How to setup clamav, freshclam, and havp in Arch for virus protection

Since Arch dansguardian.conf file shows: !!! Not compiled for all content scanners integration with DG, we will use ClamAV integration with Squid via havp

1) Install clamav and clamav-freshclam (keeps clamav database up to date)
pacman -S clamav
2) The configuration files for ClamAV are located in /etc/clamav, but the default configuration is appropriate for our needs. FreshClam will update virus definitions hourly; if you want to change this behaviour, edit /etc/clamav/freshclam.conf 
        a) Comment the line that contains the word Example at the beginning of the configuration files /etc/clamav/freshclam.conf, /etc/clamav/clamd.conf
        b) Run the daemon and freshclam to update the virus definition filenames 
/etc/rc.d/clamav start

   If you get the following messages after running freshclam:
WARNING: Clamd was NOT notified: Can't connect to clamd through 
 /var/lib/clamav/clamd.sock connect(): No such file or directory
   Add a sock file for clamav:
touch /var/lib/clamav/clamd.sock

/etc/rc.d/clamav restart
  The database files are saved in:
3) To run as a server edit /etc/clamav/clamd.conf and /etc/clamav/freshclam.conf and comment out the Example flag. In /etc/conf.d/clamav change the start options from "no" to "yes".
   # change these to "yes" to start
4) To start clamav at boot edit /etc/rc.conf and add both clamav and clamav-freshclam  to DAEMONS
5) To change how often freshclam checks for virus definition files edit freshclam.conf file.  Replace Checks 24 with Checks 1 meaning once a day
              vim /etc/clamav/freshclam.conf
       Restart clamav-freshclam after changing the configuration
             /etc/rc.d/clamav restart   #this will restart both clamav and freshclam
6)  Create buildfolder and manually build install hapv -- proxy interface for clamav
cd ~

mkdir build

cd build

--change download file to represent the latest at ( see tarball link on the left


tar -xzvf havp.tar.gz

cd havp

--check if the install files are not malicious


   change the version from 0.90 to 0.92

      pkgver=0.90     to    pkgver=0.92

   add the following


   change md5sums to be 


mkdir $startdir/pkg/var/log/havp

mkdir $startdir/pkg/var/tmp/havp  


makepkg --asroot

--Install package

pacman -U havp-0.92-1-x86_64.pkg.tar.xz
7) Change the owner of the antivirus logs and temporary file-testing directories to havp :
               chown -R havp:havp /var/run/havp
               chown -R havp:havp /var/log/havp
 8) Add the mandatory lock option to your filesystem (needed by HAVP) : In your /etc/fstab, modify :
                [...] / ext4 defaults 0 1
                to :
                [...] / ext4 defaults,mand 0 1
            Then reload your filesystem :
                mount -o remount /
 9) Enhable havp by removing REMOVETHISLINE deleteme from config file, change listening port to 8000, and enabling clamav scanners
              vim /etc/havp/havp.conf
                  change PORT 8080 to PORT 8090                  
                  change ENABLECLAMLIB false to ENABLECLAMLIB true
                  uncomment BINDADDRESS
 10) Add this info in your /etc/squid/squid.conf :
              cache_peer parent 8090 0 no-query no-digest no-netdb-exchange default
              cache_peer_access allow all
 11) Reload your squid and start HAVP :
              /etc/rc.d/squid restart
              /etc/rc.d/havp start
       The execution flow of internet access becomes like this (
                Computer Browser proxy(8080)-> Dansguardian(8080)  -> Squid(3128)-> HAVP(8090) -> Internet
12) Test. Go to and try to download  you should get an infected virus file from havp
13) Add havp to DAEMONS in rc.conf
            vim /etc/rc.conf
                   DAEMONS=( ...  squid havp  ...)
Additional documentation:



No votes yet