CAUTION: ClamAV CMake support is experimental in this release and is not recommended for production systems!!!
Please help us stabilize it so we can deprecate autotools and Visual Studio.
Known Issues / To-do:
-
Support for building unit tests / feature tests and running with CTest
- A portion of this task will involve converting the shell scripts portions to Python unit tests.
-
Build fuzz targets.
-
LLVM bytecode runtime support.
- Presently only the bytecode intepreter is supported. LLVM is preferable because it is faster. This task also requires updating to use a modern version of LLVM. Currently ClamAV is limited to LLVM 3.6.
- The built-in LLVM runtime is not supported in the CMake tooling with no plans to add support. It will likely be removed when system-LLVM support is updated.
-
Complete the MAINTAINER_MODE option to generate jsparse files with GPerf.
Build requirements:
- CMake 3.13+
- A C-toolchain such as gcc, clang, or Microsoft Visual Studio.
- Flex and Bison. On Windows,
choco install winflexbison.
Important: The following instructions assume that you have created a build
subdirectory and that subsequent commands are performed from said directory,
like so:
mkdir build && cd buildcmake .. -DCMAKE_BUILD_TYPE="Release"
cmake --build . --config Release
sudo cmake --build . --config Release --target installIn CMake, "Debug" builds mean that symbols are compiled in.
cmake .. -DCMAKE_BUILD_TYPE="Debug"
cmake --build . --config DebugYou will likely also wish to disable compiler/linker optimizations, which you
can do like so, using our custom OPTIMIZE option:
cmake .. -DCMAKE_BUILD_TYPE="Debug" -DOPTIMIZE=OFF
cmake --build . --config Debugcmake -DCMAKE_INSTALL_PREFIX:PATH=install ..
cmake --build . --target install --config ReleaseThis build uses Ninja (ninja-build) instead of Make. It's really fast.
cmake .. -G Ninja
cmake --build . --config ReleaseTODO: We have not yet added unit test support for CMake.
-
-V: Verbose -
-C <config>: Specify build configuration (i.e. Debug / Release), required for Windows builds
cmake ..
cmake --build . --config Release
ctest -C Release -VThe following CMake options can be selected by using -D. For example:
cmake .. -DENABLE_EXAMPLES
cmake --build . --config Debug-
APP_CONFIG_DIRECTORY: App Config directory.Default: Windows:
{prefix}, POSIX:{prefix}/etc -
DATABASE_DIRECTORY: Database directory.Default: Windows:
{prefix}/database, POSIX:{prefix}/share/clamav -
CLAMAV_USER: ClamAV User (POSIX-only).Default:
clamav -
CLAMAV_GROUP: ClamAV Group (POSIX-only).Default:
clamav -
MMAP_FOR_CROSSCOMPILING: Force MMAP support for cross-compiling.Default:
OFF -
DISABLE_MPOOL: Disable mpool support entirely.Default:
OFF -
BYTECODE_RUNTIME: Bytecode Runtime, may be:llvm,interpreter,none.Default:
interpreter -
OPTIMIZE: Allow compiler optimizations (eg.-O3). Set toOFFto disable them (-O0).Default:
ON -
ENABLE_WERROR: Compile time warnings will cause build failures (i.e.-Werror)Default:
OFF -
ENABLE_ALL_THE_WARNINGS: By default we use-Wall -Wextra -Wformat-securityfor clamav libs and apps. This option enables a whole lot more.Default:
OFF -
ENABLE_DEBUG: Turn on extra debug output.Default:
OFF -
ENABLE_FUZZ: Build fuzz targets. Will enableENABLE_STATIC_LIBfor you.Default:
OFF -
ENABLE_EXTERNAL_MSPACK: Use external mspack instead of internal libclammspack.Default:
OFF -
ENABLE_JSON_SHARED: Prefer linking with libjson-c shared library instead of static. Please set this toOFFif you're an application developer that uses a different JSON library in your app, or if you provide libclamav to others.Default:
ON -
ENABLE_APP: Build applications (clamscan, clamd, clamdscan, sigtool, clambc, clamdtop, clamsubmit, clamconf).Default:
ON -
ENABLE_CLAMONACC: (Linux-only) Build the clamonacc on-access scanning daemon. Requires:ENABLE_APPDefault:
ON -
ENABLE_MILTER: (Posix-only) Build the clamav-milter mail filter daemon. Requires:ENABLE_APPDefault:
OFF -
ENABLE_UNRAR: Build & install libclamunrar (UnRAR) and libclamunrar_iface.Default:
ON -
ENABLE_DOCS: Generate man pages.Default:
OFF -
ENABLE_DOXYGEN: Generate doxygen HTML documentation for clamav.h, libfreshclam.h. Requires doxygen.Default:
OFF -
ENABLE_EXAMPLES: Build examples.Default:
OFF -
ENABLE_LIBCLAMAV_ONLY: Build libclamav only. Excludes libfreshclam too!Default:
OFF -
ENABLE_STATIC_LIB: Build libclamav and/or libfreshclam static libraries.Default:
OFF -
ENABLE_SHARED_LIB: Build libclamav and/or libfreshclam shared libraries.Default:
ON -
ENABLE_SYSTEMD: Install systemd service files if systemd is found.Default:
ON -
MAINTAINER_MODE: Generate Yara lexer and grammar C source with Flex & Bison. TODO: Also generate JS parse source with Gperf.Default:
OFF -
SYSTEMD_UNIT_DIR: Install systemd service files to a specific directory. This will fail the build if systemd not found.Default: not set
This example sets the build system to Ninja instead of using Make, for speed.
You may need to first use apt/dnf/pkg to install ninja-build
cmake .. -G Ninja \
-DCMAKE_BUILD_TYPE=Release \
-DENABLE_JSON_SHARED=OFF
ninja
sudo ninja installmacOS builds use Homebrew to install flex, bison, and each of the library
dependencies.
Note that explicit paths for OpenSSL are requires so as to avoid using an older OpenSSL install provided by the operating system.
This example also:
- Build system to Ninja instead of using Make.
- You may need to first use
brewto installninja.
- You may need to first use
- Sets build type to "Debug" and explicitly disables compiler optimizations.
- Builds static libraries (and also shared libraries, which are on by default).
- Builds the example programs, just to test them out.
- Sets the install path (prefix) to ./install
cmake .. -G Ninja \
-DCMAKE_BUILD_TYPE=Debug \
-DOPTIMIZE=OFF \
-DENABLE_JSON_SHARED=OFF \
-DOPENSSL_ROOT_DIR=/usr/local/opt/[email protected]/ \
-DOPENSSL_CRYPTO_LIBRARY=/usr/local/opt/[email protected]/lib/libcrypto.1.1.dylib \
-DOPENSSL_SSL_LIBRARY=/usr/local/opt/[email protected]/lib/libssl.1.1.dylib \
-DENABLE_STATIC_LIB=ON \
-DENABLE_EXAMPLES=ON \
-DCMAKE_INSTALL_PREFIX=install
ninja
ninja installChocolatey (choco) is used to install winflexbison and cmake.
Visual Studio 2015+ is required, 2017+ recommended.
These instructions assume that $env:CLAMAV_DEPENDENCIES is set to your
Mussels install\x64 directory and
that you've used Mussels to build the clamav_deps collection which will
provide the required libraries.
Tip: Instead of building manually, try using Mussels to automate your build!
$env:CLAMAV_DEPENDENCIES="$env:userprofile\.mussels\install\x64"
cmake .. -G "Visual Studio 15 2017" -A x64 `
-DJSONC_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include\json-c" `
-DJSONC_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\json-c.lib" `
-DBZIP2_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DBZIP2_LIBRARY_RELEASE="$env:CLAMAV_DEPENDENCIES\lib\libbz2.lib" `
-DCURL_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DCURL_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\libcurl_imp.lib" `
-DOPENSSL_ROOT_DIR="$env:CLAMAV_DEPENDENCIES" `
-DOPENSSL_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DOPENSSL_CRYPTO_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\libcrypto.lib" `
-DZLIB_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\libssl.lib" `
-DLIBXML2_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DLIBXML2_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\libxml2.lib" `
-DPCRE2_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DPCRE2_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\pcre2-8.lib" `
-DCURSES_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DCURSES_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\pdcurses.lib" `
-DPThreadW32_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DPThreadW32_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\pthreadVC2.lib" `
-DZLIB_INCLUDE_DIR="$env:CLAMAV_DEPENDENCIES\include" `
-DZLIB_LIBRARY="$env:CLAMAV_DEPENDENCIES\lib\zlibstatic.lib" `
-DCMAKE_INSTALL_PREFIX="install"
cmake --build . --config Release --target install
copy $env:CLAMAV_DEPENDENCIES\lib\* .\installTip: If you're having include-path issues, try building with detailed verbosity:
cmake --build . --config Release --target install -- /verbosity:detailedThe CMake tooling is good about finding installed dependencies on POSIX systems.
Important: Linux users will want the "-dev" or "-devel" package variants which include C headers. For macOS, Homebrew doesn't separate the headers.
App developers that only need libclamav can use the -DENABLE_LIBCLAMAV_ONLY
option to bypass ClamAV app dependencies.
libclamav requires these library dependencies:
- bzip2
- zlib
- libxml2
- libpcre2
- openssl
- libjson-c
- iconv (POSIX-only, may be provided by system)
- pthreads (or on Windows: pthreads-win32)
- llvm (optional, _see Bytecode Runtime)
If you want libclamav and libfreshclam for your app, then use the
-DENABLE_APP=OFF option instead.
libfreshclam adds these additional library dependencies:
- libcurl
For regular folk who want the ClamAV apps, you'll also need:
- ncurses (or pdcurses), for clamdtop.
- systemd, so clamd, freshclam, clamonacc may run as a systemd service (Linux).
- libsystemd, so clamd will support the clamd.ctl socket (Linux).
If you have custom install paths for the dependencies on your system or are on Windows, you may need to use the following options...
-DBZIP2_INCLUDE_DIR="_filepath of bzip2 header directory_"
-DBZIP2_LIBRARIES="_filepath of bzip2 library_" -DZLIB_INCLUDE_DIR="_filepath of zlib header directory_"
-DZLIB_LIBRARY="_filepath of zlib library_" -DLIBXML2_INCLUDE_DIR="_filepath of libxml2 header directory_"
-DLIBXML2_LIBRARY="_filepath of libxml2 library_" -DPCRE2_INCLUDE_DIR="_filepath of libpcre2 header directory_"
-DPCRE2_LIBRARY="_filepath of libcpre2 library_"Hints to find openssl package:
-DOPENSSL_ROOT_DIR="_path to openssl install root_" -DOPENSSL_INCLUDE_DIR="_filepath of openssl header directory_"
-DOPENSSL_CRYPTO_LIBRARY="_filepath of libcrypto library_"
-DOPENSSL_SSL_LIBRARY="_filepath of libcrypto library_"Tip: You're strongly encouraged to link with the a static json-c library.
-DJSONC_INCLUDE_DIR="_path to json-c header directory_"
-DJSONC_LIBRARY="_filepath of json-c library_"These options only apply if you use the -DENABLE_EXTERNAL_MSPACK=ON option.
-DMSPack_INCLUDE_DIR="_path to mspack header directory_"
-DMSPack_LIBRARY="_filepath of libmspack library_"On POSIX platforms, iconv might be part of the C library in which case you would not want to specify an external iconv library.
-DIconv_INCLUDE_DIR="_path to iconv header directory_"
-DIconv_LIBRARY="_filepath of iconv library_"On POSIX platforms, pthread support is detected automatically. On Windows, you need to specify the following:
-DPThreadW32_INCLUDE_DIR="_path to pthread-win32 header directory_"
-DPThreadW32_LIBRARY="_filepath of pthread-win32 library_" -DBYTECODE_RUNTIME="llvm"
-DLLVM_ROOT_DIR="_path to llvm install root_" -DLLVM_FIND_VERSION="3.6.0" -DCURL_INCLUDE_DIR="_path to curl header directory_"
-DCURL_LIBRARY="_filepath of curl library_" -DCURSES_INCLUDE_DIR="_path to curses header directory_"
-DCURSES_LIBRARY="_filepath of curses library_"Bytecode signatures are a type of executable plugin that provide extra detection capabilities.
ClamAV has two bytecode runtimes:
-
LLVM: LLVM is the preferred runtime.
With LLVM, ClamAV JIT compiles bytecode signatures at database load time. Bytecode signature execution is faster with LLVM.
-
Interpreter: The bytecode interpreter is an option on systems where a a supported LLVM version is not available.
With the interpreter, signature database (re)loads are faster, but execution time is slower.
At the moment, the interpreter is the default runtime, while we work out compatibility issues with libLLVM. This default equates to:
cmake .. -DBYTECODE_RUNTIME="interpreter"To build using LLVM instead of the intereter, use:
cmake .. \
-DBYTECODE_RUNTIME="llvm" \
-DLLVM_ROOT_DIR="/opt/llvm/3.6" \
-DLLVM_FIND_VERSION="3.6.0"To disable bytecode signature support entire, you may build with this option:
cmake .. -DBYTECODE_RUNTIME="none"TODO: Describe how to customize compiler toolchain with CMake.
TODO: Describe how to cross-compile with CMake.