the [Troubleshooting section below for details](#make----failed-to-find-correct-openssl-header-or-library-files). |
|
127 |
+ |
|
128 |
+### Run ClamAV Unit Tests (Optional) |
|
129 |
+ |
|
130 |
+For peace of mind, it can be helpful to run a small suite of unit and system tests. |
|
131 |
+ |
|
132 |
+Run: |
|
133 |
+```bash |
|
134 |
+make check |
|
135 |
+``` |
|
136 |
+ |
|
137 |
+All tests should pass.* Output will look something like this: |
|
138 |
+ |
|
139 |
+```bash. |
|
140 |
+ ... |
|
141 |
+PASS: check_clamav |
|
142 |
+PASS: check_freshclam.sh |
|
143 |
+PASS: check_sigtool.sh |
|
144 |
+PASS: check_unit_vg.sh |
|
145 |
+PASS: check1_clamscan.sh |
|
146 |
+PASS: check2_clamd.sh |
|
147 |
+PASS: check3_clamd.sh |
|
148 |
+PASS: check4_clamd.sh |
|
149 |
+PASS: check5_clamd_vg.sh |
|
150 |
+PASS: check6_clamd_vg.sh |
|
151 |
+SKIP: check7_clamd_hg.sh |
|
152 |
+PASS: check8_clamd_hg.sh |
|
153 |
+PASS: check9_clamscan_vg.sh |
|
154 |
+ ... |
|
155 |
+============================================================================ |
|
156 |
+Testsuite summary for ClamAV 0.100.2 |
|
157 |
+============================================================================ |
|
158 |
+# TOTAL: 13 |
|
159 |
+# PASS: 12 |
|
160 |
+# SKIP: 1 |
|
161 |
+# XFAIL: 0 |
|
162 |
+# FAIL: 0 |
|
163 |
+# XPASS: 0 |
|
164 |
+# ERROR: 0 |
|
165 |
+``` |
|
166 |
+ |
|
167 |
+_Notes_: |
|
168 |
+ |
|
169 |
+* The `*.vg.sh` tests will be skipped unless you run `make check VG=1`. |
|
170 |
+ * _Under macOS_, `*.vg.sh` (valgrind) tests _will fail_ due to false alerts. |
|
171 |
+ * Valgrind may not be available via Homebrew for the latest version of macOS. |
|
172 |
+* The `check7_clamd.hg.sh` (helgrind) is presently disabled and will be skipped. |
|
173 |
+ * For details, see: [the Git commit](https://github.com/Cisco-Talos/clamav-devel/commit/2a5d51809a56be9a777ded02969a7427a3c26713) |
|
174 |
+ |
|
175 |
+If you have a failure or an error in the unit tests, it could be that you are missing one or more of the prerequisites or that there is miss-match in the header files after upgrading to a newer version of macOS. If the latter, please see the [Troubleshooting section at the bottom](#make-check----unit-tests-failed-for-seemingly-no-reason). |
|
176 |
+ |
|
177 |
+If you are investigating a failure, please do the following: |
|
178 |
+ |
|
179 |
+`cd unit_tests` |
|
180 |
+ |
|
181 |
+Use `less` to read the log for the failed test. |
|
182 |
+Example: |
|
183 |
+ |
|
184 |
+```bash |
|
185 |
+less check4_clamd.sh.log` |
|
186 |
+``` |
|
187 |
+ |
|
188 |
+To submit a bug report regarding unit text failures, please follow these [bug reporting steps](../Installation-Unix.md#Reporting-a-unit-test-failure-bug). |
|
189 |
+ |
|
190 |
+### Install ClamAV |
|
191 |
+ |
|
192 |
+Install ClamAV with: |
|
193 |
+```bash |
|
194 |
+make install |
|
195 |
+``` |
|
196 |
+ |
|
197 |
+_Tip_: If installing to the default or other system-owned directory, you may need to use `sudo`. |
|
198 |
+ |
|
199 |
+### First time set-up |
|
200 |
+ |
|
201 |
+_Note_: The following instructions assume you used the default install paths (i.e. `/usr/local`). If you modified the install locations using `--prefix` or `--sysconfdir` options, replace `/usr/local` with your chosen install path. |
|
202 |
+ |
|
203 |
+#### `freshclam` config |
|
204 |
+ |
|
205 |
+Before you can use `freshclam` to download updates, you need to create a `freshclam` config. A sample config is provided for you. |
|
206 |
+ |
|
207 |
+1. Copy the sample config. You may need to use `sudo`: |
|
208 |
+ ```bash |
|
209 |
+ cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf |
|
210 |
+ ``` |
|
211 |
+2. Modify the config file using your favourite text editor. Again, you may need to use `sudo`. |
|
212 |
+ * At a minimum, remove the `Example` line so `freshclam` can use the config. |
|
213 |
+ |
|
214 |
+ Take the time to look through the options. You can enable the sample options by deleting the `#` comment characters. |
|
215 |
+ |
|
216 |
+ Some popular options to enable include: |
|
217 |
+ |
|
218 |
+ * `LogTime` |
|
219 |
+ * `LogRotate` |
|
220 |
+ * `NotifyClamd` |
|
221 |
+ * `DatabaseOwner` |
|
222 |
+ |
|
223 |
+3. Create the database directory. *Tip: _You may need to use `sudo`._ |
|
224 |
+ ```bash |
|
225 |
+ mkdir /usr/local/share/clamav |
|
226 |
+ ``` |
|
227 |
+ |
|
228 |
+#### `clamd` config (optional) |
|
229 |
+ |
|
230 |
+You can run `clamscan` without setting the config options for `clamd`. However, the `clamd` scanning daemon allows you to use `clamdscan` to perform faster a-la-carte scans, allows you to run multi-threaded scans, and allows you to use `clamav-milter` if you want to use ClamAV as a mail filter if you host an email server. |
|
231 |
+ |
|
232 |
+1. Copy the sample config. You may need to use `sudo`: |
|
233 |
+ ```bash |
|
234 |
+ cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf |
|
235 |
+ ``` |
|
236 |
+2. Modify the config file using your favourite text editor. Again, you may need to use `sudo`. |
|
237 |
+ * At a minimum, remove the `Example` line so `freshclam` can use the config. |
|
238 |
+ * You also _need_ to select a Socket option for `clamd` so `clamdscan` and other utilities can communicate with `clamd`. You must enable _one_ of the following. |
|
239 |
+ * `LocalSocket` |
|
240 |
+ * `TCPSocket` |
|
241 |
+ |
|
242 |
+ Take the time to look through the options. You can enable the sample options by deleting the `#` comment characters. |
|
243 |
+ |
|
244 |
+ Some popular options to enable include: |
|
245 |
+ |
|
246 |
+ * `LogTime` |
|
247 |
+ * `LogClean` |
|
248 |
+ * `LogRotate` |
|
249 |
+ * `User` |
|
250 |
+ |
|
251 |
+#### Download / Update the signature database |
|
252 |
+ |
|
253 |
+Before you can run a scan, you'll need to download the signature databases. Once again, you may need to run with `sudo`/root privileges. |
|
254 |
+ |
|
255 |
+If you installed to a location in your system PATH: |
|
256 |
+```bash |
|
257 |
+freshclam |
|
258 |
+``` |
|
259 |
+ |
|
260 |
+If you installed to another location: |
|
261 |
+```bash |
|
262 |
+/<path>/<to>/<clamav>/<bin>/freshclam |
|
263 |
+``` |
|
264 |
+ |
|
265 |
+#### Users and on user privileges |
|
266 |
+ |
|
267 |
+If you are running `freshclam` and `clamd` as root or with `sudo`, and you did not explicitely configure with `--disable-clamav`, you will want to ensure that the `DatabaseOwner` user specified in `freshclam.conf` owns the database directory so it can download signature udpates. |
|
268 |
+ |
|
269 |
+The user that `clamd`, `clamdscan`, and `clamscan` run as may be the same user, but if it isn't -- it merely needs _read_ access to the database directory. |
|
270 |
+ |
|
271 |
+If you choose to use the default `clamav` user to run `freshclam` and `clamd`, you'll need to create the clamav group and the clamav user account the first time you install ClamAV. |
|
272 |
+ |
|
273 |
+Prep by identifying an unused group id (gid), and an unused user UniqueID. |
|
274 |
+ |
|
275 |
+This command will display all current group PrimaryGroupIDs: |
|
276 |
+```bash |
|
277 |
+dscl . list /Groups PrimaryGroupID | tr -s ' ' | sort -n -t ' ' -k2,2 |
|
278 |
+``` |
|
279 |
+ |
|
280 |
+This command will display all current user UniqueIDs: |
|
281 |
+```bash |
|
282 |
+dscl . list /Users UniqueID | tr -s ' ' | sort -n -t ' ' -k2,2 |
|
283 |
+``` |
|
284 |
+ |
|
285 |
+Then, these commands can be used to create the `clamav` group and `clamav` user. |
|
286 |
+```bash |
|
287 |
+sudo dscl . create /Groups/clamav |
|
288 |
+sudo dscl . create /Groups/clamav RealName "Clam Antivirus Group" |
|
289 |
+sudo dscl . create /Groups/clamav gid 799 # Ensure this is unique! |
|
290 |
+sudo dscl . create /Users/clamav |
|
291 |
+sudo dscl . create /Users/clamav RealName "Clam Antivirus User" |
|
292 |
+sudo dscl . create /Users/clamav UserShell /bin/false |
|
293 |
+sudo dscl . create /Users/clamav UniqueID 599 # Ensure this is unique! |
|
294 |
+sudo dscl . create /Users/clamav PrimaryGroupID 799 # Must match the above gid! |
|
295 |
+``` |
|
296 |
+ |
|
297 |
+Finally, you will want to set user ownership of the database directory. |
|
298 |
+For example: |
|
299 |
+```bash |
|
300 |
+sudo chown -R clamav:clamav /usr/local/share/clamav |
|
301 |
+``` |
|
302 |
+ |
|
303 |
+### Usage |
|
304 |
+ |
|
305 |
+You should be all set up to run scans. |
|
306 |
+ |
|
307 |
+Take a look at our [usage documentation](../Usage.md) to learn about how to use ClamAV each of the utilities. |
|
308 |
+ |
|
309 |
+### Troubleshooting |
|
310 |
+ |
|
311 |
+#### Configure -- `gcc` failed to build executable |
|
312 |
+ |
|
313 |
+It is possible that `gcc`/`clang` is misconfigured. This is particularly likely after an upgrade to a newer versions of macOS (e.g after an upgrade from macOS High Sierra to macOS Mojave). |
|
314 |
+ |
|
315 |
+Open Terminal, and run the following: |
|
316 |
+ |
|
317 |
+```bash |
|
318 |
+xcode-select --install |
|
319 |
+``` |
|
320 |
+ |
|
321 |
+This will download and install xcode developer tools and fix the problem. _You will be prompted (in the macOS GUI) to accept the license agreement before it will continue._ |
|
322 |
+As a follow on step, you _may_ need to reset the path to Xcode if you have several versions or want the command line tools to run without Xcode. |
|
323 |
+ |
|
324 |
+```bash |
|
325 |
+xcode-select --switch /Applications/Xcode.app |
|
326 |
+xcode-select --switch /Library/Developer/CommandLineTools |
|
327 |
+``` |
|
328 |
+ |
|
329 |
+> Solution shamelessly lifted from [apple stackexchange](https://apple.stackexchange.com/questions/254380/macos-mojave-invalid-active-developer-path) |
|
330 |
+ |
|
331 |
+#### Make -- failed to find correct openssl header or library files |
|
332 |
+ |
|
333 |
+Homebrew provides symlinks in `/usr/local/opt` to aid in the linking process: |
|
334 |
+ |
|
335 |
+```bash |
|
336 |
+$ ls -l /usr/local/opt/openssl* |
|
337 |
+ |
|
338 |
+lrwxr-xr-x 1 gary admin 24B Aug 21 12:39 /usr/local/opt/openssl@ -> ../Cellar/openssl/1.0.2p |
|
339 |
+lrwxr-xr-x 1 gary admin 24B Aug 21 12:39 /usr/local/opt/openssl@1.0@ -> ../Cellar/openssl/1.0.2p |
|
340 |
+lrwxr-xr-x 1 gary admin 28B Nov 20 2017 /usr/local/opt/openssl@1.1@ -> ../Cellar/openssl@1.1/1.1.0g |
|
341 |
+``` |
|
342 |
+ |
|
343 |
+If they aren't automatically detected you may experience issues linking openssl. You can work around this by explicitly listing the include `-I` and library `-L` paths. |
|
344 |
+ |
|
345 |
+For example: |
|
346 |
+ |
|
347 |
+```bash |
|
348 |
+./configure --with-openssl=/usr/local/Cellar/openssl/1.0.2l --with-libjson=yes --enable-check CPPFLAGS="-I/usr/local/opt/openssl@1.0/include" LDFLAGS="-L/usr/local/opt/openssl@1.0/lib/" |
|
349 |
+``` |
|
350 |
+ |
|
351 |
+#### Make check -- unit tests failed for seemingly no reason |
|
352 |
+ |
|
353 |
+Similar to the above issue, it is possible for a mismatch in your development header files resulting in a working build that may fail the `check` test suite. |
|
354 |
+ |
|
355 |
+If you're seeing one or more failed tests on a stable release of ClamAV on macOS, the following may resolve the issue: |
|
356 |
+ |
|
357 |
+Open Terminal, and run the following: |
|
358 |
+ |
|
359 |
+```bash |
|
360 |
+sudo installer -pkg /Library/Developer/CommandLineTools/Packages/macOS_SDK_headers_for_macOS_10.14.pkg -target / |
|
361 |
+``` |
|
362 |
+ |
|
363 |
+> Solution shamelessly lifted from [the pyenv github issue tracker](https://github.com/pyenv/pyenv/issues/1219) |
0 | 364 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,106 @@ |
0 |
+# Installing ClamAV on Windows |
|
1 |
+ |
|
2 |
+If you wish to build ClamAV from source using Visual Studio 2015, please head over to the [Win32 ClamAV Build Instructions](win32/README.md) located in our source release materials on [ClamAV.net](https://www.clamav.net/downloads) and on [GitHub](https://github.com/Cisco-Talos/clamav-devel). |
|
3 |
+ |
|
4 |
+## Install using the ClamAV Windows Installer |
|
5 |
+ |
|
6 |
+Important: Installing ClamAV using the Installer will require Administrator privileges. |
|
7 |
+ |
|
8 |
+1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.0.exe |
|
9 |
+2. Locate the file in your Downloads directory. |
|
10 |
+3. Right-click on `ClamAV-0.101.0.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`. |
|
11 |
+4. Select `I accept the agreement` and click `Next`. |
|
12 |
+5. Click `Next` again. If you've removed a previous installation of ClamAV, you may receive the prompt "The folder ... already exists...". If you do, select `Yes`. |
|
13 |
+6. Click `Install`. |
|
14 |
+7. Click `Finish`. |
|
15 |
+8. Press the Windows-key and type `powershell` but _DO NOT_ press `Enter`. Right-click on `Windows PowerShell` at the top of the menu and select `Run as administrator`. Your computer may warn you `Do you want to allow this app to make changes to your device?` Click `Yes`. |
|
16 |
+9. Verify that the prompt in the PowerShell window looks like this: |
|
17 |
+ ```powershell |
|
18 |
+ PS C:\WINDOWS\system32> |
|
19 |
+ ``` |
|
20 |
+ |
|
21 |
+10. In the Adminstrator PowerShell window, enter the following to navigate to the ClamAV install directory: |
|
22 |
+ ```powershell |
|
23 |
+ cd "c:\program files\clamav" |
|
24 |
+ ``` |
|
25 |
+ |
|
26 |
+Continue on to "First Time Set-Up" below... |
|
27 |
+ |
|
28 |
+## Install using the ClamAV Portable Install Package |
|
29 |
+ |
|
30 |
+1. Download: https://www.clamav.net/downloads/production/clamav-0.101.0-win-x64-portable.zip |
|
31 |
+2. Unzip it. |
|
32 |
+3. Open the `clamav-0.101.0-win-x64-portable` directory. |
|
33 |
+4. Hold down Shift and then right-click on the background in the current directory (but not on one of the files). Select `"Open PowerShell window here"`. If that option doesn't appear, try again. |
|
34 |
+ |
|
35 |
+Continue on to "First Time Set-Up"... |
|
36 |
+ |
|
37 |
+## First Time Set-Up |
|
38 |
+ |
|
39 |
+In the PowerShell window, perform the following tasks: |
|
40 |
+ |
|
41 |
+* Run: |
|
42 |
+ ```powershell |
|
43 |
+ copy .\conf_examples\freshclam.conf.sample .\freshclam.conf |
|
44 |
+ ``` |
|
45 |
+* Run: |
|
46 |
+ ```powershell |
|
47 |
+ write.exe .\freshclam.conf |
|
48 |
+ ``` |
|
49 |
+* WordPad will pop up. Delete the line that says "Example". Save the file and close WordPad. |
|
50 |
+ |
|
51 |
+## Next Steps |
|
52 |
+ |
|
53 |
+### Download the Signature Databases |
|
54 |
+ |
|
55 |
+Before you can start the ClamAV scanning engine (using either `clamd` or `clamscan`), you must _first_ have ClamAV Virus Database (.cvd) file(s) installed in the appropriate location on your system. The default location for these database files is C:\Program Files\ClamAV\database, the database directory of your ` (in Windows). |
|
56 |
+ |
|
57 |
+Continuing in the PowerShell window: |
|
58 |
+ |
|
59 |
+1. Run: |
|
60 |
+ ```powershell |
|
61 |
+ .\freshclam.exe |
|
62 |
+ ``` |
|
63 |
+2. freshclam will download some files and drop them in the database directory. This can take a minute or two depending on how fast your internet connection is. The files are a pretty large. |
|
64 |
+3. You are now ready to perform scans with ClamAV. If you using the portable install package, you may now copy the entire `clamav-0.100.1-win-x64-portable` directory to the computer(s) you wish to scan. |
|
65 |
+ |
|
66 |
+### Steps to Perform Basic Scanning |
|
67 |
+ |
|
68 |
+* Run this to scan the files in the current directory: |
|
69 |
+ ```powershell |
|
70 |
+ .\clamscan.exe . |
|
71 |
+ ``` |
|
72 |
+ |
|
73 |
+ This will scan the current directory. At the end of the scan, it will display a summary. If you notice in the clamscan output, it only scanned something like 60 files, even though there are more files in subdirectories. By default, clamscan will only scan files in the current directory. |
|
74 |
+ |
|
75 |
+* Run this to scan all the files in the current directory: |
|
76 |
+ ```powershell |
|
77 |
+ .\clamscan.exe --recursive . |
|
78 |
+ ``` |
|
79 |
+ |
|
80 |
+* Run this to scan ALL the files on your C: drive, it will take **quite** a while. Keep in mind that you can cancel it at any time by pressing `Ctrl-C`: |
|
81 |
+ ```powershell |
|
82 |
+ .\clamscan --recursive C:\ |
|
83 |
+ ``` |
|
84 |
+ |
|
85 |
+* For more information on ways you can use clamscan, run: |
|
86 |
+ ```powershell |
|
87 |
+ .\clamscan.exe --help |
|
88 |
+ ``` |
|
89 |
+ |
|
90 |
+### Faster a-la-carte Scanning with `clamd` |
|
91 |
+ |
|
92 |
+You may have noticed that `clamscan` takes a while to get started. This is because it loads the signature database each time you start a scan. If you require faster scanning of individual files, you will want to use `clamd` with `clamdscan` instead. |
|
93 |
+ |
|
94 |
+Continuing in the PowerShell window: |
|
95 |
+ |
|
96 |
+1. Run: |
|
97 |
+ ```powershell |
|
98 |
+ .\clamd.exe |
|
99 |
+ ``` |
|
100 |
+ The application will take a moment to load and then appear to hang, but it is in fact waiting for scanning commands from `clamdscan`. |
|
101 |
+2. Open a second PowerShell window as you did above, in the same directory. |
|
102 |
+3. In the second PowerShell window, you can now run `clamdscan` much the same way you did with `clamscan` above. |
|
103 |
+ ```powershell |
|
104 |
+ .\clamdscan.exe . |
|
105 |
+ ``` |
0 | 106 |
deleted file mode 100644 |
... | ... |
@@ -1,197 +0,0 @@ |
1 |
-# Installation from Source |
|
2 |
- |
|
3 |
-## Requirements |
|
4 |
- |
|
5 |
-The following components are required to compile ClamAV under UNIX:= |
|
6 |
- |
|
7 |
-- zlib and zlib-devel packages |
|
8 |
-- openssl version 0.9.8 or higher and libssl-devel packages |
|
9 |
-- gcc compiler suite (tested with 2.9x, 3.x and 4.x series) **If you are compiling with higher optimization levels than the default one ( for gcc), be aware that there have been reports of misoptimizations. The build system of ClamAV only checks for bugs affecting the default settings, it is your responsibility to check that your compiler version doesn’t have any bugs.** |
|
10 |
-- GNU make (gmake) |
|
11 |
- |
|
12 |
-The following packages are optional but **highly recommended**: |
|
13 |
- |
|
14 |
-- bzip2 and bzip2-devel library |
|
15 |
-- libxml2 and libxml2-dev library |
|
16 |
-- `check` unit testing framework \[3\]. |
|
17 |
- |
|
18 |
-The following packages are optional, but **required for bytecode JIT support**: |
|
19 |
- |
|
20 |
-- GCC C and C++ compilers (minimum 4.1.3, recommended 4.3.4 or newer) the package for these compilers are usually called: gcc, g++, or gcc-c++. \[5\] |
|
21 |
-- OSX Xcode versions prior to 5.0 use a g++ compiler frontend (llvm-gcc) that is not compatible with ClamAV JIT. It is recommended to either compile ClamAV JIT with clang++ or to compile ClamAV without JIT. |
|
22 |
-- A supported CPU for the JIT, either of: X86, X86-64, PowerPC, PowerPC64 |
|
23 |
- |
|
24 |
-The following packages are optional, but needed for the JIT unit tests: |
|
25 |
- |
|
26 |
-- GNU Make (version 3.79, recommended 3.81) |
|
27 |
-- Python (version 2.5.4 or newer), for running the JIT unit tests |
|
28 |
- |
|
29 |
-The following packages are optional, but required for clamsubmit: |
|
30 |
- |
|
31 |
-- libcurl-devel library |
|
32 |
-- libjson-c-dev library |
|
33 |
- |
|
34 |
-## Installing on shell account |
|
35 |
- |
|
36 |
-To install ClamAV locally on an unprivileged shell account you need not create any additional users or groups. Assuming your home directory is `/home/gary` you should build it as follows: |
|
37 |
- |
|
38 |
-```bash |
|
39 |
- $ ./configure --prefix=/home/gary/clamav --disable-clamav |
|
40 |
- $ make; make install |
|
41 |
-``` |
|
42 |
- |
|
43 |
-To test your installation execute: |
|
44 |
- |
|
45 |
-```bash |
|
46 |
- $ ~/clamav/bin/freshclam |
|
47 |
- $ ~/clamav/bin/clamscan ~ |
|
48 |
-``` |
|
49 |
- |
|
50 |
-The `--disable-clamav` switch disables the check for existence of the *clamav* user and group but `clamscan` would still require an unprivileged account to work in a superuser mode. |
|
51 |
- |
|
52 |
-## Adding new system user and group |
|
53 |
- |
|
54 |
-If you are installing ClamAV for the first time, you have to add a new user and group to your system: |
|
55 |
- |
|
56 |
-```bash |
|
57 |
- # groupadd clamav |
|
58 |
- # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav |
|
59 |
-``` |
|
60 |
- |
|
61 |
-Consult a system manual if your OS has not *groupadd* and *useradd* utilities. **Don’t forget to lock access to the account\!** |
|
62 |
- |
|
63 |
-## Compilation of base package |
|
64 |
- |
|
65 |
-Once you have created the clamav user and group, please extract the archive: |
|
66 |
- |
|
67 |
-```bash |
|
68 |
- $ zcat clamav-x.yz.tar.gz | tar xvf - |
|
69 |
- $ cd clamav-x.yz |
|
70 |
-``` |
|
71 |
- |
|
72 |
-Assuming you want to install the configuration files in /etc, configure and build the software as follows: |
|
73 |
- |
|
74 |
-```bash |
|
75 |
- $ ./configure --sysconfdir=/etc |
|
76 |
- $ make |
|
77 |
- $ su -c "make install" |
|
78 |
-``` |
|
79 |
- |
|
80 |
-In the last step the software is installed into the /usr/local directory and the config files into /etc. **WARNING: Never enable the SUID or SGID bits for Clam AntiVirus binaries.** |
|
81 |
- |
|
82 |
-## Compilation with clamav-milter enabled |
|
83 |
- |
|
84 |
-libmilter and its development files are required. To enable clamav-milter, configure ClamAV with |
|
85 |
- |
|
86 |
-```bash |
|
87 |
- $ ./configure --enable-milter |
|
88 |
-``` |
|
89 |
- |
|
90 |
-See section /refsec:clamavmilter for more details on clamav-milter. |
|
91 |
- |
|
92 |
-## Using the system LLVM |
|
93 |
- |
|
94 |
-Some problems have been reported when compiling ClamAV’s built-in LLVM with recent C++ compiler releases. These problems may be avoided by installing and using an external LLVM system library. To configure ClamAV to use LLVM that is installed as a system library instead of the built-in LLVM JIT, use following: |
|
95 |
- |
|
96 |
-```bash |
|
97 |
- $ ./configure --with-system-llvm=/myllvm/bin/llvm-config |
|
98 |
- $ make |
|
99 |
- $ sudo make install |
|
100 |
-``` |
|
101 |
- |
|
102 |
-The argument to `--with-system-llvm` is optional, indicating the path name of the LLVM configuration utility (llvm-config). With no argument to `--with-system-llvm`, `./configure` will search for LLVM in /usr/local/ and then /usr. |
|
103 |
- |
|
104 |
-Recommended versions of LLVM are 3.2, 3.3, 3.4, 3.5, and 3.6. Some installations have reported problems using earlier LLVM versions. Versions of LLVM beyond 3.6 are not currently supported in ClamAV. |
|
105 |
- |
|
106 |
-## Running unit tests |
|
107 |
- |
|
108 |
-ClamAV includes unit tests that allow you to test that the compiled binaries work correctly on your platform. |
|
109 |
- |
|
110 |
-The first step is to use your OS’s package manager to install the `check` package. If your OS doesn’t have that package, you can download it from <http://check.sourceforge.net/>, build it and install it. |
|
111 |
- |
|
112 |
-To help clamav’s configure script locate `check`, it is recommended that you install `pkg-config`, preferably using your OS’s package manager, or from <http://pkg-config.freedesktop.org>. |
|
113 |
- |
|
114 |
-The recommended way to run unit-tests is the following, which ensures you will get an error if unit tests cannot be built: \[6\] |
|
115 |
- |
|
116 |
-```bash |
|
117 |
- $ ./configure --enable-check |
|
118 |
- $ make |
|
119 |
- $ make check |
|
120 |
-``` |
|
121 |
- |
|
122 |
-When `make check` is finished, you should get a message similar to this: |
|
123 |
- |
|
124 |
-```bash |
|
125 |
-================== |
|
126 |
-All 8 tests passed |
|
127 |
-================== |
|
128 |
-``` |
|
129 |
- |
|
130 |
-If a unit test fails, you get a message similar to the following. Note that in older versions of make check may report failures due to the absence of optional packages. Please make sure you have the latest versions of the components noted in section /refsec:components. See the next section on how to report a bug when a unit test fails. |
|
131 |
- |
|
132 |
-```bash |
|
133 |
-======================================== |
|
134 |
-1 of 8 tests failed |
|
135 |
-Please report to https://bugzilla.clamav.net/ |
|
136 |
-======================================== |
|
137 |
-``` |
|
138 |
- |
|
139 |
-If unit tests are disabled (and you didn’t use –enable-check), you will get this message: |
|
140 |
- |
|
141 |
-```bash |
|
142 |
-*** Unit tests disabled in this build |
|
143 |
-*** Use ./configure --enable-check to enable them |
|
144 |
- |
|
145 |
-SKIP: check_clamav |
|
146 |
-PASS: check_clamd.sh |
|
147 |
-PASS: check_freshclam.sh |
|
148 |
-PASS: check_sigtool.sh |
|
149 |
-PASS: check_clamscan.sh |
|
150 |
-====================== |
|
151 |
-All 4 tests passed |
|
152 |
-(1 tests were not run) |
|
153 |
-====================== |
|
154 |
-``` |
|
155 |
- |
|
156 |
-Running `./configure --enable-check` should tell you why. |
|
157 |
- |
|
158 |
-## Reporting a unit test failure bug |
|
159 |
- |
|
160 |
-If `make check` says that some tests failed we encourage you to report a bug on our bugzilla: <https://bugzilla.clamav.net>. The information we need is: |
|
161 |
- |
|
162 |
-- The exact output from `make check` |
|
163 |
-- Output of `uname -mrsp` |
|
164 |
-- your `config.log` |
|
165 |
-- The following files from the `unit_tests/` directory: |
|
166 |
- - `test.log` |
|
167 |
- - `clamscan.log` |
|
168 |
- - `clamdscan.log` |
|
169 |
- |
|
170 |
-- `/tmp/clamd-test.log` if it exists |
|
171 |
-- where and how you installed the check package |
|
172 |
-- Output of `pkg-config check --cflags --libs` |
|
173 |
-- Optionally if `valgrind` is available on your platform, the output of the following: |
|
174 |
- ```bash |
|
175 |
- $ make check |
|
176 |
- $ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check_clamav |
|
177 |
- ``` |
|
178 |
- |
|
179 |
-## Obtain Latest ClamAV anti-virus signature databases |
|
180 |
- |
|
181 |
-Before you can run ClamAV in daemon mode (clamd), ’clamdscan’, or ’clamscan’ which is ClamAV’s command line virus scanner, you must have ClamAV Virus Database (.cvd) file(s) installed in the appropriate location on your system. The default location for these database files are /usr/local/share/clamav (in Linux/Unix). |
|
182 |
- |
|
183 |
-Here is a listing of currently available ClamAV Virus Database Files: |
|
184 |
- |
|
185 |
-- bytecode.cvd (signatures to detect bytecode in files) |
|
186 |
-- main.cvd (main ClamAV virus database file) |
|
187 |
-- daily.cvd (daily update file for ClamAV virus databases) |
|
188 |
-- safebrowsing.cvd (virus signatures for safe browsing) |
|
189 |
- |
|
190 |
-These files can be downloaded via HTTP from the main ClamAV website or via the ’freshclam’ utility on a periodic basis. Using ’freshclam’ is the preferred method of keeping the ClamAV virus database files up to date without manual intervention (see the [freshclam configuration](Configuration.md#Setting-up-auto\-updating) section for information on how to configure ’freshclam’ for automatic updating and the main [freshclam](Usage.md#freshclam) section for additional details on freshclam). |
|
191 |
- |
|
192 |
-## Binary packages |
|
193 |
- |
|
194 |
-As an alternative to building and installing from source, most Linux package managers provide pre-compiled ClamAV packages. |
|
195 |
- |
|
196 |
-For more information about installing ClamAV via a Package Manager, please visit: |
|
197 |
-<https://www.clamav.net/download.html#otherversions> |
... | ... |
@@ -1,35 +1,36 @@ |
1 | 1 |
# PhishSigs |
2 | 2 |
|
3 |
+Table of Contents |
|
3 | 4 |
- [PhishSigs](#phishsigs) |
4 | 5 |
- [Database file format](#database-file-format) |
5 |
- - [PDB format](#pdb-format) |
|
6 |
- - [GDB format](#gdb-format) |
|
7 |
- - [WDB format](#wdb-format) |
|
8 |
- - [Hints](#hints) |
|
9 |
- - [Examples of PDB signatures](#examples-of-pdb-signatures) |
|
10 |
- - [Examples of WDB signatures](#examples-of-wdb-signatures) |
|
11 |
- - [Example for how the URL extractor works](#example-for-how-the-url-extractor-works) |
|
12 |
- - [How matching works](#how-matching-works) |
|
13 |
- - [RealURL, displayedURL concatenation](#realurl-displayedurl-concatenation) |
|
14 |
- - [What happens when a match is found](#what-happens-when-a-match-is-found) |
|
15 |
- - [Extraction of realURL, displayedURL from HTML tags](#extraction-of-realurl-displayedurl-from-html-tags) |
|
16 |
- - [Example](#example) |
|
17 |
- - [Simple patterns](#simple-patterns) |
|
18 |
- - [Regular expressions](#regular-expressions) |
|
19 |
- - [Flags](#flags) |
|
6 |
+ - [PDB format](#pdb-format) |
|
7 |
+ - [GDB format](#gdb-format) |
|
8 |
+ - [WDB format](#wdb-format) |
|
9 |
+ - [Hints](#hints) |
|
10 |
+ - [Examples of PDB signatures](#examples-of-pdb-signatures) |
|
11 |
+ - [Examples of WDB signatures](#examples-of-wdb-signatures) |
|
12 |
+ - [Example for how the URL extractor works](#example-for-how-the-url-extractor-works) |
|
13 |
+ - [How matching works](#how-matching-works) |
|
14 |
+ - [RealURL, displayedURL concatenation](#realurl-displayedurl-concatenation) |
|
15 |
+ - [What happens when a match is found](#what-happens-when-a-match-is-found) |
|
16 |
+ - [Extraction of realURL, displayedURL from HTML tags](#extraction-of-realurl-displayedurl-from-html-tags) |
|
17 |
+ - [Example](#example) |
|
18 |
+ - [Simple patterns](#simple-patterns) |
|
19 |
+ - [Regular expressions](#regular-expressions) |
|
20 |
+ - [Flags](#flags) |
|
20 | 21 |
- [Introduction to regular expressions](#introduction-to-regular-expressions) |
21 |
- - [Special characters](#special-characters) |
|
22 |
- - [Character classes](#character-classes) |
|
23 |
- - [Escaping](#escaping) |
|
24 |
- - [Alternation](#alternation) |
|
25 |
- - [Optional matching, and repetition](#optional-matching-and-repetition) |
|
26 |
- - [Groups](#groups) |
|
22 |
+ - [Special characters](#special-characters) |
|
23 |
+ - [Character classes](#character-classes) |
|
24 |
+ - [Escaping](#escaping) |
|
25 |
+ - [Alternation](#alternation) |
|
26 |
+ - [Optional matching, and repetition](#optional-matching-and-repetition) |
|
27 |
+ - [Groups](#groups) |
|
27 | 28 |
- [How to create database files](#how-to-create-database-files) |
28 |
- - [How to create and maintain the whitelist (daily.wdb)](#how-to-create-and-maintain-the-whitelist-dailywdb) |
|
29 |
- - [How to create and maintain the domainlist (daily.pdb)](#how-to-create-and-maintain-the-domainlist-dailypdb) |
|
30 |
- - [Dealing with false positives, and undetected phishing mails](#dealing-with-false-positives-and-undetected-phishing-mails) |
|
31 |
- - [False positives](#false-positives) |
|
32 |
- - [Undetected phish mails](#undetected-phish-mails) |
|
29 |
+ - [How to create and maintain the whitelist (daily.wdb)](#how-to-create-and-maintain-the-whitelist-dailywdb) |
|
30 |
+ - [How to create and maintain the domainlist (daily.pdb)](#how-to-create-and-maintain-the-domainlist-dailypdb) |
|
31 |
+ - [Dealing with false positives, and undetected phishing mails](#dealing-with-false-positives-and-undetected-phishing-mails) |
|
32 |
+ - [False positives](#false-positives) |
|
33 |
+ - [Undetected phish mails](#undetected-phish-mails) |
|
33 | 34 |
|
34 | 35 |
# Database file format |
35 | 36 |
|
... | ... |
@@ -1,39 +1,40 @@ |
1 | 1 |
# Creating signatures for ClamAV |
2 | 2 |
|
3 |
+Table of Contents |
|
3 | 4 |
- [Creating signatures for ClamAV](#creating-signatures-for-clamav) |
4 | 5 |
- [Introduction](#introduction) |
5 | 6 |
- [Debug information from libclamav](#debug-information-from-libclamav) |
6 | 7 |
- [Signature formats](#signature-formats) |
7 |
- - [Hash-based signatures](#hash-based-signatures) |
|
8 |
- - [MD5 hash-based signatures](#md5-hash-based-signatures) |
|
9 |
- - [SHA1 and SHA256 hash-based signatures](#sha1-and-sha256-hash-based-signatures) |
|
10 |
- - [PE section based hash signatures](#pe-section-based-hash-signatures) |
|
11 |
- - [Hash signatures with unknown size](#hash-signatures-with-unknown-size) |
|
12 |
- - [Body-based signatures](#body-based-signatures) |
|
13 |
- - [Hexadecimal format](#hexadecimal-format) |
|
14 |
- - [Wildcards](#wildcards) |
|
15 |
- - [Character classes](#character-classes) |
|
16 |
- - [Alternate strings](#alternate-strings) |
|
17 |
- - [Basic signature format](#basic-signature-format) |
|
18 |
- - [Extended signature format](#extended-signature-format) |
|
19 |
- - [Logical signatures](#logical-signatures) |
|
20 |
- - [Subsignature Modifiers](#subsignature-modifiers) |
|
21 |
- - [Special Subsignature Types](#special-subsignature-types) |
|
22 |
- - [Macro subsignatures (clamav-0.96) : <span class="nodecor">`${min-max}MACROID$`</span>](#macro-subsignatures-clamav-096---span-classnodecormin-maxmacroid-span) |
|
23 |
- - [PCRE subsignatures (clamav-0.99) : <span class="nodecor">`Trigger/PCRE/[Flags]`</span>](#pcre-subsignatures-clamav-099---span-classnodecortrigger-pcre-flags-span) |
|
24 |
- - [Icon signatures for PE files](#icon-signatures-for-pe-files) |
|
25 |
- - [Signatures for Version Information metadata in PE files](#signatures-for-version-information-metadata-in-pe-files) |
|
26 |
- - [Trusted and Revoked Certificates](#trusted-and-revoked-certificates) |
|
27 |
- - [Signatures based on container metadata](#signatures-based-on-container-metadata) |
|
28 |
- - [Signatures based on ZIP/RAR metadata (obsolete)](#signatures-based-on-zip-rar-metadata-obsolete) |
|
29 |
- - [Whitelist databases](#whitelist-databases) |
|
30 |
- - [Signature names](#signature-names) |
|
31 |
- - [Using YARA rules in ClamAV](#using-yara-rules-in-clamav) |
|
32 |
- - [Passwords for archive files \[experimental\]](#passwords-for-archive-files-experimental) |
|
8 |
+ - [Hash-based signatures](#hash-based-signatures) |
|
9 |
+ - [MD5 hash-based signatures](#md5-hash-based-signatures) |
|
10 |
+ - [SHA1 and SHA256 hash-based signatures](#sha1-and-sha256-hash-based-signatures) |
|
11 |
+ - [PE section based hash signatures](#pe-section-based-hash-signatures) |
|
12 |
+ - [Hash signatures with unknown size](#hash-signatures-with-unknown-size) |
|
13 |
+ - [Body-based signatures](#body-based-signatures) |
|
14 |
+ - [Hexadecimal format](#hexadecimal-format) |
|
15 |
+ - [Wildcards](#wildcards) |
|
16 |
+ - [Character classes](#character-classes) |
|
17 |
+ - [Alternate strings](#alternate-strings) |
|
18 |
+ - [Basic signature format](#basic-signature-format) |
|
19 |
+ - [Extended signature format](#extended-signature-format) |
|
20 |
+ - [Logical signatures](#logical-signatures) |
|
21 |
+ - [Subsignature Modifiers](#subsignature-modifiers) |
|
22 |
+ - [Special Subsignature Types](#special-subsignature-types) |
|
23 |
+ - [Macro subsignatures (clamav-0.96) : `${min-max}MACROID$`](#macro-subsignatures-clamav-096--min-maxmacroid) |
|
24 |
+ - [PCRE subsignatures (clamav-0.99) : `Trigger/PCRE/[Flags]`](#pcre-subsignatures-clamav-099--triggerpcreflags) |
|
25 |
+ - [Icon signatures for PE files](#icon-signatures-for-pe-files) |
|
26 |
+ - [Signatures for Version Information metadata in PE files](#signatures-for-version-information-metadata-in-pe-files) |
|
27 |
+ - [Trusted and Revoked Certificates](#trusted-and-revoked-certificates) |
|
28 |
+ - [Signatures based on container metadata](#signatures-based-on-container-metadata) |
|
29 |
+ - [Signatures based on ZIP/RAR metadata (obsolete)](#signatures-based-on-ziprar-metadata-obsolete) |
|
30 |
+ - [Whitelist databases](#whitelist-databases) |
|
31 |
+ - [Signature names](#signature-names) |
|
32 |
+ - [Using YARA rules in ClamAV](#using-yara-rules-in-clamav) |
|
33 |
+ - [Passwords for archive files \[experimental\]](#passwords-for-archive-files-experimental) |
|
33 | 34 |
- [Special files](#special-files) |
34 |
- - [HTML](#html) |
|
35 |
- - [Text files](#text-files) |
|
36 |
- - [Compressed Portable Executable files](#compressed-portable-executable-files) |
|
35 |
+ - [HTML](#html) |
|
36 |
+ - [Text files](#text-files) |
|
37 |
+ - [Compressed Portable Executable files](#compressed-portable-executable-files) |
|
37 | 38 |
|
38 | 39 |
# Introduction |
39 | 40 |
|
... | ... |
@@ -1,4 +1,7 @@ |
1 |
-# ClamAV for Win32 |
|
1 |
+# Win32 ClamAV Build Instructions |
|
2 |
+ |
|
3 |
+This document describes how to build ClamAV on Windows using Visual Studio. |
|
4 |
+For information on how to use ClamAV, please refer to our [User Manual](../docs/UserManual.md). |
|
2 | 5 |
|
3 | 6 |
## News |
4 | 7 |
|
... | ... |
@@ -47,22 +50,24 @@ Visual Studio 2017 should work fine, but we currently work with Visual Studio 20 |
47 | 47 |
|
48 | 48 |
## Getting the code |
49 | 49 |
|
50 |
-ClamAV source code is freely available via github at https://github.com/Cisco-Talos/clamav-devel |
|
51 |
- |
|
52 |
-To obtain a copy of the code, open a Git Bash terminal. Navigate to a directory where you want to store the code, eg "workspace" and clone the repository using the https web URL. For example: |
|
50 |
+ClamAV source code is freely available on [GitHub](https://github.com/Cisco-Talos/clamav-devel) |
|
53 | 51 |
|
54 |
-1. `cd` |
|
55 |
-2. `mkdir workspace` |
|
56 |
-3. `cd workspace` |
|
57 |
-4. `git clone https://github.com/vrtadmin/clamav-devel.git` |
|
52 |
+To obtain a copy of the code, open a Git Bash terminal. Navigate to a directory where you want to store the code, eg "workspace" and clone the repository using the https web URL. For example: |
|
53 |
+```cmd |
|
54 |
+cd |
|
55 |
+mkdir workspace |
|
56 |
+cd workspace |
|
57 |
+git clone https://github.com/vrtadmin/clamav-devel.git |
|
58 |
+``` |
|
58 | 59 |
|
59 | 60 |
Step into the win32 directory and open an Explorer window. |
61 |
+```cmd |
|
62 |
+cd clamav-devel |
|
63 |
+cd win32 |
|
64 |
+explorer . |
|
65 |
+``` |
|
60 | 66 |
|
61 |
-1. `cd clamav-devel` |
|
62 |
-2. `cd win32` |
|
63 |
-3. `explorer .` |
|
64 |
- |
|
65 |
-ClamAV for Windows uses the same code base as Unix/Linux based operating systems. However, Windows specific files for building ClamAV are found under the win32 directory. |
|
67 |
+ClamAV for Windows uses the same code base as Unix/Linux based operating systems. However, Windows specific files for building ClamAV are found under the win32 directory. |
|
66 | 68 |
|
67 | 69 |
## Code configuration |
68 | 70 |
|
... | ... |
@@ -71,25 +76,23 @@ After downloading the source code, minimal configuration is required: |
71 | 71 |
1. Run the `win32/configure.bat` script *from within the git shell*. Skip this step if you are building from an official release tarball. |
72 | 72 |
2. Obtain OpenSSL V1.1.0 or higher. You will need the headers, libs, and bins for the platform (Win32 or x64) that you're targeting. |
73 | 73 |
3. Place the headers and binaries in a directory with the following structure: |
74 |
- |
|
75 |
- ├───vcredist |
|
76 |
- │ ├───vc_redist.x64.exe <-- Visual Studio 2015 Redistributables installer (x64) |
|
77 |
- │ └───vc_redist.x86.exe <-- Visual Studio 2015 Redistributables installer (x86) |
|
78 |
- ├───Win32 |
|
79 |
- │ ├───include |
|
80 |
- │ │ └───openssl <-- openssl headers in here |
|
81 |
- │ └───lib <-- .DLLs and .LIBs in here |
|
82 |
- └───x64 |
|
83 |
- ├───include |
|
84 |
- │ └───openssl <-- openssl headers in here |
|
85 |
- └───lib <-- .DLLs and .LIBs in here |
|
86 |
- |
|
87 |
-4. Add an environment variable with the name `CLAM_DEPENDENCIES` and set the value to the path of the above directory. |
|
88 |
-5. At present, the Inno Setup script `ClamAV-Installer.iss` requires this directory to be located here in order to build the installer: |
|
89 |
- |
|
90 |
-``` |
|
74 |
+ ``` |
|
91 | 75 |
C:\clam_dependencies |
92 |
-``` |
|
76 |
+ │ |
|
77 |
+ ├───vcredist |
|
78 |
+ │ ├───vc_redist.x64.exe <-- VS 2015 Redistributables installer (x64) |
|
79 |
+ │ └───vc_redist.x86.exe <-- VS 2015 Redistributables installer (x86) |
|
80 |
+ ├───Win32 |
|
81 |
+ │ ├───include |
|
82 |
+ │ │ └───openssl <-- openssl headers here |
|
83 |
+ │ └───lib <-- .DLLs and .LIBs here |
|
84 |
+ └───x64 |
|
85 |
+ ├───include |
|
86 |
+ │ └───openssl <-- openssl headers here |
|
87 |
+ └───lib <-- .DLLs and .LIBs here |
|
88 |
+ ``` |
|
89 |
+4. Add an environment variable with the name `CLAM_DEPENDENCIES` and set the value to the path of the above directory. |
|
90 |
+5. At present, the Inno Setup script `ClamAV-Installer.iss` requires this directory to be located specifically at `C:\clam_dependencies` in order to build the installer: |
|
93 | 91 |
|
94 | 92 |
## Compilation |
95 | 93 |
|
... | ... |
@@ -100,35 +103,35 @@ The output directory for the binaries is either `/win32/(Win32|x64)/Debug` or |
100 | 100 |
Alternatively, you can build from the command line (aka `cmd.exe`) by following these steps: |
101 | 101 |
|
102 | 102 |
x64: |
103 |
-``` |
|
104 |
- call "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" x64 |
|
105 |
- setx CLAM_DEPENDENCIES "C:\\clam_dependencies" |
|
106 |
- call configure.bat |
|
107 |
- devenv ClamAV.sln /Clean "Release|x64" /useenv /ProjectConfig "Release|x64" |
|
108 |
- devenv ClamAV.sln /Rebuild "Release|x64" /useenv /ProjectConfig "Release|x64"''' |
|
103 |
+```cmd |
|
104 |
+call "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" x64 |
|
105 |
+setx CLAM_DEPENDENCIES "C:\\clam_dependencies" |
|
106 |
+call configure.bat |
|
107 |
+devenv ClamAV.sln /Clean "Release|x64" /useenv /ProjectConfig "Release|x64" |
|
108 |
+devenv ClamAV.sln /Rebuild "Release|x64" /useenv /ProjectConfig "Release|x64"''' |
|
109 | 109 |
``` |
110 | 110 |
|
111 | 111 |
x86: |
112 |
-``` |
|
113 |
- reg Query "HKLM\\Hardware\\Description\\System\\CentralProcessor\\0" | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT |
|
114 |
- if %OS%==32BIT call "C:\\Program Files\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" x86 |
|
115 |
- if %OS%==64BIT call "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" x86 |
|
116 |
- setx CLAM_DEPENDENCIES "C:\\clam_dependencies" |
|
117 |
- call configure.bat |
|
118 |
- devenv ClamAV.sln /Clean "Release|Win32" /useenv /ProjectConfig "Release|Win32" |
|
119 |
- devenv ClamAV.sln /Rebuild "Release|Win32" /useenv /ProjectConfig "Release|Win32"''' |
|
112 |
+```cmd |
|
113 |
+reg Query "HKLM\\Hardware\\Description\\System\\CentralProcessor\\0" | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT |
|
114 |
+if %OS%==32BIT call "C:\\Program Files\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" x86 |
|
115 |
+if %OS%==64BIT call "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" x86 |
|
116 |
+setx CLAM_DEPENDENCIES "C:\\clam_dependencies" |
|
117 |
+call configure.bat |
|
118 |
+devenv ClamAV.sln /Clean "Release|Win32" /useenv /ProjectConfig "Release|Win32" |
|
119 |
+devenv ClamAV.sln /Rebuild "Release|Win32" /useenv /ProjectConfig "Release|Win32"''' |
|
120 | 120 |
``` |
121 | 121 |
|
122 | 122 |
To build the installer: |
123 | 123 |
|
124 |
-1. Build ClamAV for both `x64` **and** `Win32`. The installer requires both versions to be available. |
|
124 |
+1. Build ClamAV for both `x64` **and** `Win32`. The installer requires both versions to be available. |
|
125 | 125 |
2. Open `win32\ClamAV-Installer.iss` using Inno Setup 5. |
126 |
-3. Run "Compile". |
|
126 |
+3. Run "Compile". |
|
127 | 127 |
|
128 | 128 |
Alternatively, you can invoke the Inno Setup command line installer from cmd.exe: |
129 | 129 |
|
130 |
-``` |
|
131 |
- "C:\Program Files (x86)\Inno Setup 5\ISCC.exe" .\ClamAV-Installer.iss |
|
130 |
+```cmd |
|
131 |
+"C:\Program Files (x86)\Inno Setup 5\ISCC.exe" .\ClamAV-Installer.iss |
|
132 | 132 |
``` |
133 | 133 |
|
134 | 134 |
After compilation, the installer will be located at `win32\ClamAV-<version>.exe` |