Topic: CLAMAV Installation

[Mike]

Everyone,  I have intalled clamav--20030605-1.i386.rpm on my 5.6 box and installation was successful. The process is running as clamd. So this will scan my incoming and outgoing mails? or Do I have to configure something to scan the mails? And one thing I was confuse as I have search the archive forum, do I have to install the amavis package too in order to run my clamav?

Please advise which one will I edit?

Sorry for many question, just I need to secure my email server?

Thank you very much......


Mike

[Cyrus Bharda]

Mike,

There is a howto on installing ClamAV which I have followed and installed fine on my 5.5:

http://pagefault.org/howto/amavis_clam.shtml

Thanks to Damien for writing and hosting it all!

Cyrus Bharda

[Mike]

Thanks Cyrus,

I had just followed the in http://pagefault.org/howto/amavis_clam.shtml, how do I test it if it is running well, let say for email attachment...

Regards,

Mike

[guestHH]

A specific virus test can be found here:

http://www.rexswain.com/eicar.html

[Maggard]

guestHH wrote:
>
> A specific virus test can be found here:
>
> http://www.rexswain.com/eicar.html

Just to clarify that is NOT a virus.

The EICAR file is a standard alphanumeric string that all major anti-virus vendors have agreed to identify as a "virus" for testing purposes. It is absolutely harmless.

[Mike]

I have tried it download and email it to my self, the sme server didn't react only my Norton react during downloading it from sme server to my desktop. even if I tried to clamscan -ri /home/e-smitch/files/users
there's nothing virus found.....

Do i need to configure it again to interact  to my incoming and outgoing mails?

Please advise.

Thanks for all your help I really appreciate it.

[jason]

I have followed the instructions by Damien on the pagedefault.org website and I got it to work, but it only scans incoming mail.  So basically if I send an email  to the smeserver it gets scanned, but outgoing mail is not scanned at all.  Does anybody know how to do this?

Thanks for your help.

Jason

[Lloyd Keen]

Mike,
Yes, you do have to download the amavis-ng package as well as all the other required packages. The sample conf file needs to be placed in /etc/amavis-ng/amavis.conf and you will need to edit this file and replace all references to /etc/amavis with /etc/amavis-ng. You also need to change the ownership of the log file with #chown qmailq /var/log/amavis-ng/amavis.log  The command to update the db is /sbin/e-smith/db configuration setprop smtpfront-qmail filter /usr/bin/qmail-queue.amavis (note the path is /bin not /sbin) Also make sure clamd is running #/etc/rc.d/init.d/clamd status. Hope this helps.
Regards Lloyd

[Lloyd Keen]

Jason, I've installed it on 5.6u4 and it scans both incoming and outgoing mail for me. Here is the mail I received after sending the eicar test from within my lan.
Our virus checker has found potentially malicious code in a mail by
you. Delivery has been stopped. For further questions, please contact XXXXXX
The message has been quarantined as 3ee9e159-2fbd.


CLAM Anti Virus found:
 Eicar-Test-Signature

[jason]

Thanks Lloyd for the reply.

So knowing that it works for you and knowing that it that it does scan incoming email, how can I change the configuration to scan outgoing?  Or is it supposed to do it automatically per the installation instructions from the pagedefault.org?

[Joe]

I have installed this followed instructions from pagefault BUT i cant seem to get my domain scanning basically im testing on a example.com server and have changed the settings as per Lloyds post but still not scanning emails

can anyone help or anymore pointers?

Cheers

[Walter Padgett]

Good Afternoon,

Welp, I'm screwed. I followed all the instructions but I think there's one little kink that I should have asked about. I have the mailfront contrib stuff installed as well as the blacklist contrib. I don't remember exactly the filenames but when I installed clamav, I can't send or receive email now. I tested it out on a local station and Outlook Express said that the server returned a permanent qmail-queue error. How do I uninstall all this stuff now? Acckkk.... That's the trouble I get into, I install contribs that I like and find other ones later that add this or that feature. After installing the new contrib, I screw something else up because an earlier contrib used some of the same files or I already have something newer like perl or some libcap. Installation scripts then screw up because they don't think things were installed correctly and such. Well where I think I went wrong is that I downloaded all the perl stuff that was on the website. I did the rpm -Uvh which upgrades right? Well now everything is at a grinding stop. I'm going to try and rpm -e all the rpm's that I just installed and clear some of the config files I setup. After doing all that though, the stuff I had to execute from the /sbin/e-smith/db command lines that were shown in the how-to, how do I undo that?

Whew, that was a run-on paragraph but, where I'm trying to go is to get the contribs I like installed. I guess where I need guidance is what to look for before installing. For example, if I find a contrib I like and it has a script to install it all but older versions of libcap and/or perl, do I erase the currently installed rpm's and then install the newer version? If I do that, will the older contrib usually work? If it's the other way around and the contrib has older stuff and an installation script to install the older stuff, do I strip out the lines that installs the older rpm's and see if it completes the install?

Thanks for the help,

Wally

[Lloyd Keen]

Walter,
/sbin/e-smith/db configuration setprop smtpfront-qmail filter /var/qmail/bin/qmail-queue followed by /sbin/e-smith/signal-event email-update will revert back to the original mail setup.

[Walter Padgett]

Good Afternoon,

Much obliged!!!!!!!!!!!!!!!!!!

Did anything that I was talking about make any sense?

Let me try to clarify it a little better, I was a little exasperated when writing the post.

I install contrib A that deals with email and has an installation script that installs v2.2 of perl (for this illustration.) After looking around I find contrib B that adds a nice little feature to email that I really want. After downloading it and looking at the rpm's, I determine that it comes with v1.2 of perl. Sometimes contribs.orge with installation scripts and sometimes they don't, either way, do most programs work with newer versions of the dependencies they require? If it comes with an installation script, I've run into a deal with squidguard that installs ACL's but there was something else that I installed before that or the latest release of SME had a newer version of squidguard. Do I remove the lines that deal with the rpm's? I tried that but I don't think it installed properly.

I understand that Linux is a freelance type of OS but are there any standards out there that dictate some of these issues? For example, a standard for installing, uninstalling, compiling, etc. A structure so to speak, do A before B when installing and vica-versa on uninstalling.

I don't claim to know alot about Linux and the internals of the OS but, after working with QS9000 and other similiar standards for manufacturing is skewing my perception of contribs and the likes.

The only example I have that is somewhat in context here is the add-on system that a freelancer developed for IPCOP. It appeared that he had made a structure for contribs and if any author wanted to use his system, they had to meet certain criteria. I like that type of methodology(?) I guess.

A penny for your thoughts, mine get too long sometimes, acckkk...

Wally

[AP]

Hi,

i have problems

tail /var/log/smtpfront-qmail/current

shows

Use of uninitialized value in undef operator at /usr/lib/perl5/site_perl/5.6.1/AMAVIS/MTA/Qmail.pm line 417, line 36.

and mail put into problems directory...

and amavis-ng log shows

Starting AMaViS 0.1.6.4
: Unpacking message in /var/spool/amavis-ng/amavis-unpack-3eea96e5-4769
: AMAVIS: Determined 00000000 to be type message/rfc822
: AMAVIS: Determined 00000001 to be type text/plain
: Not attempting to unpack 00000001
: AMAVIS::AV::CLAMD: Unknown virus scanner output: /var/spool/amavis-ng/amavis-unpack-3eea96e5-4769: Can't access the file ERROR
: Error while scanning for viruses with AMAVIS::AV::CLAMD:
: AMAVIS::MTA::Qmail: Freezing message
: Quarantining infected message to /var/spool/amavis-ng/problems/3eea96e5-4769
: AMAVIS::MTA::Qmail: /var/qmail/bin/qmail-queue exited: 0
: AMAVIS: Cleaning up.
: AMAVIS: Done.
: Starting AMaViS 0.1.6.4



thanks...

[Mike]

Guys, same thing happen to me, after I followed the instruction on pagefault.org and installation of amavis-ng and all components then setting up the stmpfront-qmail filter to /usr/bin/qmail-queue-amavis. All mails was blocked, what should be the problem?

Thanks

[John]

Hi

Don't suppose anybody has written an rpm to install this on SME 5.6 have they?

John

[Frederik Bay]

Hi All

Have a problem with CLAMAV-0.54-4 and Amavis-NG-0.1.6.4-01dc.

I installed them on a 5.6U4 + dungog-antivirus-0.1-10

But when i try to change the settings in server-manager under "Virus Scanning" i get:

Software error:
Error occurred while updating system configuration.

I have checked the log and i tells me this:

Jun 17 01:14:13 sme e-smith[3680]: Processing event: conf-antivir
Jun 17 01:14:13 sme e-smith[3680]: Running event handler: /etc/e-smith/events/conf-antivir/S55antivir-conf
Jun 17 01:14:15 sme e-smith[3680]: ERROR: No templates were found for //etc/amavis-ng/amavis.conf.
Jun 17 01:14:15 sme e-smith[3680]:  at /etc/e-smith/events/conf-antivir/S55antivir-conf line 41
Jun 17 01:14:15 sme e-smith[3680]: S55antivir-conf=action|Event|conf-antivir|Action|S55antivir-conf|Start|1055805253 554020|End|1055805255 415405|Elapsed|1.861385|Status|65280

hope soneone has the answer - i'm pretty new to linux - but hopefully getting better.

Frederik

[byte]

Did you take a copy of the config file found on pagefault.org?

[Frederik Bay]

Have now downloaded a new copy and configured it with my settings, still i
get the software error when trying to update settings in  "Virus Scanning" panel.

When looking in my log:

Jun 17 15:50:50 sme e-smith[4469]: Processing event: conf-antivir
Jun 17 15:50:50 sme e-smith[4469]: Running event handler: /etc/e-
smith/events/conf-antivir/S55antivir-conf
Jun 17 15:50:52 sme e-smith[4469]: ERROR: No templates were found
for //etc/amavis-ng/amavis.conf.
Jun 17 15:50:52 sme e-smith[4469]:  at /etc/e-smith/events/conf-
antivir/S55antivir-conf line 41

I'm stuck

Have set this up on another SME box with no problems - but this was earlier
rpms.

Thanks for your help

Frederik

[Charlie Hartill]

I'd like to follow up from Walter's post. The Mitel is such a great way to learn Linux & I value the contributions of the wise people so greatly. It's just such a shame that so many of the contribs are listed as just rpms or have no info about what version they are tested for.

I've just uninstalled the CLAMAV stuff after getting  a qmail queue error, Is this because I have the User Panel upgrade installed? Does anyone know if it clashes with another contrib - I know I have a later version of the perl mail tool: see below - did I do the right thing?

Charlie

[root@AMHURST clam]# rpm -ivf *.rpm
Preparing packages for installation...
file /usr/share/man/man3/Mail::Address.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Cap.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Field.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Field::AddrList.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Filter.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Header.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Internet.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Mailer.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Send.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
file /usr/share/man/man3/Mail::Util.3pm.gz from install of perl-MailTools-1.50-1 conflicts with file from package perl-MailTools-1.40-1
[root@AMHURST clam]# rpm -q Perl-MailTools
package Perl-MailTools is not installed
[root@AMHURST clam]# rpm -q perl-MailTools-1.50-1
package perl-MailTools-1.50-1 is not installed
[root@AMHURST clam]# rpm -q perl-MailTools-1.40-1
perl-MailTools-1.40-1
[root@AMHURST clam]# rpm -uvf perl-MailTools-1.50-1.i386.rpm
-uvf: unknown option
[root@AMHURST clam]# rpm -Uvf perl-MailTools-1.50-1.i386.rpm
Preparing packages for installation...
perl-MailTools-1.50-1
[root@AMHURST clam]# rpm -ivf *.rpm
Preparing packages for installation...
package perl-MailTools-1.50-1 is already installed
[root@AMHURST clam]# rm perl-MailTools-1.50-1.i386.rpm
rm: remove perl-MailTools-1.50-1.i386.rpm'? y
[root@AMHURST clam]# rpm -ivf *.rpm
Preparing packages for installation...
arc-5.21e-4
clamav-0.54-4
lha-1.14i-4.2rm
perl-Archive-Tar-0.22-1
perl-Compress-Zlib-1.16-1
perl-Config-IniFiles-2.29-1
perl-Convert-TNEF-0.17-1
perl-Convert-UUlib-0.213-1
perl-File-MMagic-1.16-1
perl-IO-stringy-2.108-1
perl-MIME-tools-5.411a-1
perl-libnet-1.12-1
unarj-2.43-6.1rm
unrar-2.71-1.1rm
zoo-2.10-4.1rm
amavis-ng-0.1.6.4-01dc

[Damien Curtain]

In an attempt to stop the flood of e-mail I keep receiving, I've updated the how to on pagefault.org to include more details, the only other option I can see is to nuke all these addon's I have written.

As I've always said the addons I write are aimed at sysadmin professionals who just need to automate some functionality. They are not aimed at the end user who cannot debug basic linux problems on their own.

I don't bother to provide detailed instructions, there's a virus scanning product sold as part of the service-link product aimed at the end-user, purchase this if you need support and an easy installation process.

All my addons work fine if installed correctly.

If you've installed a contrib x and it runs amok with anything I've written then deal with it.

If you don't know how to deal with a simple problem such as upgrading a pre-existing perl module then you really shouldn't be using these addons, you should be using the service-link products.

Cheers
--
 Damien

[Walter Padgett]

Good Afternoon,

I understand the frustration of Mr. Curtain but getting mad at the end user only runs them away from the greatest OS in the world. This is the only posting I'll post regarding this issue. I use Linux on a regular basis but the basic infrastructure of directories, what's installed by default, what version of perl works with what contrib, among other things is still beyond me for the most part. I don't look for the GUI / easy way all the time but rather enjoy command line challenges.

The only thing I was pointing out in regards to the standardization(?) of contribs was that things would work alot smoother. Not only would things work smoother but it would raise the bar of professionalism and accountability. Set some standards that everyone should meet to acquire a certain degree of certification (for a lack of better terminology.)

A penny for your thoughts,

Wally

[Robert]

Ive installed clam twice - v.easy & instant success: id like to add my thanks to Damien for his GREAT rpm and notes that made this possible.
I just installed a more 'up to date version' and it failed!
Now here we HAVE to take Damiens view that you get it for free - after a lot of work from others - and are responsible to gain knowledge to resolve problems if you want to start from these contributions.

FYI, the amavis-conf in the new version was quite different (use diff to find variations between one file and another), so I patched the new with obvious changes - like setting mailfilter.

In the end I ran out of time to fix it as people were (rightly) baying for email, so I searched the phorum (another fabulous resource - thanks Mitel and all contributors) for 'clam uninstall' and found how to reset the original mail setup - this is what we HAVE to do: think and solve!

In days long gone, proprietary software / hardware cost a lot, had few combinations that were strictly controlled and worked.
Now with open systems there is bound to be 'version clash': gee look at how much is added/changed with clam install!
Just because the install is simple, it changes a lot - you cannot just shut your eyes, type rpm.... and hope !

I hope Im not going on too long! This is not novice stuff, and Im no expert, but allowing that there is no such thing as a stupid question, first time - get expertise or get commercial products/support.
Damien is not 'getting mad' as users - he's limiting his provision of free service: and again thanks to you Damien.

Regards to fellow effort-mongers:
Im back to working out my problem....
Robert

[PC]

FWIW
Thank you for writing that well detailed how to, Damien.

(Even though I have been running SME for over two years I still consider myself a noobie.)

I was able to install clamav and the amavis-ng as per the instructions, and when I ran into a hiccup, I examined the instructions more closely and discovered my mistake and corrected it.

Everything seems to work fine, thanks again Damien.

[Jason Ephraims]

I have installed clamav and it appears to work if i send a virus to the computer the email does not reach the receipient but all other emails work so great but i do not receive any emails saying that it has stoped a virus or i do not receive any logs indicating that it has done this. What have i done to stop the reporting side? SME 5.6