HowTo: MailScanner 4.24 for Exim 4.24

update virus defs

Does ClamAV updates automaticly?

My files are:
-rw-r--r-- 1 clamav clamav 1034725 Jun 3 23:41 main.cvd
-rw-r--r-- 1 clamav clamav 64428 Jun 3 23:41 daily.cvd

So I wanted to update them myself using freshclam:

But an error came up:
ClamAV update process started at Mon Jul 19 12:34:02 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 24, sigs: 21793, f-level: 2, builder: tomek)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 412, sigs: 1005, f-level: 2, builder: ccordes)
Database updated (22798 signatures) from database.clamav.net (212.162.12.159).
ERROR: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310
connect(): Connection refused

with netstat isn't showing port 3310 opened.

Did I forget something or do something wrong?
 
Send problem

I've install mailscanner, everything works.
But when i reply a email that using piping, they get a "@" (from, no email adress. So when i send by using smtp.domain.com(ext. mail server) its works good, when i send by using mail.domain.com (isp) it's not work good, they get a "@" only when i reply the email.

Whats wrong???
Please help!
 
Re: update virus defs

redeye said:
Does ClamAV updates automaticly?

My files are:
-rw-r--r-- 1 clamav clamav 1034725 Jun 3 23:41 main.cvd
-rw-r--r-- 1 clamav clamav 64428 Jun 3 23:41 daily.cvd

So I wanted to update them myself using freshclam:

But an error came up:
ClamAV update process started at Mon Jul 19 12:34:02 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 24, sigs: 21793, f-level: 2, builder: tomek)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 412, sigs: 1005, f-level: 2, builder: ccordes)
Database updated (22798 signatures) from database.clamav.net (212.162.12.159).
ERROR: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310
connect(): Connection refused

with netstat isn't showing port 3310 opened.

Did I forget something or do something wrong?
Click to expand...

i also have this problem. clamav never get updated from the day i installed. i try to update manually it also show the same error.
 
Re: update virus defs

dannygoh said:
i also have this problem. clamav never get updated from the day i installed. i try to update manually it also show the same error.
Click to expand...

i try to start the clamd service and run fleshclam. after update the signature is stop the clamd service, IT WORKS!
 
report in body

The spam report is being placed in the body of emails sent, and a score is place on emails receiced in the subject. How can I keep everything in the header... Looked at MailScanner.conf, and everything looks in order.
 
If the report is appearing in the body you are doing something wrong. It sounds like you may have spamd running as well as MailScanner.
Make sure that you do not have any spamassassin processes running and doublecheck your mailscanner.conf
 
Cannot get this to work... Can someone help me with this...

I get to the following steps...

--------------------
*********************************
Test MTA
*********************************
Stop the MailScanner process if it's running and restart the exim processes

# service MailScanner stop
# service exim restart

Try to send an email to an account that the exim is handling. When the email arrives it should be placed in the /var/spool/exim.in/input
directory. If it doesn't then the exim incoming process isn't working properly.

Now start the MailScanner.

# service MailScanner start
-------------------

The results of the commands are as follows:

[root@server input]# service MailScanner stop
Shutting down MailScanner daemons:
MailScanner: [FAILED]
incoming exim: [ OK ]
outgoing exim: [ OK ]

[root@server input]# service exim restart
Shutting down exim:
Starting exim: [ OK ]
Could not create INET socket: Address already in use IO::Socket::INET: Address already in use

[root@server input]# service MailScanner start
Starting MailScanner daemons:
incoming exim: [FAILED]
Could not find Exim installation, see /etc/sysconfig/MailScanner
outgoing exim: [FAILED]
Could not find Exim installation, see /etc/sysconfig/MailScanner
MailScanner: Can't locate Archive/Zip.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 46.
BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 46.
Compilation failed in require at /usr/sbin/MailScanner line 52.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
[ OK ]

--------
I have read every message in this thread and there is no clear answer for the problems I am having.

Questions:
- How can I get and install the missing PERL Module?
- Why is the INET socket in use and how do I fix this (a reboot does not help)
- Why do I get "Could not find Exim installation, see /etc/sysconfig/MailScanner" and how do I fix this? Mailscanner config is attached
- What to do next?

Is there someone who would be willing to install this for me on 3 RH9 servers (paid of course)?

Kind Regards,
Onno Vrijburg
 

Attachments

Further to the post above...

This is what I found in /var/log/maillog

---------------
Aug 13 14:58:29 server spamd[4458]: connection from hostserv2 [127.0.0.1] at port 32824
Aug 13 14:58:29 server spamd[15766]: info: setuid to mail succeeded
Aug 13 14:58:29 server spamd[15766]: processing message <[email protected]> for mail:8.
Aug 13 14:58:29 server spamd[15766]: clean message (4.7/5.0) for mail:8 in 0.0 seconds, 1574 bytes.
Aug 13 15:01:00 server update.virus.scanners: Delaying cron job up to 600 seconds
Aug 13 15:03:06 server update.virus.scanners: Found clamav installed
Aug 13 15:03:06 server update.virus.scanners: Running autoupdate for clamav
Aug 13 15:03:06 server ClamAV-autoupdate[15811]: ClamAV did not need updating

---------------------

It seems that spamd and clamav are scanning the incomming messages but I cannot get exim or MailScanner to work.

Kind Regards,
Onno Vrijburg
 
Problem solved...

After spending the whole day searching I managed to solve the problems and get the install working.

The problem "Could not create INET socket: Address already in use IO::Socket::INET: Address already in use" for some reason fixed itself after 3 hours

The problem "Starting MailScanner daemons:
incoming exim: [FAILED]
Could not find Exim installation, see /etc/sysconfig/MailScanner
outgoing exim: [FAILED]" was solved by checking the path to exim in the /etc/sysconfig/MailScanner file. There was a typo in the path.

The Zip.pm file was located in the RedHat src directories /usr/src/redhat/BUILD/Archive-Zip-1.09/lib/Archive/Zip.pm, you need to create the directory /usr/lib/MailScanner/Archive and copy the Zip.pm file to it.

I hope this helps someone else who might be having problems.

Kind Regards,
Onno Vrijburg
 
Icheb said:
Had this too for a while, it appeared ClamAV doesn't do anything before it's updated with freshclam (it doesn't have any virus definitions to begin with), after that it worked over here :d
Click to expand...

Here is the result of running freshclam on my RH9 box:

-------------
ClamAV update process started at Sun Aug 15 01:53:12 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 24, sigs: 21793, f-level: 2, builder: tomek)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 452, sigs: 1618, f-level: 2, builder: tomek)
Database updated (23411 signatures) from database.clamav.net (65.77.42.207).
ERROR: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310
connect(): Connection refused

-----------

can anyone tell my how to fix this?

Kind Regards,
Onno Vrijburg
 
exim error

Starting exim: 2004-08-26 11:41:13 Exim configuration error in line 213:
main option "rbl_domains" unknown

this is what i get upon service exim restart
 
rbl_domains is not an option; it's the name of a database used by exim, and the name of a file that comprises the database.

It seems you have an error in your exim.conf file; you might want to check the SpamBlocker section of your exim.conf file with the master, stored here.

But note that if you're using MailScanner, then you're not using the same exim.conf file, so expect to find a lot of differences.

Jeff
 
my probs

[root@stage2 root]# exim -C /etc/exim.conf -bV
Exim version 4.24 #1 built 29-Feb-2004 05:20:37
Copyright (c) University of Cambridge 2003
Berkeley DB: Sleepycat Software: Berkeley DB 4.1.25: (October 24, 2003)
Support for: iconv() Perl OpenSSL
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
2004-08-27 20:33:59 Exim configuration error in line 161:
main option "to" unknown


[root@stage2 root]# service exim restart
Shutting down exim:
Starting exim: 2004-08-27 20:35:05 Exim configuration error in line 213:
main option "rbl_domains" unknown
[FAILED]
 
interfasys said:
System: RedHat 9, ClamAv 0.67, MailScanner 4.28, Exim 4.24


*********************************
Install Spamassasin
*********************************
# cd /usr/local/directadmin/scripts
# ./spam.sh

You can also tweak spam.sh so that it picks up the latest version.

!Do not modify exim.conf to use spamassassin!
!Do not load spamd

I'm still trying to figure out if spamd is needed by somebody...


*********************************
Install ClamAV
*********************************
# wget http://crash.fce.vutbr.cz/crash-hat/1/clamav/clamav-0.72-1.i386.rpm

# rpm -Uvh clamav*.rpm

!Do not setup a cron for updates


*********************************
Install MailScanner
*********************************
# wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.28.6-1.rpm.tar.gz
# tar -zxvf MailScanner-4.28.6-1.rpm.tar.gz
# cd MailScanner-4.28.6-1
# ./Update-MakeMaker.sh
# ./install.sh
# chown -R mail:mail /var/spool/MailScanner

Note : Install missing modules when asked

# chown -R mail:mail /var/spool/MailScanner


*********************************
Configure Exim
*********************************
We need to run two Exim daemons: one to listen for SMTP connections, and one to do queue runs on the outgoing spool directory.

Thus, we need two .conf files. One for each exim process. The one created by directadmin will be used for incoming emails, we will tweak that one.

Backup
# cp /etc/exim.conf /etc/exim.back
Duplicate
#cp /etc/exim.conf /etc/exim_outgoing.conf

Configure
# pico -w /etc/exim.conf

and add the following lines in the main part of the configuration:

spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog


# pico -w /etc/init.d/exim

Original:
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"

Change this to:
QUEUE="15m"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -C /etc/exim_outgoing.conf"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"


Create the following directories: /var/spool/exim.in,
/var/spool/exim.in/input,
/var/spool/exim.in/data,
/var/spool/exim.in/db

# mkdir /var/spool/exim.in
etc.

and assign them to mail.

# chown mail:mail /var/spool/exim.in


*********************************
Configure MailScanner
*********************************
#pico -w /etc/MailScanner/MailScanner.conf

and change theses settings:

Use you language for reports
%report-dir% = /etc/MailScanner/reports/fr

%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf
Virus Scanners = clamav
Use SpamAssassin = yes
Always Include SpamAssassin Report = yes

# pico -w /etc/sysconfig/MailScanner

MTA=exim
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf # Incoming configuration file
EXIMSENDCF=/etc/exim_outgoing.conf # Outgoing configuration file


*********************************
Antivirus Auto-update
*********************************
Modify ClamAV scanner
# pico -w /usr/lib/MailScanner/clamav-autoupdate
Change this:
$PackageDir = "/usr";
$LogFile = "/var/log/clam-update.log";
$LockFile = "/var/log/ClamAVBusy.lock";


*********************************
Test MTA
*********************************
Stop the MailScanner process if it's running and restart the exim processes

# service MailScanner stop
# service exim restart

Try to send an email to an account that the exim is handling. When the email arrives it should be placed in the /var/spool/exim.in/input
directory. If it doesn't then the exim incoming process isn't working properly.

Now start the MailScanner.

# service MailScanner start

The email should now be moved from the directory and moved to /var/spool/exim/input where

it will be processed by the outgoing exim process.

You can view /var/log/maillog to see if the MailScanner scanned the file.

If the last two steps aren't working check the /var/log/maillog, /var/log/exim/exim_*,

/var/spool/exim/msglog/* for errors.


*********************************
Officially launch MailScanner
*********************************
Now that we've checked that everything is working, we can officially launch Mailscanner on the server.

# service exim stop
# service MailScanner stop
# killall exim
# service MailScanner start

If properly configured, Mailscanner will launch exim and scan your emails.


*********************************
Test virus scanner
*********************************
Try to send an email with a virus included and see if MailScanner detects it.

Just type this in a virus.txt file :

$CEliacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$

and attach it in a test email.

------------------------------------------------------------------------

Original Howto made by :
Kaare Christensen, Mermaid Consulting ApS
kaare[at]mermaidconsulting[dot]com
http://www.mermaidconsulting.com
Click to expand...



Hello

On all the wget links we are getting 404 errors.
Any new sites to get this from?

--- Richard
 
Re: Re: HowTo: MailScanner 4.24 for Exim 4.24

serverguy said:
Hello

On all the wget links we are getting 404 errors.
Any new sites to get this from?

--- Richard
Click to expand...
Of course there are. Just check the sites mentioned.
 
Hello blacknight

I checked every post and tried ALL links and you get 404 error.

I will locate some that work.

Thanks

Richard
 
Maybe you are a fan of MailScanner, but we switched to exim-exiscan. It's very easy to setup and it saves a lot of resources.
 
You need to :
1)install and run spamd, it comes from DA.
2)install clamav.
3)upgrade spamassassin to the latest version (required with any filtering system)
4)modify exim.conf to enable spamscanning.
5)modify exim.conf to enable clamav.

There are howtos for each step in this forum.

As a last step, you can add domains to the rbl file (blocks spams at data time).
 
You must log in or register to reply here.
Back
Top