Keeping ClamAV Antivirus Up To Date Manually

UPDATE 16/07/2016: The latest version of ClamAV is now 0.99.2. Replace all instances of clamav-0.97.1 with clamav-0.99.2.
Also, when compiling on CentOS 6.8 at least, you’ll get a compile error mentioning ‘halfdelay’.

CCLD   clamdtop
/usr/bin/ld: clamdtop.o: undefined reference to symbol 'halfdelay'
/usr/bin/ld: note: 'halfdelay' is defined in DSO /lib/libtinfo.so.5 so try adding it to the linker command line
/lib/libtinfo.so.5: could not read symbols: Invalid operation

To fix this and get ClamAV to compile correctly, navigate to your extracted sources directory and then go to the clamtopd sub-directory.

cd ~/Downloads/clamav-0.99.2/clamdtop
vi Makefile.in

Search for the line that looks like: –

LDFLAGS = @LDFLAGS@

…and change to: –

LDFLAGS = @LDFLAGS@ -ltinfo

Save this file, go back up a directory and run the “make” command again. This should now work. If not, run a “make clean” and start again.

Anyway…on with the original article…

ClamAV antivirus software is in most Linux distribution repositories. The problem is, ClamAV gets updated faster than the new versions can be added to the repositories, so every time you run a freshclam virus database update, ClamAV will inform you that it’s not the latest version. Not ideal, especially when you’re talking about security.
The only way to get the latest latest version is to download the stable source code release direct from ClamAV’s website and install it manually. Which is what we’re going to do :-)

First, you’ll need to grab the source code. You can download the tar.gz file here for the latest stable release version. As of the time of writing, the latest version is 0.97.1. I’m just going to copy the download URL and download it with wget.

wget http://downloads.sourceforge.net/clamav/clamav-0.97.1.tar.gz

Then you’ll need to unpack the archive.

gunzip http://downloads.sourceforge.net/clamav/clamav-0.97.1.tar.gz
tar -xf clamav-0.97.1.tar
cd clamav-0.97.1

Okay, you should now be in the ClamAV directory. I want to install my new version of ClamAV in ‘/usr/local/clamav-0.97.1’. So I’ll need to configure it to install to that directory. If you run into dependency problems, you’ll probably need to install GCC/Make if it isn’t already. If you do need to do this, you can do it under Fedora with: –

yum install gcc make

…and under Debian/Ubuntu with: –

sudo apt-get install gcc make

Once you’ve got all the prerequisites installed, you can run the configure script. Make sure you’re still in the sub-directory where you unpackged the archive and run: –

./configure --prefix=/usr/local/clamav-0.97.1

Once this is complete and you have no errors, you can run: –

make 
make install

This will install the new version of ClamAV to the directory you specified in the configure script. If you have the version of ClamAV installed from your distribution’s repositories, you have two choices. You can either keep the repository version and use aliasing to run the version you want or you can uninstall the repo version and add append the path to the system $PATH environment variable. I’ll show you both.

Assuming you want to keep the version of ClamAV you have in case it ever gets updated via the repositories, you’ll need to copy your ‘/etc/freshclam.conf’ to the new location.

cp /etc/freshclam.conf /usr/local/clamav-0.97.1/etc

However, if you try to run ClamAV from anywhere but the ‘/usr/local/clamav-0.97.1/bin’ directory where the program executables are, you’ll still get the warning that ClamAV is out of date. This is because the system $PATH variable finds the old version first as it’s part of the system path. We want to override this and run our new manually installed version. Since we’re only going to be running ClamAV with the root user so that we have permissions to scan the entire file system, we’ll add a new alias.

vi ~/.bashrc

Then add the following lines:-

alias clamscan='/usr/local/clamav-0.97.1/bin/clamscan' 
alias freshclam='/usr/local/clamav-0.97.1/bin/freshclam'
alias clamd='/usr/local/clamav-0.97.1/sbin/clamd'

Aliases are very handy. Basically, when the alias is typed as a command, it points to the command we specify, regardless of what is in the system $PATH environment variable. Save this file and logout. The new settings for the ‘.bashrc’ file are only picked up on login of that user. Once you login again you should be running the latest version of ClamAV.

If you want to remove the repo version of ClamAV, you’ll need to uninstall it. Under Fedora, use: –

yum remove clamav-*

…and under Debian/Ubuntu use: –

sudo apt-get remove clamav-*

Once this is done, you’ll need to add the new ClamAV to the system path. Under Fedora, this is: –

vi /etc/profile

Under Debian/Ubuntu, this is under: –

vi /etc/environment

Find the following section, or something that looks similar: –

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

Above this line add the line: –

export PATH=$PATH:/usr/local/clamav-0.97.1/bin

This appends the path to the binary directory of our new ClamAV to the system path. Again, for this to take effect, you’ll need to logout and log back in again. You can verify the path by typing: –

 echo $PATH

When you simply run freshclam to update, it should find the configuration file under it’s own /etc directory and you should now be able to scan the filesystem using ‘clamscan’ without having to type in the absolute path to the new binary executable.

One thing you might want to be aware of is that quite a lot of distributions have pre-set up cron to periodically update the version installed from the distribution repositories. But of course now, even though you have the newer version of ClamAV installed in /usr/local, it will keep issuing system log or e-mail alerts saying it is out of date. This is all the fault of the default cron task that runs it’s own absolute path to the repo-installed version of ClamAV. You can deal with this in two ways, either simply remove the ClamAV that is already installed with: –

yum remove clamav-*

or disable the cron task. This is a small script file which resides in ‘/etc/cron.d/clamupdate’ (at least in Fedora). Either delete this file or commend out it’s contents.

, ,