ClamAV cli and Gui Antivirus for Porteus

Post#1 by **Testuser** » 05 Apr 2022, 17:34

Hi Team,

I just created a clamav module cli and GUI just to check files I download for any malware.

Here is some information I got from Internet related to ClamAV.

First run command freshclam to download the latest signature database for clamav. This will need user clamav created, since freshclam runs as user clamav. We can change this using the config file of freshclam - /etc/freshclam.conf (Line 59).

After activating module you need to reboot, then only clamav user will be activated.

Please check script in folder /etc/rc.d/rc4.d/ for details

clamscan - Everytime signature databased loads to memory and takes around 1.2 GB memory then scan starts.

clamdscan - Once we run /etc/rc.d/rc.clamav.new, clamd is loaded with signtures in memory and we can do scan instantly. While opening GUI ask for password to load clamdscan in memory, if need you can disable.

GUI uses the clamscan version.

Included context Menu in PcmanFM as well for individaul file or folder checking.

Sorry for not being brief, just tried to explain everything.

Please feel free to ask.

https://www.mediafire.com/file/fban3v3f ... d.xzm/file

Post#2 by **Ed_P** » 06 Apr 2022, 04:11

Thanks Testuser, I'll have to check it out.

Post#3 by **Testuser** » 06 Apr 2022, 17:48

Hi Team,

Forgot to mention one thing.

The bin files in xzm packages are used from below links.

ClamAV
https://slackware.pkgs.org/current/slac ... f.txz.html

Convert to xzm will not create run the script to create user "clamav" for default freshclam scan.

ClamAV-GUI
https://www.linux-apps.com/p/1127892
Downloaded the source and then compiled it in Antix - OS.

Post#4 by **Ed_P** » 06 Apr 2022, 19:50

Testuser wrote: ↑
06 Apr 2022, 17:48
Convert to xzm will not create run the script to create user "clamav" for default freshclam scan.

Can you post the script?

Testuser wrote: ↑
06 Apr 2022, 17:48
ClamAV-GUI
https://www.linux-apps.com/p/1127892
Downloaded the source and then compiled it in Antix - OS.

Is this what's in your xzm file?

Post#5 by **Testuser** » 07 Apr 2022, 19:03

Hi Ed_P

The installation script (doinst.sh) is inside folder "install" of the package - clamav-0.104.2-x86_64-1cf.txz.

Below is the part where user "clamav" is created.

# Add user and group (uid=210 and gid=210 are SBo suggest)
if ! grep -q "^clamav:" etc/group; then
if ! grep -q ":210:" etc/group; then
chroot . groupadd -g 210 clamav &>/dev/null
else
chroot . groupadd clamav &>/dev/null
fi
fi
if ! grep -q "^clamav:" etc/passwd; then
if ! grep -q ":210:" etc/passwd; then
chroot . useradd -u 210 -d /dev/null -s /bin/false -c "Clam AntiVirus" -g clamav clamav &>/dev/null
else
chroot . useradd -d /dev/null -s /bin/false -c "Clam AntiVirus" -g clamav clamav &>/dev/null
fi
fi

So I included this in /etc/rc.d/rc4.d/S-clamv

Yes, I compiled the ClamAV-GUI from here.
https://www.linux-apps.com/p/1127892

Any risks or issues with that ?

Post#6 by **Rava** » 07 Apr 2022, 22:04

Testuser wrote: ↑
05 Apr 2022, 17:34
After activating module you need to reboot, then only clamav user will be activated.

But… root should be able to create and "activate" a user on the fly?
It would be very inconvenient on a real multi-user-system when the system had to reboot every time a new user gets created.

And since the scripts in var/log/scripts/ are run by root when you activate a module, it should be possible to insert the user creation command in there, e.g. by using an existing script or creating a new one.

As a simple example of one such script, this is /var/log/scripts/fbreader-0.12.10-x86_64-2ponce from my stripped fbreader module:

Code: Select all

if [ -x /usr/bin/update-desktop-database ]; then
  /usr/bin/update-desktop-database -q usr/share/applications >/dev/null 2>&1
fi

( cd usr/lib64 ; rm -rf libzltext.so.0.13 )
( cd usr/lib64 ; ln -sf libzltext.so.0.12.10 libzltext.so.0.13 )
( cd usr/lib64 ; rm -rf libzlcore.so.0.13 )
( cd usr/lib64 ; ln -sf libzlcore.so.0.12.10 libzlcore.so.0.13 )

I think it would be better when the user got created by one such script on the fly and not included in /etc/rc.d/rc4.d/S-clamv .
Testuser, can you try editing (or creating) the var/log/scripts/clamav-whatever instead and removing /etc/rc.d/rc4.d/S-clamv ?
When you create it make sure to make it executable. My quoted script has these access rights (check with stat, change with chmod):
0755/-rwxr-xr-x

clamscan - Everytime signature databased loads to memory and takes around 1.2 GB memory then scan starts.

That's a lot of memory used…
Is clamscan a GUI or a CLI program?

Last question, does ClamAV-GUI need QT5?
At least the some web search hits seem to say so, like this:
https://store.kde.org/p/1127892/

As reported there can be problems making ClamAV-GUI to fit more moderate screens, also with v. 0.4.2. Opening the "clamav_gui.ui" file located in the source "ui" directory with Qt5 Designer

(highlighting by me)

Added in 20 minutes 47 seconds:

Testuser wrote: ↑
07 Apr 2022, 19:03
Yes, I compiled the ClamAV-GUI from here.
https://www.linux-apps.com/p/1127892

Any risks or issues with that ?

Dunno, at least a search for any hits for "ClamAV-GUI" on https://slakfinder.org gives no result. Could it be slackware calls it by a different name?

Post#7 by **beny** » 07 Apr 2022, 23:05

yes in slackware the name of the clamav gui is:clamtk-6.11-x86_64-1ponce.tgz

Post#8 by **Rava** » 07 Apr 2022, 23:19

^
and like so often, Ponce is ahead of the game.

The newest found via https://slakfinder.org if for Slackware 14.2 (not 15!) and the version is 5.26…

Post#9 by **Testuser** » 09 Apr 2022, 12:13

Yes Guys

Let me try by making removing script from rc.d and add it in var/log/scripts/

clamscan is cli and once scan is over, it unload the signature database from memory and 1.2 GB is freed.

yes Clam-GUI has QT5 dependency.

linux-vdso.so.1
libQt5Widgets.so.5 => /usr/lib64/libQt5Widgets.so.5
libQt5Gui.so.5 => /usr/lib64/libQt5Gui.so.5
libQt5Network.so.5 => /usr/lib64/libQt5Network.so.5
libQt5Core.so.5 => /usr/lib64/libQt5Core.so.5

Rest you can check with ldd /usr/bin/clamav-gui

I had VLC player module added, so QT5 libs are already in my OS.

Clamtk is a different GUI of clamscan, but I liked this one because It has option to chose multiple directories at once for scanning.

Post#10 by **Testuser** » 09 Apr 2022, 17:24

I have tried adding the same script in /var/log/scripts/ as exectuable.

Still gettting below error unless I reboot.

guest@porteus:~$ sudo freshclam
Password:
WARNING: Can't get information about user clamav.
ERROR: Can't get information about user clamav.
ERROR: Failed to switch to clamav user.
ERROR: Initialization error!

I used below script from

Testuser wrote: ↑
07 Apr 2022, 19:03

The installation script (doinst.sh) is inside folder "install" of the package - clamav-0.104.2-x86_64-1cf.txz.

Below is the part where user "clamav" is created.

# Add user and group (uid=210 and gid=210 are SBo suggest)
if ! grep -q "^clamav:" etc/group; then
if ! grep -q ":210:" etc/group; then
chroot . groupadd -g 210 clamav &>/dev/null
else
chroot . groupadd clamav &>/dev/null
fi
fi
if ! grep -q "^clamav:" etc/passwd; then
if ! grep -q ":210:" etc/passwd; then
chroot . useradd -u 210 -d /dev/null -s /bin/false -c "Clam AntiVirus" -g clamav clamav &>/dev/null
else
chroot . useradd -d /dev/null -s /bin/false -c "Clam AntiVirus" -g clamav clamav &>/dev/null
fi
fi

I am not familiar with bash scripts.

Can anyone make changes in the script to make it work without reboot ?

Post#11 by **Blaze** » 09 Apr 2022, 19:12

How about

Code: Select all

su
toor
groupadd -g 210 clamav
useradd -u 210 -d /dev/null -s /bin/false -g clamav clamav
freshclam
# or try this
su 210 -c "freshclam"

?

Post#12 by **Testuser** » 10 Apr 2022, 15:16

Hi Blaze,

Thanks for the commands. This does help in creating user clamav.

Hi Rava

Rava wrote: ↑
07 Apr 2022, 22:25

And since the scripts in var/log/scripts/ are run by root when you activate a module, it should be possible to insert the user creation command in there, e.g. by using an existing script or creating a new one.

I created a scipt in /var/log/scripts/ with below contents and confirmed it is 0755

sudo groupadd -g 210 clamav
sudo useradd -u 210 -d /dev/null -s /bin/false -g clamav clamav

files is getting copied in the mentioned folder but it is not executed.

I check with cat /etc/passwd and there i can see clamav is not yet added, unless I manually run the script.

Post#13 by **Testuser** » 15 Apr 2022, 11:20

Hi Rava

Rava wrote: ↑
07 Apr 2022, 22:25

And since the scripts in var/log/scripts/ are run by root when you activate a module, it should be possible to insert the user creation command in there, e.g. by using an existing script or creating a new one.

I found the actual path to create script is /var/lib/pkgtools/scripts

Still file is getting copied but not executed.

So I created a freshclam script which required sudo and this will add the user clamav before freshclam starts updating the database.

The modified and update Clamav package is below

https://www.mediafire.com/file/7ptnu8xy ... d.xzm/file

Post#14 by **Rava** » 21 Aug 2022, 18:15

Testuser does it work in 5.0 finale version?