Clamav

Revision 57 as of 2007-08-07 13:29:46

Clear message

Eventually there will be more content here about how we are going to test/support clamav and it's rdepends in released Ubuntu versions. In the mean time, join the ubuntu-clamav team and get to work..

If you are interested in building/testing stuff leave a note here about what you use. We'll get it more organized later.

ScottKitterman - clamsmtp with Postfix (nevermind, Leonel got to it first), klamav, and I will test clamtk, but don't regularly use it. Note that I'm now part of the ubuntu-backporters team that blesses backports, so the latency should go down. If you have questions, contact me on IRC, e-mail me, or leave them here.

["Asommer"] - I use it with clamav-milter and sendmail to scan messages on an internal mail server.

["Leonel"] - I Work with clamav and clamsmtp. Tested clamav 0.90.3 ( from [http://www.kitterman.com/clamav ] with clamsmtp all worked fine.

["LucaLesinigo"] - due to personal issues I'll be able to start testing only after July, 20th. I will be happy to test on x86 and x86_64 dapper drakes, and x86 only for other releases. Never built debs from source, it'll great if someone puts online a 64bit version of the draft package, otherwise I'll try the source package.

["Voiceovgod"] - I'm able to test on Dapper i386. Never built from source either. Not sure what is needed to be done. Eager to learn and contribute.

Steps for Clamav Backport

  • Step one is for ScottKitterman to get a draft package for a clamav 0.90.3 backport to Dapper out for people to use. The draft source package can be found at [http://www.kitterman.com/clamav my domain]. The i386 binaries are posted. Others please build for other archs and add links to where to get them.

  • Step one and a half - Since this is going to take a while, clamav 0.88.7 was uploaded to Feisty for a while (it's the last 0.88 version ever used in Ubuntu) and is eligible for backporting without all the dependency concerns. I've built it for Dapper as clamav 0.88.7-1ubuntu1~dapper with the debian/control changes provided by ["Leonel"] (Thanks) and for Edgy. Source and i386 binary packages are available now at the same URL. I need someone to verify that the install and run. Please comment here when you've done so. The Edgy one is done (thankes ["Leonel"]). The Edgy backport request is [https://bugs.launchpad.net/bugs/83065 Bug 83065]. DONE

  • Step two is to test different packages that use clamav against this package and see which work and which don't (note please say who you are if you test stuff).

    • ["Asommer"] tested mediawiki and it seems to work fine. I'm not sure why it's listed as a dependency?

    • ["Asommer"] tested p3scan and it works fine. It simply uses the clamscan utility and doesn't make use of the API directly so I think it will work with any version of clamav. As long as your scanner = /usr/bin/clamscan -i statement in the p3scan.conf file uses correct clamscan arguments, anyway.

    • ["Leonel"] tested clamassassin and according to [http://lists.jameslick.com/pipermail/clamassassin-announce/2007-February/000030.html] there are incompatibilities with clamav 0.90.X

    • ["Leonel"] Builded Gutsy clamassassin on dapper pbuilder installed on dapper and tested all worked fine

    • ["Leonel"] Asked for Backport Gutsy clamassassin to dapper [https://bugs.launchpad.net/dapper-backports/+bug/124938].

    • ScottKitterman acked the clamassassin backport and it was processed. clamassassin is done!

    • ["Leonel"] Tested dapper clamsmtp worked fine

    • ["Leonel"] Builded gutsy clamsmtpd on dapper pbuilder installed on dapper and tested all worked fine

    • ["Asommer"] tested mimedefang which worked after a few adjustments that can probably be added to the install process?

      • Added clamav user to the smmsp group. This is done because smmsp group owns /var/spool/MIMEDefang folder. ScottKitterman - This will have to be added to the mimedefang postinst then.

      • Created a symbolic link /var/spool/MIMEDefang/clamd.sock to /var/run/clamav/clamd.ctl. You can also change the LocalSocket entry in /etc/clamav/clamd.conf to use /var/spool/MIMEDefang/clamd.sock, but I'm not sure what other applications this could affect.

      • Edited /etc/mail/mimedefang-filter changed: my($code, $category, $action) = message_contains_virus();

        • to: my($code, $category, $action) = message_contains_virus_clamd();

    • ScottKitterman Tested klamav and it's built in facility to upgrade will only attempt to upgrade klamav to 0.38 (the last 0.8x compatible version) and then fail because it can't find it. It will (with the right build depencies installed (sudo apt-get build-dep clamav) build the current clamav for the user. klamav will then fail to work since it now has an incompatible clamav to work with. Nevermind about backporting KDE, Dapper has 3.5.2..

    • ["Leonel"] Tried to build [https://launchpad.net/ubuntu/+source/clamav/0.88.7-1ubuntu1] on Dapper and the package needs dpkg-dev >= 1.13.19 Dapper has 1.13.11 Build FAILED.

      • Edited debian/control adjusted dpkg-dev for dapper version 1.13.11 and replaced the source:Version for clamav-base and libclamav to Source-Version in all packages. Builded and installed fine. Tested with clamsmtp and clamassassin and all worked fine.

    • ["Leonel"] Builded [https://launchpad.net/ubuntu/+source/clamav/0.88.4-1ubuntu2.1] on Dapper. Builded and installed. Tested clamsmtp and clamassassin all worked fine.

    • ["Leonel"] Builded [https://launchpad.net/ubuntu/+source/clamav/0.88.7-1ubuntu1] on Edgy. Builded and installed. Tested clamsmtp and clamassassin all worked fine.

    • ["Asommer"] tested sylpheed-claws-gtk2 and sylpheed-claws-gtk2-clamav they will need updating because they use libclamav1. The issues I had were with my build environment, and once I ironed them out (basically once I learned pbuilder and dpkg-buildpackage) everything worked fine.

    • ["Asommer"] tested mailscanner with Postfix and it worked fine. I followed the MailScanner guide when configuring Postfix to use mailscanner.

      • Unless configured to use the Perl Clamav module mailscanner scans for viruses using clamd so I believe it shouldn't matter how the libclamav API changes.

        • ScottKitterman - Applications that use clamd seem to be fine. Is the Perl Clamav module used? Is that their recommended approach? I suspect we need to understand if this works. I don't think we can backport MailScanner because it's versions tend to be tied to Postfix versions (because MailScanner manipulates Postfix queue files directly and their configuration changes as Postfix evolves). Just as a side note, I don't recommend MailScanner for this reason.

        • ["Asommer"] Going on everything I've read the Perl Clamav module isn't necessarily the recommended approach. It seems that in some earlier versions of mailscanner the Perl module had better performance then clamd, but I found a Changelog stating something along the lines that people were seeing better performance with clamd (I don't have a link though). As far as their recommended approach from this page on their wiki: [http://wiki.mailscanner.info/doku.php?id=best_practices] they recommend multiple virus scanners. I guess the question I have isn't necessarily about backporting mailscanner, but one of backporting the Perl Module Mail::ClamAV? Since I can't find Mail::ClamAV in any of the repos I vote to "recommend" (if Ubuntu has a recommended way of configuring apps) to use clamav instead of clamavmodule to anyone using mailscanner

    • ["Asommer"] - tested dansguardian which needs a backport.

    • ["Asommer"] - tested amavisd-new and it worked fine.

      • I followed this guide: [https://help.ubuntu.com/community/PostfixAmavisNew]

      • I did get an error, but it may be something with my config:

        • Jul 31 10:48:18 Grizzlebees amavis[30238]: (30238-01) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070731T104818-30238/parts: lstat() failed. ERROR\n

      • It did catch the virus and send a virus report email. Here's the log entry:

        • Jul 31 10:48:21 Grizzlebees amavis[30238]: (30238-01) Blocked INFECTED (Trojan.Small-2911), LOCAL [172.18.100.70] [172.18.100.70] <?@[172.18.100.70]> -

    • ["Asommer"] - tested python-clamav and it needs a backport for the new api.

    • ["Asommer"] - tested php5-clamavlib which also builds php4-clamavlib and it needs a backport.

    • ["Asommer"] - tested havp which needs a backport.

    • ["Asommer"] - tested clamcour which also needs a backport.

  • Step three is to prepare backports of the packages that don't work.
  • Step four is massive backport of all of the needed updates at the same time so nothing (promise) breaks.
  • Step five: Move to Edgy, rinse, repeat.
  • In the meantime, people running Feisty can check the rdpends and make sure nothing got missed during Feisty development.
    • (I know clamtk did and I've already asked for and approved a backport - clamtk backport is done).
  • And just to keep in interesting, clamav 0.91 was just released and will enable a bunch of anti-phishing stuff, so stand by for more fun. I'll backport that to Feisty once we have it from Debian.