Installing anti-malware on AIX

ClamAV is not included with PowerSC. You must first install it on AIX uiAgents before you can use it with the PowerSC GUI

Important: Due to compatibility concerns, only specific ClamAV versions can access the ClamAV virus definition databases. See Version Support Matrix for supported versions.
The ClamAV installation on AIX uiAgents has the following prerequisites:
  • This procedure requires yum on AIX. yum resolves all of the dependencies needed by ClamAV.
    Note: As of this release of PowerSC, AIX version 7.3 does not support yum. You must use dnf to install ClamAV. Packages from the AIX Toolbox for Open Source Software site are not supported through AIX support. See DNF is now available on AIX Toolbox and Potential DNF errors when migrating to AIX 7.3 for important information.
  • The AIX uiAgent on which you install ClamAV must have at least 1.5GB of free available memory.
  • The ClamAV installation has been tested on AIX versions 7.2. Other versions that support yum may also work but have not been tested.
  1. Verify that your available ClamAV version satisfies the database requirements in Version Support Matrix . 
    yum list ClamAV
    You may need to add an additional repository if the available version does not satisfy the database requirements.
  2. Install ClamAV on the PowerSC GUI agent as root if it is not already installed. The example uses version clamav-0.104.2-3 for demonstration purposes. 
    yum install clamav-0.104.2-3 -y
:
Complete!
  3. Move or copy the freshclam.conf.sample file to /opt/freeware/etc/clamav/freshclam.conf: 
    mv /opt/freeware/etc/clamav/freshclam.conf.sample /opt/freeware/etc/clamav/freshclam.conf
  4. Edit the freshclam.conf file as root and either comment out or remove the Example line at the top of the file. 
    # Comment or remove the line below.
# Example
  5. In the freshclam.conf file, change the database owner to root and uncomment the line: 
    DatabaseOwner root
  6. Change the protections on the ClamAV database as root: 
    chmod -R 700 /var/lib/clamav/
  7. For PowerSC versions prior to 2.1.0.6 only: Change directory to /opt/powersc/uiAgent/bin and edit the uiAgent.sh file as root. Add BOOTSTRAP_LIBPATH=$BOOTSTRAP_LIBPATH:/opt/freeware/lib to the BOOTSTRAP section. 
    BOOTSTRAP_LIBPATH=$(get_java_libpath "$JRE_PATH")
BOOTSTRAP_LIBPATH=$BOOTSTRAP_LIBPATH:/opt/freeware/lib
BOOTSTRAP_JVM_PATH=$(get_jvm_path "$JRE_PATH")
  8. Change directory to /opt/freeware/bin: 
    cd /opt/freeware/bin
  9. Run the freshclam update command as root. 
    ./freshclam update
ClamAV update process started at Fri Nov 11 09:16:25 2022
daily database available for download (remote version: 26717)
Time:    0.7s, ETA:    0.0s [========================>]   57.40MiB/57.40MiB
Testing database: '/var/lib/clamav/tmp.d1a40140b5/clamav-2f1c291af73035416f952d3638b4390a.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26717, sigs: 2010548, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time:    1.7s, ETA:    0.0s [========================>]  162.58MiB/162.58MiB
Testing database: '/var/lib/clamav/tmp.d1a40140b5/clamav-bb787aa90623fb750456396fb8c91fa5.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time:    0.0s, ETA:    0.0s [========================>]  286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.d1a40140b5/clamav-0b3133e6924ea0badf240e0ffb91ac03.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
  10. Run the ClamAV clamscan command as root to test your configuration: 
    /opt/freeware/bin/clamscan -r --database=/var/lib/clamav/

----------- SCAN SUMMARY -----------
Known viruses: 8642589
Engine version: 0.104.2
Scanned directories: 1
Scanned files: 281
Infected files: 0
Data scanned: 57.24 MB
Data read: 27.55 MB (ratio 2.08:1)
Time: 31.950 sec (0 m 31 s)
Start Date: 2022:11:11 09:22:40
End Date:   2022:11:11 09:23:12
  11. Create a symlink for sigtool as root: 
    ln -s /opt/freeware/bin/sigtool /usr/bin/sigtool
  12. Create a symlink for the clamscan command as root: 
    ln -s /opt/freeware/bin/clamscan /usr/bin/clamscan
  13. Restart the AIX uiAgent: 
    stopsrc -s pscuiagent
startsrc -s pscuiagent
  14. Click the ellipse to the right of the PowerSC GUI endpoint for which you want to edit the malware configuration options.
  15. Click Malware.
  16. Click Configure Malware.
    Note: It may take several minutes for the PowerSC GUI server to recognize that ClamAV is installed on the endpoint.
  17. Select the file paths to scan.
  18. Click Configuration.
  19. The version is displayed. You can optionally update the following malware fields:
    Note: The default values are displayed, but are not actually created until you run a scan.
    • Command. Location of ClamAV (clamscan) executable script.
    • Database location. Location of the ClamAV malware (virus definitions) database. Must include the trailing slash.
    • Quarantine posix permission. Represents the traditional POSIX file system object permission model. It defines the read, write and execute permissions for the three classes of users, 'owner', 'group' and 'other'.
    • Quarantine location. Location where malicious files will be moved.
    • Quarantine detection action. You can choose to move or copy detected malware files. The default is move. You might choose to copy any detected malware files based on your site requirements and policies or to prevent a break in functionality due to a needed file being falsely diagnosed as infected.
      Important: If you select Copy, detected files remain in their original location. These files require your prompt review and action.
    • Sigtool command. The default location is /usr/bin/sigtool, but you can change this based on your site requirements and policies.
    • Log File location. Location where ClamAV related logs will be stored.
    • Freshclam command. Location of ClamAV (freshclam) executable script.
    • Exclude file set. Provide a comma-separated list of paths that should be excluded from the scan.
    • Skip NFS mounts. When enabled, NFS-mounted file systems are not scanned.
    • Max file size defines the maximum size (in megabytes) of an individual file that can be scanned. Max scan size specifies the maximum total size (in megabytes) that can be scanned during a single scan. Possible values are 1 to 2000. The default is 2000.
  20. Click Save.
    The PowerSC GUI agent recognizes that anti-malware is installed and makes some initial configuration changes.