How to install ClamAV virus detection plugin for the Rosetta validation stack

• Product: Rosetta

Note that it must be installed on all APP servers.

Procedure:

Part I: SSH/UNIX

1. Open a UNIX session as the 'root' user (or sudo).

2. Install the package: yum install clamav clamd

RH7: Install EPEL 7: yum install epel-release (sudo yum install may also work)

RH7: Install ClamAV packages: yum install clamav clamav-scanner-systemd

RH7: Create symbolic link to the default file path; link it to the clamd@scan file: ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

RH7: Edit the clamd-scanner package configuration: vi /etc/clamd.d/scan.conf

Comment the example line: #Example

Uncomment the LocalSocket config line to enable it: LocalSocket /var/run/clamd.scan/clamd.sock

Save and quit the text editor.

3. Start the ClamAV application: /etc/init.d/clamd start

RH7: Turn on the SELinux boolean for antivirus: setsebool -P antivirus_can_scan_system 1

RH7: Start the service and enable it at boot:

systemctl start clamd@scan
systemctl enable clamd@scan

If the above doesn't work, first run: sudo freshclam

After that, running "systemctl start clamd@scan" and "systemctl enable clamd@scan" should work.
 

4. Confirm that the application is started: chkconfig clamd on (systemctl status clamd@scan may also work)

Running systemctl status clamd@scan returns:

sudo systemctl status clamd@scan
● clamd@scan.service - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: di
   Active: active (running) since Thu 2018-09-27 11:15:19 EDT; 7min ago
 Main PID: 25611 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─25611 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

Sep 27 11:15:19 rosetta1 clamd[25611]: ELF support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: Mail files support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: OLE2 support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: PDF support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: SWF support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: HTML support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: XMLDOCS support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: HWP3 support enabled.
Sep 27 11:15:19 rosetta1 clamd[25611]: Self checking every 600 seconds.
Sep 27 11:15:19 rosetta1 systemd[1]: Started Generic clamav scanner daemon.

5. Download latest software updates for ClamAV: /usr/bin/freshclam (if you didn't already run it in step #3 above.)

RH7: Install and configure the ClamAV update: yum install clamav-update

RH7: Edit the configuration file: vi /etc/freshclam.conf

Comment the example line: #Example

RH7: Edit freshclam configuration file: vi /etc/sysconfig/freshclam

Comment this line to enable crontab: #FRESHCLAM_DELAY=disabled-warn

Save and quit the text editor.

RH7: Run “freshclam” command to update the virus database

6. Restart ClamAV: /etc/init.d/clamd restart (systemctl restart clamd@scan may also work)

7. Enter "view /etc/hosts" to find local host:

# Do not remove the following line, or various programs
# that require network functionality will fail.
10.100.2.19 us-rosetta01.corp.exlibrisgroup.com us-rosetta01
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

NOTE: Take the 127.0.0.1 address

8. Enter "netstat -tulpn" to discover on which port the ClamAV is running (based on the host name):

us-rosetta01-d4(1) >>netstat -tulpn [NOTE that RH6 and 7 results may vary]

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:3873 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:4801 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:6852 0.0.0.0:* LISTEN 12962/java
tcp 0 0 0.0.0.0:5989 0.0.0.0:* LISTEN -
tcp 0 0 10.100.2.19:4712 0.0.0.0:* LISTEN 12962/java
tcp 0 0 0.0.0.0:1801 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:5801 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:4713 0.0.0.0:* LISTEN 12962/java
tcp 0 0 10.100.2.19:4457 0.0.0.0:* LISTEN 12962/java
********tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 10.100.2.19:2801 0.0.0.0:* LISTEN 12962/java

NOTE: The port for 127.0.0.1 is 3310 as above.
NOTE: Be sure that this port (3310) is open.

9. Close (logout) of the UNIX session as the 'root' user (or sudo).

10. Open a UNIX session as the 'dps' user.

11. To deploy and Install the ClamAVVirusCheckPlugin.jar file:

Download the Rosetta.ClamAVVirusCheckPlugin-master.zip package from here and unzip it:

  https://github.com/ExLibrisGroup/Rosetta.ClamAVVirusCheckPlugin/tree/master/target

Alternatively, the file can also be retrieved from the target directory of the Rosetta.ClamAVVirusCheckPlugin-master folder.

Extract the "ClamAVVirusCheckPlugin.jar" file that resides in Rosetta.ClamAVVirusCheckPlugin-master\target\ to the following directory:

  $op_dir/plugins/custom/ [e.g. /operational_shared/plugins/custom]

Directories should look like this after installation:

/operational_shared/plugins/custom/
drwxrwxr-x 6 dps exlibris  260 Jan  3  2016 Rosetta.ClamAVVirusCheckPlugin-master
-rw-rw-r-- 1 dps exlibris 1816 Jan  3  2016 ClamAVVirusCheckPlugin.jar
drwxrwxr-x 3 dps exlibris  114 Sep 13 15:20 deploy
drwxrwxr-x 3 dps exlibris   47 Sep 13 16:19 bin

/operational_shared/plugins/custom/deploy/
drwxrwxr-x 6 dps exlibris     260 Jan  3  2016 Rosetta.ClamAVVirusCheckPlugin-master
-rw-rw-r-- 1 dps exlibris 5321957 Sep 13 15:20 Rosetta.ClamAVVirusCheckPlugin-master.zip

Then run:
chown dps:exlibris /operational_shared/plugins/custom
chown dps:exlibris /operational_shared/plugins/custom/ClamAVVirusCheckPlugin.jar
chmod 664 /operational_shared/plugins/custom/ClamAVVirusCheckPlugin.jar

The 'dps' user should have read/write permissions on this file.
Rosetta will display the plug-in in the list of custom plug-ins available for installation.
If you are installing a new plugin, there is no need to restart Rosetta.
If you are upgrading an existing plugin a restart is necessary, and you must be sure to increment the plugin version.
Refer to the 'General Attributes' section of: https://developers.exlibrisgroup.com/rosetta/sdk/plugins

Part II: Rosetta Application

10. Go to Advanced Configuration > Plug-In Management > Custom Tab > Plug-In Information and add the following:

Click "Add plug-in Instance" and you should see "ClamAVVirusCheckPlugin"

Click "Install"

Plug-In Name: SLUBVirusCheckClamAVPlugin
Description: SLUB Virus Check Plugin using installed ClamAV daemon via tcp-sockets
host: take from /etc/hosts reslt (e.g. 127.0.0.1)
port: take from netstat -tulpn result (e.g. 3310)
timeout: 1000 (milliseconds)

Click "Save" to save your changes

Click the checkmark in the "Active" column to enable.

12. Go to Advanced Configuration > Repository > Task Chain List: Filter Validation Stack > Add Task Chain:

Name/Description: Validation Stack with ClamAV
Add Task: Virus Check
Name/Description: Virus Check
Level: File
Status: Active
Task Chain Level: IE
Groups: Validation Stack, Maintenance, etc.
Task Parameters: SLUBVrusCheckClamAVPlugin

Note that upon successful implementation of the plugin, Rosetta will copy the jar file to $op_dir/plugins/custom/deploy [e.g. /operational_shared/plugins/custom/deploy]

13. Run ingest that uses this task to test.