This is an update to the how to on adding ClamAV to your DA server using rpm's. The original was close to 2 years old and did not work without changes when I added ClamAV to a new server.
The original is located here for reference:
http://www.directadmin.com/forum/showthread.php?s=&threadid=3860
This is a very basic how to on adding support for ClamAV to your Directadmin server. It simply rejects all messages containing viruses. Please do not try this on a production box unless you are sure you know what you are doing and do it at your own risk. Your Directadmin box must be running Exiscan patch which all new DA releases are AFAIK. I am running on CentOS 4.2 so if you are not it could go differently.
This is based on info from here:
http://www.timj.co.uk/linux/exim.php
SSH into your box as root.
cd /var/tmp
Now we must download and install ClamAV and Clamd.
www.clamav.net or various Fedora rpm's:
http://crash.fce.vutbr.cz/crash-hat/
Since I was running CentOS 4.2 and it based on Fedora Core 3
wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-0.88-1.i386.rpm
wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-server-0.88-1.i386.rpm
rpm -Uvh clamav-0.88-1.i386.rpm
rpm -Uvh clamav-server-0.88-1.i386.rpm
Now add a cronjob to keep ClamAV up to date.
export EDITOR=nano
crontab -e
Add an entry to your crontab as follows:
46 * * * * /usr/bin/freshclam --quiet
Change 46 to a random number between 1-60 to be considerate to server load.
Alt-X to save and exit.
Next type:
clamd start
chkconfig clamd on
freshclam
This should start clamd and bring your virus signatures up to date.
Now we need to edit exim.conf. The -w turns off wordwrap in nano.
nano -w /etc/exim.conf
At the end of comments section add this:
av_scanner = clamd:127.0.0.1 3310
Type in Ctrl-W and search for the second instance of check_message
Change:
# ACL that is used after the DATA command
check_message:
accept
To this:
# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept
Do a Ctrl-X and save.
Now restart Exim
/etc/init.d/exim restart
Does it work? It should refuse all virus infected messages. Test it extensively before trusting it. Also, occasionally the ClamAV software may need updated so log in and do a freshclam to see all is ok once in a while. Unlike Mailscanner this rejects infected messages before accepting them. If you cannot get this to work please post here so someone may help you.
Matthew
The original is located here for reference:
http://www.directadmin.com/forum/showthread.php?s=&threadid=3860
This is a very basic how to on adding support for ClamAV to your Directadmin server. It simply rejects all messages containing viruses. Please do not try this on a production box unless you are sure you know what you are doing and do it at your own risk. Your Directadmin box must be running Exiscan patch which all new DA releases are AFAIK. I am running on CentOS 4.2 so if you are not it could go differently.
This is based on info from here:
http://www.timj.co.uk/linux/exim.php
SSH into your box as root.
cd /var/tmp
Now we must download and install ClamAV and Clamd.
www.clamav.net or various Fedora rpm's:
http://crash.fce.vutbr.cz/crash-hat/
Since I was running CentOS 4.2 and it based on Fedora Core 3
wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-0.88-1.i386.rpm
wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-server-0.88-1.i386.rpm
rpm -Uvh clamav-0.88-1.i386.rpm
rpm -Uvh clamav-server-0.88-1.i386.rpm
Now add a cronjob to keep ClamAV up to date.
export EDITOR=nano
crontab -e
Add an entry to your crontab as follows:
46 * * * * /usr/bin/freshclam --quiet
Change 46 to a random number between 1-60 to be considerate to server load.
Alt-X to save and exit.
Next type:
clamd start
chkconfig clamd on
freshclam
This should start clamd and bring your virus signatures up to date.
Now we need to edit exim.conf. The -w turns off wordwrap in nano.
nano -w /etc/exim.conf
At the end of comments section add this:
av_scanner = clamd:127.0.0.1 3310
Type in Ctrl-W and search for the second instance of check_message
Change:
# ACL that is used after the DATA command
check_message:
accept
To this:
# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept
Do a Ctrl-X and save.
Now restart Exim
/etc/init.d/exim restart
Does it work? It should refuse all virus infected messages. Test it extensively before trusting it. Also, occasionally the ClamAV software may need updated so log in and do a freshclam to see all is ok once in a while. Unlike Mailscanner this rejects infected messages before accepting them. If you cannot get this to work please post here so someone may help you.
Matthew
Last edited:
.
