On 03.01.2007 15:32, * Roger Thomas wrote:
> I have a working qmail-ldap and decided today to try out clamav with simscan.
>
> 1) I started off with the installation of clamav. In clamd.conf, I set the
> User variable to root.
>
> 2) I setup freshclam under cron and then started clamd.
>
> 3) Then I created the simscan user with
> useradd -g clamav -s /bin/false -c "Simscan" simscan
>
> 4) I ran configure with:
> ./configure --enable-attach=y --enable-clamav=y \
> --enable-received=y --enable-clamavdb-path=/var/lib/clamav
>
> (I have daily.cvd and main.cvd under /var/lib/clamav)
>
> and got these:
>
> Current settings
> ---------------------------------------
> user = simscan
> qmail directory = /var/qmail
> work directory = /var/qmail/simscan
> control directory = /var/qmail/control
> qmail queue program = /var/qmail/bin/qmail-queue
> clamdscan program = /usr/local/bin/clamdscan
> clamav scan = ON
> trophie scanning = OFF
> attachement scan = ON
> ripmime program = /usr/local/bin/ripmime
> custom smtp reject = OFF
> drop message = OFF
> regex scanner = OFF
> quarantine processing = OFF
> domain based checking = OFF
> add received header = ON
> spam scanning = OFF
>
> 5) Then I ran make and make install-strip
>
> 6) I have the simcontrol file in /var/qmail/control like this:
> :clam=yes,spam=no
>
> 7) Then I ran
> /var/qmail/bin/simscanmk
> /var/qmail/bin/simscanmk -g
>
> 8) In /var/qmail/control/ssattach, I have:
> .vbs
> .scr
> .wsh
> .hta
> .pif
> .lnk
> .cpl
> .exe
> .bat
> .com
> .bas
> .class
> .ocx
>
>
> 9) Then I tested simscan from the command line:
> # env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
> /var/qmail/bin/qmail-inject sniper@home.net.my < /etc/passwd
>
> which spitted these msgs that everything was OK:
>
> simscan: starting: work dir: /var/qmail/simscan/1167833067.205258.29673
> simscan: cdb looking up version attach
> simscan: calling clamdscan
> simscan: cdb looking up version clamav
> simscan: normal clamdscan return code: 0
> simscan: done, execing qmail-queue
> simscan: qmail-queue exited 0
>
>
> 10) Then I edited my /var/qmail/service/smtpd/tcp to activate simscan:
> 127.:allow,RELAYCLIENT=""
> 192.168.10.221:allow,RBL="",RCPTCHECK="",RELAYCLIENT="",SMTPAUTH="AUTHREQUIRED",QMAILQUEUE="/var/qmail/bin/simscan"
> :allow,RBL="",RCPTCHECK="",SMTPAUTH="AUTHREQUIRED",QMAILQUEUE="/var/qmail/bin/simscan"
>
> Then I ran make in /var/qmail/service/smtpd
>
> 11) My /var/qmail/service/smtpd/run looks like:
> #!/bin/sh
> exec 2>&1 \
> envdir ./env \
> sh -c '
> case "$REMOTENAME" in h) H=;; p) H=p;; *) H=H;; esac
> case "$REMOTEINFO" in r) R=;; [0-9]*) R="t$REMOTEINFO";; *) R=R;; esac
> exec \
> envuidgid qmaild \
> softlimit ${DATALIMIT+"-d$DATALIMIT"} \
> /usr/local/bin/tcpserver \
> -vDU"$H$R" \
> ${LOCALNAME+"-l$LOCALNAME"} \
> ${BACKLOG+"-b$BACKLOG"} \
> ${CONCURRENCY+"-c$CONCURRENCY"} \
> -xtcp.cdb \
> -- "${IP-0}" "${PORT-25}" \
> /var/qmail/bin/qmail-smtpd /var/qmail/bin/auth_smtp /usr/bin/true
> '
>
> 12) I am able to send a plain email with NO attachment and also able to send
> email with attachment that is NOT a virus. All went thru.
>
> 13) But when I sent an email with a virus attachment (eicar_com.zip), I will
> get this error msg:
>
> @40000000459bbad0233b5b14 qmail-smtpd 30456: message permanently not accepted
> because: mail server permanently rejected message (#5.3.0)
>
>
>
> I have read some archives but am not sure what and how to proceed. I need
> help, please.
>
>
> --
> roger
>
>
> ---------------------------------------------------
> Sign Up for free Email at http://ureg.home.net.my/
> ---------------------------------------------------
Well as far as I understand, rejecting virus infected messages is the
reason for all this. It works as designed in my opinion.
However, if you wish to have custom SMTP reject message which tells the
sender, why the mail was rejected, you need an additional patch for
qmail-ldap.
Available here: http://delink.net/software.php
In any other case you have to specify what it is, that does not worl as
you expected.
Greetings from Switzerland
Alain
|