Information
-
Document No.
-
Audit Title
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
-
To change an existing Red Hat Enterprise Linux (RHEL) server's ClamAV installation from an existing native-compiled version of ClamAV or a non-repository RPM installation (by manually browsing to and downloading RPMs) to the RPM repository-based open source version of ClamAV (including some updates to our prior standard ClamAV configs including implementing randomized scan times etc.:
-
1. Run the following command as root (or via sudo) to see what version of ClamAV is installed and found by the root user:
-
clamd -V
-
2. Upload the following files to the /root directory on the server (be sure to select ASCII mode file transfer) and make sure that all the *.sh files have executable (chmod +x *.sh) privileges after you download them :
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\clamav_migrate.sh
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\install-yum-rhel3.sh
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\install-yum-rhel4.sh
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\clamscan
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\sched_clamscan
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\clamav_update
-
o G:\TSSB_Server_Group\System Administration\Hardware Lists and Info\Server Info\Server Build Support Files\Linux-Specific\clamd
-
3. Referring to instructions at http://dag.wieers.com/rpm/FAQ.php#B1 configure a yum repository to allow installing and configuring ClamAV antivirus and then use yum to install it (on RHEL 4 and earlier you'll need to use up2date to ensure the yum utility is installed first):
For 32-bit RHEL 2.1:
-
# rpm -Uhv http://apt.sw.be/redhat/el2.1/en/i386/rpmforge/RPMS//rpmforge-release-0.3.6-1.el2.rf.i386.rpm
-
# echo -e \nyum dag http://apt.sw.be/redhat/el2.1/en/i386/dag >> /etc/sysconfig/rhn/sources
-
# up2date -i yum
-
# yum install clamav clamd
For 32-bit RHEL 3:
-
# rpm -Uhv http://apt.sw.be/redhat/el3/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el3.rf.i386.rpm
-
# /root/install-yum-rhel3.sh
-
# yum install clamav clamd
For 64-bit RHEL 3:
-
# rpm -Uhv http://apt.sw.be/redhat/el3/en/x86_64/rpmforge/RPMS/rpmforge-release-0.3.6-1.el3.rf.x86_64.rpm
-
# /root/install-yum-rhel3.sh
-
# yum install clamav clamd
For 32-bit RHEL 4:
-
# rpm -Uhv http://apt.sw.be/redhat/el4/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
-
# /root/install-yum-rhel4.sh
-
# yum install clamav clamd
For 64-bit RHEL 4:
-
# rpm -Uhv http://apt.sw.be/redhat/el4/en/x86_64/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.x86_64.rpm
-
# /root/install-yum-rhel4.sh
-
# yum install clamav clamd
For 32-bit RHEL 5:
-
# rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS//rpmforge-release-0.5.2-2.el5.rf.i386.rpm
-
# yum install clamav clamd
For 64-bit RHEL 5:
-
# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
-
# yum install clamav clamd
For 32-bit RHEL 6:
-
# rpm -Uhv http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS//rpmforge-release-0.5.2-2.el6.rf.i386.rpm
-
# yum install clamav clamd
For 64-bit RHEL 6:
-
# rpm -Uhv http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS//rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
-
# yum install clamav clamd
4. Enter the following commands:
-
# dos2unix clamav_migrate.sh
-
# chmod +x clamav_migrate.sh
-
# ./clamav_migrate.sh
-
# freshclam
-
# clamscan /root
-
5. Edit the /root/clamscan files /usr/bin/clamscan line to add or remove partitions-to-be-scanned as necessary
-
6.Edit the /etc/logrotate.d/clamav file to add /var/log/clamav/scan.log just to the right of the /var/log/clamav/clamd.log separated by a space. I.e. the /etc/logrotate.d/clamav file should look like the following:
-
/var/log/clamav/clamd.log /var/log/clamav/scan.log {
-
7. Run the following command as root (or via sudo) to verify that the version of ClamAV has been changed (compare to value in step 1):
-
clamd -V
-
If the version has not changed check that the clamd executable being accessed by default is the /usr/sbin/clamd file and not some left over /usr/local/sbin/clamd file or something (do a which clamd to see what path is being used to find the clamd file and do a whereis clamd command to see all the paths to filenames including clamd). The main path to the clamd executable should be /usr/sbin/clamd.
-
8. If everything seems to be working okay clean up after yourself by removing any of the following files that remain in the /root directory (remember to leave the clamscan script file!):
-
clamav_migrate.*
-
install-yum*
-
FOR REFERENCE:
-
http://dag.wieers.com/rpm/FAQ.php#B1
