I have a working qmail-ldap and decided today to try out clamav with simscan.
1) I started off with the installation of clamav. In clamd.conf, I set the User
variable to root.
2) I setup freshclam under cron and then started clamd.
3) Then I created the simscan user with
useradd -g clamav -s /bin/false -c "Simscan" simscan
4) I ran configure with:
./configure --enable-attach=y --enable-clamav=y \
--enable-received=y --enable-clamavdb-path=/var/lib/clamav
(I have daily.cvd and main.cvd under /var/lib/clamav)
and got these:
Current settings
---------------------------------------
user = simscan
qmail directory = /var/qmail
work directory = /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program = /var/qmail/bin/qmail-queue
clamdscan program = /usr/local/bin/clamdscan
clamav scan = ON
trophie scanning = OFF
attachement scan = ON
ripmime program = /usr/local/bin/ripmime
custom smtp reject = OFF
drop message = OFF
regex scanner = OFF
quarantine processing = OFF
domain based checking = OFF
add received header = ON
spam scanning = OFF
5) Then I ran make and make install-strip
6) I have the simcontrol file in /var/qmail/control like this:
:clam=yes,spam=no
7) Then I ran
/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g
8) In /var/qmail/control/ssattach, I have:
.vbs
.scr
.wsh
.hta
.pif
.lnk
.cpl
.exe
.bat
.com
.bas
.class
.ocx
9) Then I tested simscan from the command line:
# env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
/var/qmail/bin/qmail-inject sniper@home.net.my < /etc/passwd
which spitted these msgs that everything was OK:
simscan: starting: work dir: /var/qmail/simscan/1167833067.205258.29673
simscan: cdb looking up version attach
simscan: calling clamdscan
simscan: cdb looking up version clamav
simscan: normal clamdscan return code: 0
simscan: done, execing qmail-queue
simscan: qmail-queue exited 0
10) Then I edited my /var/qmail/service/smtpd/tcp to activate simscan:
127.:allow,RELAYCLIENT=""
192.168.10.221:allow,RBL="",RCPTCHECK="",RELAYCLIENT="",SMTPAUTH="AUTHREQUIRED",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,RBL="",RCPTCHECK="",SMTPAUTH="AUTHREQUIRED",QMAILQUEUE="/var/qmail/bin/simscan"
Then I ran make in /var/qmail/service/smtpd
11) My /var/qmail/service/smtpd/run looks like:
#!/bin/sh
exec 2>&1 \
envdir ./env \
sh -c '
case "$REMOTENAME" in h) H=;; p) H=p;; *) H=H;; esac
case "$REMOTEINFO" in r) R=;; [0-9]*) R="t$REMOTEINFO";; *) R=R;; esac
exec \
envuidgid qmaild \
softlimit ${DATALIMIT+"-d$DATALIMIT"} \
/usr/local/bin/tcpserver \
-vDU"$H$R" \
${LOCALNAME+"-l$LOCALNAME"} \
${BACKLOG+"-b$BACKLOG"} \
${CONCURRENCY+"-c$CONCURRENCY"} \
-xtcp.cdb \
-- "${IP-0}" "${PORT-25}" \
/var/qmail/bin/qmail-smtpd /var/qmail/bin/auth_smtp /usr/bin/true
'
12) I am able to send a plain email with NO attachment and also able to send
email with attachment that is NOT a virus. All went thru.
13) But when I sent an email with a virus attachment (eicar_com.zip), I will
get this error msg:
@40000000459bbad0233b5b14 qmail-smtpd 30456: message permanently not accepted
because: mail server permanently rejected message (#5.3.0)
I have read some archives but am not sure what and how to proceed. I need help,
please.
--
roger
---------------------------------------------------
Sign Up for free Email at http://ureg.home.net.my/
---------------------------------------------------
|