ClamAV + Debian 3.1 Quick Guide

LukaszTMM

Verified User
Joined
Mar 22, 2006
Messages
7
Tested on DirectAdmin v1.26.3.

0) Of course, login using SSH as root.

1) Install ClamAV suite:

apt-get install clamav-daemon clamav-freshclam

2) Modify clamav user group permissions:

usermod -G clamav,amavis,mail clamav

3) Restart deamons:

/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon restart

4) Edit /etc/exim.conf using Your favorite editor (if you don't know how, see bottom of this post):

4.1) below 'system_filter = /etc/system_filter.exim' add folowing line:

av_scanner = clamd:/var/run/clamav/clamd.ctl

4.2) find:

# ACL that is used after the DATA command
check_message:
accept

and replace with:

# ACL that is used after the DATA command
check_message:
deny message = Virus found: $malware_name
malware = *
accept

5) Restart exim:

/etc/init.d/exim restart

6) Test your setup using Eicar Antivirus Test file:

http://eicar.com/anti_virus_test_file.htm

(please, note: you propably will need to disable antivirus software on your desktop, so be carefull, i cannot be responsible for any damages that your computer occur in this moment, but eicar.com is not in fact a real virus, it's just dummy data that most of antivirus software recognize as a test file)

You should get error message like '550 Virus found: Eicar-Test-Signature'.

That's all.

Good luck!

Regards.

PS. If you don't have any idea how to edit exim.conf file, you can use Midnight Commander file manager, which is simmilar to good old Norton Commander. Type 'mc' to run it. If your system lacks of mc, try 'apt-get install mc' to install mc, and then, once again run mc. Then, go to /etc directory, find exim.conf file, and like in old good NC, press F4 (or 'Escape' and after that '4' if F4 doesn't work) to edit file, after that, F10 to quit.
 
You can also setup service monitor to watch if clamav works:

in file /usr/local/directadmin/data/admin/services.status add 'clamd=ON' at bottom
 
How to check if it updates the virus libs

Hi there all,

How will I know if clamav updated it's antivirus list/database?

Regards, Jeroen.
 
Do we need to do anything differently if we are running dovecot?

Best Regards,

Keefe
 
This setup affecting mail scaning during SMTP transactions, so all things are handled by exim. In fact, there's no scanning mail in IMAP folders or POP3 mailboxes since all mails are rejected during receiving them from others servers or users via SMTP protocol. This is little security hole, since somebody can copy mail with virus using IMAP folders, but those are protected using password, and still, after that if you try to forward infected message from IMAP folder using mail client, it will be once again sent via SMTP protocol, so it will be rejected.

Hope that help and i make myself clrear.

Regards.
 
Back
Top