Virus Scanning with the ClamAV Service
The ClamAV service, which performs virus scanning on projects and deployments in Intelligent Advisor Hub, may impact the performance of deploying and versioning operations from Policy Modeling.
There are three parts of ClamAV that are of interest here:
- The clamavscan executable – A stand-alone program for performing virus scanning.
- The clamd service – A service made available for virus scanning. The service may be made available through a TCP socket or via the clamdscan executable.
- The Freshclam service – A service for automatically updating the virus definitions for ClamAV through a regularly scheduled process.
To use ClamAV with Intelligent Advisor Hub:
- Install and configure ClamAV for your environment. Ensure that the ClamAV service (TCP or local process) can be accessed by the server on which Intelligent Advisor Hub is installed. In the case of a cluster spanning multiple machines, all machines should be able to access a ClamAV service.
- Use the Intelligent Advisor admin script to set the clamd_location property in the Intelligent Advisor Hub database. For more information, see Configure Intelligent Advisor Hub. For example:
./admin.sh set_property -propname=clamd_location -propval="/usr/bin/clamdscan" -name="dev" -dbconn=localhost:3306 -dbuser=root -dbpass=***
Tip: Ensure the clamd service is enabled. Avoid configuring the ClamAV property with a clamavscan path. This will be very slow. Use one of clamdscan or a TCP location, either of which use the clamd service. Also, ensure memory is available. The clamd service requires a lot of memory. Ensure at least 512MB of working memory is available.
Clamd configuration
Clamd is the service that allows quick scanning of a file or stream for viruses. The service allows several scans to occur simultaneously. It also consolidates the time to compile the virus definitions so that scanning can happen immediately.
Type man 5 clamd.conf for details of all clamd.conf configuration properties. The following table lists the clamd settings most relevant for Intelligent Advisor.
| Configuration setting | Necessary or suggested? | Description |
|---|---|---|
| StreamMaxLength | Necessary | Set this to the maximum upload size of a deployment. This should be set to at least the same value as the deployment_max_size_mb property from the Intelligent Advisor Hub database. |
| TemporaryDirectory | Suggested | Set this to a directory that ClamAV can fill up without taking down the rest of the server. Preferably set this to be a separate partition from any other critical data on the same server. |
| MaxScanSize | Suggested | Set this to limit how much a compressed archive may expand, including any recursive archives. Make this at least twice the size of the StreamMaxLength property. |
| MaxRecursion | Suggested | Set this to limit the depth of any recursive archives files to be scanned. Should be at least three levels deep to allow Word and Excel files to be scanned. |
| MaxFiles | Suggested | Set this to the maximum number of files to be scanned for any archive. |
| DetectPUA | Suggested | Set this to true to enable scanning for categories of Potentially Unwanted Applications. IncludePUA and ExcludePUA properties indicate which categories to include or exclude. In particular, the Script category may be relevant. See Potentially Unwanted Applications (PUA) for the category names and descriptions. |
Freshclam configuration
Freshclam is the service that updates virus definitions for ClamAV. This is normally installed as a cron service.
Type man 5 freshclam.conf for details of the freshclam.conf configuration properties.
To allow freshclam updates through a corporate firewall, in freshclam.conf specify:
HTTPProxyServer proxy.example.com
HTTPProxyPort 80