Hi,
MailScanner was kinda hard to install ... in contrast to everything else in DirectAdmin
This is from memory, so it might not be 100% accurate.
(System: RedHat 7.3, ClamAv 0.60, MailScanner 4.23, Exim 3.36)
1)
Download ClamAv
2) Install ClamAv and change the /etc/clamav.conf according to your system. Check that the freshclam (update facility) is run every day in /etc/cron.daily/clamav ... if not add it to your crontab. (fx. 0 8 * * * /usr/bin/freshclam --quiet -l /var/log/clam-update.log)
3) Check that ClamAv is working by scanning some files (upload a virus file fx.) and check that freshclam is working by running it manually.
4)
Download MailScanner
5) Install MailScanner. (For RedHat extract the tar and run the install.sh script.) (Check to see if the MailScanner directories have mail as owner. Is located in /var/spool/ as default)
Now for the 'hard' part.
6) Read the "How mailscanner works with Exim"
here. (The first 20 lines) In short: you need to run two Exim daemons: one to listen for SMTP connections, and one to do queue runs on the outgoing spool directory
7) Ok ... we need two .conf files. One for each exim process. The one created by directadmin will function as one of the .conf files.
cp /etc/exim.conf /etc/exim_outgoing.conf
The exim.conf will be for the listening deamon and the exim_outgoing.conf will be for the other.
(Remember to backup your files before changing things!)
8) We will leave the /exim_outgoing.conf alone (almost). Now the /etc/exim.conf needs some changing in order to just receive emails and not send them. Open /etc/exim.conf and add the following lines in the main configuration:
spool_directory = /var/spool/exim.in
queue_only = true
log_file_path = /var/spool/exim/msglog/%slog
Add the following in the directories configuration:
defer_director:
driver = smartuser
new_address = :defer: All deliveries are deferred
verify = false
Add the following in the routers configuration:
defer_router:
driver = domainlist
self = defer
route_list = "* 127.0.0.1 byname"
verify = false
9) Change the /etc/init.d/exim so it starts two deamons instead of one.
Original:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)
Change this to:
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
## $([ -n "$QUEUE" ] && echo -q$QUEUE)
daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -C) \
$(echo /etc/exim_outgoing.conf) \
$([ -n "$QUEUE" ] && echo -qf$QUEUE)
IMPORTANT: the first deamon gets queue runs disabled!
Now change the QUEUE variable to fx. 15m in /etc/init.d/exim and /etc/sysconfig/exim.
Save the files.
10) Create the following directories: /var/spool/exim.in, /var/spool/exim.in/data, /var/spool/exim.in/db and give the rights to mail (chgrp and chown)
11) Ok ... now Exim is configured .. next is MailScanner. Open /etc/MailScanner/MailScanner.conf and change theses settings:
%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/sendmail -C /etc/exim_outgoing.conf
Sendmail2 = /usr/sbin/sendmail -C /etc/exim_outgoing.conf
Virus Scanners = clamav
Save the file
12) Stop the MailScanner process if it's running and restart the exim processes (/etc/rc.d/init.d/exim restart)
Now try to send an email to an account that the exim is handling. When the email arrives it should be placed in the /var/spool/exim.in/input
directory. If it doesn't then the exim incomming proces isn't working properly.
13) Now start the MailScanner. The email should now be moved from the directory and moved to /var/spool/exim/input where it will be processed by the outgoing exim proces.
You can view /var/log/maillog to see if the MailScanner scanned the file.
If the last two steps aren't working check the /var/log/maillog, /var/log/exim/exim_*, /var/spool/exim/msglog/* for errors.
14) Try to send an email with a virus included and see if MailScanner detects it.
Well ... that should be it.
Sincerely,
--
Kaare Christensen, Mermaid Consulting ApS
kaare[at]mermaidconsulting[dot]com
http://www.mermaidconsulting.com