• Aggiungere la fonte, se non già presente:

sudoedit /etc/apt/sources.list

...
deb http://ftp.it.debian.org/debian             squeeze-updates main contrib non-free
deb http://security.debian.org/                 squeeze/updates main contrib non-free
...

• Installare

sudo apt-get update && \
sudo apt-get dist-upgrade && \
sudo apt-get install clamav-daemon libclamunrar6

• Installare

sudo apt-get update && \
sudo apt-get dist-upgrade && \
sudo apt-get install clamav clamav-daemon libclamunrar7

• Installare il pacchetto RVM, oppure installare dai sorgenti

sudo apt-get install clamav-unofficial-sigs

• Registrasi free su https://www.malwarepatrol.net/signup-free.shtml

• Inserire il receipt number in:

sudoedit /etc/clamav-unofficial-sigs/master.conf 

malwarepatrol_receipt_code="xxxxxxxxxxx"

• TODO: Registrarsi su https://www.malwarepatrol.net/signup-free.shtml

• Scaricare le firme

sudo sudo -u clamav [ -x /usr/sbin/clamav-unofficial-sigs ] && /bin/bash /usr/sbin/clamav-unofficial-sigs

• Per il funzionamento con amavis, impostare:

sudoedit  /etc/clamav/clamd.conf

AllowSupplementaryGroups true

Altrimenti la scansione di amavis fallisce con clamd, e si ottiene l'errore:

Mar 11 18:59:40 myserver amavis[18226]: (18226-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20160311T185044-18226-VIje1ebd/parts: lstat() failed: Permission denied. ERROR\n"

• Impostare lo scaricamento delle signatures di Google Safebrowsing per i siti di Phishing e malware:

sudoedit /etc/clamav/freshclam.conf

SafeBrowsing Yes

• Riavviare clamav-daemon:

sudo /etc/init.d/clamav-daemon stop; sudo /etc/init.d/clamav-daemon start

• Se necessario, impostare un proxy per lo scaricamento degli aggiornamenti:

sudoedit /etc/clamav/freshclam.conf 

HTTPProxyServer proxy.metrica.priv
HTTPProxyPort 3128

• Fermare il daemon di aggiornamento

sudo /etc/init.d/clamav-freshclam stop

• Aggiornare il database, e verificare che scarichi anche le firme di Google Safebrowsing:

sudo freshclam -v

• Riattivare il daemon di aggiornamento

sudo /etc/init.d/clamav-freshclam start

• Installare i test files:

sudo apt-get install clamav-testfiles

clamscan /usr/share/clamav-testfiles/

----------- SCAN SUMMARY -----------
Known viruses: 8484890
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 46
Infected files: 46
Data scanned: 13.76 MB
Data read: 6.21 MB (ratio 2.22:1)
Time: 23.877 sec (0 m 23 s)

• Verificare se utilizza le firme di Safebrowsing:

cat > /tmp/test-safebrowsing <<EOFile
Return-Path: <username@example.com>
Delivered-To: <destination@example.com>
Received: from servername.example.com
	by servername.example.com (Dovecot) with LMTP id xI3QK3XIrVjAYAAA25iMvQ
	for <destination@example.com>; Wed, 22 Feb 2017 18:20:53 +0100
Date: Wed, 22 Feb 2017 18:20:58 +0100
To: destination@example.com
From: username@example.com
Subject: test Wed, 22 Feb 2017 18:20:58 +0100
X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
Message-Id: <20170222172053.A4DFADEAEA@servername.example.com>

http://www.ianfette.org/

EOFile

clamscan -v /tmp/test-safebrowsing

Scanning /tmp/test-safebrowsing
/tmp/test-safebrowsing: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8484890
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 41.610 sec (0 m 41 s)

• Rimuovere i testfiles:

 sudo apt-get remove --purge clamav-testfiles

sudo apt-get install unrar arj unzip unace

sudo apt-get install unrar arj unzip unace-nonfree

• Postfix guide
• malware - Are there faux/fake malicious websites to test web reputation services similar to EICAR? - Information Security Stack Exchange
• Installare definizioni virus Sanesecurity su clamav in Debian per Amavis
• Signature Testing - Sanesecurity ClamAV: Phishing, Spam & Malware Signatures
• extremeshok/clamav-unofficial-sigs: ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com