Sunday, June 28, 2009

Using ClamAV and It's GUI in Linux SUSE

Clam AntiVirus is a GPL package of anti-virus tools for UNIX systems. The package provides a daemon
for multi-thread flexible and scalable, a command line scanner and a tool for automatic updating via the
Internet, each with many configurable options. The programs are based on a shared library distributed with
the Clam AntiVirus package, which we use in our own programs (libclamav). And what is even more
important, the virus database is kept updated daily.

Features:
Command-line scanner.
Fast multi-daemon thread.
M ilt interface for sendmail and support for many mail servers.
Database updater with support for digital signatures
Library C virus scanning.
Analysis according to Access (Linux ® and FreeBSD ®).
M ultiple daily updates of the database of virus (see main page for the total number of signatures).
Embedded support for RAR (2.0), Zip, Gzip, Bzip2, Tar, M S OLE2, M S Cabinet files, M S CHM
(Compressed HTM L), M S SZDD.
Embedded support for mbox, M aildir and mail files in raw form.
Support for embedded executable files compressed with UPX, FSG, and Petite.
NO Supports disinfection (You must make use of outside programs Clamamav like f-prot).
Database of virus-free and open.
Supports cards NodalCore (maximum performance).
In this article we try installing (A level user, not root) and use of basic form for the detection of viruses on
your computer. We will also show how to use it remotely via a one or more ports.

Reasons to use free antivirus on Linux systems
M any people know or ignore the use of antivirus systems on GNU / linux, with the premise that there is
no virus for this system. We will list some of the main reasons that we may be interested in installing an
antivirus on our GNU / Linux:
Free Antivirus and have a transparent alternative to commercial solutions.
To have a database of virus-free, non-industry participants. A database that anyone can view and
participate in its improvement.
Able to use an antivirus system on GNU / Linux scan for viruses on hard drives with Windows, because
once an infected disk, it is not advisable to switch to clean it as soon as possible from another operating
system (which is on another partition or disk) so avoid infection, dissemination and data loss.
To be able to use as mail server or SAM BA servers (NetBIOS), which provide services to Windows
machines.
Phising for detecting attacks, which is independent of operating system.
It is very useful and use on web servers to the subject matter rootkits
Can find and upload new virus signatures for the common good, but we find it does not affect our operating
system.
It allows friends and contacts alerting messaging service on their systems from potential infections.

What kind of files supports clamav?
* Run normal and obscured by these applications:
UPX
FSG (1.3, 1.31, 1.33, 2.0)
Petite (2.x)
NsPack
wwpack32 (1.20)
M EW
Upack
SUE
Y0da Cryptor (1.3)
* Emails
* Compressed Files:
Zip (+ SFX)
RAR (+ SFX)
Tar
Gzip
Bzip2
M S OLE2
M S Cabinet Files (SFX +)
M S CHM (Compiled HTM L)
M S compression format SZDD
BinHex
SIS (SymbianOS packages)
* Documents:
M S Office files and M acOffice
RTF
PDF
HTM L
* Types of files obfuscated:
JPEG (exploit detection)
RIFF (exploit detection)
uuencode
ScrEnc obfuscation
CryptFF

Installing Clamav-level user (not system).
With this type of installation can be targeted to be used by an unprivileged user, no need to create user and
group specific (- disable-clamav). Everything will be in a directory you choose, in this case our home.
Download: http://www.clamav.org/download/sources
Install (compile):
$ ./conf igure --pref ix=/home/***/clamav --disable-clamav
$ make
# make install
NOTE: If we install the mail scanner for sendmail clamav own use - enable-milt, which will create the
executable "clamav-milt.
Install Manual (man):
# mv /home/busi/clamav /share/man/man8/* /usr/man/man8/
# mv /home/busi/clamav /share/man/man1/* /usr/man/man1/
# mv /home/busi/clamav /share/man/man5/* /usr/man/man5/
NOTE: The directory may vary depending on your distro. This provides manuals: clamd, clamconf,
clamdscan, clamscan, freshclam, sigtool, clamd.conf, freshclam.conf, clamav-milt in the command line ($
man clamd.conf, $ clamscan man, ..)

To access the commands in Clamav PATH:
# ln -s $HOME/clamav /bin/* /usr/bin
# ln -s $HOME/clamav /sbin/* /usr/bin
NOTE: This step is necessary for the proper functioning of the GUI for clamav (ClamTK)


Clamav files and directories:
PLAIN TEXT
clamav
| - Bin
| | - Clamav-config *
| | - Clamconf *
| | - Clamdscan *
| | - * Clamscan
| | - * Freshclam
| `- Sigtool *
| - Etc
| | - Clamd.conf
| `- Freshclam.conf
| - Log
| | - Clamd.log
| `- Freshclam.log
| - Sbin
| `- Clamd *
`- Share
| - Clamav
| - Daily.cvd
| - M ain.cvd
`- M irrors.dat
Executable (bin / sbin and /)
[*]:

clamav-config
Displays information about installation options and directories used in it.
$ clamav -conf ig --cf lags --libs --pref ix
-I/home/busi/clamav /include -g -O2
-L/home/busi/clamav /lib -L/usr/local/lib -lz -lbz2 -lgmp
/home/busi/clamav
clamconf
Displays information about the various options for the configuration files (/ etc): clamd.conf /
freshclam.conf. Very useful to avoid having to get into the files and see our setup.
clamdscan Clamdscan is a simple clamd client daemon can be used as a clamscan replacement. Accepts all
the options implemented in clamscan but shall be considered due to its ability to scan only depend on
clamd and configuration (etc / clamd.conf) to boot. It really is like using clamscan giving all parameters in the command line, only the parameters (options are clamd.conf) are already in memory through clamd daemon.
clamscan is the program to scan, completely ignores the clamd daemon. Its use is like the clamdscan just that instead of using the devil with your configuration, we must pass parameters in command line:

$ clamscan --max-ratio=**** --no-pdf --no-html --block-encry pted

With this command you saying we do not scan dicheros html or pdf. Virus be considered as compressed files and encrypted viruses that are also considered any compressed file over ***. It has many options ($ clamscan - h), but will use in the article by the demon, which makes use of the same options but marked in a configuration file (clamd.conf).
When a virus is found clamscan chains "filename" and "FOUND." To redirect the output to stdout clamscan can use the option "- stdout".

freshclam
This executable is intended to update the virus database (daily.cvd and main.cvd). It connects to a server setup, if possible in our country and update the registration of new viruses known. Can run in daemon mode and like clamd has its own configuration file $ HOME / clamav / etc / freshclam.conf which we'll adapt to our needs. But we can also use the option without a server (daemon), but we have to pass the parameters by hand (as happens with clamscan and clamdscan).

sigtool
This tool is used to make inter alia the virus and be added to the database. Not covered in the article, but show an example of its usefulness, we'll add the signature of a virus and then of course be used to detect

clamav as proof of concept:
* Example usage sigtool:
$ clamscan CPUInf o.exe
CPUInf o.exe: OK
-------------------------------------- SCAN SUMMARY -----------
Known v iruses: 174511
Engine v ersion: 0.91.2
Scanned directories: 0
Scanned f iles: 1
Inf ected f iles: 0
Data scanned: 1.67 MB
Time: 5.348 sec (0 m 5 s)
5348 $ clamscan CPUInf o.exe
CPUInf o.exe: OK
-------------------------------------- SCAN SUMMARY -----------
Known v iruses: 174511
Engine v ersion: 0.91.2
Scanned directories: 0
Scanned f iles: 1
Inf ected f iles: 0
Data scanned: 1.67 MB
Time: 5.348 sec (0 m 5 s)
$ sigtool --md5 CPUInf o.exe > prueba.hdb
$ cat prueba.hdb
ec651f 8d771cf c57cd1834ae43d0784c:325120:CPUInf o.exe
$ clamscan -d prueba.hdb CPUInf o.exe
CPUInf o.exe: CPUInf o.exe FOUND
-------------------------------------- SCAN SUMMARY -----------
Known v iruses: 1
Engine v ersion: 0.91.2
Scanned directories: 0
Scanned f iles: 1
Inf ected f iles: 1
Data scanned: 0.31 MB
Time: 0.007 sec (0 m 0 s)

clamd
This is the daemon and the clamav configuration file clamd.conf active. As we discussed this service makes use clamdscan, which has the same functionality as clamscan (Without the "d"), except that the options are in-memory scanning daemon clamd. As we shall see later clamd can be used on which listens on a specified port and can be controlled remotely.
NOTE: To remove viruses and infected files found by clamav (clamav already commented that not disinfected), must have write permissions in NTFS, which as we know, we can use ntfs-3g.

Extension CVD
CVD (ClamAV Virus Database) is a digitally signed file that contains one or more databases. The header is 512 bytes long chain, separated by two fields:
First Course: ClamAV-VDB: build time: version: number of signatures: functionality
Second Field: level required: M D5 checksum: digital signature: builder name: build time (sec)

To view information on these files must use sigtool.
$ sigtool -i $HOME/clamav /share/clamav /main.cv d
####### Primer campo #######
Build time: 10 Dec 2009 11:50 +0000
Version: 59
Signatures: 169676
Functionality
###### Segundo campo ######
lev el: 21
Builder: sv en
MD5: b35429d8d5d60368eea9630062f 7c75a
Digital signature: dxsusO/HW3/GY wVsE9b+tCk+tPN6Oy jVF/U8JVh4Ni6l6/CEKY Y h
Verif ication OK.

Basic Configuration of clamav ($ HOME / clamav / etc / clamd.conf):
PLAIN TEXT
Commenting on the # next line is already operational clamd.conf.
Example #
# Archive logs clamav
LogFile / home / Business / clamav / log / clamd.log
# Log file size (megabytes).
LogFileM axSize 5M
# Display the time the messages.
LogTime yes
# Clean up the log file when it exceeds its maximum size.
# LogClean yes
Log # Complete.
LogVerbose yes
# Archive. PID that identifies the server clamd.
PidFile $ HOM E / clamav / clamd.pid
# Diretório where clamd socket sets (Delete if not start clamd).
LocalSocket / tmp / clamd.socket
# Remove the socket (LocalSocket) to finish (Recommended).
FixStaleSocket yes
# Port (TCP) socket.
TCPSocket 3310
# Interface to listen on clamd.
TCPAddr 192.168.1.33
# Default time that holds the socket without parameters (120s by default).
ReadTimeout 600
# M aximum depth (Subfolders) scan.
M axDirectoryRecursion 20
# Follow symbolic links
FollowDirectorySymlinks yes
# Run a command to locate a virus.
VirusEvent mutt-s "VIRUS ALERT:% v" "busi@busindre.is-a-guru.com"-a "$ HOM E / clamav / log /
clamd.log" <$ HOM E / clamav / log / clamd.log # Scan Pdf files. ScanPDF yes # Consider encrypted archives as viruses. ArchiveBlockEncrypted yes NOTE: With this configuration clamdscan tell that to find a virus to send us a mail busi@busindre.is- a-guru.com to tell, of course we can put the command that is, play a sound using mplayer or whatever it is It happens. Over time it may remain an option obselota in that case we would see warnings / errors like this: ERROR: Missing argument f or option at line XX WARNING: Ignoring deprecated option XXXXXXX at line XX
Basic configuration of upgrades ($ HOME / clamav / etc / freshclam.conf)

PLAIN TEXT
# Log files
UpdateLogFile / home / Business / clamav / log / freshclam.log
# Server database Virus (In our case we change "XY" with "is")
DatabaseM irror db.es.clamav.net
# Server backup fails if the previous
DatabaseM irror database.clamav.net
# Number of attempts to connect to the mirror
M axAttempts 5
# Number of times a day for an update the virus database (default is 2 hours each = 12)
Checks 7
# So that after each update of the database are the daemon clamd restart.
NotifyClamd / home / Business / clamav / etc / clamd.conf
# Execute a command to upgrade successfully
OnUpdateExecute clamavupdate
# Execute a command when trying to date and fail
OnErrorExecute clamaverror
NOTE: To view the lyrics of our country: http://www.iana.org/root-whois/index.html (In the example
selected Spain "is"). Clamaverror and clamavupdate two scripts are manufactured by us so that we
display a message on the screen when upgrading to a successful (green) or incorrect (red), the virus
database. Of course this is optional.

Creating files clamaverror and clamavupdate
* Content of / usr / bin / clamaverror (You must have execute permissions)
xterm -geometry 60x3+1+1 -bg black -f g red -cc 2 -e "echo 'CLAMAV ERROR actualizando base de v irus :-(' && sleep 5"
* Content of / usr / bin / clamavupdate (You must have execute p ermissions)
xterm -geometry 60x3+1+1 -bg black -f g green -cc 2 -e "echo 'CLAMAV: Base de datos de VIRUS actualizada con exito %v
:-)' && sleep 5"
NOTE: These ads show a black console with a small fund, with the text in red (Error) and green (success) in
the upper left corner of the screen.
Once you have everything configured to automate the process is good to use a script to our directory of
demons / etc / rc.d / or / etc / init.d used depends on the distro, allowing use as a daemon most of the
system. A simple but useful script could read:
Example: / etc / rc.d / rc.clamd or / etc / init.d / clamd
PLAIN TEXT
#! / bin / bash
Color #
RED = '\ e [1; 31m';
NC = '\ e [0m';
CR = '\ e [0; 32m';
# Programs
FOO_BIN = / home / Business / clamav / sbin / clamd
FOO_BIN2 = / home / Business / clamav / bin / freshclam
test-x $ FOO_BIN | | exit 5
case "$ 1" in
start)
echo-e "Starting $ FOO_BIN` V-`[$ (GR) OK $ (NC)]";
$ FOO_BIN
$ FOO_BIN2-d
;;
stop)
echo-e "Stopping FOO_BIN-` $ V `[$ (GR) OK $ (NC)]"
killall $ FOO_BIN
killall $ FOO_BIN2
;;
restart)
$ 0 stop
$ 0 start
;;
*)
echo-e "[$ (RED) Error $ (NC)]"
echo "Syntax: $ 0 (start | stop | restart)"
exit 1
;;
esac
File to download: http://www.busindre.com/wp-content/uploads/2007/07/rc.clamd
* How to use:
/ etc / rc.d / rc.clamd start -> Start the clamd daemon and freeclam
/ etc / rc.d / rc.clamd stop -> For the clamd daemon and freeclam
/ etc / rc.d / rc.clamd restart -> Reboot and clamd daemons freeclam
NOTE: It depends on the permissions that we want to give control to users with respect to clamav.

Clamav of using remotely
One of the potential mode daemon clamav (clamd) is able to interact with using telnet from a remote machine, as discussed in Definitions. In the configuration options TCPAddr clamd.conf TCPSocket and must be correctly placed. Once configured and started clamd we will see what options we show through the socket, to connect to a port, as always use "telnet."

Clamd commands:

SESSION -> Allows you to enter more than one command without closing the connection
PING -> Be PONG, means that this operation
VERSION -> Displays the version of clamav running on the server.
RELOAD -> Reload the database
SCAN -> Scan recursively, but ends up finding a virus scan (include full path).
CONTSCAN -> recursively scanning does not end when you find a virus (include full path).
STREAM -> Requests the server to a new port that can connect.
M ultiScan -> As CONTSCAN but using multiple threads, improving performance on SM P machines.

Example:
$ telnet www.busindre.com 3310
Try ing 192.168.2.33...
Connected to 192.168.2.33.
Escape character is '^]'.
SESSION
PING
PONG
VERSION
ClamAV 0.91.2/5066/Mon Dec 10 00:50:28 2007
RELOAD
RELOADING
SCAN /home/busi/amsn_receiv ed/v irus
/home/busi/amsn_receiv ed/v irus/dtprohlp.dll: Adware.WhenU-3 FOUND
CONTSCAN /home/busi/amsn_receiv ed/v irus
/home/busi/amsn_receiv ed/v irus/dtprohlp.dll: Adware.WhenU-3 FOUND
/home/busi/amsn_receiv ed/v irus/IMG0024.zip: Trojan.Delf -1491 FOUND
/home/busi/amsn_receiv ed/v irus/hotbar.exe: Adware.Hotbar-2 FOUND
/home/busi/amsn_receiv ed/v irus/PRIVATE-IMAGES.COM: Trojan.Delf -1491 FOUND
STREAM
PORT 1653 00:50:28

$ telnet www.busindre.com 3310
Try ing 192.168.2.33...
Connected to 192.168.2.33.
Escape character is '^]'.
SESSION
PING
PONG
VERSION
ClamAV 0.91.2/5066/Mon Dec 10 00:50:28 2007
RELOAD
RELOADING
SCAN /home/busi/amsn_receiv ed/v irus
/home/busi/amsn_receiv ed/v irus/dtprohlp.dll: Adware.WhenU-3 FOUND
CONTSCAN /home/busi/amsn_receiv ed/v irus
/home/busi/amsn_receiv ed/v irus/dtprohlp.dll: Adware.WhenU-3 FOUND
/home/busi/amsn_receiv ed/v irus/IMG0024.zip: Trojan.Delf -1491 FOUND
/home/busi/amsn_receiv ed/v irus/hotbar.exe: Adware.Hotbar-2 FOUND
/home/busi/amsn_receiv ed/v irus/PRIVATE-IMAGES.COM: Trojan.Delf -1491 FOUND
STREAM
PORT 1653
NOTE: It would open the port on the router and TCP / IP and IP mapearlo our power to make use of our anti-virus from any remote location.
If we encontrarmos with such an error when scanning, no worry, solution is easy:

Error:
$ clamscan -i *
LibClamAV Error: cli_untgz: Cannot close f ile /home/****/tmp/clamav -f 34bf 34c87 ad368e26f 5999d30b725d0/main.db
LibClamAV Error: cli_cv dload(): Can't unpack CVD f ile.
LibClamAV Error: Can't load /home/****/clamav /share/clamav /main.cv d: CVD extraction f ailure

ERROR: CVD extraction f ailure Can not
$ clamscan -i *
LibClamAV Error: cli_untgz: Cannot close f ile /home/****/tmp/clamav -f 34bf 34c87 ad368e26f 5999d30b725d0/main.db
LibClamAV Error: cli_cv dload(): Can't unpack CVD f ile.
LibClamAV Error: Can't load /home/****/clamav /share/clamav /main.cv d: CVD extraction f ailure

ERROR: CVD extraction f ailure Can not
$ clamscan -i *
LibClamAV Error: cli_untgz: Cannot close f ile /home/****/tmp/clamav -f 34bf 34c87 ad368e26f 5999d30b725d0/main.db
LibClamAV Error: cli_cv dload(): Can't unpack CVD f ile.
LibClamAV Error: Can't load /home/****/clamav /share/clamav /main.cv d: CVD extraction f ailure

ERROR: CVD extraction f ailure Can not
$ clamscan -i *
LibClamAV Error: cli_untgz: Cannot close f ile /home/****/tmp/clamav -f 34bf 34c87 ad368e26f 5999d30b725d0/main.db
LibClamAV Error: cli_cv dload(): Can't unpack CVD f ile.
LibClamAV Error: Can't load /home/****/clamav /share/clamav /main.cv d: CVD extraction f ailure

ERROR: CVD extraction f ailure
S olution (for the route in this example):
$ rm -r $HOME/tmp/*
NOTE: We only have to delete the temporary, which are configured are configured, we need to look at the line 'LibClamAV Error: cli_untgz: Can not close file "to identify the route of the temporary and can delete them.


Installing ClamTK (clamav GUI)
Download Gui the Clamav (ClamTK): http://sourceforge.net/project/platformdownload.php?group_id=131278
ClamTk is a graphic front-end for ClamAV using gtk2-perl, can also be used klamav if we are lovers of KDE, but will not be discussed here in the article. It has a simple interface and the end of the article left a manual in pdf if someone is resisting. Let's see how to use and solve some problems with ClamTk. Link of interest: Videotutorial use Klamav

Using ClamTK (no compilation required)
$ tar -zxv f clamtk-3.04.tar.gz
$ perl clamtk
ClamTk GNU / Linux
NOTE: The log directory used by your choice ClamTK and keeping virus ClamTK (Not used in
clamav.conf), are by default in $ HOM E / .clamatk. Now let's see what we can find some errors when
running clamtk first.
Error 1:
$ perl clamtk
Can't locate File/Find/Rule.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5
/site_perl/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at clamtk line 11.
BEGIN f ailed--compilation aborted at clamtk line 11. Can not
$ perl clamtk
Can't locate File/Find/Rule.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5
/site_perl/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at clamtk line 11.
BEGIN f ailed--compilation aborted at clamtk line 11.
S olution:
$ wget http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/File-Find-Rule-0.30.tar.gz
$ tar -zxv f File-Find-Rule-0.30.tar.gz
$ cd File-Find-Rule-0.30
$ perl Makef ile.PL
$ make
# make install
Error 2:
Can't locate Text/Glob.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl
/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.8.7/File/Find/Rule.pm line 7.
BEGIN f ailed--compilation aborted at /usr/lib/perl5/site_perl/5.8.7/File/Find/Rule.pm line 7.
Compilation f ailed in require at clamtk line 11.
BEGIN f ailed--compilation aborted at clamtk line 11. Can not Can't locate Text/Glob.pm in @INC (@INC contains: /usr/lib
/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5
/site_perl .) at /usr/lib/perl5/site_perl/5.8.7/File/Find/Rule.pm line 7.
BEGIN f ailed--compilation aborted at /usr/lib/perl5/site_perl/5.8.7/File/Find/Rule.pm line 7.
Compilation f ailed in require at clamtk line 11.
BEGIN f ailed--compilation aborted at clamtk line 11.
S olution:
$ wget http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/Text-Glob-0.08.tar.gz
$ tar -zxv f Text-Glob-0.08.tar.gz
$ cd Text-Glob-0.08
$ perl Makef ile.PL
$ make
# make install
Error 3:
Can't locate Number/Compare.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5
/site_perl/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.8.7/File/Find
/Rule.pm line 8.
BEGIN f ailed--compilation aborted at /usr/lib/perl5/site_perl/5.8.7/File/Find/Rule.pm line 8.
Compilation f ailed in require at ./clamtk line 11.
BEGIN f ailed--compilation aborted at ./clamtk line 11. Can not
Can't locate Number/Compare.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5
/site_perl/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.8.7/File/Find
/Rule.pm line 8.
BEGIN f ailed--compilation aborted at /usr/lib/perl5/site_perl/5.8.7/File/Find/Rule.pm line 8.
Compilation f ailed in require at ./clamtk line 11.
BEGIN f ailed--compilation aborted at ./clamtk line 11.
S olution:
$ wget http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/Number-Compare-0.01.tar.gz
$ tar -zxv f Number-Compare-0.01.tar.gz
$ cd Number-Compare-0.01
$ perl Makef ile.PL
$ make
# make install
Error 4:
Can't locate Date/Calc.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl
/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at clamtk line 13.
BEGIN f ailed--compilation aborted at clamtk line 13. Can not
Can't locate Date/Calc.pm in @INC (@INC contains: /usr/lib/perl5/5.8.7/i486-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl
/5.8.7/i486-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl .) at clamtk line 13.
BEGIN f ailed--compilation aborted at clamtk line 13.
S olution:
$ wget http://search.cpan.org/CPAN/authors/id/S/ST/STBEY /Date-Calc-5.4.tar.gz
$ tar -zxv f Date-Calc-5.4.tar.gz
$ cd Date-Calc-5.4
$ perl Makef ile.PL
$ make
# make install
Error 5:
Can't locate Conf ig/Tiny .pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/i386-linux /usr/lib/perl5/5.8.8 /usr/lib/perl5
/site_perl/5.8.8/i386-linux /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/v endor_perl/5.8.8/i386-linux /usr/lib
/perl5/v endor_perl/5.8.8 /usr/lib/perl5/v endor_perl/5.8.7 /usr/lib/perl5/v endor_perl/5.8.7/i386-linux /usr/lib/perl5/v endor_perl
/5.8.6 /usr/lib/perl5/v endor_perl .) at ./clamtk line 16.
BEGIN f ailed--compilation aborted at ./clamtk line 16. Can not Can't locate Conf ig/Tiny .pm in @INC (@INC contains:
/usr/lib/perl5/5.8.8/i386-linux /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/i386-linux /usr/lib/perl5/site_perl/5.8.8 /usr/lib
/perl5/site_perl /usr/lib/perl5/v endor_perl/5.8.8/i386-linux /usr/lib/perl5/v endor_perl/5.8.8 /usr/lib/perl5/v endor_perl/5.8.7
/usr/lib/perl5/v endor_perl/5.8.7/i386-linux /usr/lib/perl5/v endor_perl/5.8.6 /usr/lib/perl5/v endor_perl .) at ./clamtk line 16.
BEGIN f ailed--compilation aborted at ./clamtk line 16.
S olution:
$ wget http://search.cpan.org/CPAN/authors/id/A/AD/ADAMK/Conf ig-Tiny -2.12.tar.gz
$ tar -zxv f Date-Calc-5.4.tar.gz
$ cd Date-Calc-5.4
$ perl Makef ile.PL
$ make
# make install
Error 6:
Some distributions do not automatically edit
f reshclam.conf and clamd.conf under /etc.
Please edit those bef ore attempting signature updates
S olution:
This occurs when clamtk search configuration files in / etc, we can make symbolic links if we have installed
on another route configuration files clamav:
# ln -s /home/***/clamav /etc/f reshclam.conf /etc
# ln -s /home/***/clamav /etc/clamd.conf /etc
How to report a new virus or Clamav false positive?
Typically found in certain environments with a virus that has not yet been identified by the antivirus program used. As a Project Free Clamav encourages its users to improve it and if by chance we find something that we should detect clamav send for consideration as soon as possible and added to the database. The virus database is very large and is on par with those used by large companies antivirus systems. Is updated with the help of the user community, which is very large and growing every day. If we find a new virus that has not been detected by ClamAV must fill out a form to send the team Clamav and is added to the database after being tested by the team of "signatures." Given the high number of shipments, is requested from the project would not send more than two files per day. If we intend to send a large amount of new virus should contact the team via email clamav. In closing let some links that may be of interest.


Manual how to report errors Clamav: http://www.clamav.org/bugs/lang-pref/es/
Manual of Clamtk: http://www.busindre.com/wp-content/uploads/2007/07/ClamTK_Howto.pdf
Using Postfix with clamav: http:/memberwebs.com/nielsen/software/clamsmtp/
Clamav Manual (English): http://www.clamav.org/doc/latest/html/node23.html