Clamav run from desktop PC

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Clamav run from desktop PC

Roger Neth Jr-2
Hello List,

I installed ClamAV from ports on 4.0-beta on a desktop machine. I am able to
manually update freshclam and run manually clamscan. But when I run
clamdscan I get this message.

$ clamdscan
ERROR: Can't parse the configuration file.

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
$


From my Googling my guess is that the clamd only works with mail servers. I
am only running Thunderbird with pop.

I cannot get it to run as a daemon, also freshclam does not check updates
when I reboot the computer.

I tried uncommenting listening on LocalSocket and then tried TCPSocket
without any success.

Also read the man (5) clamd.conf without any success figuring this out.

Any assistance is appreciated.

Thank you,

rogern

John 3:16

## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
# Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
# LogFile /var/log/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if you want to run another clamd instance,
# please # copy the configuration file, change the LogFile variable, and run
# the daemon with the --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock
# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
# LogFileMaxSize 2M

# Log time with each message.
# Default: disabled
#LogTime

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
#LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: disabled
#LogVerbose

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
# PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
# TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
# DatabaseDirectory /var/db/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled
# LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.
# Default: disabled
#  FixStaleSocket

# TCP port address.
# Default: disabled
# TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
# TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
# MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd
daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximal attachment size.
# Default: 10M
# StreamMaxLength 20M

# Limit port range.
# Default: 1024
# StreamMinPort 30000
# Default: 2048
# StreamMaxPort 32000

# Maximal number of threads running at the same time.
# Default: 10
# MaxThreads 20

# Waiting for data from a client socket will timeout after this time
(seconds).
# Value of 0 disables the timeout.
# Default: 120
# ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
# IdleTimeout 60

# Maximal depth directories are scanned at.
# Default: 15
# MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
# SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
:# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as a selected user (clamd must be started by root).
# Default: disabled
#User clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
# AllowSupplementaryGroups

# Stop daemon when libclamav reports out of memory condition.
# ExitOnOOM

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug
:# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles


# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format used
# in all 32-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: enabled
# ScanPE
# With this option clamav will try to detect broken executables and mark
# them as Broken.Executable
# Default: disabled
# DetectBrokenExecutables


##
## Documents
##

# This option enables scanning of Microsoft Office document macros.
# Default: enabled
# ScanOLE2

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: enabled
# ScanMail

# If an email contains URLs ClamAV can download and scan them.
# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#          Never use it on loaded servers.
# Default: disabled
# MailFollowURLs


##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: enabled
# ScanHTML


##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: enabled
# ScanArchive
# Due to license issues libclamav does not support RAR 3.0 archives (only
the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib it's disabled by default and you must uncomment the
directive
# below to enable RAR 2.0 support.
# Default: disabled
# ScanRAR

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
# ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a
RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
# ArchiveMaxRecursion 9

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
# ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g.
Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
# ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: disabled
# ArchiveLimitMemoryUsage

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: disabled
# ArchiveBlockEncrypted

# Mark archives as viruses (e.g. RAR.ExceededFileSize,
Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: disabled
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##          up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: disabled
# ClamukoScanOnAccess

# Set access mask for Clamuko.
# Default: disabled
# ClamukoScanOnOpen
# ClamukoScanOnClose
# ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
# ClamukoIncludePath /home
# ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
# ClamukoExcludePath /home/guru

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
# ClamukoMaxFileSize 10M
(END)

_________________________________________________________________
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Reply | Threaded
Open this post in threaded view
|

Re: Clamav run from desktop PC

Gabriel George POPA
            Roger,

   First of all, I will send you my /etc/clamd.conf file (commented
lines were deleted):

LogFile /var/log/clamd.log
LogFileMaxSize 1024M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clam/clamd.socket
FixStaleSocket
MaxConnectionQueueLength 1024
SelfCheck 300
User _clamav
ScanPE
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 500M
ArchiveMaxRecursion 23
ArchiveMaxFiles 50000
ArchiveMaxCompressionRatio 0

NOW, /etc/freshclam.conf:

DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
LogSyslog
PidFile /var/run/freshclam.pid
DatabaseOwner _clamav
DatabaseMirror db.ro.clamav.net   # I am in Romania, you could change this
DatabaseMirror database.clamav.net
NotifyClamd
Debug




   As you can easily see, I'm crazy about debug/verbose message and my
system is always logging ALL
it can.




   Now, how to completely integrate clamd in your system:
1) Add the following lines to /etc/rc.conf.local:
clamd=YES
clamd_flags=""
freshclam=YES
freshclam_flags="--user root --daemon"

2) Add the following lines to /etc/rc:

(!reference_line!)if [ X"${lpd_flags}" != X"NO" ]; then
(!reference_line!)        echo -n ' printer';             lpd ${lpd_flags}
(!reference_line!)fi

# Start the ClamAV Daemon Server
if [ X"${clamd}" != X"NO" ]; then
        echo -n ' clamd';
        # The /var/run directory was emptied at shutdown. Restore the
location:
        /bin/mkdir /var/run/clam
        /sbin/chown _clamav:_clamav /var/run/clam
        /bin/chmod 0750 /var/run/clam
        /usr/local/sbin/clamd ${clamd_flags}
fi
# Start the ClamAV automatic virus database download application:
if [ X"${freshclam}" != X"NO" ]; then
        echo -n ' freshclam';
        /usr/local/bin/freshclam ${freshclam_flags}
fi
3) Permissions:
/var/run/clam (directory): rwxr-x---  _clamav  _clamav
/var/run/freshclam.pid (file): -rw-rw--- root wheel
-rw-r-----   _clamav  _clamav  /var/log/clamd.log (file)
-rw-r-----   _clamav  wheel    /var/log/freshclam.log (file)
rwx------ _clamav      _clamav   /var/clamav (directory)
rwx------ _clamav  _clamav  /var/clamav/quarantine/ (directory)



Now, after doing all this stuff, reboot your PC and tell me what
happens. If there are any problems you can
count on me. Don't hesitate to contact me personally.
   As you can see, this is my particular setup, but I think it should
work for you without any problem. If you intend
to integrate clamav with a mail server contact me, I might be of some help.
   Please e-mail me and tell me if it works. I hope the information I
provided you was useful.

                                                                                                                               
Yours in BSDness,
                                                                                                                                         
Gabriel George POPA

Roger Neth Jr wrote:

> Hello List,
>
> I installed ClamAV from ports on 4.0-beta on a desktop machine. I am
> able to manually update freshclam and run manually clamscan. But when
> I run clamdscan I get this message.
>
> $ clamdscan
> ERROR: Can't parse the configuration file.
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.001 sec (0 m 0 s)
> $
>
>
>> From my Googling my guess is that the clamd only works with mail
>> servers. I
>
> am only running Thunderbird with pop.
>
> I cannot get it to run as a daemon, also freshclam does not check
> updates when I reboot the computer.
>
> I tried uncommenting listening on LocalSocket and then tried TCPSocket
> without any success.
>
> Also read the man (5) clamd.conf without any success figuring this out.
>
> Any assistance is appreciated.
>
> Thank you,
>
> rogern
>
> John 3:16
>
> ## Example config file for the Clam AV daemon
> ## Please read the clamd.conf(5) manual before editing this file.
> ##
>
>
> # Comment or remove the line below.
> # Example
>
> # Uncomment this option to enable logging.
> # LogFile must be writable for the user running daemon.
> # A full path is required.
> # Default: disabled
> # LogFile /var/log/clamd.log
>
> # By default the log file is locked for writing - the lock protects
> against
> # running clamd multiple times (if you want to run another clamd
> instance,
> # please # copy the configuration file, change the LogFile variable,
> and run
> # the daemon with the --config-file option).
> # This option disables log file locking.
> # Default: disabled
> #LogFileUnlock
> # Maximal size of the log file.
> # Value of 0 disables the limit.
> # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
> # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the
> size
> # in bytes just don't use modifiers.
> # Default: 1M
> # LogFileMaxSize 2M
>
> # Log time with each message.
> # Default: disabled
> #LogTime
>
> # Also log clean files. Useful in debugging but drastically increases the
> # log size.
> # Default: disabled
> #LogClean
>
> # Use system logger (can work together with LogFile).
> # Default: disabled
> #LogSyslog
>
> # Specify the type of syslog messages - please refer to 'man syslog'
> # for facility names
> # Default: LOG_LOCAL6
> #LogFacility LOG_MAIL
>
> # Enable verbose logging.
> # Default: disabled
> #LogVerbose
>
> # This option allows you to save a process identifier of the listening
> # daemon (main thread).
> # Default: disabled
> # PidFile /var/run/clamd.pid
>
> # Optional path to the global temporary directory.
> # Default: system specific (usually /tmp or /var/tmp).
> # TemporaryDirectory /var/tmp
>
> # Path to the database directory.
> # Default: hardcoded (depends on installation options)
> # DatabaseDirectory /var/db/clamav
>
> # The daemon works in a local OR a network mode. Due to security
> reasons we
> # recommend the local mode.
> # Path to a local socket file the daemon will listen on.
> # Default: disabled
> # LocalSocket /tmp/clamd
>
> # Remove stale socket after unclean shutdown.
> # Default: disabled
> #  FixStaleSocket
>
> # TCP port address.
> # Default: disabled
> # TCPSocket 3310
>
> # TCP address.
> # By default we bind to INADDR_ANY, probably not wise.
> # Enable the following to provide some degree of protection
> # from the outside world.
> # Default: disabled
> # TCPAddr 127.0.0.1
>
> # Maximum length the queue of pending connections may grow to.
> # Default: 15
> # MaxConnectionQueueLength 30
> # Clamd uses FTP-like protocol to receive data from remote clients.
> # If you are using clamav-milter to balance load between remote clamd
> daemons
> # on firewall servers you may need to tune the options below.
>
> # Close the connection when the data size limit is exceeded.
> # The value should match your MTA's limit for a maximal attachment size.
> # Default: 10M
> # StreamMaxLength 20M
>
> # Limit port range.
> # Default: 1024
> # StreamMinPort 30000
> # Default: 2048
> # StreamMaxPort 32000
>
> # Maximal number of threads running at the same time.
> # Default: 10
> # MaxThreads 20
>
> # Waiting for data from a client socket will timeout after this time
> (seconds).
> # Value of 0 disables the timeout.
> # Default: 120
> # ReadTimeout 300
>
> # Waiting for a new job will timeout after this time (seconds).
> # Default: 30
> # IdleTimeout 60
>
> # Maximal depth directories are scanned at.
> # Default: 15
> # MaxDirectoryRecursion 20
>
> # Follow directory symlinks.
> # Default: disabled
> #FollowDirectorySymlinks
>
> # Follow regular file symlinks.
> # Default: disabled
> #FollowFileSymlinks
>
> # Perform internal sanity check (database integrity and freshness).
> # Default: 1800 (30 min)
> # SelfCheck 600
>
> # Execute a command when virus is found. In the command string %v will
> # be replaced by a virus name.
> :# Execute a command when virus is found. In the command string %v will
> # be replaced by a virus name.
> # Default: disabled
> #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
>
> # Run as a selected user (clamd must be started by root).
> # Default: disabled
> #User clamav
>
> # Initialize supplementary group access (clamd must be started by root).
> # Default: disabled
> # AllowSupplementaryGroups
>
> # Stop daemon when libclamav reports out of memory condition.
> # ExitOnOOM
>
> # Don't fork into background.
> # Default: disabled
> #Foreground
>
> # Enable debug messages in libclamav.
> # Default: disabled
> #Debug
> :# Do not remove temporary files (for debug purposes).
> # Default: disabled
> #LeaveTemporaryFiles
>
>
> # By default clamd uses scan options recommended by libclamav. This
> option
> # disables recommended options and allows you to enable selected ones
> below.
> # DO NOT TOUCH IT unless you know what you are doing.
> # Default: disabled
> #DisableDefaultScanOptions
>
> ##
> ## Executable files
> ##
>
> # PE stands for Portable Executable - it's an executable file format used
> # in all 32-bit versions of Windows operating systems. This option allows
> # ClamAV to perform a deeper analysis of executable files and it's also
> # required for decompression of popular executable packers such as
> UPX, FSG,
> # and Petite.
> # Default: enabled
> # ScanPE
> # With this option clamav will try to detect broken executables and mark
> # them as Broken.Executable
> # Default: disabled
> # DetectBrokenExecutables
>
>
> ##
> ## Documents
> ##
>
> # This option enables scanning of Microsoft Office document macros.
> # Default: enabled
> # ScanOLE2
>
> ##
> ## Mail files
> ##
>
> # Enable internal e-mail scanner.
> # Default: enabled
> # ScanMail
>
> # If an email contains URLs ClamAV can download and scan them.
> # If an email contains URLs ClamAV can download and scan them.
> # WARNING: This option may open your system to a DoS attack.
> #          Never use it on loaded servers.
> # Default: disabled
> # MailFollowURLs
>
>
> ##
> ## HTML
> ##
>
> # Perform HTML normalisation and decryption of MS Script Encoder code.
> # Default: enabled
> # ScanHTML
>
>
> ##
> ## Archives
> ##
>
> # ClamAV can scan within archives and compressed files.
> # Default: enabled
> # ScanArchive
> # Due to license issues libclamav does not support RAR 3.0 archives
> (only the
> # old 2.0 format is supported). Because some users report stability
> problems
> # with unrarlib it's disabled by default and you must uncomment the
> directive
> # below to enable RAR 2.0 support.
> # Default: disabled
> # ScanRAR
>
> # The options below protect your system against Denial of Service attacks
> # using archive bombs.
>
> # Files in archives larger than this limit won't be scanned.
> # Value of 0 disables the limit.
> # Default: 10M
> # ArchiveMaxFileSize 15M
>
> # Nested archives are scanned recursively, e.g. if a Zip archive
> contains a RAR
> # file, all files within it will also be scanned. This options
> specifies how
> # deep the process should be continued.
> # Value of 0 disables the limit.
> # Default: 8
> # ArchiveMaxRecursion 9
>
> # Number of files to be scanned within an archive.
> # Value of 0 disables the limit.
> # Default: 1000
> # ArchiveMaxFiles 1500
>
> # If a file in an archive is compressed more than
> ArchiveMaxCompressionRatio
> # times it will be marked as a virus (Oversized.ArchiveType, e.g.
> Oversized.Zip)
> # Value of 0 disables the limit.
> # Default: 250
> # ArchiveMaxCompressionRatio 300
>
> # Use slower but memory efficient decompression algorithm.
> # only affects the bzip2 decompressor.
> # Default: disabled
> # ArchiveLimitMemoryUsage
>
> # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
> # Default: disabled
> # ArchiveBlockEncrypted
>
> # Mark archives as viruses (e.g. RAR.ExceededFileSize,
> Zip.ExceededFilesLimit)
> # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
> # reached.
> # Default: disabled
> ##
> ## Clamuko settings
> ## WARNING: This is experimental software. It is very likely it will hang
> ##          up your system!!!
> ##
>
> # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
> # Default: disabled
> # ClamukoScanOnAccess
>
> # Set access mask for Clamuko.
> # Default: disabled
> # ClamukoScanOnOpen
> # ClamukoScanOnClose
> # ClamukoScanOnExec
>
> # Set the include paths (all files in them will be scanned). You can have
> # multiple ClamukoIncludePath directives but each directory must be added
> # in a seperate line.
> # Default: disabled
> # ClamukoIncludePath /home
> # ClamukoIncludePath /students
> # Set the exclude paths. All subdirectories are also excluded.
> # Default: disabled
> # ClamukoExcludePath /home/guru
>
> # Don't scan files larger than ClamukoMaxFileSize
> # Value of 0 disables the limit.
> # Default: 5M
> # ClamukoMaxFileSize 10M
> (END)
>
> _________________________________________________________________
> Dont just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Reply | Threaded
Open this post in threaded view
|

Re: Clamav run from desktop PC

Gabriel George POPA
   I forgot to tell you: my system is set up in such a way that it
downloads automatically new
virus definitions (see manual pages for freshclam). But I think you
could figure this out anyway
by looking closely to the small portions of script I sent you.

                                                                                                         
Yours in BSDness,
                                                                                                                   
Gabriel George POPA

Gabriel George POPA wrote:

>            Roger,
>
>   First of all, I will send you my /etc/clamd.conf file (commented
> lines were deleted):
>
> LogFile /var/log/clamd.log
> LogFileMaxSize 1024M
> LogTime
> LogSyslog
> LogVerbose
> PidFile /var/run/clamd.pid
> TemporaryDirectory /tmp
> DatabaseDirectory /var/db/clamav
> LocalSocket /var/run/clam/clamd.socket
> FixStaleSocket
> MaxConnectionQueueLength 1024
> SelfCheck 300
> User _clamav
> ScanPE
> ScanOLE2
> ScanMail
> ScanHTML
> ScanArchive
> ArchiveMaxFileSize 500M
> ArchiveMaxRecursion 23
> ArchiveMaxFiles 50000
> ArchiveMaxCompressionRatio 0
>
> NOW, /etc/freshclam.conf:
>
> DatabaseDirectory /var/db/clamav
> UpdateLogFile /var/log/freshclam.log
> LogVerbose
> LogSyslog
> PidFile /var/run/freshclam.pid
> DatabaseOwner _clamav
> DatabaseMirror db.ro.clamav.net   # I am in Romania, you could change
> this
> DatabaseMirror database.clamav.net
> NotifyClamd
> Debug
>
>
>
>
>   As you can easily see, I'm crazy about debug/verbose message and my
> system is always logging ALL
> it can.
>
>
>
>
>   Now, how to completely integrate clamd in your system:
> 1) Add the following lines to /etc/rc.conf.local:
> clamd=YES
> clamd_flags=""
> freshclam=YES
> freshclam_flags="--user root --daemon"
>
> 2) Add the following lines to /etc/rc:
>
> (!reference_line!)if [ X"${lpd_flags}" != X"NO" ]; then
> (!reference_line!)        echo -n ' printer';             lpd
> ${lpd_flags}
> (!reference_line!)fi
>
> # Start the ClamAV Daemon Server
> if [ X"${clamd}" != X"NO" ]; then
>        echo -n ' clamd';
>        # The /var/run directory was emptied at shutdown. Restore the
> location:
>        /bin/mkdir /var/run/clam
>        /sbin/chown _clamav:_clamav /var/run/clam
>        /bin/chmod 0750 /var/run/clam
>        /usr/local/sbin/clamd ${clamd_flags}
> fi
> # Start the ClamAV automatic virus database download application:
> if [ X"${freshclam}" != X"NO" ]; then
>        echo -n ' freshclam';
>        /usr/local/bin/freshclam ${freshclam_flags}
> fi
> 3) Permissions:
> /var/run/clam (directory): rwxr-x---  _clamav  _clamav
> /var/run/freshclam.pid (file): -rw-rw--- root wheel
> -rw-r-----   _clamav  _clamav  /var/log/clamd.log (file)
> -rw-r-----   _clamav  wheel    /var/log/freshclam.log (file)
> rwx------ _clamav      _clamav   /var/clamav (directory)
> rwx------ _clamav  _clamav  /var/clamav/quarantine/ (directory)
>
>
>
> Now, after doing all this stuff, reboot your PC and tell me what
> happens. If there are any problems you can
> count on me. Don't hesitate to contact me personally.
>   As you can see, this is my particular setup, but I think it should
> work for you without any problem. If you intend
> to integrate clamav with a mail server contact me, I might be of some
> help.
>   Please e-mail me and tell me if it works. I hope the information I
> provided you was useful.
>
>                                                                                                                                
> Yours in BSDness,
>                                                                                                                                          
> Gabriel George POPA
>
> Roger Neth Jr wrote:
>
>> Hello List,
>>
>> I installed ClamAV from ports on 4.0-beta on a desktop machine. I am
>> able to manually update freshclam and run manually clamscan. But when
>> I run clamdscan I get this message.
>>
>> $ clamdscan
>> ERROR: Can't parse the configuration file.
>>
>> ----------- SCAN SUMMARY -----------
>> Infected files: 0
>> Time: 0.001 sec (0 m 0 s)
>> $
>>
>>
>>> From my Googling my guess is that the clamd only works with mail
>>> servers. I
>>
>>
>> am only running Thunderbird with pop.
>>
>> I cannot get it to run as a daemon, also freshclam does not check
>> updates when I reboot the computer.
>>
>> I tried uncommenting listening on LocalSocket and then tried
>> TCPSocket without any success.
>>
>> Also read the man (5) clamd.conf without any success figuring this out.
>>
>> Any assistance is appreciated.
>>
>> Thank you,
>>
>> rogern
>>
>> John 3:16
>>
>> ## Example config file for the Clam AV daemon
>> ## Please read the clamd.conf(5) manual before editing this file.
>> ##
>>
>>
>> # Comment or remove the line below.
>> # Example
>>
>> # Uncomment this option to enable logging.
>> # LogFile must be writable for the user running daemon.
>> # A full path is required.
>> # Default: disabled
>> # LogFile /var/log/clamd.log
>>
>> # By default the log file is locked for writing - the lock protects
>> against
>> # running clamd multiple times (if you want to run another clamd
>> instance,
>> # please # copy the configuration file, change the LogFile variable,
>> and run
>> # the daemon with the --config-file option).
>> # This option disables log file locking.
>> # Default: disabled
>> #LogFileUnlock
>> # Maximal size of the log file.
>> # Value of 0 disables the limit.
>> # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
>> # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the
>> size
>> # in bytes just don't use modifiers.
>> # Default: 1M
>> # LogFileMaxSize 2M
>>
>> # Log time with each message.
>> # Default: disabled
>> #LogTime
>>
>> # Also log clean files. Useful in debugging but drastically increases
>> the
>> # log size.
>> # Default: disabled
>> #LogClean
>>
>> # Use system logger (can work together with LogFile).
>> # Default: disabled
>> #LogSyslog
>>
>> # Specify the type of syslog messages - please refer to 'man syslog'
>> # for facility names
>> # Default: LOG_LOCAL6
>> #LogFacility LOG_MAIL
>>
>> # Enable verbose logging.
>> # Default: disabled
>> #LogVerbose
>>
>> # This option allows you to save a process identifier of the listening
>> # daemon (main thread).
>> # Default: disabled
>> # PidFile /var/run/clamd.pid
>>
>> # Optional path to the global temporary directory.
>> # Default: system specific (usually /tmp or /var/tmp).
>> # TemporaryDirectory /var/tmp
>>
>> # Path to the database directory.
>> # Default: hardcoded (depends on installation options)
>> # DatabaseDirectory /var/db/clamav
>>
>> # The daemon works in a local OR a network mode. Due to security
>> reasons we
>> # recommend the local mode.
>> # Path to a local socket file the daemon will listen on.
>> # Default: disabled
>> # LocalSocket /tmp/clamd
>>
>> # Remove stale socket after unclean shutdown.
>> # Default: disabled
>> #  FixStaleSocket
>>
>> # TCP port address.
>> # Default: disabled
>> # TCPSocket 3310
>>
>> # TCP address.
>> # By default we bind to INADDR_ANY, probably not wise.
>> # Enable the following to provide some degree of protection
>> # from the outside world.
>> # Default: disabled
>> # TCPAddr 127.0.0.1
>>
>> # Maximum length the queue of pending connections may grow to.
>> # Default: 15
>> # MaxConnectionQueueLength 30
>> # Clamd uses FTP-like protocol to receive data from remote clients.
>> # If you are using clamav-milter to balance load between remote clamd
>> daemons
>> # on firewall servers you may need to tune the options below.
>>
>> # Close the connection when the data size limit is exceeded.
>> # The value should match your MTA's limit for a maximal attachment size.
>> # Default: 10M
>> # StreamMaxLength 20M
>>
>> # Limit port range.
>> # Default: 1024
>> # StreamMinPort 30000
>> # Default: 2048
>> # StreamMaxPort 32000
>>
>> # Maximal number of threads running at the same time.
>> # Default: 10
>> # MaxThreads 20
>>
>> # Waiting for data from a client socket will timeout after this time
>> (seconds).
>> # Value of 0 disables the timeout.
>> # Default: 120
>> # ReadTimeout 300
>>
>> # Waiting for a new job will timeout after this time (seconds).
>> # Default: 30
>> # IdleTimeout 60
>>
>> # Maximal depth directories are scanned at.
>> # Default: 15
>> # MaxDirectoryRecursion 20
>>
>> # Follow directory symlinks.
>> # Default: disabled
>> #FollowDirectorySymlinks
>>
>> # Follow regular file symlinks.
>> # Default: disabled
>> #FollowFileSymlinks
>>
>> # Perform internal sanity check (database integrity and freshness).
>> # Default: 1800 (30 min)
>> # SelfCheck 600
>>
>> # Execute a command when virus is found. In the command string %v will
>> # be replaced by a virus name.
>> :# Execute a command when virus is found. In the command string %v will
>> # be replaced by a virus name.
>> # Default: disabled
>> #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
>>
>> # Run as a selected user (clamd must be started by root).
>> # Default: disabled
>> #User clamav
>>
>> # Initialize supplementary group access (clamd must be started by root).
>> # Default: disabled
>> # AllowSupplementaryGroups
>>
>> # Stop daemon when libclamav reports out of memory condition.
>> # ExitOnOOM
>>
>> # Don't fork into background.
>> # Default: disabled
>> #Foreground
>>
>> # Enable debug messages in libclamav.
>> # Default: disabled
>> #Debug
>> :# Do not remove temporary files (for debug purposes).
>> # Default: disabled
>> #LeaveTemporaryFiles
>>
>>
>> # By default clamd uses scan options recommended by libclamav. This
>> option
>> # disables recommended options and allows you to enable selected ones
>> below.
>> # DO NOT TOUCH IT unless you know what you are doing.
>> # Default: disabled
>> #DisableDefaultScanOptions
>>
>> ##
>> ## Executable files
>> ##
>>
>> # PE stands for Portable Executable - it's an executable file format
>> used
>> # in all 32-bit versions of Windows operating systems. This option
>> allows
>> # ClamAV to perform a deeper analysis of executable files and it's also
>> # required for decompression of popular executable packers such as
>> UPX, FSG,
>> # and Petite.
>> # Default: enabled
>> # ScanPE
>> # With this option clamav will try to detect broken executables and mark
>> # them as Broken.Executable
>> # Default: disabled
>> # DetectBrokenExecutables
>>
>>
>> ##
>> ## Documents
>> ##
>>
>> # This option enables scanning of Microsoft Office document macros.
>> # Default: enabled
>> # ScanOLE2
>>
>> ##
>> ## Mail files
>> ##
>>
>> # Enable internal e-mail scanner.
>> # Default: enabled
>> # ScanMail
>>
>> # If an email contains URLs ClamAV can download and scan them.
>> # If an email contains URLs ClamAV can download and scan them.
>> # WARNING: This option may open your system to a DoS attack.
>> #          Never use it on loaded servers.
>> # Default: disabled
>> # MailFollowURLs
>>
>>
>> ##
>> ## HTML
>> ##
>>
>> # Perform HTML normalisation and decryption of MS Script Encoder code.
>> # Default: enabled
>> # ScanHTML
>>
>>
>> ##
>> ## Archives
>> ##
>>
>> # ClamAV can scan within archives and compressed files.
>> # Default: enabled
>> # ScanArchive
>> # Due to license issues libclamav does not support RAR 3.0 archives
>> (only the
>> # old 2.0 format is supported). Because some users report stability
>> problems
>> # with unrarlib it's disabled by default and you must uncomment the
>> directive
>> # below to enable RAR 2.0 support.
>> # Default: disabled
>> # ScanRAR
>>
>> # The options below protect your system against Denial of Service
>> attacks
>> # using archive bombs.
>>
>> # Files in archives larger than this limit won't be scanned.
>> # Value of 0 disables the limit.
>> # Default: 10M
>> # ArchiveMaxFileSize 15M
>>
>> # Nested archives are scanned recursively, e.g. if a Zip archive
>> contains a RAR
>> # file, all files within it will also be scanned. This options
>> specifies how
>> # deep the process should be continued.
>> # Value of 0 disables the limit.
>> # Default: 8
>> # ArchiveMaxRecursion 9
>>
>> # Number of files to be scanned within an archive.
>> # Value of 0 disables the limit.
>> # Default: 1000
>> # ArchiveMaxFiles 1500
>>
>> # If a file in an archive is compressed more than
>> ArchiveMaxCompressionRatio
>> # times it will be marked as a virus (Oversized.ArchiveType, e.g.
>> Oversized.Zip)
>> # Value of 0 disables the limit.
>> # Default: 250
>> # ArchiveMaxCompressionRatio 300
>>
>> # Use slower but memory efficient decompression algorithm.
>> # only affects the bzip2 decompressor.
>> # Default: disabled
>> # ArchiveLimitMemoryUsage
>>
>> # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
>> # Default: disabled
>> # ArchiveBlockEncrypted
>>
>> # Mark archives as viruses (e.g. RAR.ExceededFileSize,
>> Zip.ExceededFilesLimit)
>> # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion
>> limit is
>> # reached.
>> # Default: disabled
>> ##
>> ## Clamuko settings
>> ## WARNING: This is experimental software. It is very likely it will
>> hang
>> ##          up your system!!!
>> ##
>>
>> # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
>> # Default: disabled
>> # ClamukoScanOnAccess
>>
>> # Set access mask for Clamuko.
>> # Default: disabled
>> # ClamukoScanOnOpen
>> # ClamukoScanOnClose
>> # ClamukoScanOnExec
>>
>> # Set the include paths (all files in them will be scanned). You can
>> have
>> # multiple ClamukoIncludePath directives but each directory must be
>> added
>> # in a seperate line.
>> # Default: disabled
>> # ClamukoIncludePath /home
>> # ClamukoIncludePath /students
>> # Set the exclude paths. All subdirectories are also excluded.
>> # Default: disabled
>> # ClamukoExcludePath /home/guru
>>
>> # Don't scan files larger than ClamukoMaxFileSize
>> # Value of 0 disables the limit.
>> # Default: 5M
>> # ClamukoMaxFileSize 10M
>> (END)
>>
>> _________________________________________________________________
>> Dont just search. Find. Check out the new MSN Search!
>> http://search.msn.click-url.com/go/onm00200636ave/direct/01/