Installing ClamAV and Qmail-Scanner

12 Mar 2004 16:30 qmail

Virus Scanner

I’m currently using McAfee VirusScan on my Windows XP desktop, but I’d prefer to add virus scanning on the mail server as well. This is for two reasons:

  • Defense in depth
  • McAfee Virusscan breaks Outlook XP when getting mail via POP3 and there’s a virus in the email.

I’m going to look at installing ClamAV on the email server, so that incoming email is scanned for emails before delivery.

Installing ClamAV

Installation proceeds pretty much as in the instructions:

# groupadd clamav
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

It has a few prerequisites, which were missing on this box:

# apt-get install zlib1g-dev libbz2-dev libgmp2-dev

Compilation should be done as a normal user, so:

$ cd ~/src
$ tar xvfz clamav-0.67.tar.gz
$ cd clamav-0.67
$ ./configure --sysconfdir=/etc
$ make
$ su -c "make install"

Configuring ClamAV

Before you can run ClamAV, you need to edit the configuration file. About the only interesting thing I did here was to put the log file in /var/log/clamd/clamd.log, which requires making that directory writable by the clamav user.

Automatic Updates

ClamAV comes with the freshclam program, which checks for and downloads updates to the virus database. I configured it to run from cron. In /etc/cron.daily/freshclam:

#!/bin/sh

/usr/local/bin/freshclam --quiet

Qmail-Scanner

To scan messages as they’re queued, I’m going to install Qmail-Scanner.

Installing maildrop

Before installing Qmail-Scanner, I needed to install Maildrop-1.3.8+.

$ tar xvfj maildrop-1.6.3.tar.bz2
$ cd maildrop-1.6.3
$ ./configure
$ make
$ su -c "make install"

Installing Qmail-Scanner

First it needs a separate account:

# groupadd qscand
# useradd -c "Qmail-Scanner Account" -g qscand  -s /bin/false qscand

It also needs a bunch of other stuff installed:

# apt-get install unzip libtime-hires-perl perl-suid

The installation’s a little screwy. You need to run ./configure once to check that it’s figured out what’s where on your system, and then run it again as ./configure --install to actually do the installation. If you miss the second step and try copying the generated file yourself, you’ll get “Permission denied” errors.

You’ll also need to increase the amount of memory allowed for qmail-smtpd, or you’ll see “qq failed: temporary error” messages in your mail client, and “Out of memory!” in /var/log/qmail/smtpd/current.

I increased the memory limit to 6Mb or so:

#!/bin/sh

# QMAILDUID=`id -u qmaild`
# NOFILESGID=`id -g qmaild`
VPOPUID=`id -u vpopmail`
VPOPGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$VPOPUID" -o -z "$VPOPGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo VPOPUID, VPOPGID, MAXSMTPD or LOCAL is unset in
    echo /var/qmail/supervise/qmail-smtpd/run
    exit 1
fi

if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"
    exit 1
fi

exec /usr/local/bin/softlimit -m **6000000** \
    /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb \
        -c "$MAXSMTPD" -u "$VPOPUID" -g "$VPOPGID" 0 smtp \
        /var/qmail/bin/qmail-smtpd \
        /home/vpopmail/bin/vchkpw \
        /bin/true 2>&1

The installation instructions for Qmail-Scanner also talk about doing some things from a cron job, so I just created /etc/cron.daily/qmailscan:

#!/bin/sh

/var/qmail/bin/qmail-scanner-queue.pl -z
mv -f /var/spool/qmailscan/qmail-queue.log /var/spool/qmailscan/qmail-queue.log.1

In order to scan incoming and outgoing email, you’ll need to change your /etc/tcp.smtp file:

127.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

Don’t forget to reload it:

# qmailctl cdb