How to install ClamAV virus detection plugin for the Rosetta validation stack
- Product: Rosetta
Note that it must be installed on all APP servers.
Procedure:
Part I: SSH/UNIX
1. Open a UNIX session as the 'root' user (or sudo).
2. Install the package: yum install clamav clamd
RH7: Install EPEL 7: yum install epel-release (sudo yum install may also work)
RH7: Install ClamAV packages: yum install clamav clamav-scanner-systemd
RH7: Create symbolic link to the default file path; link it to the clamd@scan
file: ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
RH7: Edit the clamd-scanner package configuration: vi /etc/clamd.d/scan.conf
Comment the example line: #Example
Uncomment the LocalSocket config line to enable it: LocalSocket /var/run/clamd.scan/clamd.sock
Save and quit the text editor.
3. Start the ClamAV application: /etc/init.d/clamd start
RH7: Turn on the SELinux boolean for antivirus: setsebool -P antivirus_can_scan_system 1
RH7: Start the service and enable it at boot:
systemctl start clamd@scan
systemctl enable clamd@scan
If the above doesn't work, first run: sudo freshclam
After that, running "systemctl start clamd@scan" and "systemctl enable clamd@scan" should work.
4. Confirm that the application is started: chkconfig clamd on (systemctl status clamd@scan may also work)
Running systemctl status clamd@scan returns:
sudo systemctl status clamd@scan
● clamd@scan.service - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: di
Active: active (running) since Thu 2018-09-27 11:15:19 EDT; 7min ago
Main PID: 25611 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─25611 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
Sep 27 11:15:19 rosetta1 clamd[25611]: ELF support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: Mail files support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: OLE2 support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: PDF support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: SWF support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: HTML support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: XMLDOCS support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: HWP3 support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: Self checking every 600 seconds.
Sep 27 11:15:19 rosetta1 systemd[1]: Started Generic clamav scanner daemon.
5. Download latest software updates for ClamAV: /usr/bin/freshclam (if you didn't already run it in step #3 above.)
RH7: Install and configure the ClamAV update: yum install clamav-update
RH7: Edit the configuration file: vi /etc/freshclam.conf
Comment the example line: #Example
RH7: Edit freshclam configuration file: vi /etc/sysconfig/freshclam
Comment this line to enable crontab: #FRESHCLAM_DELAY=disabled-warn
Save and quit the text editor.
RH7: Run “freshclam” command to update the virus database
6. Restart ClamAV: /etc/init.d/clamd restart (systemctl restart clamd@scan may also work)
7. Enter "view /etc/hosts" to find local host:
# Do not remove the following line, or various programs
# that require network functionality will fail.
10.100.2.19 us-rosetta01.corp.exlibrisgroup.com us-rosetta01
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
NOTE: Take the 127.0.0.1 address
8. Enter "netstat -tulpn" to discover on which port the ClamAV is running (based on the host name):
us-rosetta01-d4(1) >>netstat -tulpn [NOTE that RH6 and 7 results may vary]
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:3873 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:4801 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:6852 0.0.0.0:* LISTEN 12962/java
tcp 0 0 0.0.0.0:5989 0.0.0.0:* LISTEN -
tcp 0 0 10.100.2.19:4712 0.0.0.0:* LISTEN 12962/java
tcp 0 0 0.0.0.0:1801 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:5801 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:4713 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:4457 0.0.0.0:* LISTEN 12962/java
********tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 10.100.2.19:2801 0.0.0.0:* LISTEN 12962/java
NOTE: The port for 127.0.0.1 is 3310 as above.
NOTE: Be sure that this port (3310) is open.
9. Close (logout) of the UNIX session as the 'root' user (or sudo).
10. Open a UNIX session as the 'dps' user.
11. To deploy and Install the ClamAVVirusCheckPlugin.jar file:
Download the Rosetta.ClamAVVirusCheckPlugin-master.zip package from here and unzip it:
https://github.com/ExLibrisGroup/Rosetta.ClamAVVirusCheckPlugin/tree/master/target
Alternatively, the file can also be retrieved from the target directory of the Rosetta.ClamAVVirusCheckPlugin-master folder.
Extract the "ClamAVVirusCheckPlugin.jar" file that resides in Rosetta.ClamAVVirusCheckPlugin-master\target\ to the following directory:
$op_dir/plugins/custom/ [e.g. /operational_shared/plugins/custom]
Directories should look like this after installation:
/operational_shared/plugins/custom/
drwxrwxr-x 6 dps exlibris 260 Jan 3 2016 Rosetta.ClamAVVirusCheckPlugin-master
-rw-rw-r-- 1 dps exlibris 1816 Jan 3 2016 ClamAVVirusCheckPlugin.jar
drwxrwxr-x 3 dps exlibris 114 Sep 13 15:20 deploy
drwxrwxr-x 3 dps exlibris 47 Sep 13 16:19 bin
/operational_shared/plugins/custom/deploy/
drwxrwxr-x 6 dps exlibris 260 Jan 3 2016 Rosetta.ClamAVVirusCheckPlugin-master
-rw-rw-r-- 1 dps exlibris 5321957 Sep 13 15:20 Rosetta.ClamAVVirusCheckPlugin-master.zip
Then run:
chown dps:exlibris /operational_shared/plugins/custom
chown dps:exlibris /operational_shared/plugins/custom/ClamAVVirusCheckPlugin.jar
chmod 664 /operational_shared/plugins/custom/ClamAVVirusCheckPlugin.jar
The 'dps' user should have read/write permissions on this file.
Rosetta will display the plug-in in the list of custom plug-ins available for installation.
If you are installing a new plugin, there is no need to restart Rosetta.
If you are upgrading an existing plugin a restart is necessary, and you must be sure to increment the plugin version.
Refer to the 'General Attributes' section of: https://developers.exlibrisgroup.com/rosetta/sdk/plugins
Part II: Rosetta Application
10. Go to Advanced Configuration > Plug-In Management > Custom Tab > Plug-In Information and add the following:
Click "Add plug-in Instance" and you should see "ClamAVVirusCheckPlugin"
Click "Install"
Plug-In Name: SLUBVirusCheckClamAVPlugin
Description: SLUB Virus Check Plugin using installed ClamAV daemon via tcp-sockets
host: take from /etc/hosts reslt (e.g. 127.0.0.1)
port: take from netstat -tulpn result (e.g. 3310)
timeout: 1000 (milliseconds)
Click "Save" to save your changes
Click the checkmark in the "Active" column to enable.
12. Go to Advanced Configuration > Repository > Task Chain List: Filter Validation Stack > Add Task Chain:
Name/Description: Validation Stack with ClamAV
Add Task: Virus Check
Name/Description: Virus Check
Level: File
Status: Active
Task Chain Level: IE
Groups: Validation Stack, Maintenance, etc.
Task Parameters: SLUBVrusCheckClamAVPlugin
Note that upon successful implementation of the plugin, Rosetta will copy the jar file to $op_dir/plugins/custom/deploy [e.g. /operational_shared/plugins/custom/deploy]
13. Run ingest that uses this task to test.
Additional Information
As per step #7 above, be sure that this port (3310) is open.
NOTE: there is a file size limitation with the clamd configuration.
If SIPs fail the virus check after completing configurations to use this plugin, do the following:
1. Connect to Rosetta via ssh and vi /etc/clamd.conf
2. Uncomment and update the following line in the file and restart clamd:
#StreamMaxLength 10M (change to 500M)
Installing ClamAV from EPEL to CentOS/Red Hat 7 full instructions
ClamAV Sources:
Category: Plugin Framework
- Article last edited: 27-Sep-2018