Installing clamonacc on Orange Pi 5 Plus

Anti Virus
Reading Time: 3 minutes

I have installed clamonacc on Orange Pi 5 Plus.
It notifies virus alert by LINE(SNS used mainly in Asian) like this.
– Before this by email.

Please have a look this article for more detail about clamonacc.

Now the latest version is 1.2.0.

Release ClamAV 1.2.0 · Cisco-Talos/clamav
ClamAV 1.2.0 includes the following improvements and changes: Major changes Added support for extracting Universal Disk ...

This article will summerize how to build and install.

Preparing build environment

Current clamav needs rust for build.

Unix from source (v0.104+) - ClamAV Documentation
An open source malware detection toolkit and antivirus engine.

Installing needed packages.

$ sudo apt update && apt install -y \
  `# install tools` \
  gcc make pkg-config python3 python3-pip python3-pytest valgrind \
  `# install clamav dependencies` \
  check libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev \
  libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev \

In official page we need to install python-pytest.

I couldn’t install, but it was no problem.
– May be due to Orange Pi 5 Plus which refers another repository?

Next, installing rust.
We can refer this page. - The Rust toolchain installer
The Rust toolchain installer

You can easily install by running below command.
– Under /home/<username>/ directory.

$ curl --proto '=https' --tlsv1.2 -sSf | sh

Download clamav source code

We can download by git clone or downloading from Release.

git clone

$ git clone -b clamav-1.2.0
$ cd clamav

Downloading from Release.

$ wget
$ tar zxf clamav-1.2.0.tar.gz
$ cd clamav-1.2.0

Next let’s do build install.
It took less than 30 minutes.

$ mkdir build
$ cd build
$ cmake ..
$ cmake --build .
$ ctest
$ sudo cmake --build . --target install

We can refer install_manifest.txt for installed files.

$ cat install_manifest.txt 

You can uninstall by running below command.

$ sudo xargs rm < install_manifest.txt

Automatic start after boot

This is script for start.

$ cat /usr/local/bin/ 


${CLAMONACC} --config-file=/usr/local/etc/clamonacc.conf --ping 3 > /dev/null
if [ 0 -ne $? ]; then
	echo "clamd doesn't exist. exiting..."
	exit 1;
	echo "Good, clamd exists."

if [ ! -d ${QUARANTINE_DIR} ]; then
	mkdir -p ${QUARANTINE_DIR}

${CLAMONACC} --fdpass --move=${QUARANTINE_DIR} --config-file=/usr/local/etc/clamonacc.conf

My clamonacc.conf is below.

$ cat /usr/local/etc/clamonacc.conf 
TCPSocket 1234
OnAccessIncludePath /media/
OnAccessVirusEvent curl -X POST -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -F "message=${CLAM_VIRUSEVENT_VIRUSNAME} is found in ${CLAM_VIRUSEVENT_FILENAME} on $(cat /etc/hostname)."
TCPSocketPort number which clamd runs
TCPAddrIP address which clamd runs
OnAccessIncludePathDirectory which you want clamonacc to watch
OnAccessVirusEventCommand line which you want clamonacc to run when virus is found

You can refer this article to know how to setup clamd.

In my environment this error was observed during startup of clamonacc.

no space left on device

This was caused by limitation of file descriptor count which 1 process can open.
I resolved by this.

vim /etc/sysctl.conf

# Added below

Behavior when detecting viruses

I implemented OnAccessVirusEvent event by myself to be able to run command on computer on which clamonacc runs.

I use this LINE Notify service to post any messages by Rest API.
It’s very easy handling and useful.

LINE Notify
LINE NotifyはGitHub,IFTTT,MackerelなどのWebサービスからの通知を、LINEで受信することが出来る便利なサービスです。

This is my command line.
We can use curl it’s nice!

curl -X POST -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -F "message=${CLAM_VIRUSEVENT_VIRUSNAME} is found in ${CLAM_VIRUSEVENT_FILENAME} on $(cat /etc/hostname)."

You need to specify “XXX…” as you Personal Access Token, which needs to be obtained by logging in your personal LINE account.


How was it?

It’s very nice to be able to use Raspberry Pi know-how!


Copied title and URL