Running ClamAV and Freshclam from Daemontools

ClamAV is an antivirus toolkit for use with Unix-like operating systems. It is distributed under the GNU General Public License (GPL). It is commonly used on email servers to scan for virii, scan files shared by Samba and files downloaded through an Apache proxy, just to name a few.

Freshclam is used to update the ClamAV database. It is part of the ClamAV package. Freshclam may be called manually from the command line or it may be run as a daemon.

Daemontools is a collection of tools for managing Unix services. It provides a means of monitoring a service, starting and stopping it and logging any debug and/or error messages. Daemontools provides easy service installation and removal, easy first time service startup, reliable restarts, easy, reliable signalling, clean process state and OS portability.

Running ClamAV and freshclam from daemontools ensures that your AV automatically restarts in case of a service crash. Also daemontools allows you to install ClamAV the same way on all your operating systems: Linux, BSD, Mac OS X and Solaris.

Setting up the Service Directories

First verify the daemontools "svscan" process is running. Choose a location where you want the physical service directories. I usually use "/var/service", however any directory may be used as long as it is not "/service".

Create the service directories with the following commands.

# mkdir -m 1755 /var/service/clamav /var/service/freshclam
# mkdir -m 755 /var/service/clamav/log /var/service/freshclam/log

Download the "run" scripts for clamav and its log.

# cd /var/service/clamav
# wget -c http://www.antagonism.org/scripts/clamav-run
# mv clamav-run run
# chmod 755 run
# cd log
# wget -c http://www.antagonism.org/scripts/log-run
# mv log-run run
# chmod 755 run

Warning, before using either of the clamav "run" scripts, make sure you understand what the commands do. The additional options are covered in the clamd man page. The "log" run script rotates the logs every 1MB, keeps the latest 20 logs and writes them to the "main" directory under the "log" directory.

Download the "run" scripts for freshclam and its log.

# cd /var/service/freshclam
# wget -c http://www.antagonism.org/scripts/freshclam-run
# mv freshclam-run run
# chmod 755 run
# cd log
# wget -c http://www.antagonism.org/scripts/log-run
# mv log-run run
# chmod 755 run

Warning before using either of the freshclam "run" scripts, make sure you understand what the commands do. In the freshclam "run" script, the options have configured do the following:

These options and more are covered in the freshclam man page. The "log" run script rotates the logs every 1MB, keeps the latest 20 logs and writes them to the "main" directory under the "log" directory.

Configuring ClamAV

Please note these configurations are in accordance with version 0.90 or greater. While the previous instructions covered anything lower, I feel it is a diservice to leave outdated instructions on the Internet.

The following directives in clamd.conf, Example and LogFile are commented out. Previously LogFile needed to be set to /dev/stdout, however clamd will no longer start if this is the case. The following directives are uncommented and set, LogSyslog, FixStaleSocket and Foreground. LogSyslog is set to "no" since multilog handles the logging. FixStaleSocket is set to "yes". This deletes the stale socket file left by an "unclean" shutdown before creating a new socket. Previously the clamav "run" script did this. Foreground is set to "yes". This prevents clamd from forking into the background, a requirement to run clamav from daemontools. Below is a section of an example clamd.conf file listing all the above directives.

#Example
#LogFile
LogSyslog no
FixStaleSocket yes
Foreground yes

The following directives in freshclam.conf, Example and UpdateLogFile are commented out. The following directives are uncommented and set, LogSyslog and Foreground. LogSyslog is set to "no" since multilog handles the logging. Foreground is set to "yes". The prevents freshclam from forking into the background, a requirement to run freshclam from daemontools. Below is a section of an example freshclam.conf file listing all the above directives.

#Example
#UpdateLogFile
LogSyslog no
Foreground yes

Activating the Service

(The below section is taken almost verbatim from the following page created by John Simpson. I felt that his description on what happens when you activate a service was the most clear and easy to understand, so why change a thing?)

Once the directories are set up, you need to make them start running. This is done by creating a symbolic link from /service/(whatever) to the physical directory where the service lives. The "svscan" program checks /service every five seconds, and when it sees a new directory (or symbolic link) there, it starts a "supervise" process for that directory. In addition, if the directory has the sticky bit set and a child directory called "log", it starts a "supervise" process for the "log" child directory and sets up a pipe between the two processes (so that the main process's logs end up being sent to the log process).

The "supervise" program works by running the "run" script inside of whatever directory it's watching. If that child process (either the "run" script itself, or whatever process it runs using "exec") stops, it starts it back up by running the "run" script again.

The following commands will create the symbolic links needed to start the ClamAV and freshclam services.

# ln -s /var/service/clamav /service/
# ln -s /var/service/freshclam /service/

After running this command, wait ten seconds (to give it time to start) and then run the "svstat" command to see what's running:

# svstat /service/clamav /service/clamav/log /service/freshclam /service/freshclam/log
/service/clamav: up (pid 2508) 7 seconds
/service/clamav/log: up (pid 2510) 7 seconds
/service/freshclam: up (pid 2511) 5 seconds
/service/freshclam/log: up (piid 2513) 5 seconds

As long as the new services show "up" with a timer of more than one second, the services are running correctly. If the timer on a service is 0 or 1 second, then wait about five seconds and run the same command - it should now be higher than 1 second. If it's still 0 or 1, then the service is having a problem and you need to fix it. This page provides some steps to troubleshoot daemontools service installations.

Downloads

File: clamav-run
Size: 31 bytes
Date: 2008-05-02 14:49:56 -0700
MD5: 16b25b01ae482b86f769b4fe9670eb9e
SHA-1: 0d86702907477190b0efece6472e762115618f74
RIPEMD-160: f3858368769540c97ce54a000b74bce8fc2eeb6a
PGP Signature: clamav-run.asc
File: freshclam-run
Size: 47 bytes
Date: 2008-05-02 14:49:56 -0700
MD5: e9e0486f0c70feb3b9c0dc8995933460
SHA-1: 949f9315b558f7a54155b54230aa1ed9636845d5
RIPEMD-160: 015266876158870a28aedd5614af39b701c34bcf
PGP Signature: freshclam-run.asc
File: log-run
Size: 47 bytes
Date: 2008-05-02 14:49:56 -0700
MD5: 1cc7ef3d56be3ec766a9b382d19d1604
SHA-1: d04a2286a41bddd77577443253ac67654f0b7425
RIPEMD-160: 4df90694ac5cb454b6e360c69278e244c6cdf924
PGP Signature: log-run.asc

2007-03-09 Updated the configuration section to reflect changes from 0.9x. Thanks to John Simpson for notifying me of these changes.

2007-02-28 Removed the section of the clamav-run script which removes the stale socket. This part is not needed as the FixStaleSocket directive is set. Thanks to John Simpson for pointing this out.

[Valid HTML 4.01 Trans] Validated by HTML Validator (based on Tidy) Copyright 2006-2008 Patrick R. McDonald <marlowe@antagonism.org> (GPG key)
This document last modified 2008-07-14 19:06:49 -0700