Mailing List Archive

Re: [clamav-users] [ClamAV-users] CONFIGURATION OF CLAMAV IN SOLARIS 11
It is a security requirement that needs to be done.
Thank you for this advice. I worked on your idea and it worked. I got a go between and voila! The Clamscan worked beautifully. Thank you guys.

Just some more questions:

1. How do I automate these scheduled scans?
2. Is there a way to get alerts of scan reports, virus detected etc. especially via mail?

Victor Miriti
ICT Security Operation Centre
VOIP 12066
Tel: 2854600 |? 0711013066|
Co-op Trust Plaza, Lower Hill Rd

***Soli Deo Gloria
?Whoever speaks, let him speak, as it were, the utterances of God; whoever serves, let him do so as by the strength which God supplies; so that in all things God may be glorified through Jesus Christ, to whom belongs the glory and dominion forever and ever.***
1st Peter 4:11



-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: Wednesday, September 30, 2020 4:17 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] CONFIGURATION OF CLAMAV IN SOLARIS 11

ICT SECURITY CAUTION: This external mail may be risky. Unless you recognise the sender, please do not open any attachments or click on any links.

Hi there,

On Wed, 30 Sep 2020, Victor Miriti [ICT Security] wrote:

> The challenge I have at the moment is that when I try to run the scan
> I get a prompt saying that the following prompt : No supported
> database files found in /var/opt/csw/clamav/db.
>
> Also note that my server environment is disconnected from the internet.
>
> Another question I have is how do I update my .cvd database while not
> being able to access the internet?

A system which is not connected to the Internet might not need to be scanned by ClamAV at all, but there's little harm to be done (if it's done carefully) and perhaps something to be learned. If it is _not_ done carefully, using ClamAV might pose a danger to the system.

It appears that you do not yet have a signature database. This is not surprising if the box is not connected to the Internet - most users of ClamAV will be using boxes which have Internet access, because that's where most of the threats come from, and ClamAV and its documentation mostly, but not always, assume that's the case. Normally if there are boxes which have no Internet access one would use a separate system as a sor of 'go-between' to download the database files, and make these files available from the go-between to boxes which are prevented from talking directly to the Internet.

This is usually called a local mirror, and is covered in the ClamAV documentation online here:

https://www.clamav.net/documents/private-local-mirrors

You won't be surprised to know that there's more than one way to do it. :)

It is not essential to use freshclam to do the downloads, you can even do it manually, but using freshclam it is easier to manage.

Why do you think you need to scan the box?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
-


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] [ClamAV-users] CONFIGURATION OF CLAMAV IN SOLARIS 11 [ In reply to ]
Hi there,

On Thu, 1 Oct 2020, Victor Miriti [ICT Security] wrote:

> ... I worked on your idea and ... voila!

It wasn't really my idea. :)

> Just some more questions:
>
> 1. How do I automate these scheduled scans?

This is general Unix system administration, not specific to ClamAV.

Most people use an operating system utility called 'cron' to do any
regularly scheduled tasks. There are other, similar utilities and I
don't know which one you will have installed but 'cron' is usual. I'd
be really surprised if you didn't have such a utility running on your
system right now, but you might just possibly need to install it and
make sure that the daemon/service/whatever_they_call_it is runnning.

Using cron is a subject for study all on its own. It's very flexible.
A thing for cron to do is usually called a 'cron job', and is usually
just a single line in the 'crontab', which is what we call a list of
cron jobs. The line tells the system when to run the job as well as
what to run. Each user on the system can have its own crontab, and
cron jobs generally run as the UID of the user which owns the crontab
which starts the job. That means it has permissions to do only what
you would have permissions to do. You'd probably now guess that you
find out more about the crontab with 'man crontab'. You'd be right. :)

The cron utility is rather fussy about the format of the crontab, it
can be tricky to get it just right without some help from the editor.
You can get that help when you use the command 'crontab -e' to edit a
crontab. That starts an editor which might not be your favourite one
but you can tell it which editor you want. Read the 'man' pages, and
at this stage it's probably worth reading 'man man'.

> 2. Is there a way to get alerts of scan reports, virus detected
> etc. especially via mail?

By default 'cron' will mail the output of jobs it runs to the owner of
the crontab, but you can tell it to send the output wherever you like.
You can even make a 'mail' command part of the job itself depending on
how fancy you want to make it. If you don't want the mail sent to the
crontab owner you can send it to /dev/null in the cron job and it will
send no mail at all, or you can for example put a MAILTO assignment at
the top of the crontab. If a crontab contains something like

MAILTO=me@example.com
19 01 * * * /usr/local/bin/clamdscan --reload ; \
/usr/bin/nice -19 /usr/local/bin/clamdscan /home

then at about twenty-past one each morning cron will first reload the
database, then run the scan at very low priority, and mail the output
to 'me' when it's finished. There are many other ways to do this sort
of thing with Unix-type systems. Note that for this email I've split
the line for the cron job with a backslash-escaped newline. You can
also do that in the crontab itself, if for example you wish to make it
more readable. Whether or not it mails you, when cron runs a job it
will usually also write to the system log to say when it's done what.

Note that the full pathnames for everything usually need to be given
in a cron job entry, as for good reasons the environment variables are
not set up for a cron job in the way they are for you when you log in.

If you're wondering why I chose to run my cron job at 01:19, think
about what happens if _everybody_ runs their cron jobs at midnight
on the same machine. :/

HTH

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] [ClamAV-users] CONFIGURATION OF CLAMAV IN SOLARIS 11 [ In reply to ]
Thank you Sir.
This information is so helpful!
I was able to complete the project yesterday and the management is happy.
Can clamav be installed in AIX servers?

Victor Miriti
ICT Security Operation Centre
VOIP 12066
Tel: 2854600 |? 0711013066|
Co-op Trust Plaza, Lower Hill Rd

***Soli Deo Gloria
?Whoever speaks, let him speak, as it were, the utterances of God; whoever serves, let him do so as by the strength which God supplies; so that in all things God may be glorified through Jesus Christ, to whom belongs the glory and dominion forever and ever.***
1st Peter 4:11



-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: Thursday, October 1, 2020 12:33 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] [ClamAV-users] CONFIGURATION OF CLAMAV IN SOLARIS 11

ICT SECURITY CAUTION: This external mail may be risky. Unless you recognise the sender, please do not open any attachments or click on any links.

Hi there,

On Thu, 1 Oct 2020, Victor Miriti [ICT Security] wrote:

> ... I worked on your idea and ... voila!

It wasn't really my idea. :)

> Just some more questions:
>
> 1. How do I automate these scheduled scans?

This is general Unix system administration, not specific to ClamAV.

Most people use an operating system utility called 'cron' to do any regularly scheduled tasks. There are other, similar utilities and I don't know which one you will have installed but 'cron' is usual. I'd be really surprised if you didn't have such a utility running on your system right now, but you might just possibly need to install it and make sure that the daemon/service/whatever_they_call_it is runnning.

Using cron is a subject for study all on its own. It's very flexible.
A thing for cron to do is usually called a 'cron job', and is usually just a single line in the 'crontab', which is what we call a list of cron jobs. The line tells the system when to run the job as well as what to run. Each user on the system can have its own crontab, and cron jobs generally run as the UID of the user which owns the crontab which starts the job. That means it has permissions to do only what you would have permissions to do. You'd probably now guess that you find out more about the crontab with 'man crontab'. You'd be right. :)

The cron utility is rather fussy about the format of the crontab, it can be tricky to get it just right without some help from the editor.
You can get that help when you use the command 'crontab -e' to edit a crontab. That starts an editor which might not be your favourite one but you can tell it which editor you want. Read the 'man' pages, and at this stage it's probably worth reading 'man man'.

> 2. Is there a way to get alerts of scan reports, virus detected etc.
> especially via mail?

By default 'cron' will mail the output of jobs it runs to the owner of the crontab, but you can tell it to send the output wherever you like.
You can even make a 'mail' command part of the job itself depending on how fancy you want to make it. If you don't want the mail sent to the crontab owner you can send it to /dev/null in the cron job and it will send no mail at all, or you can for example put a MAILTO assignment at the top of the crontab. If a crontab contains something like

MAILTO=me@example.com
19 01 * * * /usr/local/bin/clamdscan --reload ; \
/usr/bin/nice -19 /usr/local/bin/clamdscan /home

then at about twenty-past one each morning cron will first reload the database, then run the scan at very low priority, and mail the output to 'me' when it's finished. There are many other ways to do this sort of thing with Unix-type systems. Note that for this email I've split the line for the cron job with a backslash-escaped newline. You can also do that in the crontab itself, if for example you wish to make it more readable. Whether or not it mails you, when cron runs a job it will usually also write to the system log to say when it's done what.

Note that the full pathnames for everything usually need to be given in a cron job entry, as for good reasons the environment variables are not set up for a cron job in the way they are for you when you log in.

If you're wondering why I chose to run my cron job at 01:19, think about what happens if _everybody_ runs their cron jobs at midnight on the same machine. :/

HTH

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
-


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] [ClamAV-users] CONFIGURATION OF CLAMAV IN SOLARIS 11 [ In reply to ]
Hi there,

On Fri, 2 Oct 2020, Victor Miriti [ICT Security] wrote:

> ... the management is happy.

That's good news. :)

> Can clamav be installed in AIX servers?

Yes, although IBM has its own protections and I think as AIX is a less
mainstream/popular system ClamAV probably gets less testing on it. As
AIX is closed source, if you do run into problems we might not be able
to help you as much as with something that's open source. If you do
install ClamAV on it I'm sure the community would welcome reports from
you even if it's only something like "I installed ClamAV on AIX v7.x,
and it wouldn't build/wouldn't start/crashed every five minutes/worked
fine except for this and that/gave loads of false positives/everything
was plain sailing".

Also I suggest you trawl through the archives of this mailing list.
You can find them in several places, the one I tend to use most is

https://marc.info/?l=clamav-users&r=1&w=2

Try using search engines to look for more information, see for example

https://ibmsystemsmag.com/Power-Systems/08/2019/anti-virus-solutions-aix

That article looks reliable but be careful what you believe when you
read any search results - some of what I've seen is outright rubbish.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml