HowTo: ClamAV

Thank you getUP, I've been looking for something on how to setup clamav. And this worked as hoped.

Thank you!
 
Thx m8 , i got it working on a debian box(3.1)

Output of the test:

2005-11-15 12:34:21 1Ebz4v-0001uw-Ni H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:22 1Ebz4v-0001ux-V0 H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:22 1Ebz4w-0001uw-9U H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:22 1Ebz4w-0001uw-Oj H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:23 1Ebz4x-0001ux-0J H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:23 1Ebz4x-0001ux-FY H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Exploit.ObjCodebase.Calc)
2005-11-15 12:34:24 1Ebz4y-0001uw-0B H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Eicar-Test-Signature)
2005-11-15 12:34:24 1Ebz4y-0001ux-Dt H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains malformed MIME (demime acl condition: 'message/partial' MIME type)
2005-11-15 12:34:24 1Ebz4y-0001uw-FU H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains malformed MIME (demime acl condition: 'message/partial' MIME type)
2005-11-15 12:34:24 1Ebz4y-0001ux-Se H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains malformed MIME (demime acl condition: 'message/partial' MIME type)
2005-11-15 12:34:25 1Ebz4y-0001uw-UC H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains malformed MIME (demime acl condition: 'message/partial' MIME type)
2005-11-15 12:34:25 1Ebz4z-0001ux-B6 H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains malformed MIME (demime acl condition: 'message/partial' MIME type)
2005-11-15 12:34:26 1Ebz50-0001uw-Bk H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:26 1Ebz50-0001ux-OT H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-15 12:34:26 1Ebz50-0001uw-RQ H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Exploit.ObjCodebase.Calc)
2005-11-15 12:34:27 1Ebz51-0001ux-73 H=gfiservers.gfi.com (S44374) [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)

Looks fine to me .....

For debian users: i added the following files to start freshclam and the Clamd at boot :

/etc/init.d/Freshclam

Content:

#!/bin/sh
# Freshclam update

case "$1" in
'start')
/usr/local/bin/freshclam -d -c 24
;;
'stop')
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0




/etc/init.d/Clamd

Content:

#!/bin/sh
# Antivirus daemon

case "$1" in
'start')
/usr/local/sbin/clamd
;;
'stop')
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0
 
Last edited:
I run APF too, and I did not have to. And i turned on logging to check to see if it updates and it appears to work. :D
 
I'm getting following error:

Starting exim: 2005-11-19 15:59:06 Exim configuration error in line 557 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

I'm running this on Debian 3.1. I've looked at the thread provided by GranTW, but that fix only seems to be for Redhat.

Anyone know how to fix that error on Debian 3.1?

thanks,
 
stevef said:
I'm getting following error:

Starting exim: 2005-11-19 15:59:06 Exim configuration error in line 557 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

I'm running this on Debian 3.1. I've looked at the thread provided by GranTW, but that fix only seems to be for Redhat.

Anyone know how to fix that error on Debian 3.1?

thanks,
Click to expand...

this what you need
GranTW said:
check this post.

http://www.directadmin.com/forum/showthread.php?s=&postid=50202#post50202

//Grant
Click to expand...
 
That's the solution for Redhat users. I'm running Debian which doesn't support rpm as far as I know :)
 
upgrading clamav, is that just a matter of dling the latest tar.gz, and then ./configure, make, make install?
 
if you want ClamAV work with Plugin SMTP Limiter
Code: 
check_message:
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
deny condition = ${if def:acl_c0{${if exists{/etc/virtual/.smtp_deny/$acl_c0} {yes}}}}
message = User $acl_c0 is not allowed to use SMTP
  accept

work 100%
 
Hi,

I am running CentOS 4.2, i get an error when i run perl -pi -e "s/^LocalSocket /tmp/clamd/LocalSocket /var/run/clamav/clamd/g" /etc/clamd.conf


Bareword found where operator expected at -e line 1, near "s/^LocalSocket /tmp/clamd"
syntax error at -e line 1, near "s/^LocalSocket /tmp/clamd"
Execution of -e aborted due to compilation errors.


What am i doing wrong?

Greetz,

Franky
 
Hi,

I have done a perfect install tonight on CentOS 4.2.

I'll post a howto tomorow.

Greetz,

Franky
 
I have wrote it down for myself in Dutch, i translate it tomorrow and post it here.

Tested on CentOS 4.2.



1. wget http://dag.wieers.com/packages/clamav/clamav-0.87-1.2.el4.rf.i386.rpm
wget http://dag.wieers.com/packages/clamav/clamd-0.87-1.2.el4.rf.i386.rpm
wget http://dag.wieers.com/packages/clamav/clamav-devel-0.87.1-1.2.el4.rf.i386.rpm

rpm -Uvh clamav-0.87-1.2.el4.rf.i386.rpm
rpm -Uvh clamd-0.87-1.2.el4.rf.i386.rpm
rpm -Uvh clamav-devel-0.87.1-1.2.el4.rf.i386.rpm

vi /etc/crontab
toevoegen: 53 * * * * /usr/bin/freshclam

service clamd start

2. vi /etc/exim.conf

a) bovenaan onder commentaarregels toevoegen:

av_scanner = clamd:127.0.0.1 3310

b) # ACL that is used after the DATA command
check_message:
accept

vervangen in:
# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept

3. vi /etc/group

mail:x:12:mail

vervangen in:

mail:x:12:mail,clamav

4. vi /etc/clamd.conf

LocalSocket /tmp/clamd vervangen door #LocalSocket /tmp/clamd
#TCPSocket 3310 vervangen door TCPSocket 3310
#TCPAddr 127.0.0.1 vervangen door TCPAddr 127.0.0.1

5. exim hercompileren

wget http://files.directadmin.com/services/da_exim-4.54-1.src.rpm

rpm -ivh da_exim-4.54-1.src.rpm

cd /usr/src/redhat/SOURCES

vi ./da_exim-Makefile

bovenaan toevoegen: WITH_OLD_DEMIME = yes

cd /usr/src/redhat/SPECS

rpmbuild -bb exim.spec

cd /usr/src/redhat/RPMS/i386

rpm --force -i da_exim-4.51-1.i386.rpm

6. service exim restart

7. verstuur testvirus en controleer log in /var/log/exim
 
Info: I am running redhat 9.0

I added everything as per the initial post in this thread, but i can't send emails out

unless i comment out

# ACL that is used after the DATA command
check_message:
#deny message = This message contains malformed MIME ($demime_reason)
#demime = *
#condition = ${if >{$demime_errorlevel}{2}{1}{0}}
#deny message = This message contains a virus or other harmful content ($malware_name)
#demime = *
#malware = *
#deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
#demime = bat:com:pif:prf:scr:vbs
#warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
accept
Click to expand...

however my understanding of this is that it means even if a virus is found by clamav it will still get passed through

I've had a look back at our email server log to find these sorts of error messages, looks like it might be a permissions issue

2005-12-02 00:00:01 1Ehoyf-0001aJ-29 malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1Ehoyf-0001aJ-29: Acc
ess denied. ERROR
2005-12-02 00:00:01 1Ehoyf-0001aJ-29 H=(relay2.star-track.com.au) [203.18.109.18] F=<[email protected]> temporaril
y rejected after DATA
Click to expand...
 
I'm having a bit of a problme with this prcoess:


PHP: 
somedomain.com:/root # perl -pi -e "s/^LocalSocket /tmp/clamd/LocalSocket /var/run/clamav/clamd/g" /etc/clamd.conf
Bareword found where operator expected at -e line 1, near "s/^LocalSocket /tmp/clamd"
syntax error at -e line 1, near "s/^LocalSocket /tmp/clamd"
Execution of -e aborted due to compilation errors.

Any pointers?

WBEL 3.0
clamav-0.87.1
 
How to fix the problem with:

Starting exim: 2005-12-15 15:29:26 Exim configuration error in line 556 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

What to do? :confused:

Explain it in steps please :eek:
 
You must log in or register to reply here.
Back
Top