How To Install MailScanner Request

J

jl2005uk

Verified User
Joined
Jun 29, 2003
Messages
11
Hi, I have heard that some people have managed to install MailScanner onto their boxes without any problems.

I was just wondering if someone could possibely write a HOW TO on this subject integrating Sophos.

From the recent outbreaks of viruses such as the SoBig virus, it would be an extremely good idea in my eyes to help protect my customers.

Im running a RedHat 7.3 Install with DA of course.

Im happy to pay a small donation for any help in getting this installed.

Regards

John
 
Mailscanner

Hi Mark,

Mailscanner is free yes, It can integrate with about 10 anti-virus scanners, as well as anti-spam programs.

With regards to Sophos, it has been very successful where i have installed it before on Windows networks, but each to their own with their opinion on what scanner to use.

Regards
 
you got a link to the mail scanner website? i'll take a look at the instructions and have a shot on a spare DA box.

as to virus scanners.. i go with the virus bulletin 100% winners, which sophos seems to win a few less of than other scanners. I personaly prefer NOD 32 (best scores.. best speeds). Havent looked into using it on linux though.
 
Mailscanner Link

Hi Mark,

Thanks for offering to give it a go. You might be in luck, Nod32 is compatible with MailScanner, but doesn't look like Virus Bulliten is.

I will definately have a look into Nod32 a little more. We just want to try and protect our users a little more with the recent outbreak of viruses etc, like SoBig.

Their link is http://www.sng.ecs.soton.ac.uk/mailscanner/

And it is completely free which is good, and I have seen them being used a lot around the net. Would just be nice to add that extra protection for the users we have.

I look forward to your responce, and thank you for giving it a go.

Regards

John
 
i'll take a look, Virus Bulletin is actualy a website: http://www.virusbtn.com/
:D

Introduction to the VB 100% award


The VB 100% logo is awarded to anti-virus products that:


Detect all In the Wild viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests.
Generate no false positives when scanning a set of clean files.
Click to expand...

NOD32 has the best standing in these tests!
 
sorry, da doesnt use send mail, can't install this program.


find something that works with exim :)
 
Last edited:
It told me about the same.

I think it would be an excellant thing to have implemented, if it is possible to get going, which it seems like it is possible, but how seems to be another question.

I really do appreciate your help with this, and I think a lot of other DA people will also benefit from it.

I have seen NOD32 implements directly with Exim, which might be the way to go. Seems very highly rated and it does look good.

Regards

John
 
Thanks for giving it a go Mark,

That was my same problem, Everything seems all over the place. I am waiting to hear back from NOD with regards to pricing etc, and might have to go directly with them.

Admittedly it isn't a complete must for a server, But I would just like to protect users. Gives a good impression that things are being put in place to protec them.

A few pound to please a lot of users is an investment I like the sound of. Word of mouth is very powerfull.

I will let you know my success of NOD and also their pricing if you want. Might be an idea of other user.

Thanks again

John
 
I do not have access to a server using DirectAdmin. But if DirectAdmin is using Exim 4.20 It could be much easier to integrate MailScanner with it.

I have wrote a How-To for MailScanner+Clam AV for Cpanel 7.x (Exim 4.20) which got more than 1000 hit and I have installed it on more than 10 servers of users who asked for an installation service.

They are 5 files that needs to be modified to make MailScanner works (even if DA uses different paths)

2 Exim files and 3 MailScanner files. But you have to make sure that these 2 Exim files ( the exim.conf and init.d/exim ) are not replaced later by DA. If DirectAdmin sometimes replaces these files then a script that will detect MailScanner (a very simple script) and do the required changes has to be added to DA updates. (that's what cpanel do)

Also if DirectAdmin allows you to view the Mail Queue from DirectAdmin control panel then you will lose this option except if DA modified the code to detect MailScanner (again it is very easy, it will just detect if a file exists, if exists it will read the queue from a different path)
 
Sounds nice but where is the step by step howto for installing?
Step by step howto include downloading etc?
(start with login at the server...)
 
RingToons said:
Sounds nice but where is the step by step howto for installing?
Step by step howto include downloading etc?
(start with login at the server...)
Click to expand...

The Cpanel one is in:
http://www.cpanelplus.com/staticpages/index.php?page=2003073009541160

As for DirectAdmin, Although it should be simillar (but with different paths).. I have not created one because I do not have access to a dedicated server using DirectAdmin.
 
Last edited:
Hi,

MailScanner was kinda hard to install ... in contrast to everything else in DirectAdmin :)

This is from memory, so it might not be 100% accurate.
(System: RedHat 7.3, ClamAv 0.60, MailScanner 4.23, Exim 3.36)

1) Download ClamAv

2) Install ClamAv and change the /etc/clamav.conf according to your system. Check that the freshclam (update facility) is run every day in /etc/cron.daily/clamav ... if not add it to your crontab. (fx. 0 8 * * * /usr/bin/freshclam --quiet -l /var/log/clam-update.log)

3) Check that ClamAv is working by scanning some files (upload a virus file fx.) and check that freshclam is working by running it manually.

4) Download MailScanner

5) Install MailScanner. (For RedHat extract the tar and run the install.sh script.) (Check to see if the MailScanner directories have mail as owner. Is located in /var/spool/ as default)

Now for the 'hard' part.

6) Read the "How mailscanner works with Exim" here. (The first 20 lines) In short: you need to run two Exim daemons: one to listen for SMTP connections, and one to do queue runs on the outgoing spool directory

7) Ok ... we need two .conf files. One for each exim process. The one created by directadmin will function as one of the .conf files.

cp /etc/exim.conf /etc/exim_outgoing.conf

The exim.conf will be for the listening deamon and the exim_outgoing.conf will be for the other.
(Remember to backup your files before changing things!)

8) We will leave the /exim_outgoing.conf alone (almost). Now the /etc/exim.conf needs some changing in order to just receive emails and not send them. Open /etc/exim.conf and add the following lines in the main configuration:

spool_directory = /var/spool/exim.in
queue_only = true
log_file_path = /var/spool/exim/msglog/%slog

Add the following in the directories configuration:


defer_director:
driver = smartuser
new_address = :defer: All deliveries are deferred
verify = false


Add the following in the routers configuration:


defer_router:
driver = domainlist
self = defer
route_list = "* 127.0.0.1 byname"
verify = false


9) Change the /etc/init.d/exim so it starts two deamons instead of one.

Original:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)

Change this to:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
## $([ -n "$QUEUE" ] && echo -q$QUEUE)
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -C) \
$(echo /etc/exim_outgoing.conf) \
$([ -n "$QUEUE" ] && echo -qf$QUEUE)

IMPORTANT: the first deamon gets queue runs disabled!

Now change the QUEUE variable to fx. 15m in /etc/init.d/exim and /etc/sysconfig/exim.
Save the files.

10) Create the following directories: /var/spool/exim.in, /var/spool/exim.in/data, /var/spool/exim.in/db and give the rights to mail (chgrp and chown)

11) Ok ... now Exim is configured .. next is MailScanner. Open /etc/MailScanner/MailScanner.conf and change theses settings:

%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/sendmail -C /etc/exim_outgoing.conf
Sendmail2 = /usr/sbin/sendmail -C /etc/exim_outgoing.conf
Virus Scanners = clamav


Save the file

12) Stop the MailScanner process if it's running and restart the exim processes (/etc/rc.d/init.d/exim restart)
Now try to send an email to an account that the exim is handling. When the email arrives it should be placed in the /var/spool/exim.in/input
directory. If it doesn't then the exim incomming proces isn't working properly.

13) Now start the MailScanner. The email should now be moved from the directory and moved to /var/spool/exim/input where it will be processed by the outgoing exim proces.
You can view /var/log/maillog to see if the MailScanner scanned the file.
If the last two steps aren't working check the /var/log/maillog, /var/log/exim/exim_*, /var/spool/exim/msglog/* for errors.

14) Try to send an email with a virus included and see if MailScanner detects it.

Well ... that should be it.

Sincerely,
--
Kaare Christensen, Mermaid Consulting ApS
kaare[at]mermaidconsulting[dot]com
http://www.mermaidconsulting.com
 
Last edited:
All works!!!

Thank you for that, I have just runned the install and everything went fine. Apart from exim failing to restart because I miss typed a single letter :p

Everything started up fine after correcting my error and working like a treat.

Thank you again

Regards

John

PS - I couldn't find a fake virus to test and also do you know the command to scan the server for viruses?
 
9) Change the /etc/init.d/exim so it starts two deamons instead of one.

Original:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)

Change this to:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
## $([ -n "$QUEUE" ] && echo -q$QUEUE)
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -C) \
$(echo /etc/exim_outgoing.conf) \
$([ -n "$QUEUE" ] && echo -qf$QUEUE)

IMPORTANT: the first deamon gets queue runs disabled!
Click to expand...

I couldn't get past this stage, I couldn't find the line.

I would like to get it setup

Regards,
Brenden
 
To elaborate what Brenden meant (if we have the same setting), the exim 4 is setup a little bit different. In the /etc/init.d/exim, it reads like this:

EXIM_OPTS=
DAEMON=
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"

and this is the content of the whole file:

#!/bin/sh
#
# exim This shell script takes care of starting and stopping
# exim.
#
# chkconfig: 2345 80 30
# description: Mail Transfer Agent

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

EXIM_OPTS=
DAEMON=
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting exim: "
daemon /usr/sbin/exim $EXIM_OPTS -oP /var/run/exim.pid
echo
touch /var/lock/subsys/exim
;;
stop)
# Stop daemons.
echo -n "Shutting down exim: "
if [ -e /var/run/exim.pid ]; then kill `cat /var/run/exim.pid`; fi
echo
rm -f /var/lock/subsys/exim
;;
restart)
$0 stop
sleep 3
$0 start
;;
reload)
if [ -e /var/run/exim.pid ]; then kill -HUP `cat /var/run/exim.pid`; fi
;;
condrestart)
if [ -f /var/lock/subsys/exim ] ; then
$0 restart
fi
;;
status)
status exim
;;
*)
echo "Usage: exim {start|stop|restart|reload|condrestart|status}"
exit 1
esac

exit 0

Any idea how to set this up?

Thank you so much in advance.

Reyner
 
You must log in or register to reply here.
Back
Top