This is a very basic how to on adding support for ClamAV to your Directadmin server. It simply rejects all messages containing viruses. Please do not try this on a production box unless you are sure you know what you are doing and do it at your own risk. Your Directadmin box must be running Exiscan patch. I am running on Fedora 2 so if you are not it could go differently.
This is based on info from here:
http://www.timj.co.uk/linux/exim.php
First install or make sure you have Exiscan installed. See below.
http://www.directadmin.com/forum/showthread.php?s=&threadid=2990&highlight=exiscan
SSH into your box as root.
cd /var/tmp
It is very handy to have Pico so if you don't have it and want it:
www.rpmfind.net or:
wget ftp://194.199.20.114/linux/SuSE-Linux/i386/9.0/suse/i586/pico-4.58-24.i586.rpm
rpm -Uvh pico-4.58-24.i586.rpm
Now we must download and install ClamAV.
www.clamav.net or:
wget http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.74-1.i386.rpm
rpm -Uvh clamav-0.74-1.i386.rpm
Now add a cronjob to keep ClamAV up to date.
export EDITOR=pico
crontab -e
Add an entry to your crontab as follows:
53 * * * * /usr/bin/freshclam --quiet
Change 53 to a random number between 1-60 to be considerate to server load.
Alt-X to save and exit.
Next type:
clamd start
chkconfig clamd on
freshclam
This should start clamd and bring your virus signatures up to date.
Now we need to edit exim.conf. The -w turns off wordwrap in pico.
pico -w /etc/exim.conf
At the end of comments section add this:
av_scanner = clamd:127.0.0.1 3310
Type in Ctrl-W and search for the second instance of check_message
Change:
# ACL that is used after the DATA command
check_message:
accept
To this:
# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept
Do a Ctrl-X and save.
We now need to make it so clamav has access to mail files so type:
pico /etc/group
Change:
mail:x:12:mail
to:
mail:x:12:mail,clamav
Ctrl-X and save.
Now restart Exim
/etc/init.d/exim restart
Does it work? It should refuse all virus infected messages. Test it extensively before trusting it. Also, occasionally the ClamAV software may need updated so log in and do a freshclam to see all is ok once in a while. Unlike Mailscanner this rejects infected messages before accepting them. Could result in some weird issues. If you cannot get this to work please post here so someone may help you. Perhaps Directadmin could add support for ClamAV right out of the box in the future.
Matthew
This is based on info from here:
http://www.timj.co.uk/linux/exim.php
First install or make sure you have Exiscan installed. See below.
http://www.directadmin.com/forum/showthread.php?s=&threadid=2990&highlight=exiscan
SSH into your box as root.
cd /var/tmp
It is very handy to have Pico so if you don't have it and want it:
www.rpmfind.net or:
wget ftp://194.199.20.114/linux/SuSE-Linux/i386/9.0/suse/i586/pico-4.58-24.i586.rpm
rpm -Uvh pico-4.58-24.i586.rpm
Now we must download and install ClamAV.
www.clamav.net or:
wget http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.74-1.i386.rpm
rpm -Uvh clamav-0.74-1.i386.rpm
Now add a cronjob to keep ClamAV up to date.
export EDITOR=pico
crontab -e
Add an entry to your crontab as follows:
53 * * * * /usr/bin/freshclam --quiet
Change 53 to a random number between 1-60 to be considerate to server load.
Alt-X to save and exit.
Next type:
clamd start
chkconfig clamd on
freshclam
This should start clamd and bring your virus signatures up to date.
Now we need to edit exim.conf. The -w turns off wordwrap in pico.
pico -w /etc/exim.conf
At the end of comments section add this:
av_scanner = clamd:127.0.0.1 3310
Type in Ctrl-W and search for the second instance of check_message
Change:
# ACL that is used after the DATA command
check_message:
accept
To this:
# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept
Do a Ctrl-X and save.
We now need to make it so clamav has access to mail files so type:
pico /etc/group
Change:
mail:x:12:mail
to:
mail:x:12:mail,clamav
Ctrl-X and save.
Now restart Exim
/etc/init.d/exim restart
Does it work? It should refuse all virus infected messages. Test it extensively before trusting it. Also, occasionally the ClamAV software may need updated so log in and do a freshclam to see all is ok once in a while. Unlike Mailscanner this rejects infected messages before accepting them. Could result in some weird issues. If you cannot get this to work please post here so someone may help you. Perhaps Directadmin could add support for ClamAV right out of the box in the future.
Matthew
Last edited: