Ajouter des signatures ClamAV dans zimbra 8.8
En root :
mkdir /opt/zimbra/clamav-unofficial-sigs chown zimbra:zimbra /opt/zimbra/clamav-unofficial-sigs
En utilisateur zimbra :
su - zimbra
cd clamav-unofficial-sigs
wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.6.2.tar.gz -O clamav-unofficial-sigs_5.6.2.tar.gz
tar -xf clamav-unofficial-sigs_5.6.2.tar.gz
ln -sf clamav-unofficial-sigs-5.6.2 clamav-unofficial-sigs
cd ..
mkdir conf/clamav-unofficial-sigs
mkdir data/clamav-unofficial-sigs
cp clamav-unofficial-sigs/clamav-unofficial-sigs/config/{master.conf,user.conf} conf/clamav-unofficial-sigs/
Créez le fihcier /opt/zimbra/conf/clamav-unofficial-sigs/os.conf contenant :
clam_user="zimbra" clam_group="zimbra" clam_dbs="/opt/zimbra/data/clamav/db" clamd_pid="/opt/zimbra/log/clamd.pid" work_dir="/opt/zimbra/data/clamav-unofficial-sigs" log_file_path="/opt/zimbra/log" clamd_reload_opt="/opt/zimbra/clamav/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload" clamscan_bin="/opt/zimbra/clamav/bin/clamscan" user_configuration_complete="yes"
Ajoutez en début du fichier clamav-unofficial-sigs.conf :
PATH="/opt/zimbra/bin:/opt/zimbra/postfix/sbin:/opt/zimbra/openldap/bin:/opt/zimbra/snmp/bin:/opt/zimbra/rsync/bin:/opt/zimbra/bdb/bin:/opt/zimbra/openssl/bin:/opt/zimbra/java/bin:/usr/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/opt/zimbra/clamav/bin:/opt/zimbra/clamav/sbin"
Appliquez ce petit patch (fixé sur git et pour les versions > 4.9.2)
--- a/clamav-unofficial-sigs.sh
+++ b/clamav-unofficial-sigs.sh
@@ -1414,7 +1414,7 @@ done
if [ "$custom_config" != "no" ] ; then
if [ -d "$custom_config" ] ; then
# Assign the custom config dir and remove trailing / (removes / and //)
- shopt -s extglob; custom_config="${custom_config%%+(/)}"
+ shopt -s extglob; config_dir="${custom_config%%+(/)}"
config_files=( "$config_dir/master.conf" "$config_dir/os.conf" "$config_dir/user.conf" )
else
config_files=( "$custom_config" )
chmod +x clamav-unofficial-sigs.sh ./clamav-unofficial-sigs.sh -c ./clamav-unofficial-sigs.conf
Vous devriez voir les nouvelles databases dans la bdd clamav de zimbra :
ls -al /opt/zimbra/data/clamav/db
Enfin, nous allons ajouter un crontab mettant a jour la liste automatiquement. Tapez crontab -e puis ajoutez tout a la fin du fichier (juste après # ZIMBRAEND) :
45 * * * * /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.conf > /dev/null
Et pour terminer, on copie le script logrotate :
cp /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs-logrotate /etc/logrotate.d/
Modifiez la ligne create 0644 clam clam par create 0644 zimbra zimbra
todo
fix for clamdscan reload : clamdscan pas dans le path ; config a préciser
/opt/zimbra/clamav-0.98.4/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload