Skip to main content
  • Subscribe by RSS
  • ExLibris Dev

    How to install ClamAV virus detection plugin for the Rosetta validation stack

    • Article Type: General
    • Product: Rosetta
    • Product Version: 5
    • Relevant for Installation Type: Local

    Desired Outcome Goal:

    To install the ClamAV virus detection application plugin to be called as part of the Rosetta validation stack (task chain).


    Note that it must be installed on all APP servers.


    Note that instructions are for RedHat 6; additional notations are included for RedHat 7.


    Part I: SSH/UNIX

    1. Open a UNIX session as the 'root' user (or sudo).


    2. Install the package: yum install clamav clamd


    RH7: Install EPEL 7: yum install epel-release


    RH7: Install ClamAV packages: yum install clamav clamav-scanner-system


    RH7: Create symbolic link to the default file path; link it to the clamd@scan file: ln -s /etc/clamd.d/scan.conf /etc/clamd.conf


    RH7: Edit the clamd-scanner package configuration: vi /etc/clamd.d/scan.conf


    Comment the example line: #Example


    Uncomment the LocalSocket config line to enable it: LocalSocket /var/run/clamd.scan/clamd.sock


    Save and quit the text editor


    3. Start the ClamAV application: /etc/init.d/clamd start


    RH7: Turn on the SELinux boolean for antivirus: setsebool -P antivirus_can_scan_system 1


    RH7: Start the service and enable it at boot:


    systemctl start clamd@scan
    systemctl enable clamd@scan

    4. Confirm that the application is started: chkconfig clamd on

    5. Download latest software updates for ClamAV: /usr/bin/freshclam


    RH7: Install and configure the ClamAV updater: yum install clamav-update


    RH7: Edit the configuration file: vi /etc/freshclam.conf


    Comment the example line: #Example


    RH7: Edit freshclam configuration file: vi /etc/sysconfig/freshclam


    Comment this line to enable crontab: #FRESHCLAM_DELAY=disabled-warn


    Save and quit the text editor


    RH7: Run “freshclam” command to update the virus database

    6. Restart ClamAV: /etc/init.d/clamd restart

    7. Enter "view /etc/hosts" to find local host:

    # Do not remove the following line, or various programs
    # that require network functionality will fail. us-rosetta01 localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6

    NOTE: Take the address

    8. Enter "netstat -tulpn" to discover on which port the ClamAV is running (based on the host name):

    us-rosetta01-d4(1) >>netstat -tulpn

    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN -
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    tcp 0 0* LISTEN 12962/java
    ********tcp 0 0* LISTEN -
    tcp 0 0* LISTEN -
    tcp 0 0* LISTEN 12962/java

    NOTE: The port for is 3310 as above.
    NOTE: Be sure that this port (3310) is open.


    9. To deploy and Install the ClamAVVirusCheckPlugin.jar file:


    Download the package from here and unzip it:


    Extract the "ClamAVVirusCheckPlugin.jar" file that resides in Rosetta.ClamAVVirusCheckPlugin-master\target\ to:

      $op_dir/plugins/custom/ [e.g. /operational_shared/plugins/custom] and $op_dir/plugins/custom/deploy [e.g. /operational_shared/plugins/custom/deploy]

    The 'dps' user should have read/write permissions on this file.
    Rosetta will display the plug-in in the list of custom plug-ins available for installation.
    If you are installing a new plugin, there is no need to restart Rosetta.
    If you are upgrading an existing plugin a restart is necessary, and you must be sure to increment the plugin version.
    Refer to the 'General Attributes' section of:


    Part II: Rosetta Application

    10. Go to Advanced Configuration > Plug-In Management > Custom Tab > Plug-In Information and add the following:


    Click "Add plug-in Instance" and you should see "ClamAVVirusCheckPlugin"


    Click "Install"

    Plug-In Name: SLUBVirusCheckClamAVPlugin
    Description: SLUB Virus Check Plugin using installed ClamAV daemon via tcp-sockets
    host: take from /etc/hosts reslt (e.g.
    port: take from netstat -tulpn result (e.g. 3310)
    timeout: 1000 (milliseconds)

    Click "Save" to save your changes


    Click the checkmark in the "Active" column to enable.

    11. Go to Advanced Configuration > Repository > Task Chain List: Filter Validation Stack > Add Task Chain:

    Name/Description: Validation Stack with ClamAV
    Add Task: Virus Check
    Name/Description: Virus Check
    Level: File
    Status: Active
    Task Chain Level: IE
    Groups: Validation Stack, Maintenance, etc.
    Task Parameters: SLUBVrusCheckClamAVPlugin

    11. Run ingest that uses this task to test.

    Additional Information

    As per step #7 above, be sure that this port (3310) is open.

    NOTE: there is a file size limitation with the clamd configuration.
    If SIPs fail the virus check after completing configurations to use this plugin, do the following:

    1. Connect to Rosetta via ssh and vi /etc/clamd.conf
    2. Uncomment and update the following line in the file and restart clamd:
    #StreamMaxLength 10M (change to 500M)


    Installing ClamAV from EPEL to CentOS/Red Hat 7 full instructions:


    Category: Plugin Framework

    • Article last edited: 4/19/2017
    // feedback widged