Memorandum : Building ClamAV® - Clam AntiVirus on Mac OS X 10.4 through macOS 10.12 Sierra

Building ClamAV® - Clam AntiVirus on Mac OS X 10.4 through macOS 10.12 Sierra

I'm running ClamXav Sentry as 'launch agent' with ClamAV antivirus scanning engine of my own custom build.

I've tested for building ClamAV (from version 0.90.x to version 0.99.x) on Mac OS X 10.4 through macOS 10.12 Sierra.
Now I'm running the latest stable release: ClamAV 0.99.2 on Mac OS X 10.4, OS X 10.9, OS X 10.10, OS X 10.11, and
macOS 10.12 Sierra.
The release notes of ClamAV 0.99.2 is here!

This memorandum contains as below:
Memorandum 1: Building ClamAV 0.99.x on OS X 10.10, 10.11 El Capitan and macOS 10.12 Sierra
Memorandum 2: Building ClamAV 0.98.7 on OS X 10.10 Yosemite and 10.11 El Capitan
Memorandum 3: Building ClamAV on Mac OS X 10.4 (Intel)
Memorandum 4: Building ClamAV on Mac OS X 10.4 (PPC)
Memorandum 5: Building ClamAV on Mac OS X 10.6 through OS X 10.9
Memorandum 6: Running clamd and freshclam as daemon
Memorandum 7: Running ClamXav Sentry as 'launch agent' on Mac OS X 10.6 and later…
Memorandum 8: Update ClamXav's own Virus Database and running RunFreshclam as daemon
Memorandum 9: Running ClamXav version 2.11.x with B.Y.O. ClamAV antivirus scanning engine
Links…


Memorandum 1: Building ClamAV 0.99.x on OS X 10.10, 10.11 El Capitan and macOS 10.12 Sierra


Building ClamAV 0.99.x on OS X 10.10, 10.11 El Capitan and macOS 10.12 Sierra


ClamAV 0.99.x contains major new features such as YARA rules, PCRE - Perl Compatible Regular Expressions and so on.
To support YARA and ClamAV logical signatures, the Perl Compatible Regular Expressions (PCRE) library is required.
If PCRE isn't installed on your system, you will get a warning message like this while running freshclam.
    ClamAV update process started at xxx xxx xx xx:xx:xx xxxx
    [LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssidxxxxx uses PCREs but support is
    disabled, skipping
    
1. To ensure the PCRE library:
     1) Install PCRE - Perl Compatible Regular Expressions.
    cd ~/Desktop
    curl -O ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre2-10.22.tar.gz
    tar zxf pcre2-10.22.tar.gz
    cd pcre2-10.22
    ./configure --prefix=/usr/local/pcre2
    make && make check
    sudo make install
    
     2) When compiling ClamAV 0.99.x, it fails with an error:
    ../libclamav/regex_pcre.h:33:10: fatal error: 'pcre.h' file not found
    
     3) To avoid this failure, simply set CPPFLAGS:
    export CPPFLAGS="-I/usr/local/pcre2/include"
    
     4) And add this configuration option when configuring ClamAV: --with-pcre=/usr/local/pcre2.


2. To compile ClamAV 0.99.x on OS X 10.10 Yosemite or on OS X 10.11 El Capitan and macOS 10.12 Sierra,
     in addition to the PCRE library;
     1) LLVM Front End is required on OS X 10.10 Yosemite.
     2) LLVM Front End and OpenSSL are required on OS X 10.11 El Capitan and macOS 10.12 Sierra.

     Please read Memorandum 2 to learn more, and…
     3) Install LLVM Front End Binaries.
     4) Install OpenSSL.


3. Configure ClamAV 0.99.x on OS X 10.10 Yosemite as follws:
    export CFLAGS="-O3 -march=nocona"
    export CXXFLAGS="-O3 -march=nocona"
    export CPPFLAGS="-I/usr/local/pcre2/include"
    ./configure --prefix=/usr/local/clamXav --build=x86_64-apple-darwin`uname -r` \
    --with-pcre=/usr/local/pcre2 \
    --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm-config
    


4. Configure ClamAV 0.99.x on OS X 10.11 El Capitan and macOS 10.12 Sierra as follws:
    export CFLAGS="-O3 -march=nocona"
    export CXXFLAGS="-O3 -march=nocona"
    export CPPFLAGS="-I/usr/local/pcre2/include -I/usr/local/ssl/include"
    ./configure --prefix=/usr/local/clamXav --build=x86_64-apple-darwin`uname -r` \
    --with-pcre=/usr/local/pcre2 --with-openssl=/usr/local/ssl \
    --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm-config
    


5. Notes
    When running clamd 0.99.x, you may encounter an issue that clamd crashes repeatedly with the following error:
    LibClamAV Error: cli_pcre_parse: PCRE compilation failed at offset 0:unknown option bit(s) set
    LibClamAV Error: cli_pcre_build: failed to build pcre regex
    ERROR: Database initialization error: Malformed database 
    
    In such a case, see "Building ClamAV 0.99 with PCRE support", get and apply the patch to /libclamav/matcher-pcre.c.
    That fixes the issue.
    --------
    Now this issue has been fixed by "PCRE2 support".
    So when building ClamAV 0.99.2, you don't have to apply the patch and you can use PCRE2 as above.


Memorandum 2: Building ClamAV 0.98.7 on OS X 10.10 Yosemite and 10.11 El Capitan

Building ClamAV 0.98.7 on OS X 10.10 Yosemite


Built-in LLVM of ClamAV 0.98.7 and 0.99.x are not compatible with GNU C++ on OS X 10.10 Yosemite and 10.11 El Capitan.
So ClamAV 0.98.7 and 0.99.x built on OS X 10.10 Yosemite or on OS X 10.11 El Capitan have major issues:

- Clamd crashes repeatedly throwing "Segmentation Fault: 11"
- Clamscan also crashes and fails to scan…
- Freshclam fails to load new database logging:
    ERROR: Database load killed by signal 11
    ERROR: Failed to load new database: No viruses detected
    

These problems can be avoided by installing official LLVM.
Versions of LLVM beyond 3.6 seem not to be currently supported in ClamAV, so you should install LLVM 3.6.2.
  1. Installing LLVM3.6.2 Front End Binaries
  2. cd ~
    curl -O http://llvm.org/releases/3.6.2/clang+llvm-3.6.2-x86_64-apple-darwin.tar.xz
    cd /usr/local
    sudo tar zxf ~/clang+llvm-3.6.2-x86_64-apple-darwin.tar.xz
    sudo chown -R root:wheel /usr/local/clang+llvm-3.6.2-x86_64-apple-darwin
    

  3. To use LLVM installed into /usr/local as a system library instead of the ClamAV's built-in LLVM JIT,
    add configuration option as following:
  4. --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm-config
    

  5. Configure ClamAV 0.98.7 on OS X 10.10.x Yosemite as follws:
  6. export CFLAGS="-O3 -march=nocona"
    export CXXFLAGS="-O3 -march=nocona"
    ./configure --prefix=/usr/local/clamXav --build=x86_64-apple-darwin`uname -r` \
    --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm-config
    





Building ClamAV 0.98.7 on OS X 10.11 El Capitan


Apple introduded a new security feature SIP: System Integrity Protection (rootless) to OS X 10.11 El Capitan, so in /usr directory
OS X 10.11 El Capitan has the different file composition from OS X 10.10 Yosemite.
While configuring ClamAV 0.98.7 on OS X 10.11 El Capitan, configuration fails with an error:
    checking for OpenSSL installation... /usr
    configure: error: OpenSSL not found.
    

  1. To solve this configuration issue, install OpenSSL.
  2. cd ~/Desktop
    curl -O https://www.openssl.org/source/openssl-1.0.2j.tar.gz
    tar zxf openssl-1.0.2j.tar.gz
    cd openssl-1.0.2j
    ./Configure darwin64-x86_64-cc --prefix=/usr/local/ssl
    make && make test
    sudo make install
    

    Setting search path:
    export PATH="/usr/local/ssl/bin:$PATH"
    

  3. But it's not still sufficient to succeed building.
    Building fails with an error:
  4. bytecode2llvm.cpp:190:10: fatal error: 'openssl/ssl.h' file not found
    

  5. To succeed building ClamAV 0.98.7 on OS X 10.11 El Capitan, set CPPFLAGS:
  6. export CPPFLAGS="-I/usr/local/ssl/include"
    

  7. Configure ClamAV 0.98.7 on OS X 10.11 El Capitan as follws:
  8. export CFLAGS="-O3 -march=nocona"
    export CXXFLAGS="-O3 -march=nocona"
    export CPPFLAGS="-I/usr/local/ssl/include"
    ./configure --prefix=/usr/local/clamXav --build=x86_64-apple-darwin`uname -r` \
    --with-openssl=/usr/local/ssl \
    --with-system-llvm=/usr/local/clang+llvm-3.6.2-x86_64-apple-darwin/bin/llvm-config
    

  9. Notes
    OpenSSL 1.1.0x has been released, but it may not compatible with ClamAV 0.99.x for now.
    So you may encounter an configuration failure with the following error:
  10. configure: error: Failed to configure LLVM, and LLVM was explicitly requested
    

    If you use OpenSSL 1.10x to compile ClamAV 0.99.x , use this configuration until the bug 11606 can be resolved.
    ./configure --enable-llvm=no
    

Memorandum 3 : Building ClamAV on Mac OS X 10.4 (Intel)

Building ClamAV on Mac OS X 10.4 (Intel)

In last update, Clam AntiVirus developer team introduced JIT compiler to ClamAV® 0.96.
Apple gcc (version: 4.0.1 build: 5370) in Mac OS X 10.4 (aka Tiger) failed to build ClamAV 0.96.x and 0.98.x with JIT compiled in.
With a brief struggle I found a good solution that I will tell you here.

  1) First, install LLVM (Low Level Virtual Machine) and LLVM-GCC 4.2 Front End.
  2) Second, add this configuration option: --enable-llvm.

Then you can build ClamAV 0.96.x and 0.98.x with JIT compiled in and use new features included in anti-virus toolkit.




Install LLVM (Low Level Virtual Machine) and LLVM-GCC 4.2 Front End
  1. Installing LLVM-GCC 4.2 Front End Binaries
  2. cd ~
    curl -O http://llvm.org/releases/2.3/llvm-gcc4.2-2.3-x86-darwin8.tar.gz
    cd /usr/local
    sudo tar zxf ~/llvm-gcc4.2-2.3-x86-darwin8.tar.gz
    

  3. Setting search path
  4. export PATH=/usr/local/llvm-gcc4.2-2.3-x86-darwin8/bin:$PATH
    

  5. Installing LLVM 2.3
  6. curl -O http://llvm.org/releases/2.3/llvm-2.3.tar.gz
    tar zxf llvm-2.3.tar.gz
    cd llvm-2.3
    ./configure
    make
    sudo make install
    




Install MacPorts and the packages
  1. Installing MacPorts
    Go to their Installing MacPorts page, download the .dmg for your platform, and install it.
    Ensure it's up to date by running:
  2. sudo port selfupdate
    sudo port sync
    

  3. Installing the packages: bzip2
  4. sudo port install bzip2
    

  5. Maintaining MacPorts and installed packages
  6. sudo port -d selfupdate
    sudo port -d sync
    sudo port upgrade installed
    




Compile ClamAV 0.98.x and Install
  1. Modify /shared/output.c & output.h to avoid compiling error. (Only needed for compiling ClamAV 0.98.1)
  2. output.c  : off_t logg_size = 0;	->  unsigned int logg_size = 0;
    output.h  : extern off_t logg_size;	->  extern unsigned int logg_size;
    

  3. ./configure (version 0.98 and 0.98.1)
  4. cd clamav-0.98.x
    export CFLAGS="-O3 -march=i686"
    export CXXFLAGS="-O3 -march=i686"
    export LDFLAGS="-L/opt/local/lib"
    export CC=/usr/local/llvm-gcc4.2-2.3-x86-darwin8/bin/i686-apple-darwin8-gcc-4.2.1
    ./configure --prefix=/usr/local/clamXav --enable-llvm --build=i686-apple-darwin`uname -r`
    
    

  5. ./configure (version 0.98.3 or later)
  6. cd clamav-0.98.x
    export CFLAGS="-O3 -march=i686"
    export CXXFLAGS="-O3 -march=i686"
    export LDFLAGS="-L/opt/local/lib"
    export CC=/usr/local/llvm-gcc4.2-2.3-x86-darwin8/bin/i686-apple-darwin8-gcc-4.2.1
    ./configure --with-openssl=/usr/local/ssl --enable-llvm \
    --prefix=/usr/local/clamXav --build=i686-apple-darwin`uname -r`
    

  7. Make, make check and install ClamAV
  8. make && make check
    sudo make install
    





    To compile ClamAV 0.96.3 or later, bzip2 (Version 1.0.6) that fixes CVE-2010-0405 is required.
    Mac OS X has bzip2 (Version 1.0.5) built-in and it is outdated, so you get WARNING as follows while running configuration command.
    ****** bzip2 libraries are affected by the CVE-2010-0405 bug
    ****** We strongly suggest you to update bzip2
    
    
    ****** WARNING:
    ****** You are cross compiling to a different host or you are
    ****** linking to bugged system libraries or you have manually
    ****** disabled important configure checks.
    ****** Please be aware that this build may be badly broken.
    ****** DO NOT REPORT BUGS BASED ON THIS BUILD !!!
    
    To solve this problem on Mac OS X 10.4, you can install bzip2 (Version 1.0.6) using MacPorts and add this configuration option:
    export LDFLAGS="-L/opt/local/lib" as follows.

    Apple has patched the CVE-2010-0405 bug on Mac OS X 10.6.7 but not on Mac OS X 10.4.11.





    To compile ClamAV 0.98.3 or later, OpenSSL (Version 0.98y or above including the X509_VERIFY_PARAM function) is required.
    Mac OS X 10.4 has OpenSSL 0.9.7l built-in and MacPorts fails to build OpenSSL, so you have to install OpenSSL 0.9.8zh.

  9. Install OpenSSL 0.9.8zh
  10. cd ~/Desktop
    curl -O https://www.openssl.org/source/openssl-0.9.8zh.tar.gz
    tar zxf openssl-0.9.8zh.tar.gz
    cd openssl-0.9.8zh
    ./Configure darwin-i386-cc --prefix=/usr/local/ssl
    make
    sudo make install
    

  11. Setting search path
  12. export PATH="/usr/local/ssl/bin:$PATH"
    



Compile ClamAV 0.99.x and Install
  1. To compile ClamAV 0.99.x on Mac OS X 10.4, in addition to installing LLVM Front End, MacPorts, bzip2 and OpenSSL the PCRE library is required as pointed out above.

    Install PCRE - Perl Compatible Regular Expressions.
  2. cd ~/Desktop
    curl -O ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
    tar zxf pcre-8.40.tar.gz
    cd pcre-8.40
    ./configure --prefix=/usr/local/pcre
    make && make check
    sudo make install
    

  3. ./configure
  4. cd clamav-0.99.x
    export CFLAGS="-O3 -march=i686"
    export CXXFLAGS="-O3 -march=i686"
    export LDFLAGS="-L/opt/local/lib"
    export CC=/usr/local/llvm-gcc4.2-2.3-x86-darwin8/bin/i686-apple-darwin8-gcc-4.2.1
    ./configure --with-openssl=/usr/local/ssl --with-pcre=/usr/local/pcre  --enable-llvm \
    --prefix=/usr/local/clamXav --build=i686-apple-darwin`uname -r`
    

  5. Make, make check and install ClamAV
  6. make && make check
    sudo make install
    

Memorandum 4 : Building ClamAV on Mac OS X 10.4 (PPC)

Building ClamAV on Mac OS X 10.4 (PPC)

PPC users have to install LLVM-GCC 4.2 Front End Binaries for PPC and configure ClamAV 0.96.x and 0.98.x with different configuration.





Install LLVM (Low Level Virtual Machine) and LLVM-GCC 4.2 Front End
  1. Installing LLVM-GCC 4.2 Front End Binaries
  2. cd ~
    curl -O http://llvm.org/releases/2.3/llvm-gcc4.2-2.3-ppc-darwin8.11.0.tar.gz
    cd /usr/local
    sudo tar zxf ~/llvm-gcc4.2-2.3-ppc-darwin8.11.0.tar.gz
    

  3. Setting search path
  4. export PATH=/usr/local/llvm-gcc4.2-2.3-ppc-darwin8.11.0/bin:$PATH
    

  5. Installing LLVM 2.3
  6. curl -O http://llvm.org/releases/2.3/llvm-2.3.tar.gz
    tar zxf llvm-2.3.tar.gz
    cd llvm-2.3
    ./configure
    make
    sudo make install
    




Install MacPorts and the packages
  1. Installing MacPorts
    Go to their Installing MacPorts page, download the .dmg for your platform, and install it.
    Ensure it's up to date by running:
  2. sudo port selfupdate
    sudo port sync
    

  3. Installing the packages: bzip2
  4. sudo port install bzip2
    

  5. Maintaining MacPorts and installed packages
  6. sudo port -d selfupdate
    sudo port -d sync
    sudo port upgrade installed
    




Compile ClamAV 0.98.x and Install
  1. Modify /shared/output.c & output.h to avoid compiling error. (Only needed for compiling ClamAV 0.98.x)
  2. output.c  : off_t logg_size = 0;	->  unsigned int logg_size = 0;
    output.h  : extern off_t logg_size;	->  extern unsigned int logg_size;
    

  3. ./configure
  4. cd clamav-0.98.x
    export CFLAGS="-O3"
    export CXXFLAGS="-O3"
    export LDFLAGS="-L/opt/local/lib"
    export CC=/usr/local/llvm-gcc4.2-2.3-ppc-darwin8.11.0/bin/powerpc-apple-darwin8-gcc-4.2.1
    ./configure --prefix=/usr/local/clamXav --enable-llvm
    

  5. Make, make check and install ClamAV
  6. make && make check
    sudo make install
    

Memorandum 5 : Building ClamAV on Mac OS X 10.6 through OS X 10.9

Building ClamAV on Mac OS X 10.6 through OS X 10.9

GNU C++ and bzip2 (Version 1.0.6) are installed on Mac OS X and later, so you can simply build ClamAV 0.96.x and 0.98.x with JIT compiled in and use new features included in anti-virus toolkit.

  1. On Mac OS X 10.7, after installing Xcode 4.3 in /Applications, you should install the Command Line Tools:
    from "Xcode -> Preferences -> Downloads -> Components pane", or install them via the separate installer from developer.apple.com. and
  2. Run these commands to make sure that everything is pointed in the right place.
  3. sudo xcode-select -switch /Applications/Xcode.app




Compile ClamAV 0.98.x and Install
  1. ./configure
  2. cd clamav-0.98.x
    export CFLAGS="-O3 -march=nocona"
    export CXXFLAGS="-O3 -march=nocona"
    ./configure --prefix=/usr/local/clamXav --build=x86_64-apple-darwin`uname -r`
    --enable-llvm
    

  3. Make, make check and install ClamAV
  4. make && make check
    sudo make install
    




Compile ClamAV 0.99.x and Install
  1. To compile ClamAV 0.99.x, the PCRE library is required as pointed out above.

    Install PCRE - Perl Compatible Regular Expressions.
  2. cd ~/Desktop
    curl -O ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
    tar zxf pcre-8.40.tar.gz
    cd pcre-8.40
    ./configure --prefix=/usr/local/pcre
    make && make check
    sudo make install
    

  3. ./configure
  4. cd clamav-0.99.x
    export CFLAGS="-O3 -march=nocona"
    export CXXFLAGS="-O3 -march=nocona"
    ./configure --prefix=/usr/local/clamXav --with-pcre=/usr/local/pcre --enable-llvm \
    --build=x86_64-apple-darwin`uname -r`
    

  5. Make, make check and install ClamAV
  6. make && make check
    sudo make install
    

Memorandum 6: Running clamd and freshclam as 'launch daemon'

Running clamd and freshclam as 'launch daemon'

  1. I'm running clamd and freshclam as 'launch daemon' managed by:
    /Library/LaunchDaemons/org.clamav.clamd.plist
    /Library/LaunchDaemons/org.clamav.freshclam.plist

    sudo chown root:wheel /Library/LaunchDaemons/org.clamav.clamd.plist
    sudo chmod 0644 /Library/LaunchDaemons/org.clamav.clamd.plist
    sudo chown root:wheel /Library/LaunchDaemons/org.clamav.freshclam.plist
    sudo chmod 0644 /Library/LaunchDaemons/org.clamav.freshclam.plist
    


  2. Edit clamd.conf and freshclam.conf for using ' daemons'.

  3. Set appropriate permissions for ClamXav and ClamXav Sentry.
  4. sudo bash
    chown -R root:admin /usr/local/clamXav
    chown -R root:admin /usr/local/clamXav/etc
    chmod 0775 /usr/local/clamXav/etc
    chmod 0644 /usr/local/clamXav/etc/*
    chown -R root:admin /usr/local/clamXav/bin
    chmod 0755 /usr/local/clamXav/bin
    chmod 0755 /usr/local/clamXav/bin/*
    chown -R clamav:clamav /usr/local/clamXav/share/clamav
    chmod -R g+w /usr/local/clamXav/share/clamav
    chmod -R u+w /usr/local/clamXav/share/clamav
    chmod 0755 /usr/local/clamXav/share/clamav
    chmod 0644 /usr/local/clamXav/share/clamav/*
    chmod 0644 /usr/local/clamXav/share/clamav/freshclam.log
    chown clamav:admin /var/log/clamd.log
    chmod 0664 /var/log/clamd.log
    

  5. Notes
    When using 'daemon' to launch freshclam,
    uncheck "Update virus definitions on launch" of ClamXav's 'General Preferences' section.
    Updates of virus definitions gets executed automatically by 'freshclam daemon'.

Memorandum 7: Running ClamXav Sentry as 'launch agent' on Mac OS X 10.6 and later…

Running ClamXav Sentry as 'launch agent' on Mac OS X 10.6 and later…

  1. When running ClamXav Sentry as 'launch agent', ClamXav Sentry keeps alive.
    So even if it crashes, it gets back and keeps watching files and folders without any incident.

    I'm running ClamXav Sentry as 'launch agent' managed by ~/Library/LaunchAgents/org.clamXavSentry.plist

  2. On Yosemite and El Capitan, I'm using this org.clamXavSentry.plist file to avoid ClamXav Sentry's annoying error:
    ERROR: Can't connect to clamd: No such file or directory
    Total errors: 1
    connect(): No such file or directory
    ClamXavSentry can't connect to clamd
    Error, can't connect to clamd through /tmp/clamd.socket.
    

  3. Notes
    When using 'launch agent' to launch ClamXav Sentry,
    uncheck "Launch ClamXav Sentry when you log in to this computer" of 'ClamXav Sentry Preferences' section.
    ClamXav Sentry automatically launches and keeps alive by 'launch agent' when logging in.

    CFBundleExecutable name "ClamXavSentry" was replaced by "ClamXav Sentry" in ClamXav 2.7.x.
    So you should replace "ClamXavSentry" with "ClamXav Sentry" in org.clamXavSentry.plist.

    If you are running clamd as 'launch daemon' and running ClamXav Sentry 3.x as 'launch agent',
    use this hidden preference setting:
    defaults write uk.co.markallan.clamxav clamdControlledExternally -bool YES;
    killall cfprefsd
    

    And if you are running clamd as 'launch daemon' and running ClamXav Sentry 3.5.x as 'launch agent',
    use this hidden preference setting:
    defaults write uk.co.canimaansoftware.clamxav clamdControlledExternally -bool YES;
    killall cfprefsd
    

Memorandum 8 : Update ClamXav's own Virus Database and running RunFreshclam as daemon

Update ClamXav's own Virus Database

  1. Now ClamXav and ClamXav Sentry use combined official and its own virus database as below:
  2. Database information
    --------------------
    Database directory: /usr/local/clamXav/share/clamav
    bytecode.cld: version 283, sigs: 53, built on Fri Jun 24 00:01:37 2016
    [3rd Party] ClamXav.fp: 19 sigs
    [3rd Party] ClamXav.hdb: 78676 sigs
    [3rd Party] ClamXav.ndb: 7 sigs
    daily.cld: version 21786, sigs: 342508, built on Sat Jun 25 15:15:10 2016
    main.cvd: version 57, sigs: 4218790, built on Thu Mar 17 08:17:06 2016
    Total number of signatures: 4640053
    

  3. To get and update ClamXav Virus Database,
    extract RunFreshclam from the latest ClamXav.app/Contents/Resources/clamavEngineInstaller.pkg
    and place it into
    /usr/local/clamXav/bin
    

  4. ClamXav 2.8.9.4 requires empty file called 0.99.1_update_4 inside /usr/local/clamXav.
    sudo touch /usr/local/clamXav/0.99.1_update_4
    

  5. When you launch ClamXav 2.8.9.1 and update virus definitions, ClamXav logs follwing error:
    ClamXav[*****]: /usr/local/clamXav/bin/freshclam: unrecognized option `--show-progress'
    ERROR: Unknown option passed
    ERROR: Can't parse command line options
    

    ClamXav 2.8.9.1 requires freshclam compiled with option '--show-progress'.
    For details, see "Bug 11455 – [Clamav-devel] Patch to force freshclam download progress meter".
    To solve this issue, get and apply 'freshclam_show-progress.patch' before you build ClamAV 0.99.0.
    --------
    The patch has been checked in ClamAV 0.99.1 repository, so no need for patching to build ClamAV 0.99.1.




Running RunFreshclam as 'daemon' instead of freshclam daemon

  1. I'm now running RunFreshclam as 'daemon' instead of freshclam daemon managed by:
    /Library/LaunchDaemons/com.clamXav.runfreshclam.plist

    sudo chown root:wheel /Library/LaunchDaemons/com.clamXav.runfreshclam.plist
    sudo chmod 0644 /Library/LaunchDaemons/com.clamXav.runfreshclam.plist
    


  2. Edit freshclam.conf for using RunFreshclam ' daemons'.

  3. Set appropriate permissions for RunFreshclam (ClamXav version =< 2.8.x).
    sudo bash
    chown -R root:wheel /usr/local/clamXav
    chmod 0775 /usr/local/clamXav/etc
    chmod 0664 /usr/local/clamXav/etc/*
    chmod 0644 /usr/local/clamXav/etc/freshclam.conf
    chmod 0755 /usr/local/clamXav/bin
    chmod 0755 /usr/local/clamXav/bin/*
    chmod u+s /usr/local/clamXav/bin/freshclam
    chmod u+s /usr/local/clamXav/bin/RunFreshclam
    chown -R clamav:clamav /usr/local/clamXav/share/clamav
    chmod 0775 /usr/local/clamXav/share/clamav
    chmod 0644 /usr/local/clamXav/share/clamav/*
    chmod 0666 /usr/local/clamXav/share/clamav/freshclam.log
    

      Notes:
      As concerns appropriate permissions on ClamXav 2.9.x, see described below.

  4. Checking and updating virus definitions:
    When running 'RunFreshclam' as ' daemon',
    'RunFreshclam' automatically (at regular time intervals, e.g. every 30minutes or every 1 hour as you set) executes checking and updating both ClamXav's own virus definitions and official ClamAV® virus definitions, so you need not run 'freshclam daemon'.

    An example of freshclam.log:
    ----------------------------------------------------------------------------
    Checking Official ClamXav definitions
    --------------------------------------
    Update process started at Jun 24, 2016, 5:06:05 PM
    ClamXav.ndb is already up to date.
    ClamXav.hdb is valid and has file size: 4691872 bytes
    DB integrity check is sound. Move ClamXav.hdb into place
    ClamXav.fp is already up to date.
    ClamXav.ign2 is already up to date.
    ClamXav.plist is already up to date.
    Nothing to download for ClamXav.ldb
    
    Checking ClamAV definitions
    --------------------------------------
    ClamAV update process started at Fri Jun 24 17:06:15 2016
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    Downloading daily-21776.cdiff [100%]
    Downloading daily-21777.cdiff [100%]
    Downloading daily-21778.cdiff [100%]
    Downloading daily-21779.cdiff [100%]
    Downloading daily-21780.cdiff [100%]
    daily.cld updated (version: 21780, sigs: 337592, f-level: 63, builder: neo)
    Downloading bytecode-282.cdiff [100%]
    Downloading bytecode-283.cdiff [100%]
    bytecode.cld updated (version: 283, sigs: 53, f-level: 63, builder: neo)
    Database updated (4556435 signatures) from cdn.clamxav.com (IP: 43.249.37.245)
    Clamd successfully notified about the update.
    ----------------------------------------------------------------------------
    

Memorandum 9 : Running ClamXav version 2.11.x with B.Y.O. ClamAV engine

To run ClamXav 2.11.x and ClamXav Sentry 3.11.x with B.Y.O.E.

  1. ClamXav has a new engine install and uninstall mechanism since version 2.9.
    Now ClamXav examines whether all the files necessary for ClamXav are installed exactly, and investigates whether the permissions on all files and folders at /usr/local/clamXav are right.
    When you fail to satisfy the requirements, ClamXav tries to repair /usr/local/clamXav, and all files and folders are changed to its own official engine.

    To satisfy the requirements, the following files are needed at the very least in addition to B.Y.O. ClamAV files:
    /usr/local/clamXav/0.99.2_update_x
    /usr/local/clamXav/bin/gfslogger
    /usr/local/clamXav/bin/RunFreshclam
    

  2. Steps to satisfy the requirements for ClamXav Version 2.11 (2835):
    1) make empty file called 0.99.2_update_15 inside /usr/local/clamXav/
    sudo touch /usr/local/clamXav/0.99.2_update_15
    

    2) extract gfslogger and RunFreshclam from the latest ClamXav.app/Contents/Resources/clamavEngineInstaller.pkg

    3) place those files into appropriate directory:
    /usr/local/clamXav/bin/
    

    4) ClamXav 2.11.x changed the name of two files located at /usr/local/clamXav/share/clamav/.
        First run RunFreshclam completely, then you can place them at /usr/local/clamXav/share/clamav/ as follws:
    /usr/local/clamXav/share/clamav/ClamXav.database
    /usr/local/clamXav/share/clamav/ClamXav.database.signature
    

    An example of files located at /usr/local/clamXav/share/clamav:
    ls -l /usr/local/clamXav/share/clamav
    total 366792
    -rw-rw-r--  1 _clamav  _clamav      17721 Nov 12 06:44 ClamXav.blacklist
    -rw-rw-r--  1 _clamav  _clamav      41840 Nov 12 06:44 ClamXav.database
    -rw-rw-r--  1 _clamav  _clamav         65 Nov 12 06:44 ClamXav.database.signature
    -rw-rw-r--  1 _clamav  _clamav       1434 Nov 12 06:44 ClamXav.fp
    -rw-rw-r--  1 _clamav  _clamav   20133173 Nov 12 06:44 ClamXav.hdb
    -rw-rw-r--  1 _clamav  _clamav       1003 Nov 12 06:44 ClamXav.ign2
    -rw-rw-r--  1 _clamav  _clamav       7993 Nov 12 06:44 ClamXav.ldb
    -rw-rw-r--  1 _clamav  _clamav       3390 Nov 12 06:44 ClamXav.ndb
    -rw-rw-r--  1 _clamav  _clamav      86357 Nov 12 06:44 bytecode.cvd
    -rw-rw-r--  1 _clamav  _clamav   58323456 Nov 12 08:29 daily.cld
    -rw-rw-rw-  1 _clamav  _clamav       1745 Nov 12 08:29 freshclam.log
    -rw-rw-r--  1 _clamav  _clamav  109143933 Nov 12 06:44 main.cvd
    -rw-rw-r--  1 _clamav  _clamav         52 Nov 12 08:29 mirrors.dat
    

    5) Set appropriate permissions at /usr/local/clamXav for ClamXav 2.11.x.
    sudo bash
    chown -R root:wheel /usr/local/clamXav
    chmod 0775 /usr/local/clamXav/etc
    chmod 0664 /usr/local/clamXav/etc/*
    chown clamav:wheel /usr/local/clamXav/etc/freshclam.conf
    chmod 0600 /usr/local/clamXav/etc/freshclam.conf
    chmod 0755 /usr/local/clamXav/bin
    chmod 0755 /usr/local/clamXav/bin/*
    chown clamav:wheel /usr/local/clamXav/bin/freshclam
    chmod u+s /usr/local/clamXav/bin/freshclam
    chmod u+s /usr/local/clamXav/bin/gfslogger
    chmod g+s /usr/local/clamXav/bin/gfslogger
    chmod u+s /usr/local/clamXav/bin/RunFreshclam
    chown -R clamav:clamav /usr/local/clamXav/share/clamav
    chmod 0775 /usr/local/clamXav/share/clamav
    chmod 0664 /usr/local/clamXav/share/clamav/*
    chmod 0666 /usr/local/clamXav/share/clamav/freshclam.log
    

  3. Now you can run ClamXav Sentry 3.11.x as 'launch agent' and run RunFreshclam as 'launch daemon' with no issues.
    As a matter of course you can launch ClamXav 2.11.x and it works all right.

    An example of freshclam.log:
    ----------------------------------------------------------------------------
    Checking Official ClamXav definitions
    --------------------------------------
    Update process started at Sep 30, 2016, 5:45:01 AM
    ClamXav.ndb is already up to date.
    ClamXav.hdb is already up to date.
    ClamXav.fp is already up to date.
    ClamXav.ign2 is already up to date.
    ClamXav.database is valid and has file size: 39536 bytes
    DB integrity check is sound. Move ClamXav.database into place
    ClamXav.ldb is already up to date.
    
    Checking ClamAV definitions
    --------------------------------------
    ClamAV update process started at Fri Sep 30 05:45:15 2016
    Reading CVD header (main.cvd): OK
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    Reading CVD header (daily.cvd): OK
    Downloading daily-22273.cdiff [100%]
    Downloading daily-22274.cdiff [100%]
    daily.cld updated (version: 22274, sigs: 642047, f-level: 63, builder: neo)
    Reading CVD header (bytecode.cvd): OK (IMS)
    bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
    Database updated (4860890 signatures) from db.jp.clamav.net (IP: 27.96.54.66)
    Clamd successfully notified about the update.
    

  4. Important Notes
    Canimaan Software Ltd released ClamXav Version 2.9 (2378) and then has stopped official support for B.Y.O. Engine.
    If you keep using B.Y.O. Engine, do that on your own responsibility.

Links…


¤  Camino Get ¤