Roger Thomas schrieb:
I have a working qmail-ldap and decided today to try out clamav with simscan.
1) I started off with the installation of clamav. In clamd.conf, I set the User
variable to root.
2) I setup freshclam under cron and then started clamd.
3) Then I created the simscan user with
useradd -g clamav -s /bin/false -c "Simscan" simscan
4) I ran configure with:
./configure --enable-attach=y --enable-clamav=y \
--enable-received=y --enable-clamavdb-path=/var/lib/clamav
(I have daily.cvd and main.cvd under /var/lib/clamav)
and got these:
Current settings
---------------------------------------
user = simscan
qmail directory = /var/qmail
work directory = /var/qmail/simscan
control directory = /var/qmail/control
qmail queue program = /var/qmail/bin/qmail-queue
clamdscan program = /usr/local/bin/clamdscan
clamav scan = ON
trophie scanning = OFF
attachement scan = ON
ripmime program = /usr/local/bin/ripmime
custom smtp reject = OFF
drop message = OFF
regex scanner = OFF
quarantine processing = OFF
domain based checking = OFF
add received header = ON
spam scanning = OFF
5) Then I ran make and make install-strip
6) I have the simcontrol file in /var/qmail/control like this:
:clam=yes,spam=no
7) Then I ran
/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g
8) In /var/qmail/control/ssattach, I have:
.vbs
.scr
.wsh
.hta
.pif
.lnk
.cpl
.exe
.bat
.com
.bas
.class
.ocx
9) Then I tested simscan from the command line:
# env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
/var/qmail/bin/qmail-inject sniper@home.net.my < /etc/passwd
which spitted these msgs that everything was OK:
simscan: starting: work dir: /var/qmail/simscan/1167833067.205258.29673
simscan: cdb looking up version attach
simscan: calling clamdscan
simscan: cdb looking up version clamav
simscan: normal clamdscan return code: 0
simscan: done, execing qmail-queue
simscan: qmail-queue exited 0
10) Then I edited my /var/qmail/service/smtpd/tcp to activate simscan:
127.:allow,RELAYCLIENT=""
192.168.10.221:allow,RBL="",RCPTCHECK="",RELAYCLIENT="",SMTPAUTH="AUTHREQUIRED",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,RBL="",RCPTCHECK="",SMTPAUTH="AUTHREQUIRED",QMAILQUEUE="/var/qmail/bin/simscan"
Then I ran make in /var/qmail/service/smtpd
11) My /var/qmail/service/smtpd/run looks like:
#!/bin/sh
exec 2>&1 \
envdir ./env \
sh -c '
case "$REMOTENAME" in h) H=;; p) H=p;; *) H=H;; esac
case "$REMOTEINFO" in r) R=;; [0-9]*) R="t$REMOTEINFO";; *) R=R;; esac
exec \
envuidgid qmaild \
softlimit ${DATALIMIT+"-d$DATALIMIT"} \
/usr/local/bin/tcpserver \
-vDU"$H$R" \
${LOCALNAME+"-l$LOCALNAME"} \
${BACKLOG+"-b$BACKLOG"} \
${CONCURRENCY+"-c$CONCURRENCY"} \
-xtcp.cdb \
-- "${IP-0}" "${PORT-25}" \
/var/qmail/bin/qmail-smtpd /var/qmail/bin/auth_smtp /usr/bin/true
'
12) I am able to send a plain email with NO attachment and also able to send
email with attachment that is NOT a virus. All went thru.
13) But when I sent an email with a virus attachment (eicar_com.zip), I will
get this error msg:
@40000000459bbad0233b5b14 qmail-smtpd 30456: message permanently not accepted
because: mail server permanently rejected message (#5.3.0)
I have read some archives but am not sure what and how to proceed. I need help,
please.
--
roger
Hi Roger!
I think you did nothing wrong, it is simscans default behavior to reject
mails containing viruses.
You can use the qmail-queue-custom-error.patch (attached)
http://qmailwiki.org/Simscan/README#How_SMTP_rejection_works
and/or have a look at "quarantine processing"
Regards,
Manfred
--- qmail.c.old 2005-07-04 08:22:18.000000000 -0500
+++ qmail.c 2005-07-04 08:23:01.000000000 -0500
@@ -32,6 +32,7 @@
{
int pim[2];
int pie[2];
+ int pierr[2];
#ifdef ALTQUEUE
setup_qqargs();
@@ -39,17 +40,26 @@
if (pipe(pim) == -1) return -1;
if (pipe(pie) == -1) { close(pim[0]); close(pim[1]); return -1; }
+ if (pipe(pierr) == -1) {
+ close(pim[0]); close(pim[1]);
+ close(pie[0]); close(pie[1]);
+ close(pierr[0]); close(pierr[1]);
+ return -1;
+ }
switch(qq->pid = vfork()) {
case -1:
+ close(pierr[0]); close(pierr[1]);
close(pim[0]); close(pim[1]);
close(pie[0]); close(pie[1]);
return -1;
case 0:
close(pim[1]);
close(pie[1]);
+ close(pierr[0]); /* we want to receive data */
if (fd_move(0,pim[0]) == -1) _exit(120);
if (fd_move(1,pie[0]) == -1) _exit(120);
+ if (fd_move(4,pierr[1]) == -1) _exit(120);
if (chdir(auto_qmail) == -1) _exit(61);
execv(*binqqargs,binqqargs);
_exit(120);
@@ -57,6 +67,7 @@
qq->fdm = pim[1]; close(pim[0]);
qq->fde = pie[1]; close(pie[0]);
+ qq->fderr = pierr[0]; close(pierr[1]);
substdio_fdbuf(&qq->ss,subwrite,qq->fdm,qq->buf,sizeof(qq->buf));
qq->flagerr = 0;
return 0;
@@ -141,10 +152,21 @@
{
int wstat;
int exitcode;
+ int match;
+ char ch;
+ static char errstr[256];
+ int len = 0;
qmail_put(qq,"",1);
if (!qq->flagerr) if (substdio_flush(&qq->ss) == -1) qq->flagerr = 1;
close(qq->fde);
+ substdio_fdbuf(&qq->ss,read,qq->fderr,qq->buf,sizeof(qq->buf));
+ while( substdio_bget(&qq->ss,&ch,1) && len < 255){
+ errstr[len]=ch;
+ len++;
+ }
+ if (len > 0) errstr[len]='\0'; /* add str-term */
+ close(qq->fderr);
if ((unsigned long)wait_pid(&wstat,qq->pid) != qq->pid)
return "Zqq waitpid surprise (#4.3.0)";
@@ -177,8 +199,11 @@
case 81: return "Zqq internal bug (#4.3.0)";
case 120: return "Zunable to exec qq (#4.3.0)";
default:
+ if (exitcode == 82 && len > 2){
+ return errstr;
+ }
if ((exitcode >= 11) && (exitcode <= 40))
- return "Dqq permanent problem (#5.3.0)";
+ return "Dqq permanent problem (#5.3.0)";
return "Zqq temporary problem (#4.3.0)";
}
}
--- qmail.h.old 2005-07-04 08:22:18.000000000 -0500
+++ qmail.h 2005-07-04 08:22:36.000000000 -0500
@@ -8,6 +8,7 @@
unsigned long pid;
int fdm;
int fde;
+ int fderr;
substdio ss;
char buf[1024];
} ;
|