ClamAV for Solaris

sunhux
sunhux used Ask the Experts™
on
https://www.opencsw.org/packages/CSWclamav/

From above url, seems like we can't download ClamAV for
Solaris x86 directly : had to use the command:
  pkgadd -d http://get.opencsw.org/now
  /opt/csw/bin/pkgutil -U
  /opt/csw/bin/pkgutil -y -i clamav

I don't have a Solaris box that internet facing.

Anyone has the package?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
When I tried to email the maintainer of CSW site, I kept getting "captcha invalid" tho I'm not prompted to enter the captcha

Author

Commented:
https://lists.gt.net/clamav/users/71261
Someone in the userlist suggest to build a virtualbox on laptop, install Solaris
& pkgutil to download & then transfer the pkg out : quite a long way for me,
so I'd still prefer to have a ready-to-use compiled pkg
Exec Consultant
Distinguished Expert 2018
Commented:
May consider to explore
> I have no servers that are ever allowed to access the internet.  Is there a way to download the pkg file not using pkgutil?

wget and many others will do it, the package file is just on a URL.


Start here:
http://rsync.opencsw.org/opencsw/

Choose a file, eg:
http://rsync.opencsw.org/opencsw/testing/sparc/5.10/clamav-0.99.2%2cREV%3d2016.09.29-SunOS5.10-sparc-CSW.pkg.gz

Download to anywhere, eg, your home machine.

Transfer to your server by any means, eg, USB stick, CD, floppy, local network, etc.

You'll need its 10 dependencies too.
https://www.opencsw.org/packages/CSWclamav/


See also:
https://www.opencsw.org/manual/for-administrators/no-internet-access.html#no-internet-access
http://lists.clamav.net/pipermail/clamav-users/2017-November/005379.html
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Start here:  <== guess this is using browser, won't need an rsync tool on WIndows
http://rsync.opencsw.org/opencsw/

Navigating the above to i386 (not using Sparc), found it for Solaris 10;  will i386 work for x64?  I'll still test it out:
  clamav-0.100.1,REV=2018.07.10-SunOS5.10-i386-CSW.pkg.gz

The signature file is rather outdated;  is there a place that gives latest ClamAV's signature file?  Can other platforms
(eg: Linux) signature be used for Solaris x86 ?


Sidenote:
Url below gives "Http 404 Not Found" :
http://rsync.opencsw.org/opencsw/testing/sparc/5.10/clamav-0.99.2%2cREV%3d2016.09.29-SunOS5.10-sparc-CSW.pkg.gz
btanExec Consultant
Distinguished Expert 2018
Commented:
Better to test out though ARCH: i386, CPU: i386 as compared to ARCH: x86_64, CPU: x86_64
https://www.opencsw.org/community/questions/92/installing-without-direct-internet-access

the download of signature pls see https://blog.clamav.net/2018/

Author

Commented:
Thanks.

For RHEL, i386 is a different architecture from x86_64.
Somehow, have not seen any x86_64 for ClamAV, only Sparc & i386  or have you seen one for x86_64?

Author

Commented:
https://blog.clamav.net/2018/

Link above seems to share the method of getting signatures via FreshClam
btanExec Consultant
Distinguished Expert 2018

Commented:
See this and mainly on Unix family including Arch Linux, Centos, Fedora
https://rpmfind.net/linux/rpm2html/search.php?query=clamav
https://pkgs.org/download/clamav

Author

Commented:
https://www.clamav.net/downloads
Got the signature databases (main, daily & bytecode.cvd) under "Virus Database" in above url.


http://rsync.opencsw.org/opencsw/testing/
Link above only gives 2 architecture options: i386 & Sparc
btanExec Consultant
Distinguished Expert 2018
Commented:
Use fresh clam for signature

I’m running ClamAV on a lot of clients on my local network. Can I serve the cvd files from a local server so that each client doesn’t have to download them from your servers?
Sure, you can find more details on our Mirror page.

If you want to take advantage of incremental updates, install a proxy server and then configure your freshclam clients to use it (watch for the HTTPProxyServer parameter in man freshclam.conf).

The second possible solution is to:

Configure a local webserver on one of your machines (say machine1.mylan)

Let freshclam download the *.cvd files from http://database.clamav.net to the webserver’s DocumentRoot.

Finally, change freshclam.conf on your clients so that it includes:

DatabaseMirror machine1.mylan

ScriptedUpdates off

First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it.

Important: For this to work, you have to add ScriptedUpdates off on all of your machines!

I can’t wait for you to update the database! I need to use the new signature NOW!
No problem, save your own signatures in a text file with the appropriate extension. Put it in the same dir where the .cvd files are located. ClamAV will load it after the official .cvd files. You need not to sign the .db file .

Can I download the virusdb manually?
Yes, the virusdb can be downloaded from the Latest releases section on our home page.

https://www.clamav.net/documents/clamav-virus-database-faq
btanExec Consultant
Distinguished Expert 2018

Commented:
That is best that you can get in public store

Author

Commented:
Thanks very much.

>save your own signatures in a text file with the appropriate extension.
How does the above work?

Author

Commented:
For the dependent packages required as indicated by
  https://www.opencsw.org/packages/CSWclamav/  ,

common : it can only locate the i386 package for SunOS 5.8 in url below but what's needed is for SunOS 5.10
  http://rsync.opencsw.org/opencsw/testing/i386/5.10/

Likewise for
libbz2_1_0 : can only locate for SunOS 5.9
btanExec Consultant
Distinguished Expert 2018
Commented:
For signature
save your own signatures in a text file with the appropriate extension
see this for more detail
CVD (ClamAV Virus Database) is a digitally signed container that includes signature
databases in various text formats.

Hash-based signatures
The easiest way to create signatures for ClamAV is to use filehash checksums,
however this method can be only used against static malware.

MD5 hash-based signatures
To create a MD5 signature for test.exe use the --md5 option of sigtool:
zolw@localhost:/tmp/test$ sigtool --md5 test.exe > test.hdb
zolw@localhost:/tmp/test$ cat test.hdb
48c4533230e1ae1c118c741c0db19dfb:17387:test.exe

That’s it! The signature is ready for use:
zolw@localhost:/tmp/test$ clamscan -d test.hdb test.exe
test.exe: test.exe FOUND

You can change the name (by default sigtool uses the name of the file) and place
it inside a *.hdb file. A single database file can include any number of signatures.
To get them automatically loaded each time clamscan/clamd starts just copy the
database file(s) into the local virus database directory (eg. /usr/local/share/clamav).
- https://github.com/Cisco-Talos/clamav-faq/blob/master/manual/signatures.pdf
btanExec Consultant
Distinguished Expert 2018

Commented:
seems no latest package

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial