Topic: Clam AntiVirus

[Arby Edi]

Has anyone used or have any recommendations on what to do with this package?  insluding installing?  

I'm assuming just download into a dir and install.

Any help or thoughts would be greatly appreciated.

[Damien Curtain]

Arby Edi wrote:
>
> Has anyone used or have any recommendations on what to do
> with this package?  insluding installing?
>
> I'm assuming just download into a dir and install.
>
> Any help or thoughts would be greatly appreciated.

You need to compile the program, so you'll need a compiler....

I've actually packaged up clam antivirus itself, and have written the necessary e-smith/sme related parts but haven't packaged those yet unfortunately.

I'll have a search for where I've stuck it tomorrow and make it available if your keen.
--
 Damien

[Arby Edi]

Damien,  that would be greatly appreciated.  I've already installed all the compiling needs, so i'll await your kindness.  when you say you have written the necessary e-smith/sme related parts, what exactly do you mean?  As you can tell I'm a bit new, sorry.

[Damien Curtain]

Arby Edi wrote:
>
> Damien,  that would be greatly appreciated.  I've already
> installed all the compiling needs, so i'll await your
> kindness.  when you say you have written the necessary
> e-smith/sme related parts, what exactly do you mean?  As you
> can tell I'm a bit new, sorry.

Ah if you've already installed the compilation tools your fine then, I was just going to give you a pre-packaged rpm of the binaries so you could avoid that, if anyone needs clamav for redhat/sme its available packaged from here: http://www.pagefault.org/misc

The sme/e-smith related parts referred to the correct cron entries to fit into the template system, at the moment I have included sample cron entries in the above, but as I installed clamav at a bunch of non-profit orgs I also made standard template fragments etc. to call freshclam and also to run the scanner when scheduled, emailing the results to admin.

None of that's really need as you obviously know what your doing, but most sme/e-smith users I've run into aren't comfortable manually running cmds.
--
 Damien

[the3dman]

Hey Damien,
I also installed the RPM for CLAMAV, but can not find the documentation. The website says see the PDF files, but can not locate them.

[Damien Curtain]

the3dman wrote:
>
> Hey Damien,
> I also installed the RPM for CLAMAV, but can not find the
> documentation. The website says see the PDF files, but can
> not locate them.

Try:

/usr/share/doc/clamav-0.23/clamdoc.pdf
/usr/share/doc/clamav-0.23/clamdoc.ps

or the clam antivirus website
--
 Damien

[Geoff Bennion]

Rpm install went great.

Now all we need is some way of hooking it into qmail and squid to scan messages and proxy traffic.

Anyone fancy doing a howto ?

[brian read]

I have had Clam installed on my Server since Aug 5th (hand rolled), however I have not seen an updated anti virus database since then.  Is it still live?

[Arby Edi]

>Now all we need is some way of hooking it into qmail and squid to scan messages and proxy traffic.

Geoff,
Did you happen to figure uot a qmail hook?  I'm using 5.1.2 by the way.

[Arby Edi]

HELP!!!

Ok here's waht I did and what I'm hoping someone can help me with.  I read the manual but of course I'm lost..sort of.

- went to /var/log/clamav/ and touched, chmod and did freshclam.
q: how do I add this to a cron job (I may be able to get this from other posts)

q: I plan on scanning everything under /home/e-smith/files/users and /home/e-smtih/files/ibays .... can I just do a scanclam -r ???

Will this fix the file?  How do I get it to email me whats infected?  
Will it search emails in the inboxs of users?

I see it works with qmail-scanner....has anybody tried making this work for incoming mail?

[Damien Curtain]

Geoff Bennion wrote:
>
> Rpm install went great.
>
> Now all we need is some way of hooking it into qmail and
> squid to scan messages and proxy traffic.
>
> Anyone fancy doing a howto ?

Ok I did one for hooking into qmail:
http://www.pagefault.org/e-smith/howto/amavis_clam.html

squid is a little different. Theres an interesting patch for squid called squid-vscan which uses scannerdaemon to scan traffic. Scannerdaemon is java based though.
--
 Damien

[Kelvin]

Hi Damien,

I was just looking at your site with regards to AMAVIS. Your instructions pertain to mailfront (which I take means you're working on SME 5.5). I may be wrong, but doesn't SME 5.1.2 use obtuse instead ? If it does, do you have instructions for obtuse instead of mailfront ?

TIA !

Kelvin

[Damien Curtain]

Kelvin wrote:
>
> Hi Damien,
>
> I was just looking at your site with regards to AMAVIS. Your
> instructions pertain to mailfront (which I take means you're
> working on SME 5.5). I may be wrong, but doesn't SME 5.1.2
> use obtuse instead ? If it does, do you have instructions for
> obtuse instead of mailfront ?

Yes it does, but thats ok as I only have a 5.5 server handy myelf.

Quickest way for 5.1.2 I think would be:

mv /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig
ln /usr/sbin/qmail-queue.amavis /var/qmail/bin/qmail-queue

In /etc/amavis/amavis.conf change:
qmail-queue = /var/qmail/bin/qmail-queue
to
qmail-queue = /var/qmail/bin/qmail-queue.orig

This would fill in the step where you set the filter parameter in the howto...

1st make sure that amavis runs ok on 5.1.2 before running the above, running /usr/sbin/qmail-queue.amavis will tell you if anythings a miss. Same with clamav, try a normal scan.

The other thing people should do is if theyre running clamav from a cronjob they should add --exclude /var/spoll/amavis to the command line to avoid triggering clam on the quarantined files from amavis.
--
 Damien

[brian read]

Damien

I've been working on this, only got as far as the Clam install (I had your earlier package installed and working with my owen crontab entries). I can't see where the Crontab entries for the scan or the update resides.

I can see the "samples", but there does not seem to be any reference to them in the /etc/e-smith/templates-custom/etc/crontab/.

Please could you point me in the right direction?

Thanks

Brian

[Kelvin]

Hi Damien,

Running qmail-queue.amavis produces an error :-
Can't locate AMAVIS.pm in @INC (@INC contains: /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/sbin/qmail-queue.amavis line 5.
BEGIN failed--compilation aborted at /usr/sbin/qmail-queue.amavis line 5.

Any ideas ?

Kelvin