Upgrade or Install PHP 8.2 on Debian running Apache2

This tutorial show you how to install or upgrade PHP 8.2 quick and easy for Apache web server running on Debian 9 or Debian 10 and Debian 11. PHP is the widely used server scripting language for dynamic and interactive websites and content management systems.

5 steps to perform PHP 8.2 for Apache2 on Debian.

1. Updating Debian as root

$ su -
$ apt update
$ apt upgrade -y && reboot

2. Add SURY PHP PPA Repository

SURY is a third-party repository that offers current PHP versions for Debian GNU/Linux, which is added as root.

$ apt -y install lsb-release apt-transport-https ca-certificates wget
$ wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list

3. Installing PHP 8.2 on Debian

$ apt update
$ apt -y install php8.2
$ update-alternatives --set php /usr/bin/php8.2

More than one PHP version can be installed on the system, run update-alternatives --set php [version] to enable a Version.

4. Install Important Modules for PHP 8.2 on Debian

$ apt -y install php8.2-cli php8.2-curl php8.2-gd php8.2-intl php8.2-mbstring php8.2-mysql php8.2-opcache php8.2-readline php8.2-xml php8.2-xsl php8.2-zip php8.2-bz2

5. Making PHP 8.2 module for Apache available

$ apt -y install libapache2-mod-php8.2
$ systemctl reload apache2

Finish! the installation is done. If you want to know which installed PHP version and modules are actually available, the next section shows.

Check the current PHP version

$ php -v 
PHP 8.2.3 (cli) (built: Feb 14 2023 16:53:07) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.3, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.3, Copyright (c), by Zend Technologies

Show current PHP configuration

The current PHP settings are displayed by creating a .php-file with the following content, to output the detailed settings in the web browser.

<?php
phpinfo();
?>

Save the file as phpinfo.php in the “/html” directory. Then open the newly created .php-file in a web browser.

http://my-domain/phpinfo.php

The system-wide PHP settings can be found under the path /etc/php, for modification using Apache 2 edit the php.ini file.

$ vi /etc/php/8.2/apache2/php.ini

If you do not see the installed php version, may the apache php module need to change to the desired version, run the apache helper command in the terminal, replace the version you have instead, like here php.7.4 in this example.

$ a2dismod php7.4
$ a2enmod php8.2
$ systemctl restart apache2

Verify the running php module with view the phpinfo.php from the web browser.

The PHP modules available for Apache 2 can find in the Apache web server path under /etc/apache2/mods-available

$ ll /etc/apache2/mods-available/php*
-rw-r--r-- 1 root root 855 Jul  5  2020 /etc/apache2/mods-available/php7.3.conf
-rw-r--r-- 1 root root 102 Jul  5  2020 /etc/apache2/mods-available/php7.3.load
-rw-r--r-- 1 root root 855 Dec 20 22:32 /etc/apache2/mods-available/php7.4.conf
-rw-r--r-- 1 root root 102 Dec 20 22:32 /etc/apache2/mods-available/php7.4.load
-rw-r--r-- 1 root root 855 Dec 20 22:32 /etc/apache2/mods-available/php8.2.conf
-rw-r--r-- 1 root root 101 Dec 20 22:32 /etc/apache2/mods-available/php8.2.load

Disable an Apache 2 module with a2dismod, use a2enmod to enable. The apt info command provides information about module information.

$ apt info libapache2-mod-php8.2

Specify the desired php version of a website in apache .htaccess file.

Action php /cgi-php82/php
AddHandler php82 .php

ClamAV eMail Virus Scanner on Debian 11

This tutorial installs ClamAV and ClamSMTP on Debian 11. ClamAV is an open source antivirus engine for detecting Trojans, viruses, malware, adware, rootkits and other malicious threats.

ClamAV includes a multi-threaded scanner daemon, with command-line utilities for on-demand file scanning and automatic signature updates. The main service is the ClamSMTP daemon, which is used on mail servers as a server-side proxy for e-mail virus scanners.

Installation

The prerequisite for this tutorial is a configured SMTP relay (MTA) on Postfix. For the installation we are already root, before the last ClamAV version is to be provided with update.

$ apt update
$ apt-cache policy clamav clamav-daemon
$ apt install clamsmtp clamav clamav-daemon

After installation configure Postfix for which we edit the main configuration main.cf. Postfix with its modular structure, transfers the incoming e-mails to the ClamSMTP daemon before they are spooled into the queue and droped to the user mailbox.

$ vi /etc/postfix/main.cf
...
content_filter = scan:127.0.0.1:10026

If you not familiar in using vi, you can of course use nano or your favorite editor.

Add the services in Postfix at the end of master.cf, which will return the scanned e-mails to Postfix.

$ vi /etc/postfix/master.cf
...
scan unix -      -      n      -      16      smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
127.0.0.1:10025 inet n      -      n      -      16       smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

The new ClamAV virus database updater (clamav-freshclam.service) is not intended to notify Clamd.

$ sed -i -e "s/^NotifyClamd/#NotifyClamd/g" /etc/clamav/freshclam.conf

Load the ClamSMTP-conf file into the editor of your choice.

$ vi /etc/clamsmtpd.conf
OutAddress: 10025
Listen: 127.0.0.1:10026
ClamAddress: /var/run/clamav/clamd.ctl
Header: X-AV-Checked: ClamAV using ClamSMTP
TempDirectory: /var/spool/clamsmtp
PidFile: /var/run/clamsmtp/clamsmtpd.pid
User: clamsmtp

Most values can be adopted, check the listening port 10026, it must be the same port address as in main.cf for content_filter. Activate the comment line on Header: to remove hash (#).

Basically, the installation here is already completed. The following settings for verification, change if necessary, accordingly.

$ chown -R clamsmtp. /run/clamsmtp
$ chown -R clamsmtp. /var/spool/clamsmtp
$ chmod -R 775 /var/spool/clamsmtp

The configuration files belong to ClamAV are clamd.conf
freshclam.conf, which have the following content.

$ vi /etc/clamav/clamd.conf
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M

The clamd.conf file can be configured with dpkg-reconfigure clamav-daemon, due default values being suggested.

To configuring clamav-freshclam choose the method for virus database updates using the dpkg-reconfigure clamav-freshclam command.

$ vi /etc/clamav/freshclam.conf
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
#NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.ne

Testing ClamAV ClamSMTP Postfix

The systemd control commands for the ClamAV daemons.

$ systemctl restart clamav-daemon clamsmtp postfix
$ systemctl status clamav-daemon clamsmtp postfix
$ systemctl restart clamav-freshclam.service
$ systemctl status clamav-freshclam.service

If the daemon ClamSMTP and Postfix are configured, the active ports can be checked in the loop with netstat or ss.

$ netstat -tpln | grep 127.0.0.1
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      1513/master
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      690/clamsmtpd

Save the EICAR test signature to check the email virus scanner to a file, such as eicar-signatur.txt.

From: hostmaster@example.org
To: email@example.org
Subject: test - virus scanner test pattern

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Send the EICAR test signature to yourself using sendmail.

$ echo "Subject: EICAR Test Signature" | sendmail email@example.org < eicar-signatur.txt

In /var/log/mail.log can find 250 Virus Detected; Discarded Email. The e-mail with the EICAR test signature should of course not be delivered.

Nov 21 14:01:41 debian clamsmtpd: 100001: from=root@example.org, to=email@example.org, status=VIRUS:Eicar-Signature
Nov 21 14:01:41 debian postfix/smtp[2077]: D93FA10001A: to=<email@example.org>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.07, delays=0.02/0.02/0.01/0.02, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)

Conclusion

The article shows how to install and use of ClamAV on a mail transfer agent, with a final check using test signature. ClamAV is an open-source (GPL) anti-virus engine used in a variety of situations, including email and web scanning, and endpoint security. It provides many utilities for users, including a flexible and scalable multi-threaded daemon, a command-line scanner and an advanced tool for automatic database updates.