...
|
...
|
@@ -143,6 +143,11 @@
|
143
|
143
|
\item CPIO
|
144
|
144
|
\item Gzip
|
145
|
145
|
\item Bzip2
|
|
146
|
+ \item DMG
|
|
147
|
+ \item IMG 9660
|
|
148
|
+ \item ISO
|
|
149
|
+ \item PKG
|
|
150
|
+ \item XZ
|
146
|
151
|
\item MS OLE2
|
147
|
152
|
\item MS Cabinet Files (including SFX)
|
148
|
153
|
\item MS CHM (Compiled HTML)
|
...
|
...
|
@@ -230,7 +235,7 @@
|
230
|
230
|
|
231
|
231
|
\section{Installation}
|
232
|
232
|
|
233
|
|
- \subsection{Requirements}
|
|
233
|
+ \subsection{Requirements}\label{sec:components}
|
234
|
234
|
The following components are required to compile ClamAV under UNIX:
|
235
|
235
|
\footnote{For Windows instructions please see win32/README in the
|
236
|
236
|
main source code directory.}
|
...
|
...
|
@@ -247,6 +252,8 @@
|
247
|
247
|
The following packages are optional but \textbf{highly recommended}:
|
248
|
248
|
\begin{itemize}
|
249
|
249
|
\item bzip2 and bzip2-devel library
|
|
250
|
+ \item libxml2 and libxml2-dev library
|
|
251
|
+ \item libxar-dev library
|
250
|
252
|
\item \verb+check+ unit testing framework \footnote{See section \ref{unit-testing} on how to run the unit tests}.
|
251
|
253
|
\end{itemize}
|
252
|
254
|
The following packages are optional, but \textbf{required for bytecode JIT support}:
|
...
|
...
|
@@ -320,14 +327,14 @@
|
320
|
320
|
|
321
|
321
|
\subsection{Running unit tests}\label{unit-testing}
|
322
|
322
|
ClamAV includes unit tests that allow you to test that the compiled binaries work correctly on your platform.
|
323
|
|
-
|
|
323
|
+ \\\\
|
324
|
324
|
The first step is to use your OS's package manager to install the \verb+check+ package.
|
325
|
325
|
If your OS doesn't have that package, you can download it from \url{http://check.sourceforge.net/},
|
326
|
326
|
build it and install it.
|
327
|
|
-
|
|
327
|
+ \\\\
|
328
|
328
|
To help clamav's configure script locate \verb+check+, it is recommended that you install \verb+pkg-config+, preferably
|
329
|
329
|
using your OS's package manager, or from \url{http://pkg-config.freedesktop.org}.
|
330
|
|
-
|
|
330
|
+ \\\\
|
331
|
331
|
The recommended way to run unit-tests is the following, which ensures you will get an error if unit tests cannot be built:
|
332
|
332
|
\footnote{The configure script in ClamAV automatically enables the unit tests, if it finds the check framework, however it doesn't consider it a fatal error if unit tests cannot be enabled.}
|
333
|
333
|
\begin{verbatim}
|
...
|
...
|
@@ -335,15 +342,16 @@
|
335
|
335
|
$ make
|
336
|
336
|
$ make check
|
337
|
337
|
\end{verbatim}
|
338
|
|
-
|
339
|
338
|
When \verb+make check+ is finished, you should get a message similar to this:
|
340
|
339
|
\begin{verbatim}
|
341
|
340
|
==================
|
342
|
341
|
All 8 tests passed
|
343
|
342
|
==================
|
344
|
343
|
\end{verbatim}
|
345
|
|
-
|
346
|
|
- If a unit test fails, you get a message similar to the following.
|
|
344
|
+ If a unit test fails, you get a message similar to the following.
|
|
345
|
+ Note that in older versions of make check may report failures due to
|
|
346
|
+ the absence of optional packages. Please make sure you have the
|
|
347
|
+ latest versions of the components noted in section /ref{sec:components}.
|
347
|
348
|
See the next section on how to report a bug when a unit test fails.
|
348
|
349
|
\begin{verbatim}
|
349
|
350
|
========================================
|
...
|
...
|
@@ -351,7 +359,6 @@ All 8 tests passed
|
351
|
351
|
Please report to http://bugs.clamav.net/
|
352
|
352
|
========================================
|
353
|
353
|
\end{verbatim}
|
354
|
|
-
|
355
|
354
|
If unit tests are disabled (and you didn't use --enable-check), you will get this message:
|
356
|
355
|
\begin{verbatim}
|
357
|
356
|
*** Unit tests disabled in this build
|
...
|
...
|
@@ -401,12 +408,12 @@ $ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check-clamav
|
401
|
401
|
(in Linux/Unix).
|
402
|
402
|
\\\\
|
403
|
403
|
Here is a listing of currently available ClamAV Virus Database Files:
|
404
|
|
- \\\\
|
405
|
|
- bytecode.cvd (signatures to detect bytecode in files)
|
406
|
|
- main.cvd (main ClamAV virus database file)
|
407
|
|
- daily.cvd (daily update file for ClamAV virus databases)
|
408
|
|
- safebrowsing.cvd (virus signatures for safe browsing)
|
409
|
|
- \\\\
|
|
404
|
+ \begin{itemize}
|
|
405
|
+ \item bytecode.cvd (signatures to detect bytecode in files)
|
|
406
|
+ \item main.cvd (main ClamAV virus database file)
|
|
407
|
+ \item daily.cvd (daily update file for ClamAV virus databases)
|
|
408
|
+ \item safebrowsing.cvd (virus signatures for safe browsing)
|
|
409
|
+ \end{itemize}
|
410
|
410
|
These files can be downloaded via HTTP from the main ClamAV website
|
411
|
411
|
or via the 'freshclam' utility on a periodic basis. Using 'freshclam'
|
412
|
412
|
is the preferred method of keeping the ClamAV virus database files
|
...
|
...
|
@@ -415,8 +422,6 @@ $ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check-clamav
|
415
|
415
|
\ref{sec:freshclam} for additional details on freshclam).
|
416
|
416
|
|
417
|
417
|
\section{Configuration}
|
418
|
|
-
|
419
|
|
- \subsubsection{clamconf}
|
420
|
418
|
Before proceeding with the steps below, you should
|
421
|
419
|
run the 'clamconf' command, which gives important information
|
422
|
420
|
about your ClamAV configuration. See section \ref{sec:clamconf}
|
...
|
...
|
@@ -471,7 +476,7 @@ $ CK_FORK=no ./libtool --mode=execute valgrind unit_tests/check-clamav
|
471
|
471
|
difference is that the internal mode has been dropped and now a working
|
472
|
472
|
clamd companion is required. The second important difference is that now
|
473
|
473
|
the milter has got its own configuration and log files.
|
474
|
|
-
|
|
474
|
+ \\\\
|
475
|
475
|
To compile ClamAV with the clamav-milter just run \verb+./configure+
|
476
|
476
|
\verb+--enable-milter+ and make as usual. In order to use the
|
477
|
477
|
'--enable-milter' option with 'configure', your system MUST have the milter
|
...
|
...
|
@@ -579,14 +584,14 @@ N * * * * /usr/local/bin/freshclam --quiet
|
579
|
579
|
been detected. This data is then used to generate real-time reports on
|
580
|
580
|
active malware. These reports, along with geographical and historic trends,
|
581
|
581
|
will be published on \url{http://www.clamav.net/}.
|
582
|
|
-
|
|
582
|
+ \\\\
|
583
|
583
|
The more data that we receive from ClamAV users, the more reports, and the
|
584
|
584
|
better the quality of the reports, will be. To enable the submission of
|
585
|
585
|
data to us for use in the Active Malware Report, enable
|
586
|
586
|
SubmitDetectionStats in freshclam.conf, and LogTime and LogFile in
|
587
|
587
|
clamd.conf. You should only enable this feature if you're running clamd
|
588
|
588
|
to scan incoming data in your environment.
|
589
|
|
-
|
|
589
|
+ \\\\
|
590
|
590
|
The only private data that is transferred is an IP address, which is used
|
591
|
591
|
to create the geographical data. The size of the data that is sent is small;
|
592
|
592
|
it contains just the filename, malware name and time of detection. The data
|
...
|
...
|
@@ -775,23 +780,28 @@ N * * * * /usr/local/bin/freshclam --quiet
|
775
|
775
|
used to test files which contain bytecode. For more detailed help,
|
776
|
776
|
type 'man clambc' or 'clambc --help'.
|
777
|
777
|
|
778
|
|
- \subsection{Freshclam}\ref{sec:freshclam}
|
|
778
|
+ \subsection{Freshclam}\label{sec:freshclam}
|
779
|
779
|
\verb+freshclam+ is ClamAV's virus database update tool and reads it's
|
780
|
780
|
configuration from the file 'freshclam.conf' (this may be
|
781
|
|
- overriden by command line options). Here is a sample usage including cdiffs:
|
|
781
|
+ overriden by command line options). Freshclam's default behavior is to
|
|
782
|
+ attempt to update databases that are paired with downloaded cdiffs.
|
|
783
|
+ Potentially corrupted databases are not updated and are automatically
|
|
784
|
+ fully replaced after several failed attempts unless otherwise specified.
|
|
785
|
+ \\\\
|
|
786
|
+ Here is a sample usage including cdiffs:
|
782
|
787
|
\begin{verbatim}
|
783
|
|
- $ freshclam
|
784
|
|
-
|
785
|
|
- ClamAV update process started at Mon Oct 7 08:15:10 2013
|
786
|
|
- main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
|
787
|
|
- Downloading daily-17945.cdiff [100%]
|
788
|
|
- Downloading daily-17946.cdiff [100%]
|
789
|
|
- Downloading daily-17947.cdiff [100%]
|
790
|
|
- daily.cld updated (version: 17947, sigs: 406951, f-level: 63, builder: neo)
|
791
|
|
- Downloading bytecode-227.cdiff [100%]
|
792
|
|
- Downloading bytecode-228.cdiff [100%]
|
793
|
|
- bytecode.cld updated (version: 228, sigs: 43, f-level: 63, builder: neo)
|
794
|
|
- Database updated (2831219 signatures) from database.clamav.net (IP: 64.6.100.177)
|
|
788
|
+$ freshclam
|
|
789
|
+
|
|
790
|
+ClamAV update process started at Mon Oct 7 08:15:10 2013
|
|
791
|
+main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
|
|
792
|
+Downloading daily-17945.cdiff [100%]
|
|
793
|
+Downloading daily-17946.cdiff [100%]
|
|
794
|
+Downloading daily-17947.cdiff [100%]
|
|
795
|
+daily.cld updated (version: 17947, sigs: 406951, f-level: 63, builder: neo)
|
|
796
|
+Downloading bytecode-227.cdiff [100%]
|
|
797
|
+Downloading bytecode-228.cdiff [100%]
|
|
798
|
+bytecode.cld updated (version: 228, sigs: 43, f-level: 63, builder: neo)
|
|
799
|
+Database updated (2831219 signatures) from database.clamav.net (IP: 64.6.100.177)
|
795
|
800
|
\end{verbatim}
|
796
|
801
|
For more detailed help, type 'man clamscan' or 'clamscan --help'.
|
797
|
802
|
|
...
|
...
|
@@ -947,6 +957,11 @@ N * * * * /usr/local/bin/freshclam --quiet
|
947
|
947
|
\item CPIO
|
948
|
948
|
\item Gzip
|
949
|
949
|
\item Bzip2
|
|
950
|
+ \item DMG
|
|
951
|
+ \item IMG 9660
|
|
952
|
+ \item ISO
|
|
953
|
+ \item PKG
|
|
954
|
+ \item XZ
|
950
|
955
|
\item MS OLE2
|
951
|
956
|
\item MS Cabinet Files (+ SFX)
|
952
|
957
|
\item MS CHM (Compiled HTML)
|
...
|
...
|
@@ -1754,7 +1769,13 @@ Verification OK.
|
1754
|
1754
|
Role: ClamAV developer
|
1755
|
1755
|
|
1756
|
1756
|
\item Carl Wu \email{<cwu*sourcefire.com>}, USA\\
|
1757
|
|
- Role: ClamAV developer
|
|
1757
|
+ Role: ClamAV developer
|
|
1758
|
+
|
|
1759
|
+ \item Kevin Lin \email{<klin*sourcefire.com>}, USA\\
|
|
1760
|
+ Role: ClamAV developer
|
|
1761
|
+
|
|
1762
|
+ \item Dave Suffling \email{<dsuffling*sourcefire.com>}, USA\\
|
|
1763
|
+ Role: ClamAV developer
|
1758
|
1764
|
|
1759
|
1765
|
\item Alain Zidouemba \email{<azidouemba*sourcefire.com>}, USA\\
|
1760
|
1766
|
Role: virus database maintainer
|