Installing clamonacc on Orange Pi 5 Plus

Anti Virus
Reading Time: 3 minutes



I have installed clamonacc on Orange Pi 5 Plus.
It notifies virus alert by LINE(SNS used mainly in Asian) like this.
– Before this by email.



Please have a look this article for more detail about clamonacc.



Now the latest version is 1.2.0.

Release ClamAV 1.2.0 · Cisco-Talos/clamav
ClamAV 1.2.0 includes the following improvements and changes: Major changes Added support for extracting Universal Disk ...



This article will summerize how to build and install.

Preparing build environment

Current clamav needs rust for build.

Unix from source (v0.104+) - ClamAV Documentation
An open source malware detection toolkit and antivirus engine.



Installing needed packages.

$ sudo apt update && apt install -y \
  `# install tools` \
  gcc make pkg-config python3 python3-pip python3-pytest valgrind \
  `# install clamav dependencies` \
  check libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev \
  libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev \
  cmake



In official page we need to install python-pytest.



I couldn’t install, but it was no problem.
– May be due to Orange Pi 5 Plus which refers another repository?



Next, installing rust.
We can refer this page.

rustup.rs - The Rust toolchain installer
The Rust toolchain installer



You can easily install by running below command.
– Under /home/<username>/ directory.

$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Download clamav source code

We can download by git clone or downloading from Release.

git clone

$ git clone -b clamav-1.2.0 https://github.com/Cisco-Talos/clamav.git
$ cd clamav



Downloading from Release.

$ wget https://www.clamav.net/downloads/production/clamav-1.2.0.tar.gz
$ tar zxf clamav-1.2.0.tar.gz
$ cd clamav-1.2.0



Next let’s do build install.
It took less than 30 minutes.

$ mkdir build
$ cd build
$ cmake ..
$ cmake --build .
$ ctest
$ sudo cmake --build . --target install

We can refer install_manifest.txt for installed files.

$ cat install_manifest.txt 
/usr/local/bin/clamav-config
/usr/local/lib/pkgconfig/libclamav.pc
/usr/local/lib/libclamunrar.so.12.0.1
/usr/local/lib/libclamunrar.so.12
/usr/local/lib/libclamunrar.so
/usr/local/lib/libclamunrar_iface.so.12.0.1
/usr/local/lib/libclamunrar_iface.so.12
/usr/local/lib/libclamunrar_iface.so
/usr/local/lib/libclammspack.so.0.8.0
/usr/local/lib/libclammspack.so.0
/usr/local/lib/libclammspack.so
/usr/local/lib/libclamav.so.12.0.1
/usr/local/lib/libclamav.so.12
/usr/local/lib/libclamav.so
/usr/local/include/clamav.h
/usr/local/include/clamav-types.h
/usr/local/include/clamav-version.h
/usr/local/lib/libfreshclam.so.3.0.1
/usr/local/lib/libfreshclam.so.3
/usr/local/lib/libfreshclam.so
/usr/local/include/libfreshclam.h
/usr/local/bin/clamconf
/usr/local/sbin/clamd
/usr/local/bin/clamdscan
/usr/local/sbin/clamonacc
/usr/local/sbin/clamav-milter
/usr/local/bin/clamscan
/usr/local/bin/sigtool
/usr/local/bin/clambc
/usr/local/bin/clamsubmit
/usr/local/bin/freshclam
/usr/local/bin/clamdtop
/usr/local/etc/clamd.conf.sample
/usr/local/etc/freshclam.conf.sample
/usr/local/etc/clamav-milter.conf.sample
/usr/local/share/man/man1/clamscan.1
/usr/local/share/man/man1/freshclam.1
/usr/local/share/man/man1/sigtool.1
/usr/local/share/man/man1/clamdscan.1
/usr/local/share/man/man1/clamconf.1
/usr/local/share/man/man1/clamdtop.1
/usr/local/share/man/man1/clamsubmit.1
/usr/local/share/man/man1/clambc.1
/usr/local/share/man/man5/clamd.conf.5
/usr/local/share/man/man5/clamav-milter.conf.5
/usr/local/share/man/man5/freshclam.conf.5
/usr/local/share/man/man8/clamd.8
/usr/local/share/man/man8/clamav-milter.8



You can uninstall by running below command.

$ sudo xargs rm < install_manifest.txt

Automatic start after boot

This is script for start.

$ cat /usr/local/bin/start_clamonacc.sh 
#!/bin/bash

CLAMONACC=/usr/local/sbin/clamonacc
QUARANTINE_DIR=/opt/clamav/quarantine

${CLAMONACC} --config-file=/usr/local/etc/clamonacc.conf --ping 3 > /dev/null
if [ 0 -ne $? ]; then
	echo "clamd doesn't exist. exiting..."
	exit 1;
else
	echo "Good, clamd exists."
fi

if [ ! -d ${QUARANTINE_DIR} ]; then
	mkdir -p ${QUARANTINE_DIR}
fi

${CLAMONACC} --fdpass --move=${QUARANTINE_DIR} --config-file=/usr/local/etc/clamonacc.conf



My clamonacc.conf is below.

$ cat /usr/local/etc/clamonacc.conf 
TCPSocket 1234
TCPAddr 192.168.1.123
OnAccessIncludePath /media/
OnAccessVirusEvent curl -X POST -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -F "message=${CLAM_VIRUSEVENT_VIRUSNAME} is found in ${CLAM_VIRUSEVENT_FILENAME} on $(cat /etc/hostname)." https://notify-api.line.me/api/notify
ItemValue
TCPSocketPort number which clamd runs
TCPAddrIP address which clamd runs
OnAccessIncludePathDirectory which you want clamonacc to watch
OnAccessVirusEventCommand line which you want clamonacc to run when virus is found



You can refer this article to know how to setup clamd.



3/28/2024
In my environment this error was observed during startup of clamonacc.

no space left on device



This was caused by limitation of file descriptor count which 1 process can open.
I resolved by this.

vim /etc/sysctl.conf

# Added below
s.inotify.max_user_watches=524288

Behavior when detecting viruses

I implemented OnAccessVirusEvent event by myself to be able to run command on computer on which clamonacc runs.

dotfiles/clamav/add_OnAccessVirusEvent_functionalty.diff at clamav-1.2.0_compatible · kurofuku/dotfiles
Contribute to kurofuku/dotfiles development by creating an account on GitHub.



I use this LINE Notify service to post any messages by Rest API.
It’s very easy handling and useful.

LINE Notify
LINE NotifyはGitHub,IFTTT,MackerelなどのWebサービスからの通知を、LINEで受信することが出来る便利なサービスです。



This is my command line.
We can use curl it’s nice!

curl -X POST -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -F "message=${CLAM_VIRUSEVENT_VIRUSNAME} is found in ${CLAM_VIRUSEVENT_FILENAME} on $(cat /etc/hostname)." https://notify-api.line.me/api/notify

You need to specify “XXX…” as you Personal Access Token, which needs to be obtained by logging in your personal LINE account.

Conclusion

How was it?

It’s very nice to be able to use Raspberry Pi know-how!

Comments

Copied title and URL