Topic: CLAMAV Installation

[Mike]

Everyone,  I have intalled clamav--20030605-1.i386.rpm on my 5.6 box and installation was successful. The process is running as clamd. So this will scan my incoming and outgoing mails? or Do I have to configure something to scan the mails? And one thing I was confuse as I have search the archive forum, do I have to install the amavis package too in order to run my clamav?

Please advise which one will I edit?

Sorry for many question, just I need to secure my email server?

Thank you very much......


Mike

[Cyrus Bharda]

Mike,

There is a howto on installing ClamAV which I have followed and installed fine on my 5.5:

http://pagefault.org/howto/amavis_clam.shtml

Thanks to Damien for writing and hosting it all!

Cyrus Bharda

[Mike]

Thanks Cyrus,

I had just followed the in http://pagefault.org/howto/amavis_clam.shtml, how do I test it if it is running well, let say for email attachment...

Regards,

Mike

[guestHH]

A specific virus test can be found here:

http://www.rexswain.com/eicar.html

[Maggard]

guestHH wrote:
>
> A specific virus test can be found here:
>
> http://www.rexswain.com/eicar.html

Just to clarify that is NOT a virus.

The EICAR file is a standard alphanumeric string that all major anti-virus vendors have agreed to identify as a "virus" for testing purposes. It is absolutely harmless.

[Mike]

I have tried it download and email it to my self, the sme server didn't react only my Norton react during downloading it from sme server to my desktop. even if I tried to clamscan -ri /home/e-smitch/files/users
there's nothing virus found.....

Do i need to configure it again to interact  to my incoming and outgoing mails?

Please advise.

Thanks for all your help I really appreciate it.

[jason]

I have followed the instructions by Damien on the pagedefault.org website and I got it to work, but it only scans incoming mail.  So basically if I send an email  to the smeserver it gets scanned, but outgoing mail is not scanned at all.  Does anybody know how to do this?

Thanks for your help.

Jason

[Lloyd Keen]

Mike,
Yes, you do have to download the amavis-ng package as well as all the other required packages. The sample conf file needs to be placed in /etc/amavis-ng/amavis.conf and you will need to edit this file and replace all references to /etc/amavis with /etc/amavis-ng. You also need to change the ownership of the log file with #chown qmailq /var/log/amavis-ng/amavis.log  The command to update the db is /sbin/e-smith/db configuration setprop smtpfront-qmail filter /usr/bin/qmail-queue.amavis (note the path is /bin not /sbin) Also make sure clamd is running #/etc/rc.d/init.d/clamd status. Hope this helps.
Regards Lloyd

[Lloyd Keen]

Jason, I've installed it on 5.6u4 and it scans both incoming and outgoing mail for me. Here is the mail I received after sending the eicar test from within my lan.
Our virus checker has found potentially malicious code in a mail by
you. Delivery has been stopped. For further questions, please contact XXXXXX
The message has been quarantined as 3ee9e159-2fbd.


CLAM Anti Virus found:
 Eicar-Test-Signature

[jason]

Thanks Lloyd for the reply.

So knowing that it works for you and knowing that it that it does scan incoming email, how can I change the configuration to scan outgoing?  Or is it supposed to do it automatically per the installation instructions from the pagedefault.org?

[Joe]

I have installed this followed instructions from pagefault BUT i cant seem to get my domain scanning basically im testing on a example.com server and have changed the settings as per Lloyds post but still not scanning emails

can anyone help or anymore pointers?

Cheers

[Walter Padgett]

Good Afternoon,

Welp, I'm screwed. I followed all the instructions but I think there's one little kink that I should have asked about. I have the mailfront contrib stuff installed as well as the blacklist contrib. I don't remember exactly the filenames but when I installed clamav, I can't send or receive email now. I tested it out on a local station and Outlook Express said that the server returned a permanent qmail-queue error. How do I uninstall all this stuff now? Acckkk.... That's the trouble I get into, I install contribs that I like and find other ones later that add this or that feature. After installing the new contrib, I screw something else up because an earlier contrib used some of the same files or I already have something newer like perl or some libcap. Installation scripts then screw up because they don't think things were installed correctly and such. Well where I think I went wrong is that I downloaded all the perl stuff that was on the website. I did the rpm -Uvh which upgrades right? Well now everything is at a grinding stop. I'm going to try and rpm -e all the rpm's that I just installed and clear some of the config files I setup. After doing all that though, the stuff I had to execute from the /sbin/e-smith/db command lines that were shown in the how-to, how do I undo that?

Whew, that was a run-on paragraph but, where I'm trying to go is to get the contribs I like installed. I guess where I need guidance is what to look for before installing. For example, if I find a contrib I like and it has a script to install it all but older versions of libcap and/or perl, do I erase the currently installed rpm's and then install the newer version? If I do that, will the older contrib usually work? If it's the other way around and the contrib has older stuff and an installation script to install the older stuff, do I strip out the lines that installs the older rpm's and see if it completes the install?

Thanks for the help,

Wally

[Lloyd Keen]

Walter,
/sbin/e-smith/db configuration setprop smtpfront-qmail filter /var/qmail/bin/qmail-queue followed by /sbin/e-smith/signal-event email-update will revert back to the original mail setup.

[Walter Padgett]

Good Afternoon,

Much obliged!!!!!!!!!!!!!!!!!!

Did anything that I was talking about make any sense?

Let me try to clarify it a little better, I was a little exasperated when writing the post.

I install contrib A that deals with email and has an installation script that installs v2.2 of perl (for this illustration.) After looking around I find contrib B that adds a nice little feature to email that I really want. After downloading it and looking at the rpm's, I determine that it comes with v1.2 of perl. Sometimes contribs.orge with installation scripts and sometimes they don't, either way, do most programs work with newer versions of the dependencies they require? If it comes with an installation script, I've run into a deal with squidguard that installs ACL's but there was something else that I installed before that or the latest release of SME had a newer version of squidguard. Do I remove the lines that deal with the rpm's? I tried that but I don't think it installed properly.

I understand that Linux is a freelance type of OS but are there any standards out there that dictate some of these issues? For example, a standard for installing, uninstalling, compiling, etc. A structure so to speak, do A before B when installing and vica-versa on uninstalling.

I don't claim to know alot about Linux and the internals of the OS but, after working with QS9000 and other similiar standards for manufacturing is skewing my perception of contribs and the likes.

The only example I have that is somewhat in context here is the add-on system that a freelancer developed for IPCOP. It appeared that he had made a structure for contribs and if any author wanted to use his system, they had to meet certain criteria. I like that type of methodology(?) I guess.

A penny for your thoughts, mine get too long sometimes, acckkk...

Wally

[AP]

Hi,

i have problems

tail /var/log/smtpfront-qmail/current

shows

Use of uninitialized value in undef operator at /usr/lib/perl5/site_perl/5.6.1/AMAVIS/MTA/Qmail.pm line 417, line 36.

and mail put into problems directory...

and amavis-ng log shows

Starting AMaViS 0.1.6.4
: Unpacking message in /var/spool/amavis-ng/amavis-unpack-3eea96e5-4769
: AMAVIS: Determined 00000000 to be type message/rfc822
: AMAVIS: Determined 00000001 to be type text/plain
: Not attempting to unpack 00000001
: AMAVIS::AV::CLAMD: Unknown virus scanner output: /var/spool/amavis-ng/amavis-unpack-3eea96e5-4769: Can't access the file ERROR
: Error while scanning for viruses with AMAVIS::AV::CLAMD:
: AMAVIS::MTA::Qmail: Freezing message
: Quarantining infected message to /var/spool/amavis-ng/problems/3eea96e5-4769
: AMAVIS::MTA::Qmail: /var/qmail/bin/qmail-queue exited: 0
: AMAVIS: Cleaning up.
: AMAVIS: Done.
: Starting AMaViS 0.1.6.4



thanks...