Installing ClamAV and Qmail-Scanner
I’m currently using McAfee VirusScan on my Windows XP desktop, but I’d prefer to add virus scanning on the mail server as well. This is for two reasons:
- Defense in depth
- McAfee Virusscan breaks Outlook XP when getting mail via POP3 and there’s a virus in the email.
I’m going to look at installing ClamAV on the email server, so that incoming email is scanned for emails before delivery.
Installation proceeds pretty much as in the instructions:
# groupadd clamav # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
It has a few prerequisites, which were missing on this box:
# apt-get install zlib1g-dev libbz2-dev libgmp2-dev
Compilation should be done as a normal user, so:
$ cd ~/src $ tar xvfz clamav-0.67.tar.gz $ cd clamav-0.67 $ ./configure --sysconfdir=/etc $ make $ su -c "make install"
Before you can run ClamAV, you need to edit the configuration file. About the only interesting thing I did here was to put the log file in
/var/log/clamd/clamd.log, which requires making that directory writable by the
ClamAV comes with the
freshclam program, which checks for and downloads updates to the virus database. I configured it to run from
#!/bin/sh /usr/local/bin/freshclam --quiet
To scan messages as they’re queued, I’m going to install Qmail-Scanner.
Before installing Qmail-Scanner, I needed to install Maildrop-1.3.8+.
$ tar xvfj maildrop-1.6.3.tar.bz2 $ cd maildrop-1.6.3 $ ./configure $ make $ su -c "make install"
First it needs a separate account:
# groupadd qscand # useradd -c "Qmail-Scanner Account" -g qscand -s /bin/false qscand
It also needs a bunch of other stuff installed:
# apt-get install unzip libtime-hires-perl perl-suid
The installation’s a little screwy. You need to run
./configure once to check that it’s figured out what’s where on your system, and then run it again as
./configure --install to actually do the installation. If you miss the second step and try copying the generated file yourself, you’ll get “Permission denied” errors.
You’ll also need to increase the amount of memory allowed for qmail-smtpd, or you’ll see “qq failed: temporary error” messages in your mail client, and “Out of memory!” in
I increased the memory limit to 6Mb or so:
#!/bin/sh # QMAILDUID=`id -u qmaild` # NOFILESGID=`id -g qmaild` VPOPUID=`id -u vpopmail` VPOPGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$VPOPUID" -o -z "$VPOPGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo VPOPUID, VPOPGID, MAXSMTPD or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m **6000000** \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb \ -c "$MAXSMTPD" -u "$VPOPUID" -g "$VPOPGID" 0 smtp \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw \ /bin/true 2>&1
The installation instructions for Qmail-Scanner also talk about doing some things from a cron job, so I just created
#!/bin/sh /var/qmail/bin/qmail-scanner-queue.pl -z mv -f /var/spool/qmailscan/qmail-queue.log /var/spool/qmailscan/qmail-queue.log.1
In order to scan incoming and outgoing email, you’ll need to change your
Don’t forget to reload it:
# qmailctl cdb