[clamav-users] newbie: can't get clamd started
G.W. Haywood
clamav at jubileegroup.co.uk
Fri May 6 13:15:20 UTC 2022
Hi there,
On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote:
> On Fri, May 6, 2022 at 12:10 AM G.W. Haywood wrote:
>> On Thu, 5 May 2022, Anthony Griffiths via clamav-users wrote:
>>>
>>> I'm running clamav on centos 7, got it using clamav-0.101.4.tar.gz.
>>> ...
>>
>> ClamAV version 0.101.4 is almost certainly no use to you ...
>> ... I believe that ClamAV is packaged in the EPEL repository
>> ...
> ... clamav ... on a raspberry pi and epel is not supported ...
Why not try RasPiOS or Debian instead? Then you could (I think) just
install ClamAV from packages.
> I should have also mentioned I'm using clamav with mimedefang
A few years ago MIMEDefang seemed to head downhill fast, and I cut it
loose, which I'd been planning to do for a while anyway because I'd
written my own Perl milters. There was no new release of MIMEDefang
between March 2018 and August 2021 but there does recently seem to be
some activity again. I'd still think caution would be advisable.
> only to filter malware out of my mail, no other reason.
If your main concern is viruses you might want to check e.g. the list
archives for estimates of the performance of ClamAV compared to other
virus scanners.
We use ClamAV primarily for filtering mail although the target is spam
rather than malware. Our clamd server runs 'Buster' on a 4GByte Pi4B.
It does crash now and then (it isn't ClamAV which causes the crashes)
but we run a watchdog on it. We also have some 8Gbyte Pis, and touch
wood I've never seen one of those crash, but I'm happy enough with the
4G version for scanning mail as the mail volumes are quite small. The
4G Pi4B would probably cope with running the mail server as well but I
wouldn't be happy for that to crash so often. All the mail software,
including ClamAV, is built from source although the Pi isn't actually
the mail server - it just runs clamd which listens for TCP connections
from the mail server when mail needs to be scanned. There have been a
lot of changes to the ClamAV build system recently and it was a bit of
a performance building recent versions on the Pi:
https://lists.clamav.net/pipermail/clamav-users/2021-July/011569.html
> so my next question is do I have to uninstall version clamav-0.101.4
> before I install a newer version? or could I just install a newer
> version over the top?
Until recently I'd have said just install over the top, which is what
I always do, but because of the recent build system changes I wouldn't
be so confident saying this for a system with which I have no current
experience. If scanning mail using ClamAV is your main reason for
running the Pi and your build skills are a bit rusty, I'd suggest you
use an OS which is as up to date as possible and for which packages
are available for ClamAV and as much of the software that you want to
use as possible. You might not be getting the most up to date ClamAV
but at least you might be spared the pain of the new build system. I
doubt that the scanning performance of the latest version will be much
better than for recent supported versions. My desktop thin client is
running 64-bit RasPiOS 'Bullseye' on an 8G Pi4B so it's very doable.
8<----------------------------------------------------------------------
raspberrypi:$ apt show clamav
Package: clamav
Version: 0.103.5+dfsg-0+deb11u1
Priority: optional
Section: utils
Maintainer: ClamAV Team <pkg-clamav-devel at lists.alioth.debian.org>
...
8<----------------------------------------------------------------------
If you're up for some pain I'd recommend that you go for version 105.0
of ClamAV because it's only just been released (May 4th 2022) and the
developers do read this list. But do try to get a feel for its likely
performance before you spend a lot of time and energy on building it.
--
73,
Ged.
More information about the clamav-users
mailing list