Thursday, January 05, 2006

OpenBSD ClamAV

When I check on the ClamAV site today, it seems there is already signature for WMF exploits, I quickly install it through OpenBSD port and would like to give it a try since I'm thinking of trying on Snort+Clamav that available in bleeding as well.

Installing ClamAV via port,

shell>cd /usr/ports/security/clamav; make install

It will add a user _clamav automatically, then you have to configure the clamd.conf and freshclam.conf manually. Just copy the default one to /etc.

shell>cp /usr/local/share/examples/clamav/clamd.conf /etc

shell>cp /usr/local/share/examples/clamav/freshclam.conf /etc

You should be able to figure out how to configure it properly with this doc.

After you have configured it, I suggest you run freshclam to update the signature database first since you don't have main.cvd and daily.cvd initially.

I quickly scan /root/WMF by using clamscan, and apparently it works perfectly. You may see the result below.


Why use commercial AV when there's effective and cool one available??!!!

3 comments:

Anonymous said...

I bet there are times when there are signatures that clamav misses and you never report it.

C.S.Lee said...

I think you haven't get my point of which every single Antivirus vendor always has their advance and lacking features, it is just that we can make a clever choice from all the alternatives. By the way, don't tell me you able to find Antivirus vendor that is bulletproof.

Anonymous said...

Use my product please, I can free you 2 years trial ;) Just send me an email...