This clamav installation with use both the official signatures as well as the sanesecurity signatures that are used combat image and pdf spam as well as phishing attacks.
# usermod -G exim clamav
LocalSocket /var/run/clamav/clamd.socket
# chkconfig --level 345 clamd on
For clamav to be able to work in enforcing mode we need to add some localized policy modules. The sample policy is below:
module clamlocal 1.0;
require {
class dir { add_name read remove_name search write };
class file { create getattr lock read write append };
type clamd_t;
type clamd_var_log_t;
type logwatch_t;
type proc_t;
type sysctl_kernel_t;
type var_spool_t;
type var_t;
type var_log_t;
role system_r;
};
allow clamd_t proc_t:file { getattr read };
allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow clamd_t var_spool_t:dir read;
allow clamd_t var_spool_t:file { getattr read };
allow clamd_t var_t:dir { add_name read remove_name write };
allow clamd_t var_t:file { create getattr lock read write };
allow logwatch_t clamd_var_log_t:dir { read search };
allow clamd_t var_log_t:file append;
allow clamd_t var_t:dir { read write };
The module can be downloaded from http://www.topdog-software.com/files/clamlocal.te.gz
# wget http://www.topdog-software.com/files/clamlocal.te.gz # gunzip clamlocal.te.gz # checkmodule -M -m -o clamlocal.mod clamlocal.te # semodule_package -o clamlocal.pp -m clamlocal.mod # semodule -i clamlocal.pp