Using Clam AntiVirus to Protect your iFolder 3 Server
Novell Cool Solutions: Tip
By Magnus Hoglund
Digg This -
Posted: 30 Jun 2006
From the iFolder 3.x Security Administrator Guide:
"Because iFolder is a cross-platform distributed solution, there is a possibility of a virus infection on a platform migrating across the iFolder server to other platforms, and vice versa. You should enforce server-based virus scanning to prevent viruses from entering the corporate network."
Use ClamAV as a real-time scanning anti virus solution.
Install required RPMs:
Start Yast2 and make sure these RPMs are installed.
km_antivir (dazuko module)
Execute modprobe dazuko (as root)
Run lsmod and check that dazuko is loaded:
# Path to a local socket file the daemon will listen on.
# TCP port address.
# TCP address.
- Activate and edit:
# Execute a command when virus is found.
VirusEvent /bin/echo "iFolder VIRUS ALERT: %v" | /bin/mail -s "ClamAV - iFolder" -r ClamAV@server.domain ToUser@domain
# Run as a selected user (clamd must be started by root).
If not deaktivating "User vscan" I received the error: "clamuko cannot connect to dazuko" in /var/log/clamd
Add these lines:
# Clamuko RealTime Scanning
Change any other settings in the file to reflect your needs (see ClamAV documentation).
Check that clamd was started without any errors:
tail -f /var/log/clamd
Download the EICAR test signature from:
This is not a real virus.
Run: tail -f /var/log/clamd
Save the test file (eicar.zip and/or eicar.com) in your iFolder and wait for sync.
When the virus pattern is detected you should see this (see below) in the log file
Check that a mail has been sent: tail /var/log/mail
You can update ClamAV using the command: freshclam
A better way is to use the freshclam daemon for automatic updates.
Settings for freshclam: /etc/freshclam.conf
# Path to the log file (make sure it has proper permissions)
- Activate and provide your country code:
# Uncomment the following line and replace XY with your country code.
- Activate and provide update interval (e.g 24 for every hour):
# Number of database checks per day.
Create a log file for freshclam:
Set file rights:
chown vscan:vscan /var/log/freshclam.log
Check the log file:
Activate automatic start for clamd, freshclam and postfix:
- Start Yast2 (or run chkconfig)
- Choose System -> Runlevel Editor -> Expert Mode
- Activate clamd for runlevel 3 and 5
- Activate freshclam for runlevel 3 och 5
- Activate postfix for runlevel 3 och 5
- Choose Finish to save your settings.
Now you have a real-time anti-virus scanning for your iFolder3 server.
Note: This solution was tested on OES (Linux) SP2.
For more information
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com