Search:  
Gentoo Wiki

Complete_Virtual_Mail_Server/ClamAV


Complete Virtual Mail Server


Getting Started


Basic Mail Setup


Enhanced Mail Services


Anti-Spam Configuration


Anti-Virus Configuration

  • Configuring for ClamAV

Log Analyzer


Wrapping it Up

edit

Anti-Virus Configuration

Because of all the work we have done above, adding anti-virus to this is quite straight forward (relative to everything else we’ve been through).


Code: emerging clamav
 
# emerge clamav

At this point, the clamav user was created (and if not, then go ahead and create it) so using webmin, I added clamav to the amavis group. If you skipped the webmin install, then simply add the clamav user to the amavis group in /etc/group with the gpasswd command:


Code: Adjusting Groups
 
  # gpasswd -a clamav amavis
  

EDITED: add AllowSupplementaryGroups to clamav.conf

Double check to ensure that you have a /var/log/clamav directory, owned by the clamav user. In my case this was automatically generated. After reviewing the configuration file (/etc/clamd.conf) I decided that no changes were needed from the defaults, so let’s carry on and run a quick test of the install.

Configuration Changes

There are a few minor configuration changes we need to make to get this setup correctly and connected to amavisd.


ClamAV Configuration

We only need to make a few minor changes for ClamAV and the rest can remain set to their default values. We simply need to confirm a couple of settings have been uncommented. We will also identify the unix socket that clamd will be using to communicate with amavisd.

Because both amavisd and clamd are running on the same machine, we will also define a unix socket so that they can communicate. ClamAV will support a TCP connection, but this results in a performance hit that we don’t have to worry about.


File: /etc/clamd.conf
 
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log


# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
AllowSupplementaryGroups yes


# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /var/run/clamav/clamd.sock
  

Amavisd Settings

Amavisd simply requires that we uncomment the ClamAV entry associated with av_scanners. The pattern below shows up in a couple of places (av_scanners, av_scanners_backup, policy) so be sure you are uncommenting the entries for the av_scanners parameter.


File: /etc/amavisd.conf
 
# ### http://www.clamav.net/
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
  

Now, start it up and go check the clamd.log to ensure that things startup properly. The log should look something like what I have listed below.


Shell: Starting clamav
 
# /etc/init.d/clamd start
 * Starting clamd...                                             [ ok ]
 * Starting freshclam...                                         [ ok ]

# less /var/log/clamav/clamd.log

Sun Nov 20 21:30:26 2005 -> +++ Started at Sun Nov 20 21:30:26 2005
Sun Nov 20 21:30:26 2005 -> clamd daemon 0.87.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
Sun Nov 20 21:30:26 2005 -> Log file size limited to 1048576 bytes.
Sun Nov 20 21:30:26 2005 -> Running as user clamav (UID 101, GID 1002)
Sun Nov 20 21:30:26 2005 -> Reading databases from /var/lib/clamav
Sun Nov 20 21:30:31 2005 -> Protecting against 40931 viruses.
Sun Nov 20 21:30:31 2005 -> Unix socket file /var/run/clamav/clamd.sock
Sun Nov 20 21:30:31 2005 -> Setting connection queue length to 15
Sun Nov 20 21:30:31 2005 -> Archive: Archived file size limit set to 10485760 bytes.
Sun Nov 20 21:30:31 2005 -> Archive: Recursion level limit set to 8.
Sun Nov 20 21:30:31 2005 -> Archive: Files limit set to 1000.
Sun Nov 20 21:30:31 2005 -> Archive: Compression ratio limit set to 250.
Sun Nov 20 21:30:31 2005 -> Archive support enabled.
Sun Nov 20 21:30:31 2005 -> Archive: RAR support disabled.
Sun Nov 20 21:30:31 2005 -> Portable Executable support enabled.
Sun Nov 20 21:30:31 2005 -> Mail files support enabled.
Sun Nov 20 21:30:31 2005 -> OLE2 support enabled.
Sun Nov 20 21:30:31 2005 -> HTML support enabled.
Sun Nov 20 21:30:31 2005 -> Self checking every 1800 seconds.
  

Testing

The real test is to send an email to yourself with the following test string in the message body (and only this string) which Virus Scanners should pick out as a virus.

        X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Unfortunately, MailZu will not pick up viruses even though they are stored in the database. To check, I used webmin and looked in the msgrcpt table to confirm that the message was received and interpreted as a virus.


Auto-Updating

One nice feature is that clamav will continue to checking to ensure that its virus definitions are up to date. If you noticed above when we started clamd, we received back a message that both clamd and freshclam had started. Freshclam is what updates the definitions and from the startup log. By default, freshclam will check for updated definitions every 2 hours.


A Final Item

With everything running, you should now turn down the amavisd logging levels


File: /etc/amavisd.conf
 
#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 0;           # (defaults to 0)
  

Important Note!

If you're still using the test policy from the previous step, make sure you change "bypass_virus_check" from "Y" to "N"! Otherwise clamd won't scan your mail. I know it sounds obvious, but I had completely forgotten about it myself, and as a result gave up on trying to get clamd working because nothing I did made it scan.

-- Drusenija (29/07/06)

Retrieved from "http://www.gentoo-wiki.info/Complete_Virtual_Mail_Server/ClamAV"

Last modified: Sun, 08 Jun 2008 07:43:00 +0000 Hits: 13,800