Execution

Skip Navigation

Hierarchical Navigation

Previous and Next

Abstract

In this chapter, we explain how to execute clamav-update. First, We show the manuals of clamav-update.pl of clamav-update. Second, we introduce the way to effectively update virus definition files of ClamAV via freshclam daemon.

We omit the way to periodically update virus definition files written in the Documents of version 1.x. That's a usually way on UNIX-like OS.

Manuals of clamav-update.pl

SYNOPSIS

  • clamav-update.pl [options]
  • clamav-update.pl --version
  • clamav-update.pl --help

DESCRIPTION

clamav-update.pl is automatic customizable updater for general software. Mainly, It is developed to update Clam AntiVirus. Default configuration is designed for ClamAV Engine for ClamXav user on Mac OS X.

clamav-update.pl act as:

  1. Check execution situation for security.

    Only root can execute clamav-update.pl. If someone execute it with other user's privilege, it show warning and quit. Don't add setuid to it. If do so, it can not be executed.

  2. Analizes arguments and loads configurations.

    Default configuration file is /usr/local/clamXav/etc/clamav-update.conf.

  3. Compares newest version and current version of target.

    clamav-update.pl will continue if and only if newest version is newer than current version. The method of getting the version strings and the method of comparing them are defined by the configuration.

  4. Executes phases defined on configuration files.

    If errors are detected in any phase, execute commands set defined as roll back in that phase and return error.

In other words, we assumes only followings.

  • root uses clamav-update.pl
  • clamav-update.pl updates target software, if newer version of it is released.

Method of updating is given from your configuration file or command line options.

OPTIONS

--help | -h

Show manual of clamav-update.pl to standard output. You can use perldoc instead of -h option to see manual. We recommend perldoc's one.

--version | -V

Show version of clamav-update.pl to standard output.

--config config_file | --config=config_file | -c config_file | -c=config_file

Read config_file as configuration file. Default value is /usr/local/clamXav/etc/clamav-update.conf .

--force | -f

Force to install. Change string of current version of the software to empty.

This is for forcing to install but is depends of how to get latest version info and definition of comparing version function. This correspond to $Setting{option}->{force}.

--src download_from | --src=download_from | -s download_from | -s=download_from

Specify base of URL as download_from for downloading target software. Default value is http://osdn.dl.sourceforge.jp/clamav-update .

clamav-update.pl DO NOT use this value directly. This value is used in some defined phase. This correspond to $Setting{option}->{src}.

--dst donwload_to | --dst=donwload_to | -d donwload_to | -d=donwload_to

Specify a temporary directory to save download file as donwload_to. Default value is some alphanumeric strings at random in your system temporary directory. Default directory will be removed before clamav-update.pl finish.

clamav-update.pl DO NOT use this value directly. This value is used in some defined phase. This correspond to $Setting{option}->{dst}.

--name package_name | --name=package_name | -n package_name | -n=package_name

Specify package_name as package name of software. Default value is clamav.

clamav-update.pl DO NOT use this value directly. This value is used in some defined phase. This correspond to $Setting{option}->{name}.

--ext archive_extention | --ext=archive_extention | -e archive_extention | -e=archive_extention

Specify archive_extention as suffix of an archive of the software. Default value is tar.gz.

clamav-update.pl DO NOT use this value directly. This value is used in some defined phase. This correspond to $Setting{option}->{ext}.

--limit-version version | --limit-version=version

This option is valid in clamav-update 2.1 or higher.

Specify upper limit of version version. clamav-update cannot update version or higher. Default value is undefined. It means unlimited.

This correspond to $Setting{option}->{limit}->{version}

--limit-action phase | --limit-action=phase

This option is valid in clamav-update 2.1 or higher.

If clamav-update don't update software because of its upper limit of version, clamav-update execute phase. Default is undefined. It means no action.

This correspond to $Setting{option}->{limit}->{action}.

--option name=value

This option is valid in clamav-update 2.2 or higher.

change value of $Setting{option}->{name} to value. This treats as changing configuration file temporally. If slash "/" character is included in name, name is treated as path. For example:

clamav-update.pl --option one/two/three=four …

It means that

$Setting{option}->{one}->{two}->{three} = 'four';

This option configuration is overwrote by other directly option. For example, if you execute following command line:

clamav-update.pl --src download_from1 --option src=download_from2

clamav-update download from download_from1. Because this is equiv to situation that you have bellow line in configuration file:

$Setting{option}->{src} = 'download_from2';

and execute following command line:

clamav-update.pl --src download_from1

cooperation of freshclam

freshclam, virus database updater of ClamAV, put warning on log when newer ClamAV is released:

WARNING: Your ClamAV installation is OUTDATED!

When freshclam put this warning, freshclam execute a command specified in OnOutdatedExecute directive in configuration file of freshclam or in command line option with --on-outdated-execute. This is useful for us.

If you do so, clamav-update is automatically executed only when newer ClamAV is released. Perhaps before you know ClamAV newer release, ClamAV is updated automatically !

For ClamXav user

In defaults settings of ClamXav, all local user can execute freshclam(updating virus database). I the other, only root can execute clamav-update because of security policy. Thus, you can not do so.

Instead of freshclam(updating virus database) by ClamXav, please use FreshClamDaemon released by us. This is a StartUpItem (daemon for Mac OS X). If you use this, you CANNOT UPDATE FROM ClamXav, but virus database is automatically kept more newer. FreshClamDaemon Package has freshclam.conf . This is configuration file of freshclam.conf. Please copy this file to /usr/local/clamXav/etc/freshclam.conf and install FreshClamDaemon. and start FreshClamDaemon, so freshclam work well !

For general user

If you want to cooperate freshclam and clamav-update to keep new version of ClamAV, freshclam is need to be executed by root. So please add DatabaseOwner directive in freshclam.conf, like this:

# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
DatabaseOwner root

Or simply execute freshclam with --user root option in command line.

And then add OnOutdatabase directive in freshclam so that freshclam execute clamav-update if freshclam detect new release of ClamAV.

# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
OnOutdatedExecute /usr/local/bin/clamav-update.pl --config /usr/local/etc/clamav-update.conf

Or simply execute freshclam with --on-outdated-execute="/usr/local/bin/clamav-update.pl --config /usr/local/etc/clamav-update.conf" option in command line.

In this sample, part of /usr/local/bin/ is depend on your system.