SpamBlocker3 includes Clam-AV support

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,113
Location
California
SpamBlocker3 includes ClamAV support. It will be optional of course as some of us may not want to install ClamAV on our servers.

This is a feature that users have asked for as part of the default DA installation for some time, and as soon as SpamBlocker3 comes out of beta you can probably expect Mark and John to include it in DirectAdmin. But it'll be up to them to include ClamAV or not, so be sure to make your wishes known.

Jeff
 
If you used the MailScanner and Clam AV how-to, you were required to replace the exim.pl. Since Spamblocker v3 requires you to replace the exim.pl, can i ask what was changed so they both can work together?
 
We don't use exiscan. There's nothing in the SpamBlocker version of exim.conf ClamAV installation that requires anything special in exim.pl.

The reason we require the newest version of exim.pl (we copied it from exim.pl.beta on DA's site) is that we've incorporated some of DA's latest changes to avoid duplicate emails in pipes (changes they've made in their exim.conf.beta file), and those changes require the latest exim.pl.

Jeff
 
ok, n00b question:

i know its beta (but not for long) but how do you install "this" ? If im correct the 'spamblocker#' is just an exim.conf file, right ?

so i just apt-get install clamav and wget that file and restart exim ?
 
nzyme said:
ok, n00b question:

i know its beta (but not for long) but how do you install "this" ? If im correct the 'spamblocker#' is just an exim.conf file, right ?

so i just apt-get install clamav and wget that file and restart exim ?

Just make sure that the socket path used by clamav (default or clamav.conf) match the one in exim, or it will freeze mail
see on the first exim.conf lines
# verify clamd.conf LocalSocket /tmp/clamd
# av_scanner = clamd:/var/run/clamav/clamd
# used with wael's scripts (@how@to)
av_scanner = clamd:/tmp/clamd
#change according your need and restart clamd/exim

you need exim.conf and exim.pl but it's easy to see the change in exim.conf against older exim.conf, same with .pl
If you don't know stay with same exim.conf/exim.pl pair to be sure it will run.
 
and the .pl and .conf file are at nobalony.net ?

apt-get install clamav should be good i guess, as long as i set the socket path correct in the exim.conf file right ? :)
 
xemaps's response is good, but perhaps a bit confusing for some not familiar with exim.conf editing, and it misses a few points.

So here's the official :) install instructions for now:

These instructions are only for use with installations already running SpamBlocker2; if you're still running an earlier version of SpamBlocker you should update your installation to SpamBlocker2 before beginning this installation, as it requres the addition of several files in /etc/virtual, and also possibly the moving of information from one file to two new files.

Once we've released the final version we'll be offering an installation service, and of course anyone else may do the same.

We recommend using the latest version of exim the DirectAdmin staff has made available for your distribution; how to verify that is beyond the scope of this post, but you should know that all our tests have been performed with Exim version 4.60 as available on the DA download site. If updating Exim wants to install a new exim.conf file, you can ignore that as you'll be installing your own further down in this post.

The following must be done before writing the new SpamBlocker3 exim.conf file over your current file at /etc/exim.conf.

First backup your current exim.conf and exim.pl files:
Code:
# cp /etc/exim.conf /root
# cp /etc/exim.pl /root

Then install the new empty file needed by the new exim.conf file.
Code:
# touch /etc/virtual/skip_av_domains
# chown mail:mail /etc/virtual/skip_av_domains
# chmod 644 /etc/virtual/skip_av_domains

Next, install ClamAV by your favorite method. The method we suggest in our ReadMe installs ClamAV from source and is fully compatible with the av_scanner line in the new exim.conf file. However, you may use any method of installing ClamAV, as long as you edit the av_scanner line in the new exim.conf file to match where your installation of ClamAV installs the necessary socket. In a new installation of our SpamBlocker3 exim.conf file the line with the av_scanner setting is probably line 210, but this could change.

Next, download the correct copy of the SpamBlocker exim.conf file for your installation; they're currently available at:

http://www.nobaloney.net/downloads/spamblocker/DirectAdminSpamBlocker3/

We have four different versions available now:

SpamBlockerNoClamAV-Dovecot.exim.conf.3.0-beta 23-Dec-2006 20:35 39k
SpamBlockerNoClamAV-mbox.exim.conf.3.0-beta 23-Dec-2006 20:35 39k
SpamBlockerYesClamAV-Dovecot.exim.conf.3.0-beta 23-Dec-2006 20:35 40k
SpamBlockerYesClamAV-mbox.exim.conf.3.0-beta 23-Dec-2006 20:35 40k

Be sure to download the right version. Installing a version not currently compatible with your system will NOT update the sytem; it will simply create a system that won't work.

However do NOT install the new file yet; download it to a work area first.

Then, so you don't forget, download and install the new exim.pl file. This file was written by DirectAdmin; all we do is provide a convenient place to get it, on the same page where we've put our beta Spamblocker3 exim.conf files.

You may download the exim.pl file on the same page as the above listed SpamBlocker3 exim.conf files, or you may download it from DirectAdmin.

You should install the exim.pl file right away by overwriting the file at /etc/exim.pl. If you download it directly from our site to your server you can use it as is but remember if you download it using wget, from the same directory where it already exists; it won't overwrite the working file; the new download will be renamed with a .# suffix where the # may be 1 or higher.

Installing the exim.pl file immediately will not affect your exim installation, so do it before you do anything further.

After you've done that it's your responsibility to modify the new exim.conf file: find the lines including:

http://www.example.com/

and replace the reference with a reference to your own SpamBlocker unblock page, so that anyone who may become accidentally unblocked will have a place where they can visit to learn how to be unblocked. In a new installation of our SpamBlocker3 exim.conf file those lines are probably: 405, 411, 416, 423, 505, 513, 520, 527, 534, 541 and 553, but this could change.

Next create the page, if you've not already done so.

You may want to have unblock instructions on your unblock page; we find that allowing everyone to request unblocking, and unblocking everyone, doesn't cause problems as spammers never get to the page.

You can either have folk contact you using a form or by email. If you want people to be able to reach you by email you have to supply a whitelisted email address for them to use or they may not be able to reach you.

If you decide to use an email address for receiving unblock requests rather than a form be sure to unblock that address; in the new exim.conf file find the three lines which include:

[email protected]

In our distributed file it may be at or near line 386, but that may change.

You don't need to change that line but you should change the next two lines. local_parts needs to be equal to the left side of the @ symbol in the address you use, and domains needs to be equal to the right side of the @ symbol.

Once you've done that you should be ready to install the newly edited exim.conf file.

If you've edited the file on a desktop system you'll need to ftp it to your server as an ascii file.

Then copy the file over your current exim.conf file:
Code:
# cp SpamBlocker*ClamAV-*.exim.conf /etc/exim.conf

Now restart exim.

How you restart exim from the command line differs depending on your OS distribution; if you don't know how to do it from the command line do it from your control panel login.

Be sure to tail the exim mainlog for a while to make sure everything is working:
Code:
# tail -f /var/log/exim/mainlog
If you have problems restore the old exim.conf file and restart exim again to restore your old configuration.

I hope this helps.

Jeff
 
nzyme said:
and the .pl and .conf file are at nobalony.net ?
You've spelled it wrong; I'd hate to have anyone not be able to find it :)

http://www.nobaloney.net/downloads/spamblocker/DirectAdminSpamBlocker3/

The exim.pl file is the same as the one available at:

http://files.directadmin.com/services/

I've just put it at my site for convenience.
apt-get install clamav should be good i guess, as long as i set the socket path correct in the exim.conf file right ? :)
I haven't tried it but as far as I know, it should work as long as you change the socket reference.

Jeff
 
I don't know. You'd have to ask DA staff what changes they made to their exim installation. I do know that the exim.pl and exim.conf files are different but I don't know if there are any other differences.

I'll bring your question to their attention.

Jeff
 
damn, it keeps spitting these errors when trying to send an email to somewhere..
2006-12-29 01:36:01 1H05j7-0005ko-0g malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1H05j7-0005ko-0g: Access denied. ERROR
running clamav from apt-get install and da_exim from files.directadmin.com/services version 4.63

also got exim.conf and .pl from you :)

my guess is the clamav user cant do **** in the /var/spool/exim/scan/* dir, but then again, ive chmodded them all to allow that.. Even gave /scan chmod 777...
 
Last edited:
Hello,

The main things that are "our way" would be the inclusion of the perl.o module for perl script scanning.. that's about it.
Everything else is setup in the exim.conf.. so as long as you're using our exim.conf.. in theory it should work fine... (unless I'm missing some other important compile time options).

If the debian exim binaries use all the same default paths, includes the perl.o module, and you use our exim.conf.. it might work just fine.

John
 
DirectAdmin Support said:
Hello,

The main things that are "our way" would be the inclusion of the perl.o module for perl script scanning.. that's about it.
Everything else is setup in the exim.conf.. so as long as you're using our exim.conf.. in theory it should work fine... (unless I'm missing some other important compile time options).

If the debian exim binaries use all the same default paths, includes the perl.o module, and you use our exim.conf.. it might work just fine.

John
im using your DA_EXIM v4.63 so i recon all should be ok ?
 
So the summary of all this is? Please correct me if I am wrong:

Backup your exim.conf and exim.pl

Download the latest DA exim.pl only because it has the perl.o addition. However it will run without this change.

Install ClamAV from your choice of source, ports, or rpm.

touch /etc/virtual/skip_av_domains
chmod 755 /etc/virtual/skip_av_domains
chown mail:mail /etc/virtual/skip_av_domains

Download the new exim.conf for spamblocker v3.

Restart Exim.

Does that sum it up pretty well?


Big Wil
 
Last edited:
BigWil I don't know who you're responding to, me, or John.

If you're responding to me I'd say always use the latest exim.pl, as it's fully compatible with old versions of exim.conf.

Our instructions are for the version of ClamAV noted.

However, you may use any method of installing ClamAV, as long as you edit the av_scanner line in the new exim.conf file to match where your installation of ClamAV installs the necessary socket.

Jeff
 
Wael, I specifically didn't choose it because it's not detailed in a thread of its own, but rather in a thread for the all-in-one script.

I have no intention of trying to refer people to part of a thread on a different subject when they're installing the new SpamBlocker.

As I wrote previously, the issue will be documented and anyone using the all-in-1 script can certainly make a simple one-line change.

How do you know most people are using it?

And even more importantly, what is the advantage of using it as opposed to the one I chose? (Note that I chose it because I found it when I was looking for simple How-To on adding ClamAV. It worked for me, and it was a lot simpler than switching update methods, so I chose it.

Jeff
 
jeff, you happen to have an answer to my problem ?

i keep getting this error:
2007-01-02 09:34:15 1H1f67-0005qT-3e malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1H1f67-0005qT-3e: Access denied. ERROR
Clamav is in the mail group and i can even touch files as my admin (non-root) user in that dir... So why is it failing....

plz help :)
 
Back
Top