Installing ClamAV and Qmail-Scanner
Virus Scanner
I’m currently using McAfee VirusScan on my Windows XP desktop, but I’d prefer to add virus scanning on the mail server as well. This is for two reasons:
- Defense in depth
- McAfee Virusscan breaks Outlook XP when getting mail via POP3 and there’s a virus in the email.
I’m going to look at installing ClamAV on the email server, so that incoming email is scanned for emails before delivery.
Installing ClamAV
Installation proceeds pretty much as in the instructions:
# groupadd clamav # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
It has a few prerequisites, which were missing on this box:
# apt-get install zlib1g-dev libbz2-dev libgmp2-dev
Compilation should be done as a normal user, so:
$ cd ~/src $ tar xvfz clamav-0.67.tar.gz $ cd clamav-0.67 $ ./configure --sysconfdir=/etc $ make $ su -c "make install"
Configuring ClamAV
Before you can run ClamAV, you need to edit the configuration file. About the only interesting thing I did here was to put the log file in /var/log/clamd/clamd.log, which requires making that directory writable by the clamav user.
Automatic Updates
ClamAV comes with the freshclam program, which checks for and downloads updates to the virus database. I configured it to run from cron. In /etc/cron.daily/freshclam:
#!/bin/sh /usr/local/bin/freshclam --quiet
Qmail-Scanner
To scan messages as they’re queued, I’m going to install Qmail-Scanner.
Installing maildrop
Before installing Qmail-Scanner, I needed to install Maildrop-1.3.8+.
$ tar xvfj maildrop-1.6.3.tar.bz2 $ cd maildrop-1.6.3 $ ./configure $ make $ su -c "make install"
Installing Qmail-Scanner
First it needs a separate account:
# groupadd qscand # useradd -c "Qmail-Scanner Account" -g qscand -s /bin/false qscand
It also needs a bunch of other stuff installed:
# apt-get install unzip libtime-hires-perl perl-suid
The installation’s a little screwy. You need to run ./configure once to check that it’s figured out what’s where on your system, and then run it again as ./configure --install to actually do the installation. If you miss the second step and try copying the generated file yourself, you’ll get “Permission denied” errors.
You’ll also need to increase the amount of memory allowed for qmail-smtpd, or you’ll see “qq failed: temporary error” messages in your mail client, and “Out of memory!” in /var/log/qmail/smtpd/current.
I increased the memory limit to 6Mb or so:
#!/bin/sh
# QMAILDUID=`id -u qmaild`
# NOFILESGID=`id -g qmaild`
VPOPUID=`id -u vpopmail`
VPOPGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$VPOPUID" -o -z "$VPOPGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo VPOPUID, VPOPGID, MAXSMTPD or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m **6000000** \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb \
-c "$MAXSMTPD" -u "$VPOPUID" -g "$VPOPGID" 0 smtp \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw \
/bin/true 2>&1
The installation instructions for Qmail-Scanner also talk about doing some things from a cron job, so I just created /etc/cron.daily/qmailscan:
#!/bin/sh /var/qmail/bin/qmail-scanner-queue.pl -z mv -f /var/spool/qmailscan/qmail-queue.log /var/spool/qmailscan/qmail-queue.log.1
In order to scan incoming and outgoing email, you’ll need to change your /etc/tcp.smtp file:
127.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-queue" :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
Don’t forget to reload it:
# qmailctl cdb